[liberationtech] Telenor Azerbaijan surveillance documentary link?
Hi, I have been looking for a link for a Norwegian documentary on the Telenor/Azerbaijan surveillance scandal from a few years ago (2-3?), but my Google foo is weak today. I wonder if anyone has a link? From memory it was in Norwegian but with English subtitles. I know it was discussed on this list, but I cannot find it in my archive. Any help, much appreciated. Thanks, Bernard -- Bernard / bluboxthief / ei8fdb If you’d like to get in touch, please do: http://me.ei8fdb.org/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Hammond Banned from using Cryptography
On 20 Nov 2013, at 22:17, Shava Nerad shav...@gmail.com wrote: IANAL, but it seems to me that if the judge does not call the lawyers into chambers for consultation, there is no period of commentary on sentencing, or adjustment period. IAANAL, so you’ll have to explain the significance of what this means? If the plea is innocent, then the sentence can be appealed through a trial at a higher court -- however, Hammond opted due to the rather excessively abusive CFAA law which would have put him away for 35 years for a guilty plea for ten years. This means he had to live with the judge’s ruling which had this “side car of court supervised idiocy tagged on -- which actually made me immediately think that the judge had read up on Kevin Mitnick's trial and was trying to sound like he knew something he didn't. Wait, if he read up on Mitnick’s trial and thought he understood…no let’s not go there.. Couldn’t stick with the ten years, had to piss on it, pardon my crudeness. Don’t follow. Bernard (He who understands follows little) On Tue, Nov 19, 2013 at 6:17 AM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: It seems a similar stupidly idiotic requirement to the one imposed on Kevin Mitnick when he was released. From memory the requirment on him was that he wasn’t allowed to use “computers or telephony” equipment. It might have been possible in the early 2000’s but today? IANAL, but would it be worth getting some lawyers to prod this argument further? “You’re honour, what is defined as cryptography?” At least then (in the US) there’d be precedent on what is seen as crypto? Or does that already exist? Could be good for an education campaign “Crypto is not the end goal” to spead the already daily use of cryptography as opposed to the unfortunate view that “crypto is for turrists and sex fiends”. “The government see [online banking] as using cryptography. Everyone uses it.” Just a thought… On 16 Nov 2013, at 06:01, Shava Nerad shav...@gmail.com wrote: It is so common for judges to be complètement sans clue regarding technology -- I'm sure the judge has no idea how pervasive crypto is, probably doesn't understand his online banking uses it, and so on. It's tragic. bleh. On Fri, Nov 15, 2013 at 8:36 PM, Yosem Companys compa...@stanford.edu wrote: From: Privarchy Mee privar...@gmail.com Can any of you, most of whom I do not doubt are far more knowledgeable about cryptography and how it's conceptualised within the legal sphere, offer some insight regarding this? https://twitter.com/CyMadD0x/status/401443518612512769 The claim is that Judge Loretta A. Preska, who sentenced Jeremy Hammond today, said that for the three years (post-release) that he was to spend under supervision, he will not be able to use encryption for communication or storage purposes(!) which is practically a legal edict to go and build a cabin by Walden Pond. How can this be considered anything but cruel and unusual? — -- Bernard / bluboxthief / ei8fdb IO91XM / Contact me: me.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Shava Nerad shav...@gmail.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / Contact me: me.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Hammond Banned from using Cryptography
It seems a similar stupidly idiotic requirement to the one imposed on Kevin Mitnick when he was released. From memory the requirment on him was that he wasn’t allowed to use “computers or telephony” equipment. It might have been possible in the early 2000’s but today? IANAL, but would it be worth getting some lawyers to prod this argument further? “You’re honour, what is defined as cryptography?” At least then (in the US) there’d be precedent on what is seen as crypto? Or does that already exist? Could be good for an education campaign “Crypto is not the end goal” to spead the already daily use of cryptography as opposed to the unfortunate view that “crypto is for turrists and sex fiends”. “The government see [online banking] as using cryptography. Everyone uses it.” Just a thought… On 16 Nov 2013, at 06:01, Shava Nerad shav...@gmail.com wrote: It is so common for judges to be complètement sans clue regarding technology -- I'm sure the judge has no idea how pervasive crypto is, probably doesn't understand his online banking uses it, and so on. It's tragic. bleh. On Fri, Nov 15, 2013 at 8:36 PM, Yosem Companys compa...@stanford.edu wrote: From: Privarchy Mee privar...@gmail.com Can any of you, most of whom I do not doubt are far more knowledgeable about cryptography and how it's conceptualised within the legal sphere, offer some insight regarding this? https://twitter.com/CyMadD0x/status/401443518612512769 The claim is that Judge Loretta A. Preska, who sentenced Jeremy Hammond today, said that for the three years (post-release) that he was to spend under supervision, he will not be able to use encryption for communication or storage purposes(!) which is practically a legal edict to go and build a cabin by Walden Pond. How can this be considered anything but cruel and unusual? — -- Bernard / bluboxthief / ei8fdb IO91XM / Contact me: me.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] (no subject)
On 19 Sep 2013, at 04:44, aman1971 aman1...@gmail.com wrote: Plz put me on the list. Regards You're on the list! Congratulations! -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Is Dropbox opening uploaded documents?
On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote: Dropbox is pulling a Skype. no it's not, it's generating thumbnails. also this is advertising. Hi, I don't follow what you mean by advertising. Thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On 13 Sep 2013, at 09:39, Erik de Castro Lopo mle+l...@mega-nerd.com wrote: Bernard Tyers wrote: Firstly: I agree with you in principle but these tools need to be available to all. Technology is not used in a sterile, hygienic environment, it is used on the streets, by people who can't write, who use it for their purposes, not necessarily the purpose it was invented for. I do agree, but its important to note that smartphones offer a significantly higher risk than say laptops. By design though. Is there any reason why (leaving aside business reasons for the moment) why smartphones can't be lower risk? Is there any technical reason why open source (read verifiable, publically auditable) baseband software can't be created for mobile devices? I don't expect it to be easy. Smartphones are horrendously complex, rely heavily on untrusted binary blobs, have mutiple CPUs some without direct owner/user control (eg the CPU doing the baseband processing) [1]. I agree with your points about running untrusted binaries and lack of user control. Firefox OS (OS level at least) is open source, right? Cyanogenmod is open source, right? Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Agreed. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Yep, I'm aware of those baseband attacks. To carry them out you need access to a Node-B (telecoms equipment mobile phones connect to), real or simulated, and advertise to the device to attach to it. Granted, not impossible, beyond the realms of an average radio-network engineer in a government run telco. Possibly Finfisher have a point-and-click tool for it. However, that threat (ie threat of firmware compromises) can be applied to carrier grade IP switch, router firmware also. Making all IP based traffic vulnerable. But again, in my opinion it's down to the what is the level of your threat. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Heh, I used to, but not any more. Compare this with a laptop. If you buy a new laptop and are sufficiently paranoid you can use widely available software tools to monitor all network connections from that laptop to the wider internet. Agreed, but shouldn't those tools be available for mobile devices too? The trend in technology use is moving (it's already there) towards mobile devices. These tools should be available for mobile devices, as this is where people are. Otherwise, they will continue to use cleartext SMS, or worse whatspp, viber, gmail, and unencrypted phone calls. People need these tools to be available. They need to understand how they fit into the kinds of threats *they face*, and where they should not be used. My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail. If I can use any tool to protect myself from them, isn't it worth seeing that tool exist? As long as you are aware of the limitations. I absolutely agree with you on this. This is one area that I see as being an issue at the moment. Most users don't know what they (limitations) are. They are users of the tools, not experts. I use Firefox and HTTPS everywhere, so I'm secure, right…? Developers of these tools need to communicate, in an understandable way, to potential users where the limitations are. Developing a tool and releasing it is wonderful, but you need to communicate where it works and doesn't work. rant I would argue the HRD and NGO people on this list understand threats and threat-modelling better than the technology people, certainly in the offline world. The tech people understand threat-modelling in terms of where and how to use technology. Both groups clearly are in need of each other. The issue is they're talking on different planes. /rant thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On 13 Sep 2013, at 10:04, Eugen Leitl eu...@leitl.org wrote: On Fri, Sep 13, 2013 at 06:39:35PM +1000, Erik de Castro Lopo wrote: Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Baseband processors leave the system wide open to all kind of attacks. Countermeasure would be running the 2G/3G/4G stack in an open source SDR radio, or using an open source VoIP device that connects by WLAN to a MiFi, which is considered part of the untrusted Internet. The open source WLAN VoIP handset is more difficult than it appears. In practice you'll have to use e.g. Jitsi with an USB headset on a portable computer. Not exactly painless, and it opens you up to system compromises. If anyone is aware of suitable dedicated hardware, I'd be thankful for pointers. You've reminded me of an episode of the RiskyBusiness podcast, I was listening to a few weeks ago with the grugq. He was talking about the small USB powered device the TPLINK MR11U or TPLINK 3040. [1, 2, 3] He does talk exactly about the same issues - seperating your devices (in his case a laptop) from the GSM network using a portal device. He use is however a laptop, not a mobile device. But what he talks about is figuring out what you need to defend yourself against. I was listening to this thinking, if its so easy (The Grugq is using it! It must be secure!) then why isn't everyone using one? I have one on order from a trustworthy Chinese trader on ebay. ;) What I also thought was interesting was his *recommended* approach was buying a pay-as-you-go phone, presumably closed platform, with closed firmware. Secondly his choice of mobile device was *an iPad*! Seriously though, his advice was interesting. Has anyone else heard it? I'd like to hear opsec peoples' opinions. Hope that helps. Bernard [1] http://risky.biz/RB285 or http://media.risky.biz/RB285.mp3 (it starts at ~ 28:00 mins). [2] http://www.amazon.co.uk/TP-LINK-TL-MR11U-Portable-150Mbps-Wireless/dp/B0098AU7HY [3] http://www.amazon.co.uk/TP-Link-TL-MR3040-Portable-Battery-Wireless/dp/B00842KJOS -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
Stefan: Why not? Fabio, this sounds really interesting. Thanks for sending it. Now I need to go and sub to another list… On 12 Sep 2013, at 23:06, Stefan 2...@2904.cc wrote: But... PGP/GPG on a smartphone? Are you sure, that you want that? Am 09.09.13 00:56, schrieb Fabio Pietrosanti (naif): I forward this inquiry to Liberation Tech, considering the very good impact it will have in the near future. Fabio Messaggio originale Oggetto: Firefox OS with built in support for OpenPGP encryption Data:Mon, 9 Sep 2013 00:09:39 +0200 Mittente:Alex (OpenPGP.js) a...@openpgpjs.org A: OpenPGP.js Mailinglist l...@openpgpjs.org CC: martin.ku...@telekom.de, k.th...@telekom.de k.th...@telekom.de, c...@mozilla.com Dear OpenPGP.js community friends (in BCC), I recently had a short meeting with Deutsche Telekom and Mozilla in Berlin. They are currently collaborating in order to enhance the security privacy of smartphone users utilizing Firefox OS (FFOS). The initiative is also open for cooperation or partnering with other organizations and projects. In this context, one dedicated very valuable feature is built in support for OpenPGP encryption (e.g. based on the OpenPGP.js library). Anybody who is interested in contributing this functionality to FFOS is welcome to get in contact with the project. Firefox OS (FFOS) is a new open source operating system for smartphones and tablets. It is based on Linux and Mozillas Gecko rendering engine and provides open Web APIs that allow to run full featured web applications based on HTML5, CSS, and JavaScript. More information on FFOS development can be found under https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS . For further information and contacts with Deutsche Telekom, please feel free to contact the project lead, Dr. Martin Kurze (in CC), Telekom Innovation Laboratories. Best regards, Alex -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptogeddon
This sounds a nice idea. There was a similar idea (in its early stages) presented at SOUPS 2013 (Symposium on Usable Privacy and Security) earlier this year. [1] It was called Device Dash: An Educational Computer Security Game presented by Era Vuksani. Unfortunately the Era's thesis is not available just yet (May 18th). [2] The game was built around the player being a sysadmin in charge of a network. As the sysadmin managed the network, more devices (authorised and unauthorised) were added, and the admin had to react. As the user advanced s/he had access to better tools (firewalls, switches, IDS devices) to better manage the network. It looked fun and educational. All the best, Bernard [1] http://cups.cs.cmu.edu/soups/2013/program.html [2] http://repository.wellesley.edu/thesiscollection/38/ On 10 Sep 2013, at 10:51, Dan O'Huiginn dan...@ohuiginn.net wrote: I like this concept. I'd particularly love a more basic version of this, perhaps using openbadges to reward people who make it through a game-cum-course that lets them use security-related tools. A perennial problem in security education is getting people enough practical experience. That's particularly true of communication tools -- you need to pair people up to practice communication, which can be hard to arrange outside of face-to-face meetings. A game would be a great way of dealing with this. I'm thinking of something aimed at the fundamentals -- such as: - talk with this bot using OTR - read a clue that has been GPG encrypted with your public key - get some info out of a truecrypt volume - access a tor hidden service - send some text via a signed, encrypted mail [I'll add this to my list of projects for a rainy weekend, and meanwhile wait to see whether Cryptogeddon is anything close to it] Dan On 10/09/13 02:37, Scott Elcomb wrote: Just stumbled across this post and thought it might be of interest to some on the list. In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission. Further on the article describes the tools one may need to use, including but not limited to: * TrueCrypt * Metasploit Kali * Nessus * Amazon Web Services * w3af * Linux, Windows, OS X * Apache, IIS * GitHub * VirtualBox * Sysinternals http://www.softwarehamilton.com/2013/09/06/cryptogeddon-coming-soon/ -- Dan O'Huiginn Organized Crime and Corruption Reporting Project dan...@ohuiginn.net http://ohuiginn.net @danohu http://reportingproject.net skype:danohuiginn phone: +387 33 560 066. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Naive Question
On 9 Sep 2013, at 17:29, Scott Arciszewski kobrasre...@gmail.com wrote: Hello, I saw this article on The Guardian[1] and it mentioned a librarian who posted a sign that looked like this: http://www.librarian.net/pics/antipat4.gif and would remove it if visited by the FBI. So a naive question comes to mind: If I operated an internet service, and I posted a thing that says We have not received a request to spy on our users. Watch closely for the removal of this text, what legal risk would be incurred? If the answer is None or Very little, what's stopping people from doing this? Hi Scott, There was a discussion on another list (either Cypherpunks, or The Guardian Project lists) about a similar idea in terms of Lavabit, in the context of putting a header in e-mail messages to warn if an LEA (law enforcement agency) had forced the mail operator to give them access . From memory the person who mentioned them called them canary alerts? No doubt someone will be faster than me in finding said content, but from memory the crux of it was if the operator (in your case the librarian, or more likely the library owner) was served with a NSL, or some secretive order, they would be breaching the secrecy of said order if they alerted the public in anyway. And presumably you'd be in trouble. :) Let me find the original mail if possible. Hope that helps. Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] MEGApwn - recover your encrypted MEGA master key
As if there weren't enough reasons to not trust Kim.Com. What is MEGApwn? MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing. http://nzkoz.github.io/MegaPWN/ -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Request for participants for HCI study into the use of mobile apps
Hi all, I'd like to ask list members who are based in London, or *who will be in London anytime during September*, to participate in my research. I am exploring the use of mobile apps by investigative journalists, human rights and NGO workers. - Are you an investigative journalist, NGO or a human rights defender? - Do you need to communicate securely and privately with co-workers and contacts? - Do you use mobile devices regularly? - Can you give me 1 hour of your time to take part in my university research project about mobile apps and trust? If you can answer YES to these questions, then I would love to talk with you. As thanks for taking part in my study I will cover tube/bus expenses, make a donation to your organisation (or organisation of your choice) or compensate you.  Contacting me: - by unencrypted e-mail bernard.tyer...@city.ac.uk - by Twitter @bernardtyers - by encrypted e-mail: If you would prefer to communicate via encrypted e-mail please use: ei8...@ei8fdb.org and this key http://bit.ly/BernardTyers-GPG-Key I have also created this flyer for people who'd like to send it to colleagues, or contacts: http://www.ei8fdb.org/bernard/participant_recruitment_page.pdf If anyone has questions, then please let me know. I'd be happy to answer them. best regards, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
Hi Richard, Depending on the information your colleagues want to collect, and depending on how onerous the control of the telco system is, FrontLine SMS might be useful. http://www.frontlinesms.com/ http://www.frontlinesms.com/technologies/frontlinesms-overview/ Hope it helps, Bernard On 27 Aug 2013, at 17:36, Richard Brooks r...@acm.org wrote: I have colleagues living in a small country, far, far away with a history of rigged elections who want to put in place a system for collecting information using SMS. The local government keeps shutting down the systems that they put in place. I think I understand their needs and wants. SMS is really not my strong point. If anyone with an understanding of SMS, SMS web interfaces, and/or related security issues would be willing to point me in the right direction (or discuss potential issues) I (and by extension they) would be grateful. The alternative is for me to dedicate my excess cycles to researching those issues from scratch, which sounds time consuming. They kind of need help in the near future. -Richard -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?
On 15 Aug 2013, at 19:09, Kyle Maxwell ky...@xwell.org wrote: On Wed, Aug 14, 2013 at 5:18 PM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: My issue is with - Hacking is bad when people do it. It's ok when the government do it. To play devil's advocate for a moment: isn't that true for a lot of things? I'm not going to bite! ;) The State is, in general, very jealous about its monopoly on things like violence and taxation, and (modulo anarchists, many of whom I love and respect) the majority of people are okay with those things. I don't think most people are necessairly the same - extreme example, but I don't think I've ever heard normal (sure define normal!) people being ok with violence when carried out by states. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure alternatives to Dropbox?
On 14 Aug 2013, at 22:01, Web Admin webad...@cpj.org wrote: Are either of these servics a more secure alternative to 3rd party services like DropBox? My reasonng is that a hacker would first need to know you host your own cloud in a articular way to attack it. Is my thinking too simplistic? This is something I have been thinking about for a while myself - do I keep my web hosting, mail, filesharing in the cloud or do I do it myself? I have the experience and knowledge to do mail, web and file share hosting, but do I want the extra hassle? No, I don't think your thinking is too simplistic, I think you've got to figure out who's out to get you? Each has it's pros and cons - hosting your file sharing on Dropbox is probably going to keep you reasonably safe from nasty hax0r5 but it's certainly not going to keep you safe from government surveillance/interception. It's also essentially zero-systems admin. Are there oher services to consider? Activists and journalists are the typical groups who use dropbox, not considering the risks they are taking. It would be good to be able to advise folks on more secure alternatives, if they exist. I found a nice link listing a number of alternatives to Dropbox/Google Drive etc. A lot were based on Bittorrent, which may or may not work if your ISP is acting the a$$. Others were based on Git. [1] https://aerofs.com/ http://ajaxplorer.info/ Bittorrent: http://labs.bittorrent.com/experiments/sync.html (os x, windows, linux, android) http://cryptosphere.org/ (Maybe not exactly bit torrent but definitely p2p) Git: http://git-annex.branchable.com/ (os x, linux, android) https://github.com/axkibe/lsyncd I am not recommending any of these, as I am still trying to figure out which is the best *for my use*. Ultimately I want to end up doing my own file sharing, and e-mail for myself and 3-4 other people. I'm looking for options that are easy to use; many journalists/activists won't use something complicated (which is of course an issue). There in lies the issue; define easy to use and complicated. These tools still need a certain amount of knowledge, self-sysadmin, hosting knowledge, and a bunch of other work you are now trading for your zero-admin tools. Nothing a person couldn't learn, but - you'r trading one set of issues for another. If there is *anything* good that came out of the Edward Snowden bombshell is that security, privacy and encryption is now on the discussion of a way more mainstream group of people. I was thrilled to see 2-3 days after the news broke technology people on this list saying (admitting?) encryption is hard, it's not usable. (This is not a jibe at technology people, but you have to admit we're are own worst enemies sometimes.) These tools have a long way to go, but they've certainly gotten better. It's becoming the norm to have a GUI nowadays, fancy that! For the moment, I think activists and journalists still need input from your friendly technology person. Thats not to say they can't be self hosted. The more people involved in making them the better. For what its worth, I am playing with arkos.io and BitTorrent Sync. I still haven't found how Bittorrent Sync fully works, it seems your data needs to go through a BT node, which is not a good idea. I hope that's helped in some way. Bernard [1] https://news.ycombinator.com/item?id=6071604 -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure alternatives to Dropbox?
