On Fri, Nov 22, 2013 at 12:24 PM, carlo von lynX
l...@time.to.get.psyced.org wrote:
On 11/21/2013 05:23 AM, Ali-Reza Anghaie wrote:
As it pertains to your response to me from over a month ago (below) -
we're just on different pages. I'm not arguing the strategic problem
statement, I'm saying
On Wed, Oct 30, 2013 at 1:50 PM, Lucas Gonze lucas.go...@gmail.com wrote:
The shoes left to drop:
1) NSA insiders using privileged information for investments. It's hard to
imagine this doesn't happen.
I doubt it happens at a rate any different across Government and would
suspect it happens
Passing this along in case anyone is interested, Cheers, -Ali
http://frontlinefreelance.org/content/safetystream-webinars-freelancers
---
It will kick off at 2:00PM on Tuesday 22 October. The session with be
interactive. You can pose questions and start your own conversations
during each
On Mon, Oct 21, 2013 at 6:42 PM, Andrés Leopoldo Pacheco Sanfuentes
alps6...@gmail.com wrote:
The NSA being part of the Google partner landscape, however
unwillingly on the part of Google..
It was seeded by Google Ideas but we've yet to see how much control
they have over it versus UW and BNS.
On Thu, Oct 10, 2013 at 3:23 PM, carlo von lynX
l...@time.to.get.psyced.org wrote:
We had some debate on this topic at the Circumvention Tech
Summit and I got some requests to publish my six reasons
not to use PGP. Well, I spent a bit more time on it and now
they turned into 10 reasons not to.
On Sat, Oct 12, 2013 at 12:11 AM, Andrés Leopoldo Pacheco Sanfuentes
alps6...@gmail.com wrote:
yeah, but we have to go further, and get the United Nations HQ The
Heck out of the USA
If you want an impotent organization to be even moreso - then that's a
good move. The problem is while all this
On Sat, Oct 12, 2013 at 12:23 AM, Andrés Leopoldo Pacheco Sanfuentes
alps6...@gmail.com wrote:
Yes, of course. BUT!
*snip*
Then the rest is moot - that's my point. Unless you can substantially
change the behavior of the permanents seats of the UN Security Council
- ~where~ the figureheads meet
Haven't looked at it myself - passing on for others. Cheers, -Ali
-- Forwarded message --
From: Sandra sandraordo...@openitp.org
Date: Thu, Oct 10, 2013 at 2:23 PM
Subject: [Announce] Wanted: Lantern Ambassadors
To: annou...@lists.openitp.org
Lantern is a new type of open
Ah yes - thanks for reminding me.
DNSCrypt has worked well for our end-users and when configured not to
fail over - does the necessary trick on OS X:
http://opendns.github.io/dnscrypt-osx-client/ ..
And something that didn't work well at all (in the context of my last
message) was Radio Silence
Warning - ~I~ haven't tried this but if I was going to suggest
something to try to one of my regular end-users (someone w/o their own
sysadmin skillset) I'd start by trying to combine one of the
following:
Hands Off - http://www.metakine.com/products/handsoff/
Little Snitch -
I'm conceptually really curious about various aspects but before I
forget - this time - I'd like to ask two broader questions first:
- Is this in any way an officially backed project in any way? Part
of a thesis or what-not lets say?
- (To everyone) Why is there almost never a discussion on RFCs
I understand we're talking about verifiable builds and software
distribution but using the Zetas as an example is getting kind of
ridiculous.
We could also speculate the Zetas declare war on FOSS security
developers too - send them into hiding, kill trust in FOSS projects,
etc. Or, you know,
ja...@appelbaum.net wrote:
Ali-Reza Anghaie:
I understand we're talking about verifiable builds and software
distribution but using the Zetas as an example is getting kind of
ridiculous.
The point of using the Zetas is perhaps not clear but I think I
understand well what Zooko means
On Fri, Aug 16, 2013 at 7:52 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Ali-Reza Anghaie:
OK. I still disagree - in these threat models they don't care about effort.
Who doesn't?