Hah, we all must have read the same article.. ;) On 14 Aug 2013, at 22:42, elijah eli...@riseup.net wrote: On 08/14/2013 02:01 PM, Web Admin wrote: It would be good to be able to advise folks on more secure alternatives, if they exist. free software: * http://seafile.com * http://sparkleshare.org proprietary: * https://wuala.com * https://spideroak.com * http://labs.bittorrent.com/experiments/sync.html (BitTorrent Sync) As mentioned previously, sparkleshare requires you find a git host. Of the bunch, Wuala is by far the most powerful and friendly. The spideroak UI is odd, and there is also the mysterious change in how spideroak says they handle passwords. Seafile seems very promising. The other free software contender, Syncany, appears long defunct. BitTorrent Sync is server-less. -elijah -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure alternatives to Dropbox?
On 14 Aug 2013, at 22:47, mark burdett mfburd...@gmail.com wrote: I finally tried Bittorrent Sync this week and it seems to work quite nicely for serverless file-sharing (mostly, as there is a server fallback to get around firewalls). Too bad it's not FLOSS so I can't actually recommend it :/ Hi Mark, Can you explain the path the data takes from DEVICE A to DEVICE B? I don't understand it, or am looking at the wrong thing. Can I limit the peers my data goes through? Thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?
On 14 Aug 2013, at 20:42, The Doctor dr...@virtadpt.net wrote: Signed PGP part On 08/13/2013 05:37 PM, Bernard Tyers - ei8fdb wrote: Haven't hackers always been portrayed in a way to scare people? * If it's not dDoSing script kiddies, its zombie network owning Latvian mafias.. Or SysOPs using their BBSes to move satellites around. I still have that bit of comedy gold tacked to the wall in my office. Heh. Yes, realigning the geostationery birds in..5, 4, 3, 2… If this *is* the case, how can General Alexander go to Blackhat 2013 and say (paraphrasing) we (CIA) use the same tools as you do. Help us protect America by teaching us rad haxoring skills.? Statistically speaking, a small number of people in the audience at Blackhat watching him are likely to throw their hats and CVs into the ring for a chance at a job. It probably wouldn't have the greatest success rate, but anymore any help one can get is welcome. Sure there is there will always be those lost people who want to play with the coolest toys. My issue is with - Hacking is bad when people do it. It's ok when the government do it. Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Lavabit stored user passwords in plaintext?
On 15 Aug 2013, at 00:01, Tom Ritter t...@ritter.vg wrote: On 14 August 2013 18:29, Bernard Tyers b...@runningwithbulls.com wrote: I came across this article outlining historical operation of Lavabit's services. http://highscalability.com/blog/2013/8/13/in-memoriam-lavabit-architecture-creating-a-scalable-email-s.html It mentions in two separate places that they stored users passwords in plaintext to allow key generation and encryption to take place. No, it said in two places it SAW the plaintext password of the user. Not that they stored it. Hi Tom, Yes, you're right. My mistake. But is my second question not still valid? If SSL was compromised would the user not then be compromised? Is: …we generate public and private keys for the user and then encrypt the private key using a derivative of the plain text password. the other side of: …we need the plain text password to decrypt a user’s private key…? This is where they saw the cleartext password, and held it in memory for that time period? Does this give some indication as to what the government agency (whichever it was) were making Lavabit implement to allow it to surveil Lavabit users? thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Lavabit stored user passwords in plaintext?
On 15 Aug 2013, at 00:20, Tom Ritter t...@ritter.vg wrote: On 14 August 2013 19:11, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: Yes, you're right. My mistake. But is my second question not still valid? If SSL was compromised would the user not then be compromised? Is: …we generate public and private keys for the user and then encrypt the private key using a derivative of the plain text password. the other side of: …we need the plain text password to decrypt a user’s private key…? This is where they saw the cleartext password, and held it in memory for that time period? Does this give some indication as to what the government agency (whichever it was) were making Lavabit implement to allow it to surveil Lavabit users? IF, (big IF) my understanding of Lavabit's architecture is correct, then if you gained access to the user's SSL session, and then also access to Lavabit's server where the user's data and (encrypted) private key is stored - yes you'd have undermined the whole thing. * There's another thread on LibTech speculating about just what the government asked Lavabit to do. In it, Jospeh Lorenzo Hall theorizes that they were asked to sniff on people's passwords (or their private keys) in memory so the government would be able to decrypt their mail or private key into the future. I have *a little* experience (a long time ago) of using RAM Cache for holding databases to speed up retrieving results to search queries - similar idea? In this case, holding users passwords in volatile memory for security? Presumably this would be an easier job to do instead of attacking SSL sessions, since you (the operator) have total access to the hardware? This makes sense to me and fits with everything I have in my head - but to be clear I am speculating based off one person's explanation of how something technical worked to the media. I know how individuals will change their statements to explain things, and how the media will often reinterpret technical statements to make them functionality different from how things actually work. Don't worry, this is for my own understanding. I won't quote you :) * It's worth noting that designing a system where that is not true, while not requiring the user to move a key from device to device, and not requiring the user to use special software to read their email, is both extraordinarily difficult and a massive engineering effort. Understood. Thanks. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?
Haven't hackers always been portrayed in a way to scare people? * If it's not dDoSing script kiddies, its zombie network owning Latvian mafias.. If this *is* the case, how can General Alexander go to Blackhat 2013 and say (paraphrasing) we (CIA) use the same tools as you do. Help us protect America by teaching us rad haxoring skills.? *: I still have a problem with the incorrect use of the word hacker here..but it's already passed into common usage. On 12 Aug 2013, at 22:55, michael gurstein gurst...@gmail.com wrote: -Original Message- From: dewayne-...@warpspeed.com [mailto:dewayne-...@warpspeed.com] On Behalf Of Dewayne Hendricks Sent: Tuesday, August 13, 2013 4:32 AM To: Multiple recipients of Dewayne-Net Subject: [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights? Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights? Has terrorism grown a little stale as an all purpose boogeyman? By Digby Aug 12 2013 http://www.alternet.org/are-hackers-next-bogeyman-used-scare-americans-givi ng-more-rights Marcy Wheeler has been speculating for a very long time that the real purpose of all this NSA collection isn't terrorism, it's hacking. These comments last week from Michael Hayden lend a lot of credence to that theory in my eyes: If and when our government grabs Edward Snowden, and brings him back here to the United States for trial, what does this group do? said retired air force general Michael Hayden, who from 1999 to 2009 ran the NSA and then the CIA, referring to nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven't talked to the opposite sex in five or six years. They may want to come after the US government, but frankly, you know, the dot-mil stuff is about the hardest target in the United States, Hayden said, using a shorthand for US military networks. So if they can't create great harm to dot-mil, who are they going after? Who for them are the World Trade Centers? The World Trade Centers, as they were for al-Qaida. That's just a tiny bit overwrought for an allegedly serious expert, don't you think? In fact, it sounds like the kind of thing we heard from various members of the Bush administration during the early days after 9/11. And it certainly indicates, as Wheeler has been speculating, that the government is stretching the terrorism laws to include hacking. They certainly are using the same histrionic language to describe it. Under Hayden, the NSA began to collect, among other things, the phone records and internet data of Americans without warrants after 9/11, a drastic departure from its traditional mission of collecting foreign intelligence. A variety of technically sophisticated collection and analysis programs, codenamed Stellar Wind, were the genesis of several of the NSA efforts that Snowden disclosed to the Guardian and the Washington Post. [snip] Dewayne-Net RSS Feed: http://www.warpspeed.com/wordpress -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Advice: recruiting participants for usability tests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'd like to ask advice of people working in human rights, civil rights, investigative journalism communities. I am doing my MSc in human-computer interaction, focusing on mobile Privacy Enhancing Technology tools, a lot of which are discussed here. I am focusing on users from the investigative journalism, human rights workers circles. I want to recruit non-technical/security experts, people who use these tools, but have limited understanding of how they work. To recruit participants, in the commercial world, I would put out a call to recruit users, offering financial compensation (£20 per hour / £15 Amazon voucher...etc) to entice people to take part. My understanding (possibly incorrect) is the people I am focusing on are not driven (solely) by financial gain. Therefore I have a question: What is the best approach to use to recruit participants for my usability testing sessions? So far, I have come up with the following approaches: 1. Offer to make a donation to the organisation they work for. 2. Offer a financial compensation as detailed above. 3. Offer to cover travel, and lunch expenses. 4. Offer nothing. I'd like to hear people's feedback on these approaches. Are all/any valid? Are all/any acceptable? Any other suggestions? On or off-list feedback greatly appreciated. thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR/3qmAAoJENsz1IO7MIrrJ8sH/15Mcr+YHYsEAtjAGZlTlQ3w kz9aWDc6+CTCywfdFUXlrdu92tcFKw4h+yP5EFulKXYtwEq9oAU+lhr5fw7kcbYF d5l/SK6GBpsDjahYWqW2naeDBEkHeo8IPR0py6Cyt6GTbX0piNPoXzIJe/4xRDhN +Lw3EX5z/ni8AHdDaQyOXQo4J5XLUUdUAXdZaemSuekWsadcvy2a1RSOrZeVD2qQ 5y7LLvhWNc4rLdBSEjQRdL8vJIAXyEMe9zYU2Ag2t/UiiHRXD6I/YCHWCP6iH5MV QT6E1bxXOcigkKuFoahunCWTRxBIOZl92wahYPV50S8Lv1ItEKnOswlnGljBuCU= =0nbj -END PGP SIGNATURE- -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Firstly: this is not a anti-Tor/pro-anything/anti-developer comment. If anything it's pro-have_some_understanding_for_people point-of-view. I contribute to Tor as I believe it can do a lot of good. As I understand it, the issue was: a compromise affected older TB Bundles, based on a previous version of Firefox. TBB prompted users to update to newer versions of within $X days of release. It wasn't the Tor network that was compromised, it was *some* software running to provide a Tor Hidden Service. Which we still don't know exactly what that was? (It would be nice to know) Neither do I think you can expect the Tor Project to follow every commit to Firefox. (Although using any software, based on trust, in this world is not the best idea.) If anyone should get blamed, it's the operators of the THS (currently it seems it was Freedom Hosting and Eric Eoin Marques?) that were the cause of this compromise. They are the douches in this shitstorm. All good so far. On 5 Aug 2013, at 18:45, h0ost wrote: Mozilla posted the advisory on June 25th. https://www.mozilla.org/security/announce/2013/mfsa2013-53.html and a TBB update was provided 5 days later: https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released - and uses a version of FF that the advisory says fixes the issue. So what's the problem that Nadim Kobeissi is pointing to? The vulnerability was patched by Mozilla, then subsequently incorporated in the TBB. If TBB is updated, and a user doesn't upgrade their TBB bundle, that's the user's fault, not Tor. No? Yes, I think. If you want to find fault with some party, then sure it's the users fault. But that's not very helpful in a case like this. If it was MS Word, or Mail.app, blame the user. Tor and TBB is not the easiest of privacy protection tools to understand, even for some trained technology people. It would be nice to know the percentage of technical experts using TBB. You *cannot* expect someone who is not an expert in cryptography, comp.sci, or computer technology in general to fully understand the consequences of using software tools. If you have a problem with that, then go and design software for developers. I know your comment was off the cuff, but this is one of the reasons why this shit is so bad. It needs to be designed with _real_ people (not cryptographers, or comp.sci or telecoms) in mind. Real people who use these tools to communicate. Everybody in some case, is just a user. It wasn't essentially The Tor Project's fault, but they are dealing with it now. Shitty I know. The take home message of the day: keep your shit up to date. Exactly. Nothing more, nothing less. It's like brushing one's teeth, you learn that you have to do it for your own good, and then you just do it. I don't think you can compare tooth decay with your security getting compromised. Really. The only question I have is -- is there anything more that can be done to warn users their stuff is out of date? We're already visited with a warning that our browser or other tor-related software is out of date upon launching it. Do we need scrolling text? blinky lights? Should it be disabled once it is out of date? Maybe that can be an option set by default. Thoughts? I don't think so. TBB already warns when there is an updated version of the TBB, so I really think it's a culture change on part of people who don't upgrade immediately. Hard thing to fight against, but maybe such events will make people more cautious in this way. By what Roger Dingledine from Tor has stated in a previous mail, The Tor Project provided the you need to upgrade message promptly. I don't know if that is enough. (But it is certainly a lot more that other providers of software would do.) Maybe disabling out of date software would not be a bad thing? (Personally I don't know if thats a good approach, as users may use less secure methods to carry out their tasks) My point is, there should be some research into finding an answer as opposed to apportioning blame. Flame-retardent suit on. Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR//l0AAoJENsz1IO7MIrrZs4H/j1b4vZj17cgFdMb5LcGcZz3 YcNKktzRhcD92mmFQo+XyIY1Mp0gas592y5Ah/Q+yXTWQpjZkNgMS/uZXWOgXnf5 tBVHYL9pIOc5BoTMIXukuYhevnVXb+KORZiUpYgL7wncIqjC7N5oor4np53tp3pk KxQRDHZ4eYpDveLPs4vntECRiR2gfQygKNAuTDxUQgef8OjKG0NyOJGqMj31snee R4pqkcszyLyqTlc+q2FVaB4VtsU6LTStG/dt57ts9ZiMxIiuhOAtfc53j6t1cguh 1pgs6NxWzcOdUTPOhySxLjRguiO/oT2iNq2UB69YhEp3SDkecrW/Yu2/KjDTmjY= =Mr+D -END PGP SIGNATURE- -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or
[liberationtech] Freedom House / Tor Hidden Service compromise traced to SAIC/NSA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this true? http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/ Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia. Further analysis using a DNS record tool from Robotex found that the address was actually part of several blocks of IP addresses allocated by SAIC to the NSA. This immediately spooked the researchers. [1] http://www.domaintools.com/research/ip-explorer/?ip=65.222.202.53 [2] http://www.saic.com/ [3] http://pop.robtex.com/nsa.gov.html#records - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR//4kAAoJENsz1IO7MIrrgOYH/0eT8ma9d16jvrYNfxiuBUUb oymDo3f1GTngBHMYSK0NAY797rYmy2QHlIuYhEJKKYurs2yHjDvpL2uu99e2i/4k vQ+hJWncju9lXRQRQ3gV5qXhDRk6pkPMs1/XRdEUalc1ltwws/TE6Y3iJ0Mm9FVX 21P8qPmQtCzPiwaUTheysrpPqSqJdhFQZp0cMrWUScbjm2n6niksQpOc14f5te0R 08jx9ja9z8hbp8oxj2i7opkjHutTme/rIj/FVraGVprBbR5Jc6SsUYCeGm5+Mje4 oIK8BItHzQcYEI9Qo5+BacNus3dWR/n++RyEMO961x7/R/BqcBy4QbsNaJWqnYw= =pX4u -END PGP SIGNATURE- -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 Aug 2013, at 21:08, Al Billings wrote: You realize Tor didn't know this vuln was an issue until two days ago? I presume thats directed at Griffin. The Tor Browser Bundle is based off of Firefox ESR releases. All the high profile security issues fixed are listed on the Firefox ESR known vulnerabilities web page. You want them to copy that page for you? How many TBB users will go to the Firefox ESR vulns. page to research the potential and found vulns in a piece of software they don't know they use? Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJSAAiCAAoJENsz1IO7MIrrzu8H/iXWJoVySQgfF3j6lPfiYqH1 qYQUuBhz1qOThuwWpZZOgbLfUICY0uSBU5cxD1AP3efzLrXXF3cUg3d6oUWjZg8G tS7DRM4Yay5NBI9YgHWolkSaOpK/0qvL1/LOcjGzbrIswbVNVvXQQUDCHL/0Le/1 Kv+1ErF0TC/WVUfSPwk87H2XBOoA0CPDVn4afXLXWHVgIenbVCat/MROG7UpicTc k+2fGoRc9nWjo5MEEmPmeTEA2NCztpKN+A8qZOsemc4Pa7EJX4naJlbc5sj9vbZV RLIIfocaTTWGW1M0VIeQTaSx9ZHcUHuY3THiyRa9Q1zu2WhD+bkWFX7Mq+kDjMM= =h6KP -END PGP SIGNATURE- -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Rumours of Zimbabwean telcos blocking signals sending pro-govt messages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zimbabwean telcos are battling rumours that they have been both blocking signals to obscure election transparency and sending pro-ZANU PF messages. Interested to hear anything to this effect from others in Zimbabwe. https://plus.google.com/100542281475595424607/posts/49Ftsd7iSvh http://www.techzim.co.zw/2013/07/no-whatsapps-failure-to-connect-has-nothing-to-do-with-elections/ “We had an issue after upgrading a node last night but as of 10:30 [this morning] it was resolved,” said Leon de Fleuriot, Econet General Manager: Products and Services. de Fleuriot also said that they are contacting all subscribers via a bulk message to let them know there was an issue and it’s been fixed. - -- Upgrading a node is unspecific enough to be suspect. - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR96TwAAoJENsz1IO7MIrrducH/iSD+J1NagcRc8qAo3pWh3Jz 2dqBrKkPki1wSbXbF2Qk6ec2pLEnzCTYAPnIjFvamHEXcNk4JBPQ1eYlEBGjftNk +C5FberHOc1khhofNbC8/0nqmwTQu0Bucf8eJnG5Fy5KtGsHfyMlWED7Rmb+c6Hc HNjUJkJDCHs+hPh2cbbSPhTJX3vEDIXHafXTiz9vNm+KazAFymzy1d0Qdsn4wM4W PUlgx/E+yXaZzIESQ1Rrxu8tbrPqT5O68RmsRPWSh/vqK4FalEFK10+ClQLW3khy MqeRinEDe7P2UmMWtkVy+w0tG4lLAgb7eGOaw6UaaSHf661PfX+KX7UiI7MDWJ4= =XUVr -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internet misuse in Gambia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29 Jul 2013, at 15:26, Richard Brooks wrote: New law in Gambia makes using the Internet to incite dissatisfaction with the government punishable by up to 15 years in jail and $100,00 fine: http://frontpageinternational.wordpress.com/2013/07/28/internet-is-being-used-as-platform-for-nefarious-and-satanic-activities/ Looks like other governments are following David Cameron's lead. He could also add satanism to porn in his new firewall. Wow, incite dissatisfaction? I don't suppose they've been helpful by defining what dissatisfaction is? Is complaining about government bureaucracy on Facebook incitement of dissatisfaction? Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR9piNAAoJENsz1IO7MIrr8FcIAIS3hUqGr54XSasZHEec7gyt lPfKwSbyYKIBjCzNuZqRrtjpRd9OuKfTmguuVRE8Nb0MJzpdmHQx8o1YqYjQD0Jc 9aAfk+L8MzkvjyjdieHdWV6JBu0OWGxYvrUF8Qnqk3i4IE70lCVOfpVY/9Vt7t5M 5Wc8EwLgMuby1kRmEfyQVjiISvBaY4cBwbjtN/T0javFo+KaK5tAWPh7uwz3aIC7 NZE7Munclc14kI1/bIT1++uRdL79esfVpt1Pn7SZpNVMbxahrBlWhOsIwQaBCmI7 +qRy4uqM/2X51mcxEJLPF7Fk+0p2T1QD+FogZS7lkVY9c4XV4N0ZHm9xibbZOU0= =IgoW -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: [jitsi-users] New XMPP Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For those interested, these two forwarded mails mention two separate secure Jabber servers with no-logging. I cannot vouch for the validity of them. IMO, any alternative to running the now closed (as in no non-GTalk users can talk directly) Google Talk service. regards, Bernard Begin forwarded message: From: John Perry li...@jpunix.net Date: 28 July 2013 09:21:23 GMT+01:00 To: Jitsi Users us...@jitsi.org Subject: Re: [jitsi-users] New XMPP Server Reply-To: Jitsi Users us...@jitsi.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/27/2013 5:44 PM, Anthony Papillion wrote: I know that Emil has stated that the jit.si server is an experimental one and, with the developed focused on making the Jisti software even more kick butt, it's probably a bit hard for them to constantly troubleshoot server and config problems with the service. So I've set up a similar service at http://patts.us and invite anyone interested to use it. We support voice, video, and IM and run a Jingle node. We are also completely unlogged (even the web server). Just putting it out there to anyone who's interested. Not trying to poach users from the jit.si service. Hopefully, this will give Emil and the team a little breathing room. Best Regards, Anthony Papilloon I don't want to steal any of Anthony's thunder but I also have a server located at xmpp://chat.jpunix.net that has no logging and pretty much does what Anthony's does and is open to anyone that want's to use it. - -- John Perry == Begin forwarded message: From: Anthony Papillion papill...@gmail.com Date: 27 July 2013 23:44:36 GMT+01:00 To: Jitsi Users us...@jitsi.org Subject: [jitsi-users] New XMPP Server Reply-To: Jitsi Users us...@jitsi.org I know that Emil has stated that the jit.si server is an experimental one and, with the developed focused on making the Jisti software even more kick butt, it's probably a bit hard for them to constantly troubleshoot server and config problems with the service. So I've set up a similar service at http://patts.us and invite anyone interested to use it. We support voice, video, and IM and run a Jingle node. We are also completely unlogged (even the web server). Just putting it out there to anyone who's interested. Not trying to poach users from the jit.si service. Hopefully, this will give Emil and the team a little breathing room. Best Regards, Anthony Papilloon -- - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR9QQmAAoJENsz1IO7MIrr6ZcIAKxL8vUD8/BuCzQckcJQDUOw draNqwLOu+RIzm2IASVSeqw5SiXl0XRxUEi4MiBdRJuYOXumhrM2SScsAWyYLPJx bvoogbPRaN3jaAvH8opGUoL/GUnlyO9lSxEuQKlxb8cLV+b9Ub4HwBJbyCtMWc7T aOjzgGW3AnpXhWMftaYGkLeBH+zDgWW1VwL6fRKcYNWwcpHF6+RALVdwgtTeVSwX aH5HH7Pnowl8wIYAefycXktx5swhpYlbwuJZ392odcJUaxMgTzgd4wF/4vovXjtn uJR8ChFSGw05oZq8deVR/J3DTSivfzL4lCkfOxZ8y0HRX/XCrv/uOFAt7hUysAE= =oWr4 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [jitsi-users] New XMPP Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28 Jul 2013, at 13:21, John Perry wrote: On 7/28/2013 6:44 AM, Bernard Tyers - ei8fdb wrote: For those interested, these two forwarded mails mention two separate secure Jabber servers with no-logging. I cannot vouch for the validity of them. IMO, any alternative to running the now closed (as in no non-GTalk users can talk directly) Google Talk service. regards, Bernard Begin forwarded message: From: John Perry li...@jpunix.net Date: 28 July 2013 09:21:23 GMT+01:00 To: Jitsi Users us...@jitsi.org Subject: Re: [jitsi-users] New XMPP Server Reply-To: Jitsi Users us...@jitsi.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/27/2013 5:44 PM, Anthony Papillion wrote: I know that Emil has stated that the jit.si server is an experimental one and, with the developed focused on making the Jisti software even more kick butt, it's probably a bit hard for them to constantly troubleshoot server and config problems with the service. So I've set up a similar service at http://patts.us and invite anyone interested to use it. We support voice, video, and IM and run a Jingle node. We are also completely unlogged (even the web server). Just putting it out there to anyone who's interested. Not trying to poach users from the jit.si service. Hopefully, this will give Emil and the team a little breathing room. Best Regards, Anthony Papilloon I don't want to steal any of Anthony's thunder but I also have a server located at xmpp://chat.jpunix.net that has no logging and pretty much does what Anthony's does and is open to anyone that want's to use it. - -- John Perry I want to clarify the secure part of my server. It is secure in the regard that it is my own server that I have physical access to (it's in my house). It doesn't have any logging turned on and I have no intention of turning it on. Anyone is welcome to use it that cares to. As far as my trustworthiness goes you are welcome to Google jpunix.net and jpunix.com to see the history of my domain and my participation in privacy and security issues. Hi John, Apologies if my comment sound insulting. It was not meant to be, more just matter-of-fact - I had no knowledge of how secure/insecure your service was, and therefore didn't want to sound like I had any assurances. I was going for healthy skepticism as opposed to disbelief. Not sure if I succeeded. IMO everyone should run their own Jabber server at home. It'd not that difficult. regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR9RDIAAoJENsz1IO7MIrrm3wIAMhU1HwHte3CPbQ8JqLOMWhX 4DuZ0HD7yv5SW+6MwHrPEc/9B3GuIrnWPQs+8aQpAtkRx36b1p7QXIi49HfzSsaY Mu35h0L5fZdYVjhxy4WuC/g/+Dlyu+QmSsZTJbBvPWuLevttKrD7vVhTrzkKHMre eYSMkoxuiaiNq9guUaSTQDQW/cCDCk5/UEZptYQSOKXtdZpz8AE6zMS4nvcvA0+0 l4kgtkpuPwd68xQ42ZFeyBFKZ+XcCLB9Ng8KlIiCDWOGdSACO6avar+zf3phu0+P 8M0OxNHpWJQLnemknW1yGULpb9VtwnzJHDnL5xE7TLYyiWQSEWnmZxf7KDR3FY8= =crVL -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Anyone at SOUPS 2013 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Is there any Lib Tech bods at SOUPS 2013 this year? If so if you want to say hello, let me know on/off-list. Don't forget you're fan and bottle of water! regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJR75lcAAoJENsz1IO7MIrrrM8H/iNTRD0K9QuFyGR+Khw9/yH9 YijxnrVBk51IYpuF1ericrlrOIztD+HgUAfzvF/34V/swWG1hFxNd06WwweJquI8 sRL6oFMlNrloDH99hluuCcOdxBsLQdBPwe33NHj/ufrXpmdxAfFz5r/SK+8AFYiN WRq5hWh7gux0qDTBjA1iTDzaUE8umEJhCwHEVGdbmFItJEW3RNc4MQ1ym+TkWMv6 /rUChIFIOG31vM0ZZZ+hkIuSdIEHRIBUaXT4NlhVxuo/X77kT+3xpul8PV36kBT6 CVwLJ6trm8YzX5po0sheDPiO9nkSpcaW2a/ufpkaOcee/vP9C73qEDqjq4v/2VQ= =35Uz -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internet is designed for surveillance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Bob, I agree with you on the whole but I'm going to argue some of your points. On 26 Jun 2013, at 17:03, Yosem Companys wrote: From: Bob Frankston bob19-0...@bobf.frankston.com The current implementation of the Internet is hierarchical in that we get IP addresses from provides and then use a DNS that is rooted. Well, its decentralised hierarchical I guess. To be fair, there is nothing from stopping you or I from running our own DNS servers. However, at some point, I guess it will have to get its answers from root servers. We go even further in requiring that we conform to conditions on our intent (AKA our use) of connectivity in order to get a temporary lease on something so fundamental as our identity in the guise of a DNS name. We go further by accepting the idea that we communicate within pipes owned by service providers who can dictate terms in order to extract a rent. Someone has to build, maintain and expand the backbone infrastructure. I'm not for one minute saying the Verizon's, ATT, Vodafone's of the world are the best to do this. But it is expensive. Nowadays telecoms operators are more interested in sponsoring sports stadia, or film events than paying for the hardware needed. Thankfully this is causing their destruction. David Burgess from Open BTS said this about telecoms last year: will be served by companies that look and work a lot more like Red Hat than like Nokia-Siemens. I see that vision too, and I see products (not projects, products) like OpenBTS and OpenBSC.having places in that world. If we are correct about this vision of the future, then that small gathering of hackers.may have held the seeds of a revolution that will fundamentally change a multi-trillion dollar industry. [1] These are the kinds of projects are the way of the future, but they still rely on infrastructure companies to carry packets to reach maximum range. Once you accept such an architecture and such rules it seems disingenuous to act surprised when those whom we’ve put in charge take advantage of this control for whatever purpose whether for advertising or for our safety (real or imagined). Why so? We pay them for a service to provide us connectivity. We do not pay them to facilitate worldwide surveillance with no basis. Governments and LEA enforce legal interception protocols and build in requirements for any nation who wants to build a 3GPP standard mobile phone network to install legal interception equipment. By this I don't mean Finfisher or other sickening weapons of mass surveillance. Advances in communications technologies like LTE/SAE (4G) have built into their core Deep Packet Inspection. This is there for network management purposes, but lets be honest, it can (and is) used for other reasons. I would be amazed if any private individual asked ETSI (European telecoms Standards Institute) or ITU (International Telecoms Union) to require telecoms providers to install surveillance equipment. This is a legal battle. We may ask for restraint on the part of those who enforce the rules but every time there is an outrage (often called terrorist attack) we (perhaps not the same “we”) demand more surveillance. We demand more surveillance because we have been blinded by the more surveillance protects us. I have been happily surprised by the number of conversations I have had since this Prism story was released. The number of times I have been banging on to people about these topics. People are starting to consciously realise and importantly *becoming angry* about these events. The ideas behind the Internet – the use of raw packets that have no intrinsic meaning in transit – should enable us to communicate without having to agree to all of these conditions and without subjecting ourselves to prior restraint. For me the issue with privacy on the Internet s not that it *is* designed for surveillance. It's that it *was* designed for open, transparent communications within a restricted self-controlling group, who all-in-all had no intention of doing anything bad. I read an article about, I can't remember exactly who, (Vint Cerf, Bob Metcalfe, Bob Kahn) and they were asked what were they thinking about when they worked on early Internet protocols. There answer was (paraphrasing terribly): I wasn't thinking about the military generals thats for sure. While I have the utmost respect for the mothers and fathers of the Internet, they failed future generations by not building privacy and security into the founding protocols. For me, as a result, we are now in the place where we are today - trying to fix the sticking plaster onto the big open cut. Even if we didn’t fully appreciate the idea of raw packets we still have to wonder why we accept a rent-seeking approach for something so vital as our ability to communicate. I agree, but while it's not the *exact* same
[liberationtech] USA Today panel with 3 American Whistleblowers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This might be of interest to people.. http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/ A round-table discussion with Thomas Drake, William Binney and J. Kirk Wiebe. I thought these videos were terribly interesting, and powerful. I also thought Willliam Binney's view that Edward Snowden was potentially crossing a line from whistleblower to traitor with the release of information about the USA's alleged hacking of foreign computer systems is interesting. Is he right? Does it matter? - -- Q: There's a question being debated whether Snowden is a hero or a traitor. Binney: Certainly he performed a really great public service to begin with by exposing these programs and making the government in a sense publicly accountable for what they're doing. At least now they are going to have some kind of open discussion like that. But now he is starting to talk about things like the government hacking into China and all this kind of thing. He is going a little bit too far. I don't think he had access to that program. But somebody talked to him about it, and so he said, from what I have read, anyway, he said that somebody, a reliable source, told him that the U.S. government is hacking into all these countries. But that's not a public service, and now he is going a little beyond public service. So he is transitioning from whistle-blower to a traitor. - -- - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRwD30AAoJENsz1IO7MIrre1cH/0eltLgt8VjbnXK9a4lLAAlz gg9zZMyn0oq+VdFGCdxN0kSYfc+Y0fmRr/XuTOdvsRpCR3fw5X8yJr7w/psYthW/ DAqdjo4o5PNqeP0eEuA2DEGvjoTAo78hgr5mlqWmAdzkuClu2z8r9w3Y3zgVsbmg R7gO2YgcGxzsfaHuvlmkTxMZBnMCGw5uZY042kwU1DTPfPqkA2vuCU9w1dLFZ0Rn ymrwIS15rY8p2OUxF8X1Xx19DeseOpag/AJDDzGHP2+4mw01wyF7DPzVmNON6vZy MJp6O/7k5cvWIbXwEhmP4fmQmJr+m0BqxB1jnUhcMAJcMKrYUmrBfemQhW6xaNU= =etuN -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Help test the new Tor Browser!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Congratulations Tor Project. Well done to Mike Perry and all the contributors. I've tested it on Mac OS X 10.6.8 and Debian 6.0 Squeeze and I had no technical issues on either. First launch (using clear Internet connection) took approx 40-50 seconds on each. (Debian was running as a VM on a Macbook Pro) The biggest usability hurdle for Tor (IMO) was having the browser launching separately to the Tor application. I've tested with users and this was a huge confusion for them. It wasn't a browser as *they* understand one. Now it is. First prong of the attack: this is how privacy enhancing software should behave - the exact same as all other software. Now Tor is even better. Second prong of the attack. Run more exit nodes. - From the quick run through I did, here are some(possibly minor) suggestions: 1. The installed application icon is as follows http://diymobileusabilitytesting.net/bernard/skitches/tbb-3.0alpha1-icon1-20130617-221217.jpg However when the application is opened, the application icon is this http://diymobileusabilitytesting.net/bernard/skitches/tbb-3.0alpha1-icon2-20130617-221432.jpg It may be confusing for someone who was not familiar with the different icons used by the TP. 2. The copy displayed during the initial install (Before the Tor Browser Bundle tries to connect to the Tor network, you need to provide information about this computer's Internet connection) could possibly be reworded to give some context as to *why* it is being asked for. (Possibly reposition the copy to above the connection steps) Alternatively, is it possible for the install to run these two tests and determine to correct outcome? Ie. 1. Run some tests to determine if the Internet connection is clear of obstacles, then 2. Run some tests to check if the Internet connection is censored/filtered. Based on the outcome of these tests, Tor could then configure the connection as necessary. I could see this step being confusing for users not familiar with their Internet connection. 3. It would be interesting to see the numbers of users who actually follow the Test Tor Network Settings link. Once the TBB has installed and displays the Congratulations! This browser is configured to use Tor. page, are users guaranteed to be connected to the Tor network? If so is there any need for the Test Tor Network... link? Is it possible to display that information on the startpage? It is also very nice that the user preferences have been altered to be more privacy enhancing (History, etc). Congratulations to all involved. It is great work. Bernard On 17 Jun 2013, at 17:02, Michael Carbone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Congratulations Tor devs! Serious kudos -- this is exactly the direction TBB needs to go. A couple minor things: the order of the addons in the toolbar seems arbitrary (particularly the location of the Tor button, NoScript, and HTTPS Everywhere). I'm sure it's not, but at minimum it might be good in the about:tor splash page to have an arrow pointing to the location of the TorButton in the toolbar if folks need to change settings. Also, the search button image in about:tor is pixelated. This is a huge step forward in UX, very exciting! Michael On 06/17/2013 09:45 AM, Jacob Appelbaum wrote: Hi, I'm really excited to say that Tor Browser has had some really important changes. Mike Perry has really outdone himself - from deterministic builds that allow us to verify that he is honest to actually having serious usability improvements. I really mean it - the new TBB is actually awesome. It is blazing fast, it no longer has the sometimes confusing Vidalia UI, it is now fast to start, it now has a really nice splash screen, it has a setup wizard - you name it - nearly everything that people found difficult has been removed, replaced or improved. Hooray for Mike Perry and all that helped him! Here is Mike's email: https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html Here is the place to download it: https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/ Please test it and please please tell us how we might improve it! - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRv4OOAAoJENsz1IO7MIrrCcQH/iic0Jy+xpAfFTXs29cxuQV2 Lcw/Im2uxxxwapQGK3+7hGWkfynwG+O/CvyN/RaFbCx6a2GywS8D++SAhSEpCVyL GMA6Vx8ZqiJ5KoqQkQ2Y2ENCMLkGIxgD374+bfSkHS5wkSmBesV2/DMva96PxO9e KZT9qZve/OwlXgsCKA0Z1CuHxPpxrbC9htNpRSJ31GUjNv+jZc6OIhDdAEbayx2W IBlgtsrb+glRe5gl1cRaBej3fnn6/zFoVoOMTQhwQEQr6xo8bvQUEcyNsHjMS6gW J6c3hSGcMmUnesvYCOv/x5BXGvC0FQBHHpk4+jh3zNeU3VAik59BLiVQ7e1PCL0= =ad2Q -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at
Re: [liberationtech] Interesting QA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17 Jun 2013, at 22:23, Richard Brooks wrote: From Guardian QA with Snowden http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. Encryption does work but it needs to be something that everyone can install configure and use. I wonder what encryption software would look like if Apple made it as friendly as their products What was also interesting was the following: Question: 1) Define in as much detail as you can what direct access means. (Anthony De Rosa 17 June 2013 2:18pm) Answer: 1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed. Bernard - --- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRv4g6AAoJENsz1IO7MIrrOpoIALrbBA6OthlKhPs8sY/xk6JU W8nTnPE6fLH0vCgTwsg/EnF71Ac5isJRfhOWozV82RtMvbZtbZtiSm2z8bqP+/1p 41Yxk5KaZ08vIFOdEsPZ5e4W2CzSePagicNKCmC8d2amFQ3wMzSEJSweqZ/WxMQu raRSmtuI+U5sGYkiwwwmEEM7/OIn8/Ob6V6KuhmJMcxHe1KD3OLTDE0AASdIGDWr /BKLDLgi3Tr8Bdb9BkyfiOTfHnAuskMqjK8yqid4dkUJ4MQnIk7sKgBBDgewd5Sz Sh1BEtIB0R0DAlZyHFH0kn57t/2YWt/uQKF2sdvR1qusmnuO1mb592lCoBAk8+4= =HRib -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Who Runs Prism...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That is interesting. Presumably by sheer coincidence, the docs.palantir.com sub-domain is not available, but thanks to Google cache, you can see the two URLs posted in that article here: https://webcache.googleusercontent.com/search?q=cache:VTVVOpHBrTIJ:https://docs.palantir.com/metropolisdev/prism-overview.html+cd=1hl=enct=clnkgl=ukclient=firefox-a https://webcache.googleusercontent.com/search?q=cache:I1elqy0m2_sJ:https://docs.palantir.com/metropolisdev/prism-examples.html+cd=1hl=enct=clnkgl=ukclient=firefox-a On 7 Jun 2013, at 23:40, Peter Lindener wrote: It might be good to elevate this to it's own thread... so I forward it here.. -- Forwarded message -- From: Raven Jiang CX j...@stanford.edu Date: Fri, Jun 7, 2013 at 10:30 AM Subject: Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals This is just circumstantial speculation but read http://talkingpointsmemo.com/archives/2013/06/is_this_who_runs_prism.php Given Palantir's rapid expansion and aggressive recruitment, I think this guy might be onto something. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRsuM1AAoJENsz1IO7MIrrW/gH/jl8Vq6R2jeoVyJfBAFbZOvZ GKRwZ7JM4z6/iFZjBBB1wtbDHTkx0qAnJyU7yi+AZZszafQmIHZMeeQ1IKUz4W1B m6vB/iEa2f0eamS0VsEceJsMukDbvOl4/Zsupq7yHONm2JbeP6JxBopOdMRxbHrw DjkpdKPn5IQWxY0YECPxOC3fJFV17Ha1oCgrJ5WkbK8rwgTlZTOphHHej8VhlNVc F5elk3Pigjs9Lg7/3wNBFWNPlooOGKJYOqJMQh144u+ejiRTUvwZhTa7/G/LqWB7 YmycNW5zdln9Lvoy0jnM6shFNTievHt/s0w1pS0Y84r901BV7noPeokIYSiHKjM= =0jE+ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: Persona and Prism