Any of the bodies we're talking about exerting pressure. They're going
to come at you in all sorts of ways up
I'm sorry but aren't we spending a lot of time conflating code
quality, secure coding practices, software distribution, .. with
~JavaScript in a browser~?
There are alternate pathways, signed and delivered as a Dashboard
widget via the Apple App Store for example.
I'm not proposing ~that~ as
Griffin,
The more this gets fleshed out on list - the more it departs from any
vestige of email and then you're basically talking about shoe-horning
a different architectural beast into a transport protocol we happen to
know. (I'm not saying ~you~ are planning that - just making an
observation of
On Fri, Aug 9, 2013 at 4:26 AM, Nadim Kobeissi na...@nadim.cc wrote:
For what it's worth, and even though I think it's pretty unlikely that
Cryptocat will receive such an order,
*snip*
You're right but that should provide little comfort - when they come
after the non-business platform libtech
For obvious reasons we're in another spike of everyone should PGP
discussions - pretty much every direction you look. This always tugs
at the back of my mind - why not push S/MIME a bit more?
In my own experience the most common adoption problems with PGP for
the uninitiated is getting the
On Tue, Jul 30, 2013 at 4:20 AM, Ralph Holz h...@net.in.tum.de wrote:
I am not sure I agree with the OPSEC issue. There are a bunch of
synchronised SKS key servers. As for people's capability to judge
others' accuracy in determining identity, well... is that so much worse
than a CA system,
This is only ~mildly~ new - this is how they're service always worked
for most non-BEM addresses. From their design standpoint, for the
delivery mode they were promising, it made more sense than having your
device poll constantly (battery).
Obviously it's still not cool - I'm just failing to see
On Sat, Jun 29, 2013 at 1:52 AM, Alireza Mahdian
alireza.mahd...@gmail.com wrote:
I really hope all your other facts are not based on this link you sent. as
Matt rightfully put it we don't know the kind of cipher that was used it
could have been a very primitive one. you are making a very bold
I had similar confusion when I first started poking around - couldn't
find a proper LICENSE file and then the ToUs including things that
read an awful lot like Facebook instead of a distrubuted
privacy-centric system.
Including:
---
a. You will not provide any false personal information on
can be pretty
much anything and since we can't control or monitor any of the contents
being shared we had to have a strict terms of use agreement just to be clear
that if the terms of use agreement is violated we are not gonna be liable.
On Jun 28, 2013, at 1:06 AM, Ali-Reza Anghaie
. this software has a somewhat complex design and there are so many
small details involved as well so if you have any further questions
regarding our design choices I would like to refer you to
http://joinmyzone.com/Thesis.pdf
On Jun 28, 2013, at 1:17 AM, Ali-Reza Anghaie a...@packetknife.com wrote:
*nod
as for any PKI.
Even if the CA is attacked (DDoS attack not a private key hijacking) the
existing users are not affected since the public key of the CA is already
shipped with the software.
On Jun 28, 2013, at 1:56 AM, Ali-Reza Anghaie a...@packetknife.com wrote:
Thank you - I read your comments
Before I recreate the wheel - anyone have a good reference on material
explaining to people what a Gmail security model vs a PGP end-to-end model
looks like to the ~outside~?
It's be easy to make slight of it in NSA terms but I'm trying to get a
realistic depiction of what the designed models
It became common knowledge (read: oft-cited conspiracy) that
reappearing Direct Messages in Twitter were the result of an
investigation.
A few minutes ago it came up again and the EFF was mentioned but
particular citation could not be found. I figured I would ask here.
Do we have any real
Strange how so many are citing security norms for (say) encryption but not
the one that systems should always fail to the safest setting. (Which isn't
always the most functional.)
I actually prefer it the way it is. Yet I certainly appreciate the
alternative concern and would support the change
To your knowledge
I
s anyone tracking the disparate efforts that regional pockets of (likely)
Basij are doing? Besides their regular intelligence assistance upstream -
I've heard increasingly different blocking and interference stories from
outside the major population centers.