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While not as big a player in the identity area as others, below is Mozilla's Identity group response to a question about legal (or otherwise) requests. Begin forwarded message: From: Melvin Carvalho melvincarva...@gmail.com Date: 8 June 2013 15:11:44 GMT+01:00 To: Ben Adida b...@adida.net Cc: dev-ident...@lists.mozilla.org dev-ident...@lists.mozilla.org Subject: Re: Persona and Prism On 7 June 2013 19:43, Ben Adida b...@adida.net wrote: Melvin, Would it be correct to say that Persona would have no option but to comply with operations such as Prism? I will speak very precisely to what I know: Mozilla Persona has not been the target of these kinds of inquiries to date. If we did receive inquiries, we would put them through the same rigorous process we always do to determine whether there is a legal requirement for us to comply. Thanks for getting back. It's good to know Mozilla was not part of this. To be fair I'm sure most people at the other firms did not want to sacrifice user data, but probably felt they had no choice. It's worse that this happened in secret. e.g. facebook's comment was a little scary: *They said: “We will protect you and your information better than any other company in the world.” They say: “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.” * What's concerning is that if Persona gains in popularity, it may become more of a target. It helps that we've designed the protocol to limit the data we collect (without compromising our use cases, a sweet spot.) I think this is the way to go. I'd still like to see a zero knowledge option, but perhaps that's something for the future. -Ben ___ dev-identity mailing list dev-ident...@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-identity - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRs+AEAAoJENsz1IO7MIrrjTYH+gIR/bxG4r7tU1mCPZF/YBLm mUO91zBMZHMBynwjRYRwRY8K/u37pvNafA8eAYttAnB7EzxDi8GbDO51fQmnov2l tF8NqBzx38Y8+G1OQRj6CacLSCRe7Wad37lDq9Gs6UnkZ7VnckxxvHmBwYBwySc4 0/pK0Kitdi/ifTth2S89EzyoZvcK3j8XQfHugvvO1zJCFq0WXOBeREgj3Y9Ma/ps xxjZ621rLh8nPNNhEGcvxDQObpYuJ+rcn77U1Sw4vvh322wBZeWy+1hVKs/wzsir Y0MdlYNAgTNM81D8AADx/LSUQzAi9uki1xAUfhRG8pQ78IIpEnmoIMggAhyGuOo= =kMbG -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Why Metadata Matters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm glad someone brought up the NSA datacentre. I was thinking is there any connection to this? How far is it to being finished? Is that public knowledge/possible to find out? It wouldn't warrant this amount of data, which I would expect is pretty small in comparison to the capabilities of this NSA datacentre? Probably too far fetched an idea... On 6 Jun 2013, at 22:27, Bruce Potter at IRF wrote: The other point worth keeping in mind is that NSA can keep this data forever (hence the humoungous cyber farm NSA is building in Utah) -- So a decade from now they can check the metadata to see if it fits some theory a paranoid analyst thinks might have happened half a lifetime ago. bp On Jun 6, 2013, at 1:44 PM, Griffin Boyce griffinbo...@gmail.com wrote: I see a lot of people wondering why metadata matters. But they don't know *what* you're doing there! So I'll give a short example to illustrate how metadata can be used to not only determine who someone is talking to, but also to invade their privacy and uncover the most intimate details of their life. Jane is at 16th L Street for an hour. Carla is at 16th L Street for four hours. She's had a short visit previously. James is at 16th L Street for twenty minutes. He comes back at the same time every week. Kris is at 16th L Street for ten hours. Rick is at 16th L Street for eight hours every night. Samantha has been there for three days and four hours. 16th L Street is the address of a Planned Parenthood in Washington, DC. Jane is having a physical. Carla is having an abortion. James receives his medication there. By visit time, location, and frequency, he is likely a trans guy. If his appointments were every two weeks, the metadata would indicate that James is a trans woman. Kris is protesting there. Rick works in an office in the same building. Samantha dropped her phone in the Farragut West Metro Station and has been looking for it ever since. And that's just location data. If one calls a physician every day, perhaps they have a major medical problem. If a crime happens on the other side of town, and you suddenly start calling attorneys... did you do it? There are numerous explanations for either of those scenarios, but this kind of metadata in isolation can be used to tell almost any story you want. Stay safe out there. best, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator atcompa...@stanford.edu or changing your settings athttps://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRsQByAAoJENsz1IO7MIrrtAoIAM1H67FVvGHcrlw4PyLXf98z gYr67C3tvIsN1N8knasQjwdeJ7zLtGaoLUYjgQ7JdhdZfaJwWL4ashgBO+KCMbyZ o239wW/m61A3DkhOdq0GLTEGKTBL70EKwX0mAHWrbYkI1hhRfGsGj7QiNqNl1G6f 9IPj8av0IHSMp5VuCKNX4zPuBBgpx/gs+Kiw4Na4JhFcdYIcko2BFa8NgxLYVHiZ FXesc14gWtmbY8tLgjy6k0QzHg6LXmqbpNlKJ5d5rvQYvx6ZoL055lIaLAEI+8JT 0xkuaClw37dUW/63tNjD1LxgsCJQFj0Otuuj+k4CWuB5dssHwN1VMvp07N7txb4= =ojaX -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Still that figures seems awfully small. For whats involved. I've seen telco projects of a fraction the size of something like this costing £10M. Unless they've managed to get the companies to foot the majority of the bill? In that case, why would the companies accept the majority of the costs? Too many questions and too many possibilities for conspiracy theories.. On 7 Jun 2013, at 01:14, Tom Ritter wrote: On Jun 6, 2013 7:28 PM, Eduardo Robles Elvira edu...@gmail.com wrote: Hello NSA just $20M of budget? The same NSA that is building a data center (for processing what? =) for 869 million USD$ in Maryland? http://hardware.slashdot.org/story/13/06/06/2129249/nsa-building-860-million-data-center-in-maryland The $20 million figure refers to the budget for the Prism program, not the whole NSA. -tom -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRsSbLAAoJENsz1IO7MIrrOHgIALc4QgXsSOiUlJeB1YTHDAdI IH1dITgo8Oo2WzWpTg6ky3zG+G0TykJyFvhWRVJdLH7rBEZocL1/tRHX+p3FuiA5 vTWHiDqy1dgUgXuew7OvTpNVaYtWM8aLOkSLGhPVbtVx2N/hGFQbWY+E5NNoYkm6 VIZHjK03ZTcviUQkiXiQxWfWjr/u8MJdMjgNyd8/Sz3pSMdEztQP986G99WGJQ/u 9Pcl6jqWC5rD7XDOull/erknUglq1IVmz7VH/l1GsC/9Xmi1WdQHvKvPgJqebUWv 0jw3wM+eVe17MZuLmtKf6v9NnMid8WkOXybL7C3HgXhbJmPAMWamr3FgC2Zx9N4= =BMwp -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Network surveillance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Richard, Without going into too much details can you explain why they think its Chinese or Israeli? Or what country they are talking about? Also why they think there is network surveillance equipment there at all? What type of data re you looking for? Specific to the country or general sales of this horrible technology? A good starting point which is accessible (in terms on not being overly technical) would be Privacy International's Big Brother Inc website. [1] Also useful is the Spyfiles cache of brochures from surveillance companies which contains a lot of information gathered by someone who gained access to an ISS world (Intelligence Support Systems conference. [2] Also useful for background information on these companies and the countries they sell to is BuggedPlanet. [3] With regards network surveillance equipment being Israeli or Chinese, you can add to that list UK, French, German, American, Italian, to name a few countries. I hope that helps. Bernard [1] https://www.privacyinternational.org/projects/big-brother-inc [2] http://wikileaks.org/the-spyfiles.html [3] http://buggedplanet.info/index.php?title=Main_Page On 5 Jun 2013, at 22:07, Richard Brooks wrote: Just talked with a lot of people who think network surveillance equipment in their countries are being bought from either Israelis or Chinese. It seems that they are competing for market share. Was not aware of Israeli companies working in this space. Would be interested if anyone had more data. Thanks, -Richard -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRr60VAAoJENsz1IO7MIrrHe8IAKS6kvuPWlMXyEpgEVDEM8mh HtqH1lqgcAIe86VWX4ELQBaeVwcMB+oCrz+SRHtsai9iVbIqiQfZc6LfV32Y77pR O6D9T/u5BqInZmT8P/GCW8OyGrzgEDTopMNunejRY0gTUN3hxMOH1kMLQdrbpDt9 moRznvJ4yYtAc78da3H+MjCqbylJmNzEJjl8X0Zcm3kELgtV1h8yo8DbyZzFvmLF GsBPrQf/DQRY5lJVYUYE3bKvUxL4V+GMNLXSRemdCWpVOJoftsKiv9q0xFuYQqD+ 5Kha951cbqVwYS6vpQWCPaXkkyzBPqJvnt0MRDFVfE+5rzi60pgS7eGPqPyC1WE= =A1jJ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cell phone tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Dan, (NB: This information is specific to GSM networks, it is probably 90% valid for CDMA networks, but not WiFi.) The short story is you cannot stop cell phone tracking. Cellular mobile phone networks require location and identity information of device to operate. This location data is not derived from GPS data, it is intrinsic to cellular phone technologies. I have seen stories of people removing device location information from the networks and maintaining connectivity, but I have yet to see actual proof. It is probably possible, but my opinion would be it would require co-operation from mobile networks to modify home location register records (The HLR is database which tracks device and user identity and location) Without location data the cellular device will not interact with the network correctly and as a result phone calls and IP traffic (web, e-mail, Angry Birds, Facebook) will not function correctly. Period. Since you've mentioned companies and governments I'll answer both briefly: Companies - - - To stop 99% of companies from tracking your location, do not use IP network services. - - The 1% who will be able to track you is the network carrier and what ever companies they share your location data with. - - If you must use IP services (web, mail) use Orweb or Firefox browser with privacy plugins (I'd like to hear other opinions), TextSecure for SMS, RedPhone for voicecalls. Governments: - - Do not use a mobile cellular phone. Notice above I mentioned location and identity information of the device. The network does not need to know the user - so a better approach is to use prepaid SIM cards and use Tor / Orbot/Orweb (for Web) and end-to-end encryption services like TextSecure (SMS), RedPhone (voice calls), PGP encrypted e-mail. Regarding the location information, you might be interested in a short presentation I gave on the subject of location and identity. [1] I'd be interested in feedback. regards, Bernard [1] http://www.ei8fdb.org/doku.php?id=mobseccij On 24 May 2013, at 20:56, Yosem Companys wrote: From: Dan Gillmor d...@gillmor.com Given the vanishingly small likelihood that companies or governments will do anything about cell phone tracking, I'm interested in what countermeasures we can take individually. The obvious one is to turn off GPS except on rare occasions. I'll be discussing all this in an upcoming book, and in my Guardian column soon. So I'd welcome ideas. Dan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRo7UHAAoJENsz1IO7MIrr/zMIAK1wmbMmLDUo0CYj/eH/Cro+ SqEVD5uMqc/FZFrIYNqHuWmPJKfiSxbr41nNbNyVV82jN2knOEb6KO46qYkJjfRm AMR5bLtj8FsN9CIxsU3IvUbpkbFfmzizwF35kVgP7SUjRxmH2eROZaEX+beP/FkJ YlwJ2KQRgt2miE5uRS5SldcI0da7+WOdqq7181hWKqjTrAXZPTEoScznHg1kVtxW mnkJ8FQiVQswp+zyEl7HsfejEmZQwKnGnaAH1bjvX7/vxRSDUS2LR/91bUQH8I0C Qkrf7vPSqTncQqC26GedMSvfAhcKjzWrJ1nbTbXM7f5OypqtghZ9hMgHoAdxmbU= =wmnl -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Free Speech in Practice: A Usability Evaluation of the Tor Browser Bundle (Tomorrow, May 9)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Yosem (and Greg), Greg: I have read your eval of the TBB from last year. Will this talk be different, or include other content? Either way, I would appreciate it very very much if it were possible to record this talk, audio, video. I am about to start my thesis in the usability of PETs tools (specifically mobile tools), and I'd like to hear what you have to say. Thanks in advance, Bernard On 8 May 2013, at 16:03, Yosem Companys wrote: http://cyberlaw.stanford.edu/emails/20130509-gregnorcie.html When: Thursday, May 9 ∙ 12:50pm-2:00pm Where: Room 285 - Stanford Law School Free and open to the public with RSVP Anonymity is a key part of privacy. Many activists choose to use Tor, an open source anonymity tool run via the non-profit Tor Foundation. In this talk, Greg Norcie will discuss the usability of Tor, a commonly used anonymity tool. While Tor may be effective from a computational standpoint, it's adoption has been hampered by a lack of usability. In this talk, Mr. Norcie will discuss how Tor works, why it is important to increase adoption of Tor, the legal implications of running Tor exit nodes/bridges, and the findings of a laboratory study examining the usability of Tor's current interface. Greg Norcie is a 2nd year PhD student in the security informatics program at Indiana University, studying under Jean Camp. Greg's research focus is usable security - the application of principles from human computer interaction to the design of privacy enhancing technologies. He has published extensively in the field of usable security, and is currently spending the summer interning in Palo Alto Research Center's Computer Science Laboratory (CSL). Prior to graduate school, Greg worked as a research assistant at the Carnegie Mellon Usable Privacy and Security Lab (CUPS). Later, Greg went on to design security training materials for various companies and government agencies as a consultant to Wombat Security Technologies, a Pittsburgh based anti-phishing startup.-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRkUhnAAoJENsz1IO7MIrrrWsIAL6wpL8DRn5nqJR6ZRVOnSKv Nodk2dZrCUYgieLiF/Zs76voCIScgh5Ie7mzB7ODRUZ631WM3I5ePBMpfBuZHneV n9libnqzvL6fbSidBLkh/+WHyPsowE1O2/2i6cqKWP4WKB5ZfAHj3broSFZBJFXf MwwGEjlQwVpE03xHm5Kgd506m82cC6TFa3H2W1cWoOHmgmF2zguF8ZaDbas4gV5+ rlpc1zpSzYYDtKb1zFpTmGa4gBv6RsLbImshUNeKE47tmKfhvwPrRISeYwwrnO3p uRysgK/dY0Bg4tumxGas/wKFUxS25EEzvV3q1pinacFNU7FGPq7fAGNRbkrBGhA= =Kfit -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Encrypted smartphone addressbook/contact list?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, Has anyone come across an encrypted address book / contact list application for smartphone devices? Thanks in advance, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRh/6VAAoJENsz1IO7MIrrJ2gIALoQw++tXReu4Ej4m9wEJX2o Q9O+SG3xdShBYDBadGc+dCY7lluLTRaGXbTAY4Bx+jSZrr17JB2AZwaBNFnDYdjb FyrnYurmtqGspFOg4pDx4ocm2br+cNaJQ4a+OvzFWkfzIIzq8TCg+5QXJndK/t48 PjZzPjgFrPc91Yeurj0bhunpCUM0FOB1rntrPCNYRDEybfioa9tVE/M9Cdvr1D4N Gpyq1N147JNVtWzUEx5Zx5Y4USrcgJ6fmMCBD1YMxtZ//brK7KU7yJFlNIcgf5aJ An/q94FQTYOU/+E6rXYZkjd2JV/pA9LBsmelTGmIIayUlmEEhlJ1eWrxHjzvAmo= =7EGU -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Encrypted smartphone addressbook/contact list?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Andreas, I'm sorry - I should have added a requirement would be the solution should be open source and preferably free. Also useful would be if it is available for multiple platforms - Blackberry, Android, iOS, etc. thanks in advance, Bernard On 6 May 2013, at 20:15, andreas.ba...@nachtpult.de wrote: How about AIO Solutions like Blackberry? Diese Nachricht wurde Ihnen von meinem BlackBerry® von 11 gesendet. Bestellen Sie diesen Service unter www.1und1.de. -Original Message- From: Bernard Tyers - ei8fdb ei8...@ei8fdb.org Sender: liberationtech-boun...@lists.stanford.edu Date: Mon, 6 May 2013 20:03:49 To: liberationtech Liberation Tech Mailing Listliberationtech@lists.stanford.edu Reply-To: liberationtech liberationtech@lists.stanford.edu Subject: [liberationtech] Encrypted smartphone addressbook/contact list? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, Has anyone come across an encrypted address book / contact list application for smartphone devices? Thanks in advance, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRh/6VAAoJENsz1IO7MIrrJ2gIALoQw++tXReu4Ej4m9wEJX2o Q9O+SG3xdShBYDBadGc+dCY7lluLTRaGXbTAY4Bx+jSZrr17JB2AZwaBNFnDYdjb FyrnYurmtqGspFOg4pDx4ocm2br+cNaJQ4a+OvzFWkfzIIzq8TCg+5QXJndK/t48 PjZzPjgFrPc91Yeurj0bhunpCUM0FOB1rntrPCNYRDEybfioa9tVE/M9Cdvr1D4N Gpyq1N147JNVtWzUEx5Zx5Y4USrcgJ6fmMCBD1YMxtZ//brK7KU7yJFlNIcgf5aJ An/q94FQTYOU/+E6rXYZkjd2JV/pA9LBsmelTGmIIayUlmEEhlJ1eWrxHjzvAmo= =7EGU -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRiBw1AAoJENsz1IO7MIrrsl0H/3Pr5O95+6lDCyQ670HNvxLq 301MvkFQMoAUlRvTyE8ZiQQtf4giwQoa5rAaOg+h0NwE0n3DdYcR6iIqBtAnmGpw jETQC4OEWirT8UEIT8I9BkbK37Sr5ecLapTBF0ibHRPrUYUVKoLtOEuzhP47CdGe creWJxRTqpBzz9GU9ZzbR7d4Qg2f9CsDkgvg5P9/V2kXXxIwmkTbFerftPQSPFZn I2y3ynULCYfUu7IuObQ1fR1hHkQLMfKKhcBhuR+X3fivvSo1yzIspqbEr7HOENPm 5NSUB9/WYotmwQyYBuVu1Luvtb8M6RkBOIv+HmvG3dLJYa/mbJaXtiWYYsMYfU4= =Pzwa -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Why Bluecoat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've been thinking about this for a while, and can't find a logical reason. Possibly I'm not thinking about it hard enough. I'm curious as to why Bluecoat seem to be singled out for all this attention regarding use in countries where the governments are not nice? Is it because they are a public, well known company? A lot the same stories repeat the same stories of Bluecoat equipment being used in the same oppressive regimes. As someone who worked in ISP level infrastructure for a while (thankfully no longer), I've seen the equipment used for neutral uses - network management, etc. However, there are a lot more sinister and disgusting companies who's products *sole-purpose* is surveillance and censorship, and sole market is those oppressive countries we talk about on this list. My point of view is not to defend Bluecoat, quite the opposite, but there are nastier and uglier fish out there. Can anyone set me right, or give an opinion? On or off list is fine. thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+ kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY= =PYRZ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Why Bluecoat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It was an honest question Jillian. No ulterior motive. I would argue there is ample evidence to support it for Cisco, Redback, Ericsson, Siemens, NSN, F5, Apache Squidthe list goes on. I have read stories from European media (I can't give you a list right now, but if you'd like I can find) which use the Bluecoat example. Maybe thats actually a good project - to track the media coverage of network hardware vendors in connection with surveillance and censorship stories through out the world. If this has brought up a previous thorny conversation that was not my intention. It was a question I had been thinking about. Is it sufficient logic? Personally, not really but I understand the point of view now. thanks, Bernard On 6 Apr 2013, at 15:41, Jillian C. York wrote: Honestly? Because there is ample evidence to support it at the moment. I would also suggest that it's only singled out in the US - in Europe, the focus right now is on Gamma (FinFisher) and Amesys, largely. Activists have been accused in the past of singling out Cisco as well. Attention has now turned to Bluecoat. When there is evidence of another company's misdeeds, attention will surely turn there. Is that sufficient logic for you? On Sat, Apr 6, 2013 at 11:50 AM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've been thinking about this for a while, and can't find a logical reason. Possibly I'm not thinking about it hard enough. I'm curious as to why Bluecoat seem to be singled out for all this attention regarding use in countries where the governments are not nice? Is it because they are a public, well known company? A lot the same stories repeat the same stories of Bluecoat equipment being used in the same oppressive regimes. As someone who worked in ISP level infrastructure for a while (thankfully no longer), I've seen the equipment used for neutral uses - network management, etc. However, there are a lot more sinister and disgusting companies who's products *sole-purpose* is surveillance and censorship, and sole market is those oppressive countries we talk about on this list. My point of view is not to defend Bluecoat, quite the opposite, but there are nastier and uglier fish out there. Can anyone set me right, or give an opinion? On or off list is fine. thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+ kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY= =PYRZ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com | twitter: @jilliancyork We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - Vaclav Havel -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRYGJ/AAoJENsz1IO7MIrrubUIAJWszruj++/XowwiifJujEE7 P+Mcu2FSFatmyQFngrDcGtuThtdPxuer6lhsx3tZQgI7kz07yuYzDjrrESuDs3DR CLTA6SENfuc7SljBpFK6FN2h/28rWBxE9Cf74ydVV68Mzzj4r11w4PskT9bI7/5O Be+3IqGjqKzEKd6hCt6sVYr/eVyzJGMLc4QgnCpPCu1jM3B7aFyaSOdJxQXlNttV N0FWB6CIRM9UmrUEllUuYShxGSyGlBgVjR+Ia5iF2vcHKgTwqMzM1ao1ZiknTSdS 1PkaTokX8MNfuTx94OhmFPelpeLrr7qzpDQUDWpAHHgcMndsMwt5anI95WigMlM= =auxl -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Why Bluecoat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I left the other wonderful people out: ZTE and their monitoring centre (shown in pictures from Libya), and of course Huawei. Just to give a good global representation. On 6 Apr 2013, at 15:41, Jillian C. York wrote: Honestly? Because there is ample evidence to support it at the moment. I would also suggest that it's only singled out in the US - in Europe, the focus right now is on Gamma (FinFisher) and Amesys, largely. Activists have been accused in the past of singling out Cisco as well. Attention has now turned to Bluecoat. When there is evidence of another company's misdeeds, attention will surely turn there. Is that sufficient logic for you? On Sat, Apr 6, 2013 at 11:50 AM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've been thinking about this for a while, and can't find a logical reason. Possibly I'm not thinking about it hard enough. I'm curious as to why Bluecoat seem to be singled out for all this attention regarding use in countries where the governments are not nice? Is it because they are a public, well known company? A lot the same stories repeat the same stories of Bluecoat equipment being used in the same oppressive regimes. As someone who worked in ISP level infrastructure for a while (thankfully no longer), I've seen the equipment used for neutral uses - network management, etc. However, there are a lot more sinister and disgusting companies who's products *sole-purpose* is surveillance and censorship, and sole market is those oppressive countries we talk about on this list. My point of view is not to defend Bluecoat, quite the opposite, but there are nastier and uglier fish out there. Can anyone set me right, or give an opinion? On or off list is fine. thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+ kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY= =PYRZ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com | twitter: @jilliancyork We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - Vaclav Havel -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRYGNVAAoJENsz1IO7MIrrsT8H/2ZcRr+vWXVYpbFjGVBxiGh1 Ywpmpd9h0Fnhp0lXqIRav8Op3EGFNkz8iT6Iaf0R/gjIYZnw+SWfw2E9BMbljyN3 1At+X6PllrUkbkomwJvJnaIri+xC3F7C2IZfeQlbefAm3h5LUwClpCzI6UFuJkLV wZKPvb74VOkrddhxsUsPkqFq7B1J0x43FYpPlF3OaRJ6beWHlDuBrc+350zFMw28 EajxjtTE1GApETOkzsQePT1R9nsAlpeM/4MEjErcQcct289U7owdf+WDHKO0koj0 1wqtq6M64jX8k1aw1Buw1i4ukhz9DrTtc9IK44xdcLsrkPFSym7H3CCjrmiIwng= =jhqN -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] suggestions for a remote wipe software for Windows?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Apologies if I am making an assumption on people's knowledge) Entropy in disk encryption is the random information collected by an computers OS or encryption application for use in encrypting a hard disk. Those with more knowledge in encryption: could you please give an explanation of how a large amount of entropy can be generated during disk encryption? I've only ever used/seen keyboard/mouse input as a way to generate it in encryption tools. I would guess for the average smart thief (What is an average smart thief?) that is sufficient? Something I've also looked for an answer for is: Using those mouse/keyboard inputs as entropy generators, whats the best approach to use? Is there one? thanks, Bernard On 4 Apr 2013, at 07:58, Eugen Leitl wrote: You didn't mention your operating system, but in terms of least pain I would go with http://www.truecrypt.org/downloads and encrypt the whole drive. Make sure your password has enough length and entropy so that it can't be brute-forced. - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRXSx4AAoJENsz1IO7MIrrT2AH+wVA0ItLXrWRHZRDNm8DQkO9 OCZKcx7422SHrWqY1U9fA+fXlAOcOK94F1zxcS6/zM5KZy8i7zYLuVJQb5LJ7MMe 4OmEz5Y6Jq4kCAye7DSZsjiOWBSOV8TaLWXBaNFFw8xKogRQk51zwB3IfvoHji5F pqvS8G18gfJwLvennKUEVWOtkIxz8VFs/O2IQ/S0nazcWgtvZ6Si+auKtXF8oQok XJ4q7LVkv+K4KkLoiK6N2y3WPS7y1SGzWn1Msx9GH1bl6EljtIlUlg3F/kLyvXVV 5wijtmPZe0rIzDs49kz2CTZWaWyr2dHWJVat5MjRse4LFd8JLSMYqo/kSlcOB2I= =6jBg -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] suggestions for a remote wipe software for Windows?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Would you like to give some more context on what it is you are trying to do? remote wipe software for windows. On 3 Apr 2013, at 18:08, Katy P wrote: Thanks! -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRXGQaAAoJENsz1IO7MIrrLBIH/2bsK9wu0gH5Qu7RtOQJO4P+ ++VE+zAlgI7e62I3Dtypp2MI7P+m+CrHkKU6JJEvXNC2QTPGcEZjpQeLc89ulZ6B ud8IfMPCnL2gOk65K/VFNv86c9F1K2F1JyGuMUt4iCpC6FaRqMT492uEzg/J5PyO oI+fiLQonQMaHgJccXltxz9+xMWnaMMjFOXMQR0blhknzBBOzgzmZqHhkE1OFZ/2 sq9oj6YbTwZ+fsBfx9TIi7FruRT8Qy1vj1RlmTr8EKkFkijTF9D3344gZFvmOSXS Nuu6QESNDBC3IFfAR78A41gwAHm6xd0oyAe+BATvD4tarkPK0Bb/sjZ5XsKoXSM= =b7AH -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] suggestions for a remote wipe software for Windows?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So the objective Kathy has mentioned is to: log into and delete the contents of the laptop's hard drive It would seem the contents of the hard disk is more important than the actual hardware. In that case I would go for the encryption option. Yes it is some configuration, and time to wait until the disk is fully encrypted, but last time I did this for a work computer it took all of 4-5 hours to encrypt and was very reliable - the machine was dropped, put to sleep, woken up multiple times, and used very heavily. I would prefer relying on that rather than some OS level tool. You have no guarantee any of these track your device tools will be successful, especially if they rely on the machine being powered up and connected to a network. Griffin, thanks for the link to Prey, it looks interesting. Bernard On 3 Apr 2013, at 20:08, Scott Elcomb wrote: On Wed, Apr 3, 2013 at 2:51 PM, Katy P katyca...@gmail.com wrote: What is easier for a lay person and least susceptible to a smart thief? Despite what it says in my signature, I'm no thief. That said, were I to steal laptop, the first action I'd take is to remove the drive before powering it up and connecting it to any network - especially the internet: If I'm after the data, I'd want the drive sandboxed to prevent the original owner from doing exactly what you're looking to do. If I'm after the hardware, I don't care about the data and would format the drive on another machine to avoid the hassles of trying to crack my way in to do the same thing (format the drive). +1 for encryption from me. -- Scott Elcomb @psema4 on Twitter / Identi.ca / Github more Atomic OS: Self Contained Microsystems http://code.google.com/p/atomos/ Member of the Pirate Party of Canada http://www.pirateparty.ca/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRXKnbAAoJENsz1IO7MIrrus4H/AzT4Pue4r+XHBNj/LeJMAsz yWpdqHqKfuBXADaAW5Wyjhif3IpbxH6GzU1YG9vP9M6zDwucqBArJcOJ2xBmHZV7 yl/tdJs3ODw9ftHNums4CI8KOKnNl8Uqs53SpXWAhr7CNIOeJGgpLiKTwDu6tAZi ADH50yLHMY94KT0BV549Yo+yo+MIcwxomj7fI8TTS8VQA9kzkR4WcpiMGU7sRqOL FQtYL2Ap1vjJoI1+Ap/3I06fIqb3IubEelxO1gO3ix+R9fFhp2M5oIYouQXfUKnd 6mUVP3miAq4Yi7Gk3E3F0tSjlbALlSC52Otr9FRr0L2RPuif+BM55VKJB3938AA= =ujXj -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] SUBSCRIPTION
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suggestion 1: Can we trial putting the UNSUBSCRIBE footer (that part of the e-mail that no-one reads) at the top of the e-mail so everyone sees it? Suggestion 2: change the wording of the unsubscribe footer to something shorter: Too many e-mails? Want to receive the digest? Want to unsubscribe? Change your preferences: https://mailman.stanford.edu/mailman/listinfo/liberationtech I would then put the e-mail address compa...@stanford.edu there if people *still* can't modify their subscription. Mark sorry to focus on your mail, but the link to unsubscribe *is* at the bottom of *every* e-mail sent via the list. Scroll down to the bottom of this e-mail and lo and behold there it is! On 2 Apr 2013, at 18:30, Mark Gleicher wrote: -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings athttps://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRWxlCAAoJENsz1IO7MIrrV6UH/A7sYUb6/yAdG9Y2PGBUOPCT SpPzpKra5GuRZQCBmWzqUPYqxXnnW6wNodGXq0XiRk0aNNCkCZ2sUPEgnhtfBcKR nr+3ilcYkmCaX0bwfCKkgJLz4FihCooPGHhijbhx7cZAUrHjbaw3PKMnG/kQTUz3 bmfuaOrDuYSAJ1V5cMcCtr2Jqa9dg01EtlwI2J5aSw2oZy1/2n16VW6JvnM+OJF4 i7AKMjUbqldmOZHLIp0pKsvZmGy6Zm70QrPjq9JK2OTQk4dEZpIecRjnDI4QLW3S panA3Yko9ss5LhtnXXDcCHRh4ucR+X2IdflEp1K9kNFdZcBZfbICgZY/tyYX704= =rxKE -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hea Doctor, On 7 Mar 2013, at 16:38, The Doctor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/07/2013 03:02 AM, Eugen Leitl wrote: The whole ham culture and liberation technologies do not really mix. Unfortunately, this has been my experience as well. Can you give me some examples of what you mean? I would argue thats the ham culture that you have seen in your country/city/area. Like any technology oriented area there are people who focus on the technology instead of its use. I would not say we amateur radio people are all human rights activists, but most people I have worked with have been involved in using amateur radio for public good. I would point to the whole ARES/AREN/RACE area (amateur radio emergency services) networks, the use of amateur radio in natural diasters, the use of amateur radio during the Kuwait invasion, in passing welfare messages in and out of countries with opressive regimes. These are areas where people will *give up their own time, money, resources* to *help other people out*. Sometimes in countries they have never heard of. Often they will even look for ways to work around laws, because it makes sense in the situation. Like I said, I am obviously biased, but I have not encountered the ham culture you mention, but I don't doubt it exists. thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJROONOAAoJENsz1IO7MIrr6+8IALFXjgUMvK1/byim1ICMn9+p WAj3aV18CPywf4TQcz2LkQFSXBp9DQnYVzxIqUU3LbS5DF/v50FVKuQYiUgl5fJX FfhflfJIRrVF+4iJnUAEP42xLJq9NkdS1DeezBzf9suYg5o4MKVQbsFwdrBGAuSa YQUJHldxvi96HLat6r2JYyahR/4zyNK33ovZnPjCbOhVkZBhQTO69DEwDTB4imil +Uz6//VRaLNMNxgC6wDMQA5sh5E4uSRvykvcqltNj5cvdT/1DC/n2zp4iPMOjgCt yG98vQ2duZqCuFRUe1ob47CVtApN51dHZF73ArI9aJVd/vBPDpDXn1mtNhwKGFE= =oIxd -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Eugen, On 7 Mar 2013, at 08:02, Eugen Leitl wrote: On Wed, Mar 06, 2013 at 09:36:41PM +, Bernard Tyers - ei8fdb wrote: I have one answer: Amateur radio. Forget mobile phone networks. Amateur radio is cheap, very durable and will provide you with the functions you need, and if you can get access to amateur radio operators in your country, you may have free support for the life of your project! Hams need to be registered Correct. One barrier to entry. But if the help workers are certified this is a non-issue. , may only communicate with other hams By the law true, but in circumstance where is makes sense they can (and often do) communicate with other parties. I have in the past communicated with coastguard stations (very briefly) and mountain rescue teams (see below). (i.e. may not give access to third parties, and especially pass traffic of third parites) and Not fully true. I have been involved in a number of activations when living in Ireland where an amateur radio was used to pass safety messages for mountain rescue teams that were providing safety cover for cross mountain outdoor challenges. In this case we communicated with 2 groups which provided a national service for safety in mountainous areas. Messages can and regularly passed for 3rd parties as long as they are not of commercial nature. Amateur radio operators in Ireland (and I am sure other countries I would point to this audio interview outlining the work amateur radio ops did during the September 11 attacks in New York https://www.youtube.com/watch?v=UpRSQsE9VfA I would also point to this audio recording of amateur radio operators passing 3rd party messages during the Loma Prieta earthquake in 1989. http://www.kernsanalysis.com/loma/loma2.mp3 And I would not say this is specific to Ireland/Europe. Amateur radio is licensed and administered by the ITU. I'm not saying their control is all correct, but there is a framework, legislation and policy. may not pass encrypted traffic. Again yes by law. And I would agree with that. You might get away with end to end encryption at application layer, but this would be only tolerated at best. The whole ham culture and liberation technologies do not really mix. Again, like I said in my previous mail, I don't fully understand what you mean by that. My point is not that amateur radio is the answer to everything, it was merely that if there is a decision of mobile phone networks doing something that will not directly make them profits, that it is a good alternative to investigate. regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJROOgGAAoJENsz1IO7MIrrVf4H/iCoLP36B6b1gtL6QucCcuLt hxLRYRG/KDPTpVYSWPAW/2xfkn5EiDoEtrhZfF4mrUBlyKyfV/5ln71VbLTs6tsQ Mz5TyvgsI4eFSFG5A5WxLtW0WBTpd07L1VVvFBt+PlnFoGHmec89uLSNNLpx5vTy 1HI7NxAXsl39PJZLUGGHz4JyV/m0UdSd7/PpSVM7Nj7uizOrJgz3dyuP/DoP5p/v VJVHPbJ4VMU2CewsPtJ7y4eYNKWPzaT97X3zfohnEyfi5YSJu87OV+cEsXV88UCz qWiSSmzeRe+g+BKPCy7O3Z71VQ8v3HUCkAFnd4QRerUzvoGHPYHH1EzdBiiRY10= =kvt9 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Howdy AA6AX, Nice to meet you. On 6 Mar 2013, at 21:09, Sky (Jim Schuyler) wrote: Your APRS idea is interesting and I only know it from the positioning side, not from passing any text, so you may want to continue looking into it. I do not know that APRS is currently passing any traffic other than positions, at least as used in the US. I also do not know whether it's used outside the US. Please do remember that APRS and most other amateur digital service are not designed to be reliable which means they may not try again to pass a message and the message may become garbled in transmission. Some do attempt to error-correct, but not most. Not strictly true. APRS clients can be configured to send messages and retry for X attempts. Then it will give up. Seeing as SMS transmission isn't even guaranteed, I think its a pretty good attempt for a system that has been developed totally for free! :) Even most amateur radio digital protocols do not have very robust error-correction, so they're a bit iffy. That is true. Easiest to expand: maybe and maybe not. You have to have a stable of radio operators available both locally and remotely. (Presuming you want information to go from somewhere to somewhere.) If as Dr. Dey requested both sides of the communications were between health workers and their HQ, you could train up all the health workers and possibly even employ a net controller (amateur radio lingo for person who sits in HQ and is in contact with all the field posts) to co-ordinate communications. Without licensing: Although I encourage folks to become amateur radio operators, they do need to be licensed. The government that giveth it can taketh it away at the stroke of a pen. I will skip saying more right now. I agree. I'd go a bit further even and say a restricted licence now-adays is trivial to receive. Also I note in your original statement that you are talking about tribal areas with poor connectivity. Your challenge is going to be getting your signal from the tribal area to a reliable amateur radio operator. That's unless the radio operator is already in the tribal area. If the cell phone can's connect, then amateur VHF and UHF probably wouldn't work either, so you'd have to rely upon HF with longer range but much greater variability in terms of signal propagation. How much can you build a self-sustaining 2M VHF repeater for now-a-days? :) Keep in mind that amateur radio is a point-to-point service subject to the vagaries of radio propagation. In other words, there is no reliable path 24/7 from one point to another unless you're using prearranged VHF or UHF frequencies and line of sight propagation. Commonly for emergency ops we arrange all of this in advance and have emergency power and operators trained, and frequencies and modes chosen. For HF propagation there is no guarantee your message will get through because the bands may be dead. Which is kinda similar when it comes to mobile networks. If it was possible to get a telco to carry out some corporate social responsability work and install even just 2G voice that would be something. I would argue, you can get a lot more communications bang for buck with some trained amateur radio engineers, and some amateur radio equipment, than spotty 3G coverage. Mobile operators work on the premise: when we will make enough money from people, we will install equipment. I'd honestly hope they have a different business model outside of Europe, but I don't think so. 73's /Bernard On Mar 6, 2013, at 12:08 PM, Ali-Reza Anghaie a...@packetknife.com wrote: I'm assuming privacy issues are of minimal concern given the other problems at play here - I could be wrong but bear with me. Trying to think of lowest-cost, reliable, easiest to expand and re-deploy without a telco or other licensing. I wonder is a low-bandwidth text HF APRS (http://www.aprs.org/aprs-messaging.html) option with a laminated deck of shorthand medical terms would be a reasonable remote field option? About as rudimentary as you get but considering a worst case scenario - it might just work. -Ali On Tue, Mar 5, 2013 at 9:15 PM, Sky (Jim Schuyler) s...@red7.com wrote: Since HAM (amateur radio) is real radio, not phone, an Android app wouldn't use it directly. The app might -control- an amateur radio remotely, and there is software available to do this. However, I'm not sure what benefit it would bring to this project. In the US, amateur radio operators must send all information in clear text, and encryption is illegal, thus you would not want to try to exchange medical info because you'd need to encrypt it. In other countries it -should- be illegal to transmit medical info in the clear, so I'd suggest avoiding this. Also, high frequency amateur radio doesn't have sufficient bandwidth to transfer much digital
Re: [liberationtech] [SPAM:####] Re: [SPAM:####] CfP: Society, Informatics and Cybernetics (March 19)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, who'd have guessed that spammers and scammers operate in the world of academia too! http://fakeconference.blogspot.co.uk/ On 5 Mar 2013, at 12:24, Rich Kulawiec wrote: On Tue, Mar 05, 2013 at 06:13:42AM +, scarp wrote: I'm kind of shocked that the advertisements posted by compa...@stanford.edu aren't somewhat verified. I wouldn't be too critical: the people behind these fake conferences have been at it for a long time and they're quite good at blending in. These conference announcements have shown up on all kinds of mailing lists -- that is, they've gotten by a lot of clueful eyeballs. - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRNewLAAoJENsz1IO7MIrrgGwIAJyuVV3fCMchGxGhFQSBNISv 5rkyrZhAwRceQWYnUCCajmiRNciPyv2xVr5MrSp+IJlQzMXoznsLLD7lv/gw96jd dXEy/suhmrVuqGA2dNFgS/MNN2DLLTRvVd1LNEcdasg1qDPEzF1y/IiGsnAZRX1W d/Sa0//DyV6xrjWOw9vPMMfmKSFeJRQu+ZLeRwVSbXmUm00cvSZboDd1sG30HwFy ypZbiYafhuCX2yYuE1EQAK+abJc+g3aiJl0KLkWR+YJqF90ZJk2er6bbX+LJwJ6j k8Z+QvncqIB/UlL4LJhRezdcZqUqNQ5ERf8Z+z2AZYQvgzQN9Uf4vZQ63HSQVW8= =xA0T -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please help out a student!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Andrew, No I mean more: actions by the Syrian government as in shelling of cities, crackdowns on demonstrations, and the retaliation by civilians and the opposition forces. I did find a overview from the NYT a few days ago, but have misplaced the link. Any help appreciated! thanks, Bernard On 3 Mar 2013, at 23:55, Andrew Lewis wrote: Telecomix? Anon? SEA? Of which I can provide some insight, at least on TCX. On Mar 4, 2013, at 12:28 PM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I am doing a data visualisation project as part of an MSc programme. Part of it is a timeline of events surrounding the civil war in Syria since the start of 2011. The goal of the project is understand the influence of events (actions by the Syrian government, actions by the groups opposing the Syrian government, public demonstrations and others) on censorship of Syrian Internet access. Would anyone be able to point me towards a timeline of events in Syria over the past 27 months? I don't know if this exists. Or possibly give some pointers on where to find useful data and how to create one? The best I have been able to find is what Google reports as being worldwide searches since January 2011. I would appreciate any assistance from anyone with knowledge in the events. Knowing the make-up of the list, please accept my apologies if I have made incorrect assumptions, or portrayed things in a simplistic way. It is not my intention to offend. thanks in advance, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRM9xpAAoJENsz1IO7MIrr/n8H/j/d3P618OxRxfJo8HjSI+9F CLxE9UDPl1onHvsBc0khu78g0giRYgTnmSPTvXJRu++VNFHcuKVjgSpCFBWKcLzf ynCaGGCF8Dy/Sq4YDGBKKubjeecK3YH2UVKdYnQ0QuiS9RQ3RM8/wpZ2h0TT01vL yuxeqO7decPLdFXtYalCetwKPjN1sJdVga9v2buP6qIiQjYzqxtGGC0BUjw7Hsv+ GMJ8Z/9S2rrjgS3Y047gxUNdgci2+AZoiqyixGRp1wx7/FOI31GADUKcOI9aARfj YUFutRoTOnUVV8cvr1OduXQ9jzp0GufgvZynTTdlxsHq/YkCwGCyLjeAkGNP9f4= =/AtG -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRM+ZuAAoJENsz1IO7MIrreksH/26bY6LyPjUhTZXvzw8Vt6es twMujqeP2Qv4a8y0B63GlkzjzrnQCVjhT+h+nNwQCZRMsdCvjYNbfKismi1Vr4WX MMYnul8wmCP7xYV8flUXFI166Hsv1LKmzHPrvjZuIgRnCoDe0p6ICHy6sP4MRxMA MtdQPzMm1CkGTWTJ9ZN7KDBi7SDP9ny4ClXPKuCoVK1uwKxFGdn2g1/V+9Ljmpah VdUwJdNccNtsZAYMULO7hSHM8qWM7buqQDPYOBR5Q1/bdni/9PHPJeCbxH6cZL6g YXMF784c0crJsfePD8gYRcDDBDEaw18ISdcHsJpbwHPME1Uaf0OwE4j4Advr2jc= =fpn+ -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internships available at leading Palo Alto tech startup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While I support the idea of exposing the internal workings of these pointless companies, I would expect the poor intern who was successful would be bound by umpteen NDA's requiring various body parts if they were ever breached! Is it worth martyrdom?! :) On 23 Feb 2013, at 22:17, Jurre andmore wrote: That's a rather excellent suggestion to infiltrate and spill their secrets! Op 23 feb. 2013 19:19 schreef Don Marti dma...@zgp.org het volgende: begin Jacob Appelbaum quotation of Fri, Feb 22, 2013 at 10:06:38PM +: This seems like a great job for understanding the current state and future trajectory of a specific component networked authoritarianism! Or for taking notes for an article, I was an exploited intern for a creepy privacy-violating marketing company. I bet the Atlantic would buy that. - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRKUJ1AAoJENsz1IO7MIrrVn0H/0wmQAayFDWaxjEo5JfkNcnl klsDygHRsgKXLyq6o6bHXoWkskeY5auKpN9q5+00xi+Be6uZ+ZyeMrlFz/taoWWF d+DXn6oLALgIhKqSfOKniTPyPQcQ7ZhUef0t52VKa+hqPsFzLv2kiX4QKaErxkT2 Z9Lbx15fE6clTlCfbY4TnlhG+JfiB00hsRyNjYswAktQkWVCaIVt2A+aQKPwszoP uz86RrxigqzIS0u4Jyp353JEcBSt2kW4nUDJ+eLAoAn5bV6gr1RYijURpkUSeWBL wEaevWcxmMZBW1GnTwIy/LJwn5shLsePgoRTfAOT+5f5kP6cFcsrUXDJKWF0pog= =c/qA -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] digital to analog: Syria radio help needed