Excellent report
Looks like voices were heard - and other work was done -
http://www.mailvelope.com/blog/security-audit-and-v0.6-release
-Ali
On Mon, Dec 17, 2012 at 5:27 AM, Karel Bílek k...@karelbilek.com wrote:
Because Thomas (the original developer of Mailvelope) wanted to let
the extension work as it
Jacob also shared his map tool (updated every 5m):
http://freehaven.net/~ioerror/maps/v3-tormap.html
-Ali
On Sun, Mar 10, 2013 at 9:23 PM, liberationt...@lewman.us wrote:
On Sun, 10 Mar 2013 11:32:20 -0700
Yosem Companys compa...@stanford.edu wrote:
I'm assuming privacy issues are of minimal concern given the other problems
at play here - I could be wrong but bear with me.
Trying to think of lowest-cost, reliable, easiest to expand and re-deploy
without a telco or other licensing.
I wonder is a low-bandwidth text HF APRS (
I believe this is new from them and perhaps in response to libtech's
ongoing discussions.
https://silentcircle.com/web/human-rights/
*If you are a leader, executive or organizer within an active human rights
group, which we can gather information on to establish bona fides, then
please fill out
Nadim,
While I ~entirely~ agree this sucks and you're been mercilessly and
tastelessly trolled - if you're inferring there was any relation to the SC
code being swapped out - that's an irrelevant and unnecessary stretch.
Lets look at it from the other side w/ the same irrelevant
and unnecessary
The TiVi rebranding page is gone but the cache:
https://webcache.googleusercontent.com/search?q=cache:http://rebrand.tiviphone.com/
It would be utterly bizarre if Silent Circle started as a $199 euro
investment. I just can't swallow that. Not, by default, a negative
attribute - just - whacky.
I
On Thu, Feb 14, 2013 at 12:13 AM, Ali-Reza Anghaie
a...@packetknife.comwrote:
The TiVi rebranding page is gone but the cache:
https://webcache.googleusercontent.com/search?q=cache:http://rebrand.tiviphone.com/
It would be utterly bizarre if Silent Circle started as a $199 euro
investment
Inline below..
On Thu, Feb 7, 2013 at 11:34 AM, scarp sc...@tormail.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jens Christian Hillerup:
Hear-hear. They don't need to open-source their software to
convince me, as long as they are open about their protocol at
least.
Douglas, I'm not sure many people are disagreeing with the end-goals and
even Zimmerman acknolwedges the window for verifiable source proof is
closing fast (longer than many would have liked as-is).
My comments to Nadim are coming from a tact perspective - if the goal is to
gain wider adoption
goal of
making people's lives better. Otherwise, we would likely not be on this
list.
Best,
YC
On Thu, Feb 7, 2013 at 11:21 AM, Ali-Reza Anghaie
a...@packetknife.comwrote:
Douglas, I'm not sure many people are disagreeing with the end-goals and
even Zimmerman acknolwedges the window
-2274597/How-foil-eavesdroppers-The-smartphone-encryption-app-promises-make-communications-private-again.html#axzz2KDR1XKE6
NK
On Thu, Feb 7, 2013 at 4:15 PM, Ali-Reza Anghaie a...@packetknife.comwrote:
And even the proponents already have. Here, elsewhere, .. Nobody is
happy at technically
Their existing policies indicate they don't store transactional data
between SC users but they do store login and business data from an
individual customer to SC. They have not yet released the email solution
and haven't expanded their statements to include that data.
They state they currently
griffinbo...@gmail.com wrote:
On Wed, Feb 6, 2013 at 1:28 AM, Nathan of Guardian
nat...@guardianproject.info wrote:
On 02/06/2013 01:22 PM, Ali-Reza Anghaie wrote:
How can projects like Privly play into it? Carrying a Tor Router along
with you or building one on-site. None
that is the problem?
Brian
On Wed, Feb 6, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.comwrote:
I'm glad people have had luck with tethering their Android phones
internationally. I've had absolutely zero - I'll have to give it another
run with a locally renter provider I suppose.
Anyone try
, Ali-Reza Anghaie a...@packetknife.comwrote:
Always Nexus Verizon stock. My alternate ROMs don't travel with me.