The approach taken would be: self contained IP-FM transmitter box that can be detected without any danger to people setting it up. If there was access to technology I would suggest a multiple of low cost computing devices (raspberry pi/etc) receiving IP audio stream, connected to a reasonably low powered FM transmitter. These nodes can be found and destroyed but cost is low and safety is maintained (as much as possible). Caveat: These are quick ideas off the top of my head. There are probably better ways, but technically these would be possible. Security may be compromised. Some [BIG] assumptions are made. Not knowing the availability of radio transmitter hardware within the area, my suggestions would be: Option 1: * The IP based streaming input will be available within Syria? If some censorship is being carried out, have the audio stream available on a standard IP port, 80 (web server) for example. If so use the IP streaming audio as input for the FM transmitter. I would not think encryption of the IP stream would make sense (and would possibly raise flags/get it blocked) * Coupling (connecting electrically) the actual radio transmitter via a point-to-point (possibly multiple points) microwave link to the antenna installation. This will give some basic protection -instead of coupling the antenna installation via co-ax cable to the radio transmitter which give away the location of the radio straight-away. * Allow the system to be controlled remotely, if necessary: although that would give the possibility of some surveillance. A more secure way would be to leave it as a self contained system that dies when/if its discovered. Ultimately the audio will need to be available to broadcast FM transmitters on the 85Mhz - 108MHz range. Ultimately the transmitter would be found, if any signal interception is being carried out. Option 2: * The IP stream is sourced from outside the country,and is coupled to an FM transmitter outside the country. The FM signal is broadcast with a directional antenna, over the border into Syria. * Again, depending on the availability of FM radio hardware, a repeater/relay installation receives this - original radio station broadcasts on 88.5MHz for example, the repeater receives it and retransmits it on 101.0MHz This could be chained a number of times hiding, for a short time, the each FM retransmission point. Eventually it would be found as somewhere across the Syrian border, and whatever happens happens. Ultimately the audio will need to be available to broadcast FM transmitters on the 85Mhz - 108MHz range. Ultimately the transmitter would be found, if any signal interception is being carried out. I hope these ideas can give some help. Please verify the assumptions made, at least discuss with a broadcast engineer if possible. Bernard On 4 Feb 2013, at 15:17, Stefan Geens wrote: A Syrian whom I trust and who I've helped with security-related issues before needs some help that I am not qualified to answer, so perhaps somebody on this list knows what to do or where to turn for expert help. I don't want to suggest anything to him that gets (even more) people killed... He writes: I am working now on a radio for Syria that needs to cover Homs governorate, since people there don't have internet or electricity, the only way to reach them is by radio. We are working to establish a FM radio station that covers Homs governorate and all Syria later on, it will be based on an online radio that is streaming from outside Syria and we are looking for the best solution to stream on the ground in Homs. We are looking for the best solution to transmit the digital signal into analogue one. The point is if we want to use a normal transmitter on the ground it will be known for the regime warplanes and it will be destroyed after few minutes. So, what are our options and the details of the best solutions (using inside or outside Syria base)? == Thanks for any help you may have. I'll forward it to him. Stefan -- stefan.ge...@gmail.com @stefangeens @ogleearth @dliberation +46 73 504 5261 Skype: stefan.geens PGP: 0x54ABD155F7CE9B68 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Mega
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23 Jan 2013, at 12:45, Eugen Leitl wrote: On Wed, Jan 23, 2013 at 07:40:13AM -0500, bbrewer wrote: All the money in the world, and still, so many listed problems on this new service. Malicious intent, or just complete rush to give the finger to the authorities? You don't seem to know Kim dotcom Schmitz well. You bet me to it. IMO, this is a two fingers from Kim Dotcom to the US government, and a PR stunt to garner support from his new host country of New Zealand. He feels hard done-by (and he has a point). It's a PirateBay.org style campaign and will probably be resonably successful. The best outcome possible is to point out the issues with it (as is being done), explain why they are important, and hammer those messages through in the media. Those messages will miss some people (as they will only see free and secure), but that's always the way. bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQ/+MOAAoJENsz1IO7MIrrAa8IAJDPY7eDe2Dz1iw1FJo3Zr08 c8uRiyjJHPmqZt1194A7hOCax+eP+LwkFoa7DDp4NoXw8O4Frc8DogTXD+soxjDh 4doC2y8AV9y6AC2HUMUrkyEu9M7bra9o9Cbos+sdxLptnL8qnvXE0pWTeOrPiBgZ uu+Dq4vGyni0nZoXv7XTNox5lE/Rp0bC+9mSNZy1JmB1o7h1RyotU6OtA0ydLK94 XvaGIyaG/PcBqz/zXjDNmRw4oI84UaYsy23gIOS+yW4D4vtwRs0lqMiZjvyJskgU JYg6Oh+fwsVIJ1H7iJ9JhqMMuaWwQZxPU/w5qirZQlVD8x1mFE2I9G4HMfHqcMo= =XOUN -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Manuel Castells talk at RSA London, 20 March
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, For those interested, Manuel Castells (University Professor and Wallis Annenberg Chair of Communication Technology and Society at the University of Southern California) is talking at The RSA Wednesday 20 March. Tickets are free. Talk description: In our time, multimodal, digital networks of horizontal communication are the fastest and most autonomous, interactive and self-expanding means of communications in history. From the Arab uprisings, to the indignadas movement in Spain, to Occupy in the US, the networked social movements of the digital age represent a new species of social movement. Leading scholar of our contemporary networked society, Manuel Castells, visits the RSA to shed light on these movements, and to examine their formation, their dynamics, their values and their prospects for social transformation. http://www.thersa.org/events/our-events/networks-of-outrage-and-hope regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJRAGACAAoJENsz1IO7MIrrP6AIAJC+M+uZ1FTj0LuGYhTkiegt oLW4R6LTvIaRtgF8wN2YlI++u/VQjd5ccQ2S3ttiFlLnJODvCKQPFFKwQPj8RW0I lBZA/oIfwQ28qSUuWaFEwBrt9ZZdXfoGLmf3neXb3N9iHs+kRkY6nYUufHf0aI42 0oEuKmnXIvHxU0KBUCWKIplDN+N0a8NnTfUsAki1TcvXOgYGA4ZENHr4T3pjpOjZ UlAK5HXjCwmzEPKD6RW9hK7BPOZIZeT27aD1hrkLjBlPYUZGWiqd3VizOfWnV1ho rPda7iaN+JtKJxg49ilKxh9cL9t5w+xKiIXmmmh7wicrGAZOuY0RqhjjaCaSkwA= =dEEM -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Any TSF people subscribed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Is anyone from TSF, Télécoms sans frontières, subscribed to the list? thanks, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQ98YjAAoJENsz1IO7MIrr4X0H/2Din6TvweRms7GBoA2jHvNz qTx0njpzjTf3vVgg9KIZifgdKjphGRjtJJ5yWsYgyvzYYPBiiNMfYy61Q1iHQICL 8EV6XJGeqUf++hQ4nlFXVb0tvbSFaWf8AXryoZIazmTZpYtWEOWFEB6j0uAWXhyh ov8+9NTnRetaRQAY0tGewP12V9NozqRgCStC+N49ySwngF41uZFuIBiebWJ+ga0h gn5SiWET0XdDgLlbjyzkCwCtvuI5qwrSIsaNw4nDMPZlQNZ1Fb/qlJt+LtWK3M3x qIaChc+s0YwymYDwNEhf3l8XRkTfVU7fQeje/KqSKVCj/ef9UzHiNX3W9dBSE0E= =eniH -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Skype Open Letter: CALL FOR SIGNATORIES
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do all signatories need to be affiliated/part of an organisation? On 16 Jan 2013, at 16:58, Nadim Kobeissi wrote: Dear Privacy Advocates and Internet Freedom Activists, I call on you to review the following draft for our Open Letter to Skype and present your name or the name of your organization as signatories: http://www.skypeopenletter.com/draft/ The letter will be released soon. Feedback is also welcome. Thank you, NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQ9uHXAAoJENsz1IO7MIrrbKEIAMYUBZsvcdaGihSRAxI30tPn CYKEv9O7FQxo1zSSfjbqi16nJ6ZCdt8R4meELwTmk0KnGIJyd+zPOWqd6fb4GhoH uw/csLwT1kaPc0WI3/44e13TW/HdjfsmjRnzHF73GJltr7WEtFlhNluDCWxqcTjY sGBX8x6wgPTbBwqr8KaOUbL53m5cf0EC7syZ4lil73aadLgIDbePZgD78s3uyjaY iij7hhezV/vb5U4nAEpPl5Djs3uoAbycIYZifZmFEqA6E73heZ28j4qzhZmYrVHR Doi9h3EUCWkVg9FzUxF8h2T8ad79PoxnQAjTwNXJJGregng5i+Ku74itlhr9M1Q= =4FPl -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] French ISP blocks all web based advertisement, by default.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Free ISP a French ISP with approx. 5M subs has blocked, by default, all web based advertisements being served to their fixed-line Internet subscribers. [1, 2] As a consumer, I would be very happy about it. As a Internet neutrality (whatever you want to call it) supporter I disagree with what they are doing. If they want to offer this as a service, then it should be opt-in, as opposed to opt-out (subscribers can turn it off via their Internet router). While it's not life-threatening Internet censorship, in my opinion it is still censorship. From a network infrastructure POV, it would be a reasonably large job to carry this out successfully, without issues, but nothing a modern ISP with a budget could not build. On the Twitters there are various reasons being discussed (the ISP is blocking companies, who are not paying them anything, from making money). Will we see some websites blocking access for Free ISP subs? Will they offer a second-class service? An interesting, but slightly disturbing development. [1] http://www.rudebaguette.com/2013/01/03/new-update-to-freebox-censors-internet-ads-by-default-for-5-5m-users/ [2] (Google translated) http://translate.google.com/translate?sl=frtl=enjs=nprev=_thl=enie=UTF-8eotf=1u=http%3A%2F%2Fwww.numerama.com%2Fmagazine%2F24665-blocage-des-pubs-free-pete-un-cable.htmlact=url regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQ5cLdAAoJENsz1IO7MIrrZoAH/0S2COYdAVVHZaYpClJ24INS PiMhLBO20JzGTVEdQ6IXBzOOYI5zBET1h764SWHkn07ZIwxpzjw9FQDnedF3XH6a a1ZD/QfuLVdhbqbP8NEntgfJgooIbc61MkeUeD0Z1+NZVU4m4l8ChRy1k7O67vY0 HRyma7Duhmxy/uRpuh3esQkVCXc77c/hpEqehVUvtS+48BTnGVxVT+UR138mSw4M i0eh/dxoMvUFlgaojwsqOtRTQwMqud+FWUV4CvQiLWE0FUrVBrgbVnSB34OQmvEC ypHk761JO03w14GLdueLb58zwoN13GJIwtLXMYBJ8Q6Kweb+D9XRYzRTDvz66xw= =cWRl -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] CryptoParty in Tunis tomorrow (Saturday, 1st December)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - From memory (anyone knowing the please correct me if I am wrong) but the London Cryptoparty which was held in the Google Campus also required real names for health and safety reasons. This didn't stop people from signing-up with fake e-mail addresses and names. (Of course not something I would suggest!) On 1 Dec 2012, at 14:01, Julian Oliver wrote: ..on Sat, Dec 01, 2012 at 10:31:25AM +, dan jones wrote: You may be aware that a previous event called CryptoParty was organized during the OpenITP Tech Summit on 27th November. However, the organizers required people to give their real ID in order to participate, requirement that was considered as not acceptable by a number of people, including people from the Tunis hackerspace. It sucks that it turned out this way. I didn't want to at all, and I was looking forward to meeting Hackerspace TN folks, but I totally get why you were turned off by the name policy. I probably would be too in the same situation. Could someone explain why there was a name policy? I am having trouble imagining why? Well it's quite absurd really, given one of the primary concerns addressed at Crypto Parties is protecting the right to anonymity. -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQumG0AAoJENsz1IO7MIrrPDIIAINxi+RXdkRAiTqZRwmnfiGE ygHQsvHT0PawIZwMp6m3fw6AzYkUIYUgjz5EzCV6q1dzuciyUrnwMfxDnQAqhkYd Y/ltOBK7zLEytFPsBHf2jxdSj+0XwT3bEf2FDgjeZMUK7tr3CnVIIaJcd9KEMADV 30u5OtDY4HQamBtvZfmQqr2K6NXjNajRPvG3KVsQ4q8agSGfBrjLr51VTvhoma4E oKSLnC0QeZugcU4wXsJdjKPjP9I3x7eGSv6LnDNnDpVTV/EJvrdIEPLl3y51yvyj mbC7uOTKQkrfr8Ms3BsjPacy2eMSJsG3n4IQHKkbu6h4vSeyfy/OaSq63Ohu8n0= =UHXJ -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Censorship hardware - BLUECOAT IN SYIA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 True - it would be useful for a journalist to make some enquiries as to the outcome of that investigation. My guess would be nothing. It's also interesting that the article says 14 SG9000s made their way to Syria - and there are 8 being used in that single rack. That means 3/4 chassis are either a) being held as spares, which would be possible but slightly strange in normal circumstances, but I guess these are not normal circumstances, b) lost/faulty/out-of-service, or c) being used in some other location. Bernard On 1 Dec 2012, at 20:11, Jillian C. York wrote: Oh, I'm with you - I just wanted to send it along in case there were folks who hadn't heard about it. On Sat, Dec 1, 2012 at 11:44 AM, Bernard Tyers ei8...@ei8fdb.org wrote: And reading that article now, I wonder what ever happened to that internal investigation Blue coat were running. I also wonder what happened with that Dubai distributor? Something tells me they're still doing business. Restrictions make no difference in these cases when you have one company who will provide a partner service provider who will then provide a service to the persona non grata, possibly or possibly not with the knowledge of the original company. Bernard Connected by Motorola Jillian C. York jilliancy...@gmail.com wrote: http://online.wsj.com/article/SB10001424052970203687504577001911398596328.html Blue Coat Systems Inc. of Sunnyvale, Calif., says it shipped the Internet filtering devices to Dubai late last year, believing they were destined for a department of the Iraqi government. However, the devices—which can block websites or record when people visit them—made their way to Syria, a country subject to strict U.S. trade embargoes. On Sat, Dec 1, 2012 at 10:39 AM, Rafal Rohozinski r.rohozin...@psiphon.ca wrote: This pic has just been posted on twitter. It was picked up by the Secdev Syria Operation Group. It is allegeldy a picture of internet censorship hardware taken inside a telecom hub (exchange) in Damascus, http://twitter.com/AmaraaBaghdad/status/274919986399703040/photo/1 It looks like the ProxySG 9000 ( http://www.bluecoat.com/products/proxysg) Rafal -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com | twitter: @jilliancyork We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - Vaclav Havel -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com | twitter: @jilliancyork We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - Vaclav Havel -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQumWEAAoJENsz1IO7MIrrgPIH/3VgSfjRYIUCf6jTV5cjOw2c bxo5e0fQS4P7CcNI7ria2go8FcOEeO2ok551sKhI9HRzPXk72MrTxqQPo5TP6o3f o4yT7AP2RuiKem9Ms0ge+bHysm3BEcSq0RYWK0CV5ukGreNmYpjmd4n9BYibrep4 4Rwmug9YxGXj+/OOwQnd1BncqghEoGIS+xApuKrIjWPCI/dMgV5duBux7YE9wSJc LD0OFW0u0TYwzLg2Vw8B0UkFvQhohHla5PjZv9SJRUTsBU/IaUPmDUtBAXdqLUaO KndaRcyOujWQ9hqvCcGVbDlrJgSYqxg1aDNhPtyJMJBqx925tn1IyE2ADCKGWk8= =AIPd -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] MJM as Personified Evil Says Spyware Saves Lives Not Kills Them
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It saddens me that someone who is clearly talented is so delusional, or puts a price on his personal life. 15% of the company, and hefty salary. Either way, he seems to be the company fall-guy. Muench has put himself forward as Gamma’s point man on the issue, as Gamma’s controlling shareholders, the Nelsons, remain in the background. He says they act only as investors, providing money and customer contacts for FinFisher. If I was an investigative journalist, I'd be doing a story on the Nelson family. What kind of investors has links or contacts with oppressive regimes? In fact, I don't want to know. On 11 Nov 2012, at 22:19, Jacob Appelbaum wrote: ilf: On 11-09 15:53, Eugen Leitl wrote: Muench says he’s given up on a social life for now. “If I meet a girl and she Googles my name, she’ll never call back,” he says. Our work is paying off. Didn't you see his OKCupid profile? It's hear that it is a good way to find others who are interested in the same kinds of morality! :) All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQoWDBAAoJENsz1IO7MIrr18sIAMyufQPGPb0JTJBh4+qYqXHH nMKV6r2UNMlkpXDl6Pn7RZvh8Qvn8WEkCZa0PVVvQfx5h459tDU5IfED4HFWKQdP HEc1nGMNbR+G+R/tkAAPJaatbZLdnNMjLEoCcDqJwrKSBdFS5T9VR9NlM3Q5BblO aZjRRwPj6yTJMWWvesr53JAhc5ozDSGFlFWjah3Tp3PZNJoI92dbZ3bq6Em1NrzI aDmWyCADDH/9uhXthV18VBMTIGjRvLlj7VGla1kI6ftjR6jgvZ/KeyULBjCApcfE pAACvRjPQLHc1oyoqnm37RPTJy7InDhLOIVA4UWfXmdcey7pBHbMPc/YiXpe8FM= =ee/t -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Large amounts of spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At a risk of receiving the mentioned spam myself (thankfully my mail provider also seems to be killing the spam before it gets to me), and at risk of offering another evidence-less possible scenario - There was recently a valid e-mail account that was somehow used to send spam to the list. It's quite conceivable that account is some way connected/has provided the beginning point. Or like the person from Stanford mentioned maybe the spam is targeting a number of Stanford lists On 31 Oct 2012, at 22:41, Yosem Companys wrote: Maybe. But the site was already mirrored for a while prior to the archives being made public. So I think that's unlikely. On Wed, Oct 31, 2012 at 3:39 PM, Andrew Lewis m...@andrewlew.is wrote: Maybe someone is simply scrapping the archives for the sender address? On Oct 31, 2012, at 6:36 PM, Sarah Watts wrote: I am one of the...people it got; my email address was suddenly subscribed to more than thirty lists (Twenty maybe) none of which I subscribed to. I contacted someone...and have yet to do the second thing they suggested. -S On 10/31/12, S Vivek vivek...@stanford.edu wrote: Greg: This seems to be happening in other lists at Stanford, and so I won't be worried of a concerted effort against the libtech listserv. We are working on it, and I hope that we'll be able to handle it soon. Vivek = Program on Liberation Technology, Stanford University http://liberationtechnology.stanford.edu C 149 Encina Hall 616 Serra St. Stanford, CA 94305 Phone: 1-801-784-8357, that is 1-801-S Vivek's! Blog: http://viveks.info On Wed, Oct 31, 2012 at 1:34 PM, Andy Isaacson a...