Verizon contacted ahead of time per their suggestions. Tethering in US and
Canada fine. UK or elsewhere is no-joy.
I gave up after a while and just carry my wipe'a'router and but use
Yeah. It's thinly veiled marketing and pats on the back. And while I
appreciate Silent Circle - this is a bit much. Sheesh. -Ali
On Feb 5, 2013 12:37 PM, Axel Simon axelsi...@axelsimon.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I was expecting you to simply point to
They're agile about their coverage. ;-)
-Ali
https://threatpost.com/en_us/blogs/phil-zimmermann-we-really-really-dont-have-keys-020513
---
The other thing that Silent Circle doesn't do is hold any user encryption
keys, not even for a second, because the keys never pass through the
company's
It's something we've explored as an option in the Executive Protection
space - and paired with Google two-factor it's a marked improvement over
anything most of these end-users were doing before. There is at least one
3G radio version too - more almost certainly coming at better price points.
As
There is no harm in taking Kate's advice to heart - they also do care, you
may perceive a complete lack of care through their
legal wrangling and maneuverings and I wouldn't suggest anyone there is a
warm heart about these issues - but just like Security issues and Linux
before, they care because
On Mon, Dec 17, 2012 at 5:28 PM, Thomas Oberndörfer tober...@yarkon.dewrote:
Does the whole situation regarding mass surveillance of email traffic
improve, zero effect, gets worse?
This question gets bounced around regularly - and there will likely never
be reasonable agreement. The explicit
I'm not finding a lot of information since the end of ~last year~ on the
status of OpenPGP.js checks. Perhaps an inquiry on their mailing list is in
order - I didn't see archives. I would guess Mailvelope uses whatever
keystore options OpenPGP.js offers which as of now (as near as I can tell)
You just jogged my memory w/ the clipboard bit..
http://safegmail.com/
Another project in the mix. -Ali
On Wed, Dec 12, 2012 at 12:38 AM, Uncle Zzzen unclezz...@gmail.com wrote:
The reason why FireGPG no longer ships with tails is that the DOM of a web
app is not a safe place for plaintext
between attorneys and actual companies complying in my
experience. I trust other people here know exactingly how this all works.
Either way, I want some verbiage clarification from SC on the topic anyhow.
Cheers, -Ali
On Wed, Nov 21, 2012 at 2:45 PM, Ali-Reza Anghaie a...@packetknife.comwrote
My own personal view is the worst thing about this is it won't actually add
transparency to any give Nation-State's policies/oppression and it's still
not going to stop the tide of attempted Nation-State Intranets.
So, at best, it's all the overhead with no benefit.
The global situation can
On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie
a...@packetknife.com mailto:a...@packetknife.com
mailto:a...@packetknife.com mailto:a...@packetknife.com wrote:
Nobody would dispute that - that's not quite the same thing as
FOSS
default
example as much as I can here.
Also, to answer your question: I have no problem with who funds or founds
Silent Circle. This is not the source of my complaint.
NK
On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie a...@packetknife.comwrote:
It's not just me who interprets it that way
The full response in the FAQ is: Yes it is. Silent Phone uses
Device-to-Device encryption technology so that only the users have the keys
exchanged on their device for each call peer-to-peer….the keys are not held
on a server. Silent Phone uses TLS and the ZRTP protocols to encrypt the
packets of
On Mon, Aug 6, 2012 at 8:43 PM, Jillian C. York jilliancy...@gmail.com wrote:
It's difficult. I'm not a technologist, but I understand the issues and the
user needs well. My type, I'd surmise, is few and far between.
The problem isn't that your type is few and far between - the problem
is
On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
The problem is that the little bit is effectively zero.
What's the difference between Facebook chat over SSL and Cryptocat over SSL?
Without a browser extension/plugin - there is little to no difference.
You have to
On Mon, Aug 6, 2012 at 9:08 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Ali-Reza Anghaie:
Except you're trying to solve a resource and environmental OPSEC
problem while effectively reducing the available exfiltration surface
(as it were) to a point where the adversary Nation-State (one use
59 matches
Mail list logo