@hexapodia.org wrote: On Tue, Oct 30, 2012 at 07:32:18PM -0400, Nadim Kobeissi wrote: This mailing list has a spam problem (I'm receiving nude photo attachments now.) Admins: Please address! Hmmm, I'm not seeing this problem; I'm subscribed to liberationtech on a bog-standard linux + postfix installation and I save every message delivered before I run spam filtering, and I don't see anything porn-spam-related in my all-mail archive. Care to share one of the spam messages (headers + body text only, I don't need any more nude photos thnx)? Offlist is bettter I suppose. -andy -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQkatQAAoJENsz1IO7MIrrGmIIALgjzfbnvsd4bqRyx98UbSkc L2t1nny6L2gMjPdsfxL/ywNr90411i87RuVXBI2Y83wBAi37M6zpgbFw3UR23tmT u4skCXNFuW+A3exQVzEZ9IVIEawaqWFu5iDrb9qobLprelOGhf5IsDV23JbNEnsn OO9PFJXzRpdbSOKrnu/JzAnv6yMehRpHqNlL8o3bzrdGS+hC7ghpNbGWoFKtEM6G nIVQ5UWM/VVxZDwvw9WfTfYAgNySydub4hI8xFNx4RXVIbP7ktNZqeyWc2ZM+Yax HoI/tZX7YXrWeYEXNuXgtYVSIJXIm7OwvUtYh9b+W1O4TdpP6RU+I9EoLABELAA= =S7z4 -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] A technologically progressive approach for oppressive regimes to operate.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I attended a talk recently in London titled (Mobile) Money Makes the World Go Around. [1] It was attended by people involved in mobile money (M-Pesa, mobile operators, finance companies, and billing backend people). The conversation was about how wonderful M-Pesa and such services (they are, in certain ways), and the different business factors that are at play in the mobile money industry. I asked a question about privacy and anonymity in the use of mobile money services. I was a little shocked (I expected the answer, but not so bluntly) when a representative from M-Pesa said You can forget it frankly. If you are making an electronic payment, somebody somewhere wants to know you are not money laundering. Arguably we don't have any privacy anyway. [2] And then I thought: what a wonderful way to keep control of a group of people - state run mobile operator who implements a compulsory mobile money service for the population. You have an electronic device in everyones pocket, which can be located to (depending on cell density) down to 50m approx, with an MSISDN (telephone number) tied to bank account details. To the outside world you look forward thinking, progressive and technological progressive. Is it necessary to go to that length? Too much money? Is the front needed? Bernard [1] http://mobileheroes.net/ [2] http://soundcloud.com/heroes-of-mobile/mobile-money-makes-the-world - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQka7QAAoJENsz1IO7MIrrl18H/jBAuQx8fEGscJLK1L0coNb+ 8z/kCh62PdaNxGuRadudojYDE2sqpUL16DAHBqinQisJITCsY32OAmcwORS48YJF aWcWTP0sAhBKBeXImWseLzfuH2iHpB25t3/Ele8h6TR/4mWaUJrhvCnAz2Bw+IIM 7UtsQjD8KXybuni5QLbBtLA3naSvmixd0TbvEwD5ty8Dec9P8jVcchfpWeWh4xwU mC3pRHee9p248n+aRbY8tF3GHRfw3S85ApJQICUv+bUFbPOP8bV2q+sF4sVnMq+I TW3OGzIkkAimkmOdLVwlqUWfGB5ZCmcTPkaxc+euqu0lBKRzGXeFUlwo9jQp9gQ= =hTKA -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this a case of people (lib tech/security community) trusting people of up-to-now good security community reputation (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of we will be releasing the source code) combined with briefings with selected groups? Just curious. It goes back to the discussion about trusting open source software, or trusting people who we believe to have good intentions. Bernard PS: To try and keep the mood light: I wonder if the founders are fans of mid-80s German Euro-disco bands? On 12 Oct 2012, at 00:09, Christopher Soghoian wrote: Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at:
Re: [liberationtech] CryptoParty Handbook
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7 Oct 2012, at 22:35, Brian Conley wrote: Greg its called orbot and it runs on Android. Secondly I used to agree with you, but I'm increasingly coming to the conclusion that user education, not simplification, is the more important piece of the user security and privacy problem. I am glad someone else is saying this. While it's wonderful to say sure security is easy, alls you gots to do is [LOTS OF SHIT THAT PEOPLE DON'T UNDERSTAND] and voilà you're secure, people want tools they can use. As a geek/technical person/engineer/whatever you call me, I will say technical people are our own worst enemies. We overly complicate things, which is fine if you want to make people discover/learn through doing - but they have to be presented to the right people in the right way. Most people, in fact even some technical people (shock!), want tools that just work. Yes, they want them to be secure, but not at the expense of being easy to use. Yes, as a technical person I love delving into the guts of something technical and just geeking out (as much as I hate that phrase), but I want to do that when I want. I use the computer operating system I use, not because it's beautiful and shiny and whatever - I use it because a) on the user interface level it is reasonably easy to use, coherent, and consistent and b) because if I want to hack something deep down, I (mostly) can. Technology is a tool. It is a tool to help you carry out a task and to get to an end goal. If the technology gets in the way of carrying out that task, then (in my view) it has failed. Particularly if the user does not know how to fix it. Security should be integrated into the tool. It should not be a bolt on. It should be integrated. The complexity of it should be secondary, not hidden, to the ultimate goal. If the user wants to get at the complexity, then they should be able. Sending a PGP encrypted e-mail to you mom, should be as easy as sending an un-encrypted e-mail to your mom. But the education of why you should be sending an e-mail encrypted should also be given. Granted, a valid threat-model should be explained, as a given. That said, the tools do need to get more accessible, but we are getting there. I don't believe there has been as sizable a change in public health and user information campaign efforts. Technical people are our own worst enemies. We make things look more complicated than they need to be. Sometimes its laziness (naughty!), and sometimes I think its a job security thing (bad, but understandable...to a point). What came out of the London Cryptoparty for me was, the amount of thought some people have put into the decision to not use a security tool. A clearly intelligent person said (paraphrasing): we spent time looking at the tool but we couldn't understand how it worked. Not the technical operation, but what we needed to do. Was it a desktop application. Did we have to run it on a server. Was it a mobile application. The guy had obviously spent time looking at it, but could not understand what he needed to do. He wasn't an idiot. He was someone who should be using the tool, *but decided against it because he didn't know its function*. That to me was a (pardon the language) fucking eye opener. (NB: I am not having a go at the developers of this tool. Their work is excellent. But it just hows me how complicated (leaving aside the cryptographic/technical complexity) this is.) It might be easy to say, but this almost as important as the security of the tool. Maybe as important. Yes, the tool needs to be secure, but it needs to be easy to use. Otherwise, doesn't matter. That's not to say that I agree with giving people simplified, basic or plain wrong information. (more on that in a later e-mail) Security is complicated stuff. Cryptography is complicated stuff. But it doesn't have to be presented as complicated to use it. I know bugger all about how a car works in detail, but I can operate a car, and when necessary do simple troubleshooting. Any other approach and people are being treated like children. GIve them the information, but ultimately they'll decide if they want to use it. Bernard (getting the flame-retardent suit ready) - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQdAk/AAoJENsz1IO7MIrr9XkH/12a+XSf/sX6dvtYxHv7QhNA ZzrfmLcdV/zek5AGUrVxJrxIgPzdiGyQHqi+be9VMXCPgo1sZ7iLSTwm7ic/20J/ w4oenKbXUnjotbF0/ZdEYNp0LsFxrjpP/b74XN4F4Rx78Ax6hPlD8P4k2lW4ep/0 FjwPk1UK495mQJm6fXt3f2WEoB1uAA0clxjpXoUy8vZMjKeXtWu4is2qPbmc1o8W FmDZH8A2izCLsrcqxW8kTwXoOc93hRAbWh+/fSvRV7lOPYXJPB2/6NNiL9AtKSq9 3EqP9ZzO8vQZ12CtRMn98ZbnnvIZRW48TremzqOFuG3mds+9PzFR/IjKVclJoVg= =I2MK -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password
Re: [liberationtech] secure text collaboration platforms
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3 Oct 2012, at 10:25, Sam de Silva wrote: Hi there, Can someone help me out - Is http://www.piratepad.net secure? I thought it was, but I can't seem to access it via SSL. It'll also be really useful to know of 'piratepad' type platforms that are secure, and there's controls over deleting the collaborative pads/docs. Thanks, Sam. Hi there, While it doesn't answer the question is Piratepad.net secure?, the functionality on Piratenpad.de seems to be exactly the same - ie a hosted Etherpad software website. Piratenpad.de is however accessible via HTTPS. [1] Make of that what you wish :) hth, Bernard [1] https://osterholz.piratenpad.de/test - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQbDMQAAoJENsz1IO7MIrrEFsIAIAVfpmkN3cCGht03/VlzLiq L50rLBa0+L8uQL2HMQbW/nZZ1qZs2K5+YleuaOea6JEujHaIhRWv8UciYtMzq9It NXsdydfgi+yyIx8goD8xu4oVdJldovLTaukWSx4ThOj8rxKBqddxdoStMMfQFR7j Q6ZK4eZMR/4YHoLVJnDdT6dtRP1G+0AK/Q6oUkn95u0FZsPlkLIANzl8NQgpkgRv cpcCVWAqMjVZiv1Z19K7QdBA2Se30EjFt5ilqy3H0ozRXsR7s/8ZdI/GmUIiHn2x lXZjb2UuOx86U9E951mC3kjLZwOoOk0dQ0xhB4fyXjgJydyOPm7hgv0KzWkVP1g= =/JiR -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Baghdad Hackerspace
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I thought this might be interesting to some people: http://www.kickstarter.com/projects/bilal/baghdad-community-hackerspace-workshops See also gemsi.org Baghdad was a hub of art, science ideas. Inspire that attitude again by sharing hackerspaces with Iraq. We've been getting questions about why it's important to run a popup hackerspace and why we're asking for 27,500 dollars. GEMSI works to create a cascade of hackerspaces across the Middle East and North Africa. We do this by supporting the development of short term and long term spaces. Our efforts start with temporary spaces and workshops to do community discovery and connections then leads to supporting the development of a year round space. This Kickstarter supports all this work but is focusing on our work this fall for Iraq. By our efforts in Beirut we are working to discover the translation of hackerspaces to the Middle Eastern cultural context which we hope to share with Baghdad. Beirut is also where we are running a comic hackathon at the hackerspace to illustrate the Iraqi stories. Lastly part of our funds have been allocated to a micro loan that Middle Eastern hackerspaces can apply to to help with the hackerspace build out. regards, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQX2LjAAoJENsz1IO7MIrrng4H/0iotG8sLEUlv8LrR65ZKb+a s3SBzT1J8O7SHYBzsxQK2eKdigMp/4pzowr2sWjkHvVzoi15GlPOpy3gl4tWzLJI 2F59XDMikADD8IZAMjI+Yz+EH223inAnX4LMGyfdPd7iC/X62Wl1JSezuVzyUH2m i7qUgLuwWbFywzCua3BnNhznZ6qLW3MjQluVKG8o9rT3tcNZSvuHOYWP5i/yNWJ7 33z/EPhYzx6MUTyUGSRjN7F1kA4kebDeBrsrLhIj6H937MLoXl0dr3sOxBDtq9vs BXnWETmQ1M6ypKkc5q63GpTUZZzlsKgP54a5LLB2kMkoW9bnu7sx5Z5BNRSxgV4= =M+jP -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Ideas for MSc research into HCI, security tools, and privacy.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I am currently researching ideas for my masters in human computer systems thesis. I am a mobile telecoms engineer by profession, but am interested in HCI, tools that help maintain your security, secure communications, and privacy concerns. There have been some interesting threads here that have brought up some interesting questions for me: ∙ The thread discussing the usability of tools, such as cryptocat. How it was (originally) easy to use but may not have been as secure as possible. (NB: This is not a jab/poke at anybodies work, or an excuse to bring up any of the previous discussions about Cryptocat) ∙ The perception of tools which are easy to use but may not be secure, eg. Viber, whereas other tools are seen as secure, ∙ There are no shortcuts to being secure. I am developing some ideas at the moment, which are mainly around mobile, privacy, security, encryption tools, people's use of these tools (and why some people don't use them), how to present information such as possible interference with Internet users traffic. I would be very interested to hear from anyone (on or off-list) who has any suggestions, I'd love to know XYZ questions, or projects that are currently on-going that may benefit from a MSc level research project into the intersecting topics mentioned above. I am open to discussing any ideas, so please let me know if you have an idea. thanks in advance, Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQXdP1AAoJENsz1IO7MIrrkrIH/A38BhzKgnsuyoi/CcveytqI FKvvw62iRFKYfD1YaPHgxxyaS8ygO0k/gEYKzQ6W42Swq0icZUdsgYUTv1B0LVoY sSsc2TkGfLH6AkWA/0w0dFq3FH+q8lW/MvPHQ9zspYC4IBPwvB0Svb6uui49c6K1 n1ksSuVjy/4ONp2le+gUro6Y6dzY69fuPTDXWzbuCbZeOT4s6paJoCrGSNGWyeZF oJDaqK2loncAKyOa/e2MkFNQOeLIvOUJzLpvcxzkRW6q2RmneSBvpcZk+eO6ykIk q7r9phyzN6cfZ8Mf0G3hpnk/1qgqwwKbf4esL/i8HQCfxh0ZkNyevByXs/BfncI= =skhS -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] FinFisher is now controlled by UK export controls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I had to reread the article and the documents a few times, but I think this control is *for the short term* very good news. Congrats to PI and all involved for sticking a well-placed oar in. In the long term the regulation isn't going to stop FinFisher sale. Clearly the Gamma International people are reasonably smart people, whatever you may say about their morals/ethics. The best it can do is cause them some short-medium term operational problems. Lots of project managers and business people running around figuring out what it is they can now actually do. What they need to talk to the UK government for, what documentation is needed, etc. They will be paying a lot of money and time to their lawyers (there's a question, who represents them legally?), and their project managers to juggle projects/engineers/developers time. What can we change to continue operation, without breaking the law? I hope the UK government actually follow-up, and keep a close eye on what they are doing. Instead of being able to offer the installation files/media/training material, etc as a download via a server hosted in [INSERT FOREIGN COUNTRY] to your friendly dictator surveillance operation/dictator controlled telco, they will now presumably have to go to the UK government and ask for permission to conduct business outside of the EU. Like you said in a previous mail, Gamma can just move the business to Italy/Germany and carry on exporting from there, but presumably the UK government could punish them for doing that? This will not stop Finspy sale forever, but if the UK Government closely monitor Gammas operation regarding this, it will certainly cause delays and upset. What constitutes an export, in the case of software? Is it the initial agreement to sell services/provide products? Is it download from a fileserver hosted in the UK to the client country? If it involves hardware, this could be circumvented by referring the client to some other hardware supplier. About the relying on cryptography excuse - again long run it's probably not very useful, but if the UK government are going to restrict it due to its use of cryptography, Gamma have their hands tied, in the short term. Removing the cryptography would mean evading the restrictions, and lead to punishment? Presumably the long term objective is to get the UK government to suggest/push for changes to be made to Wassenar Agreement Part 2? From the really great, and terrifying analysis carried out by the Citizenlab people it seems the dual-use list category 5 already applies to some FinFisher/Spy operations (a. Generally available to the public by being sold, without restriction, c. Designed for installation by the user without further substantial support by the supplier; and d. Not used since 2000)? If this software was created by a hacker group, would be classified as illegal software, and would carry a prison sentence for it's use. Any upset in operations, no matter how short, to companies who create software like this can only be a good thing. Bernard On 12 Sep 2012, at 23:42, Pavol Luptak wrote: I think this regulation is absolutely useless. Imagine that you are a dictator in some dictatorship country. And now imagine how difficult with a lot of money and your people in many non-dictatorship countries is to buy FinFisher :-) (Especially if you can easily buy weapons of mass destruction). Pavol On Mon, Sep 10, 2012 at 09:39:44PM +, Danny O'Brien wrote: Just to add to this: It's surprising just how much of the old cryptowar language is still hanging around ready to trip someone up. The US government is still unwilling to grant blanket exemptions for classes of crypto-using products, so the only way you can know whether you're violating the broad language of the law is to ask very specifically for an export license. And if you ask, they may say no. This was the issue with much of the United States Axis of Evil (Sudan/Syria/Iran/N. Korea) sanctions too -- Mozilla had to tread very carefully in order to get a permitted exception before the recent sanctions rewrite. That rewrite contains no pre-emptive exemptions (you still have to apply) and other companies still play far too safe WRT offering downloads to these countries rather than risk asking permission and being turned down. As Eric says, the UK is part of Wassenaar, which means public domain and personal use crypto is okay to export, but various strongish crypto requires a license, at least in theory: http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#Wassenaar To broaden Wassenaar to include surveillance tech by extending it with regard to specific categories of use is one approach to attempt to dissuade local companies from selling mass surveillance tools to repressive regimes. I know that PI has been thinking and working on this for a very long time,
[liberationtech] TeliaSonera and Azerbaijan, Belarus and Uzbekistan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some wonderful quotes from Mr. Nyberg: the company itself could not solve the underlying problem that undemocratic governments could abuse their legal right to access and shut down telecoms networks We need help from national and international organisations whether that be the UN, EU, (or) NGOs if we are going to make any significant impact on human rights If we experience a situation where under a certain government there are serious breaches of human rights on a regular basis ... we must be ready to have a debate in the company whether we should be in that country or not Telecoms firm TeliaSonera to focus more on human rights http://uk.reuters.com/article/2012/08/23/uk-telia-responsibility-idUKBRE87M0LC20120823 (Reuters) - TeliaSonera (TLSN.ST), burnt by charges it cooperated with authoritarian governments, said on Thursday it would focus more on human rights issues where it operates and is eying Myanmar as a possible target for expansion. The Nordic and emerging markets telecoms group, in which Sweden has a 37 percent stake, came under scathing criticism earlier this year for allowing authorities in Azerbaijan, Belarus and Uzbekistan to access its network to keep tabs on anti-government activists. CEO Lars Nyberg said Telia, which has businesses across central Asia as well as the Nordic and Baltic regions, would take measures to bolster the protection of freedom of expression and privacy. Requests from governments to close sites or networks would now be dealt with at board level not nationally, he said. Telia will also cooperate with 10 other companies - including Alcatel-Lucent (ALUA.PA), France Telecom (FTE.PA), Nokia Siemens Networks NOKI.UL Vodafone (VOD.L), ATT (T.N) and Telefonica (TEF.MC) - to draw up rules on how telecoms firms implement the United Nation's guidelines for preserving privacy and freedom of expression. Although Telia is not considering withdrawing from any of the countries in which it operates and has management control, it would have to consider that possibility if the situation merited it, Nyberg said. If we experience a situation where under a certain government there are serious breaches of human rights on a regular basis ... we must be ready to have a debate in the company whether we should be in that country or not, Nyberg said. Telia has been in hot water again in recent days after its daughter company in Tajikistan blocked news sites at the request of the government. Nyberg said the company itself could not solve the underlying problem that undemocratic governments could abuse their legal right to access and shut down telecoms networks. We need help from national and international organisations whether that be the UN, EU, (or) NGOs if we are going to make any significant impact on human rights, he said. Telia said criticism of its actions in central Asia has not undermined the company in countries without full democracy and where telecoms markets are set to develop fast. Nyberg said that Telia was looking at the possibility of entering the market in Myanmar where, after decades of military rule, the government has introduced sweeping reforms, including allowing elections, easing rules on protests and censorship and freeing dissidents. Nyberg said the developments were such that Telia could now consider operating in the country, where the telecoms network for the country's 60 million people is barely developed. Two years ago I would never have thought that we could even think about going into Myanmar, he said. But what has happened in Myanmar over the last 18 months allows us to consider if we could do something in Myanmar. (Reporting by Simon Johnson and Olof Swahnberg; Editing by David Cowell) Some history on the story: TeliaSonera 'profits by helping dictators spy' http://www.thelocal.se/40334/20120418/ The Black Boxes - How Teliasonera Sells to Dictatorships (Swedish TV Uppdrag Granskning Mission investigation) (VIDEO) http://archive.org/details/theBlackBoxes-HowTeliasoneraSellsToDictatorshipsuppdragGranskning Teliasonera i hemligt samarbete med diktaturer (Swedish only) http://www.svt.se/ug/teliasonera-i-hemligt-samarbete-med-diktaturer - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQNlLKAAoJENsz1IO7MIrrtKUH/3x+PJ0AdBZTgS5aTErhLZl+ XT3HuufzE5Z4Cf2hTrpjyc41BHOACWb39i4EFArepEjCUm1HknRtrW/QtyFJgTXY L6sronQwLiFinIn8T8dS6YEiabNiIDj47wTjzsprKwCUyBOmWa1KzMpcsubdaJUO rJt6TObxa+6xkCpeuGg0oFimTDXOU7TFmqroq4y3GRQxnMhQCnfj0StaxO2t0RTA r+3vsECNjf6kTjug2ouVV2qODDN1Sqh4fNuax5n4sb7B/4sDwyypX3iqO6taQTwa aUtZAu3Di+O/g0JLS4N1jJOGD7ns1k/5XcZIWev4S+ZKuY2WfB4igLS84LvxwCY= =+dAk -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at:
Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jillian, Maybe I was hasty in my commentary, but I have spent time reading so many we're sorry statements by companies that I've become slightly jaded. Blame South Park :) I also find it very difficult that NBC didn't initially understand the repercussions of our complaint, but now that we do, we have rescinded it. [1] Surely arguing against unfair Ts Cs is something the Internet community should be doing? Particularly when it seems the whole US population watching the Olympics seemed to be complaining also. [2] [3] [4] Curiously I had a link to a Reuters article yesterday about how US TV watchers were using VPN services (TunnelBear for example) to watch BBC coverage of the games as they were being provided with terrible coverage via NBC. The link now seems to be a 404. [5] The fact that NBC were delaying the video feeds and requiring people to purchase online subscriptions to watch live video is perfectly acceptable. It's their business decision. I think it's pretty lame, but they're a for-profit business and can do what they like (within reason). Again people should complain and argue against it. As Simon Phipps mentioned (as is reported) Twitter alerted NBC to the message by Adams and showed them how to complain, without contacting the originator of the offending message. Surely that's against their Ts Cs? The user messes up (or not in this case) and is punished. The service provider messes up, and nothing happens? [6] Lina: A US based lawyer commented to me yesterday that NBC and Comcast are subject federal oversight (I don't know the legal definition of oversight) in the USA. Which would presumably means that the government can assert some control/influence on them, and that the public would be entitled to contact the corporations employees. I think I will leave the legal interpretation to the lawyers. It would be interesting to hear what the legal status of this is. Bernard [1]: http://www.reuters.com/article/2012/07/31/net-us-twitter-nbc-journalist-idINBRE86U1EZ20120731 [2]: http://storify.com/btballenger/nbcfail-x-ways-nbc-blew-olympics-coverage [3]: http://www.independent.co.uk/news/world/americas/nbcfail-backlash-as-twitter-locks-out-reporter-guy-adams-7987906.html [4]: http://lifehacker.com/5930437/how-an-american-can-stream-the-bbcs-official-olympics-coverage-and-overcome-nbcfail [5]: http://www.reuters.com/article/2012/07/31/net-us-olympics-tech-workaround-idUSBRE86U02R20120731 [6]: http://www.telegraph.co.uk/technology/twitter/9440137/London-Olympics-2012-Twitter-alerted-NBC-to-British-journalists-critical-tweets.html On 31 Jul 2012, at 22:22, Lina Srivastava wrote: Not in defense of Twitter's underlying decision, but in the case of the apology, I wouldn't say this is usual BS language. This is Twitter's GC, not the PR department, stating their policy and an explanation in response to this particular situation. They handled at least the apology and explanation correctly. And as Jillian said, as a private corporation, they are well within their legal rights to suspend any user they want, or draft any kind of usage policy they want, as long as that policy isn't itself illegal (eg. discriminatory, etc.) That they screwed up in terms of the user relationships, and in the larger sense of how you craft these policies today, is fairly obvious-- and hopefully they'll listen to Jillian re: appeals processes. About the question of whether an email address per se is confidential, it all depends. Email addresses may constitute personally identifiable information, but I don't know if that applies to corporate email addresses, because I guess you could make a case that's part of the public record and/or it's routine business information-- and there are different standards about personally identifiable information depending on the state, agency, or jurisdiction. So I don't know the answer to that without researching the case law. Anyone else? On Tue, Jul 31, 2012 at 4:46 PM, Jillian C. York jilliancy...@gmail.com wrote: Bernard, 1. Not reading a post and then pontificating on assumptions is pretty lame. 2. EFF Legal is not on this, because Twitter is well within their legal rights to suspend a user for any reason. While I think that sucks, it is, in fact, the truth. 3. I very much hope that Twitter either rephrases their rules or starts investigating claims such as this in the future. I also firmly believe that they need an appeals/escalation process for situations like this. Best, Jillian On Tue, Jul 31, 2012 at 1:24 PM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jillian, Thanks for explaining the details. Pardon my language but...FFS. This is disgraceful. Adams used publicly available information like this: http://www.linkedin.com/pub/gary-zenkel/3/569/126 and Twitter
Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jillian, Thanks for explaining the details. Pardon my language but...FFS. This is disgraceful. Adams used publicly available information like this: http://www.linkedin.com/pub/gary-zenkel/3/569/126 and Twitter closed his account? In which case, if I were Adams, I would release my legal attack hounds, and sue Twitter under what ever legislation they could. Anyone from the EFF Legal want to comment? That is disgraceful. Another example of why I believe Twitters self-censorship internal struggle earlier this year was an easy out for them. I hope Adams doesn't take the usual we're sorry excuse thats trotted out. Bernard On 31 Jul 2012, at 16:13, Jillian C. York wrote: Bernard, Twitter's explanation was not that the statement was defamatory, but that Adams had posted private information. The email address he posted, however, is not private: it is available on NBC.com. That's the entire case. -Jillian On Tue, Jul 31, 2012 at 1:39 AM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Slightly devil's advocate/contrarian POV) Interesting story, and Adams probably has a case but it never ceases to amaze me when people disconnect their real world brains from their Internet brains. I would be the first person to complain if someone's free-speech was taken away, however, if Adams has said anything defamatory in his Twitter stream, then he is still bound by real world laws. Just because I say something defamatory or libellous about person X on the Internet, doesn't mean that *IF* it's found that a real-world legal process cannot be executed. Most people using the Internet may not understand that, but I would have expected journalists to understand it. Is it illegal to suspend someones services for naming an executive of a media company for doing XYZ in the USA? I have no idea. If it is illegal, then people need to speak out against a ridiculously brain-dead law. If it is not illegal, people need to complain to Twitter for freedom of speech. Twitter need to rewind their equally brain-dead actions and apologise to the guy. Now, if he has said nothing illegal on Twitter, then IMHO, fire up the legal drones Guy. This I unfortunately have direct experience of. At this point it becomes (certainly in parts of Europe) a case of who's got the bigger legal team. (My reasoning comes from Bruce Schneier's argument on laws specific to cybercrimes. To paraphrase Prosecution can be difficult in cyberspace. On one hand the crimes are the same.The laws against certain practices, complete with criminal justice infrastructure to enforce them, are already in placeFraud is fraud, whether it takes place over the US mail or the Internet.) On 31 Jul 2012, at 00:17, David Johnson wrote: http://sports.yahoo.com/news/olympics--critic-of-nbc-has-twitter-account-suspended-after-network-complains.html -- David V. Johnson Web Editor Boston Review Website: http://www.bostonreview.net Twitter: http://twitter.com/BostonReview Tumblr: http://bostonreview.tumblr.com Cell: (917)903-3706 ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQF5m9AAoJENsz1IO7MIrrcPwH/3Gp/JVZrYaRgx34zB1QnvJ8 fGC6+GWIOVFsdcITA3uPTrISuMTE8bngCPoz7ogjeH2ErCTsEej12UqHcN3s+bpw ffBQJ4oO5fAqtnTA25xtXOea++bA5yRfsYZ/QGfTyMPUCmCw+3dQ5gr1h+84KnLO Cmcr/bNsUzbxFvBRuX8f1lh5giLMSPiz1mR/ajO5OniE81F4a2CYGsE7k8juD75/ a+HyY15qiPEl6uislwcrrzpXN2tVDQqCI8O6R1T4g9uNmHG+SXM5dFMk9FVQ+k4g rxN42I4Rb21h/MfRMVbLwxXRlFMKcU6cQ8uEhOR3jO/S0qgeUCqTRA1vcvJI/40= =fgEp -END PGP SIGNATURE- ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next
Re: [liberationtech] IPv6 good for anonymity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, On 18 Jun 2012, at 21:23, David Conrad wrote: Bernard, On Jun 18, 2012, at 1:05 PM, ei8...@ei8fdb.org wrote: I'm not an IPv6 expert, but any technical courses I have done on IPv6 have promoted the complete trackability and full audit-trail possible with IPv6 - each unique IPv6 host makes a direct connection to the other host, which simplifies security, and routing. This assumes statically assigned, non-varying, and non-NAT'd addresses. None of these are a requirement with IPv6 (and, in fact, significant effort has been expended to not require the first two). Interesting, I did not know about this. However, whenever a data connection is made to a mobile network, a PDP context is created (the logical association between mobile device and the public data network). This has a record of your IMSI (subscriber ID), you MSIDSN (your telephone number), your allocated IP address, and other location related information. If you're IP address is dynamic or static, it doesn't really matter as the operator has your MSISDN + IP address. From this they know the identity of the device used for that particular connection. This will be made easier particularly in LTE networks where IPv6 is native and DPI is built into the technology from the beginning. A lot of the operators I work with are sounding positive about using statically assigned IPv6 addresses for devices like dongles (which are used to make more permanent data connections rather than mobile devices like phone handsets). It makes their lives easier as they now don't have to worry about a PDP context (plus valuable IP address) being active for days, weeks on end. There are already live trials of LTE networks being rolled out in the UK where I am currently living using static addressing for some devices. There is no need to carry out NAT (Network Address Translation), or IP Masquerading, which is great news for ISPs or mobile operators. While it is true there is no need to perform NAT, it remains to be seen whether this model is acceptable to Internet users. The problem is that, as with IPv4, if you don't do NAT, you must either take your addresses with you if you change providers (aka, 'address portability') or renumber your network from your old provider's address space to your new provider's address space. Address portability has risks to the routing system (specifically, it requires the 'core' routers to know/understand each of the portable blocks of addresses and this will be a problem if too many sites try to do this) and also requires organizations to get address space from the regional registries which requires a yearly fee to be paid. Renumbering also has its obvious costs. NAT for IPv6 removes both of these concerns, but does impact the end-to-end architecture of the Internet the exact same way IPv4 does. Interesting, I hadn't even thought of that. This sounds similar to the idea of telephone number portability. Of course IP and circuit switched portability operate completely differently, this feature has (I think) been successful, once its finished. A pointer is entered into the original mobile network home location register database (a large database of all subscribers) pointing towards the new home network HLR of the ported number. Obviously timing is not as critical in voice call connections as in IP, so I guess those concerns aren't as visible. It isn't clear to me how this is 'great news' to ISPs or Mobile operators. Firstly, I'm using the words ISP and mobile operators synonymously as to me they are becoming the same entity - IP based data pipe providers, no different from electricity, or water providers. It's great news for mobile operators for a few reasons. One being IP address allocation (either dynamic or static) is currently translated into cost for licenses. You purchase a piece of equipment for X (with a theoretical maximum capacity of 1, 000, 000 active subscribers), then you have to purchase the licensing files to enable capacity on that box - 10k/100k/1, 000, 000 active subs or possibly 1, 000, 000 active PDP contexts. This model will have to change when IPv6 is adopted as it won't make sense anymore. Also, it will (might?) do away with the carrier grade NATing equipment/features used to translate all of the private IP space of mobile devices. This will make network planning much easier. The time it takes to expand user IP ranges on mobile networks when it outgrows whats configured takes a lot of time, and hence money. There will be less equipment, which will manage more. It will be more complicated in software, but simpler in hardware - essentially becoming a box with lots of switching resources and inputs/outputs. All IP no circuit switching interface, so again essentially cheaper hardware. The equipment I work with has to currently do a lot of management of PDP contexts, also
Re: [liberationtech] If we want to be anonymous in #azerbaijan we take batteries out of our cellphones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18 Jun 2012, at 19:55, Parker Higgins wrote: On 6/18/12 11:44 AM, Bernard Tyers - ei8fdb wrote: The still being tracked with no battery in my phone story sounds like a hoax to me. Yeah, I wouldn't want my answer to be interpreted as providing evidence for it. I'm not advocating breaking any laws in this forum, but especially not laws of physics. Some laws were made to :) As Eleanor said, if there is no power source attached to telephone, or to whatever secondary tracking device installed in the telephone, then it is not possible to track someone. No power source, no radio frequencies being created, no transmissions of information. Right. On a specific device, you could imagine a secondary battery powering the tracking device (er, the radio) but it's hard to imagine a scenario where that's the easiest way to track somebody. Absolutely, and again like Eleanor said it would (probably) be a) cheaper b) faster, and c) more efficient to have someone follow in person. People forget social engineering is a very powerful tool. It doesn't need sophisticated technology and lots of money. The conversation I had with the security researcher was actually about a related question, and that's whether airplane mode could be trusted as well. Again, I don't want my acknowledging a theoretical possibility to be taken as advocating a hoax or anything, but the agreement was that SOFTWARE solutions like airplane mode can't really be trusted, and some processor components do not have open-source software options. Of course, on a current iPhone, there isn't an option to remove the battery. That's a whole different scenario. In this case you are relying on the device maker to control shutting off the power to the radio modules (GPS, GSM, WiFi) to put the device into airplane mode (whatever the hell that actually means). Knowing how shoddy some device makers can be, I'd prefer not to leave my security and life in their hands. Certainly in this case, the device is still powered on, and if there was any rogue software installed which had the intelligence to engage the microphone to record the ambient audio, or to store information on the device to send it once it was reconnected to a data network, this would be trivial to do. The safest advice is still to remove the battery from the device. If needs be, keep it in a sealed container so there is no possibility of recording ambient audio. (Although I do not know how useful this would even be) Bernard - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP33yyAAoJENsz1IO7MIrrgKkH/3X6K9e07qt4AlnVYz+ATioM K5UFnZ9zeJvBhtuA8rMElb/M6ebJIeNUQKqhJ/8Qht3bZbfTUe2VPa+Vk0Za9LaS py9C4u+psgNwzryEWWDCttxTKSx1ZKWQr7B2ZzOVctQa33KzxK/nBuFRvl/Q5WL6 sSJqAqEGEAnAHC41ESn84PhtpaNaY0J2hYhjwlPtE8RfcovOy2nnRaWyuFi5eGAe EkzSKnnUGCgXLeuRjiktrsOXidrjZewsmpikUmS1LPmvVBiPZGqaVKPQyUu75Xx/ qPWxrbONsn4n0Xd7/6aAiWLUjU3mmJWnfMK8NYaCMjJxVrDmgJocF2S4Y4Sdm+s= =DEkU -END PGP SIGNATURE- ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] FB-like Twitter-connect soon. How can we avoid all this tracking?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I may have the wrong end of the stick but in my mind, a solution would be: Use a Site-specific browser/Single-Site Browser (SSB), such as Prism, or Fluid. An SSB is a software application that is dedicated to accessing pages from a single source (site) on a computer network. [1] [2] Does anyone have an opinion on the browser plugin Ghostery? [3] It seems to allow web browser users to block these cross site tracking bugs, however I have not yet tested Ghostery fully. According to their website: What is Ghostery? Ghostery is a browser tool available for Firefox, Chrome, Safari, Opera and Internet Explorer. It scans the page for scripts, pixels, and other elements and notifies the user of the companies whose code is present on the page. These page elements aren't otherwise visible to the user, and often not detailed in the page source code. Ghostery allows users to learn more about these companies and their practices, and block the page elements from loading if the user chooses. block if the user chooses - this for me is the key. Has anyone tested this plugin to see what information is leaked back to Ghostery servers? thanks. Bernard [1]: https://mozillalabs.com/en-US/prism/ Unfortunately now discontinued. [2]: http://fluidapp.com/ [3]: http://www.ghostery.com/about On 25 May 2012, at 08:33, The Dod wrote: It used to be easy: Facebook spies on you when you browse 3rd party sites, twitter doesn't. But now that twitter begins to spy on users who visit a 3rd site you visit has a tweet this link, (and updates its privacy policy accordingly), would webmaster gradually lose the option to include non-snitching share links like twitter's /intent/tweet/ and facebook's /sharer.php? Even if the situation doesn't escalate in the future, like buttons are already spying on you today (not on me, because I don't have a facebook account, but pretty soon twitter will be on my tail). How can we minimize the damage? The key (IMHO) is a webmaster (and user) awareness campaign to use a [yet to be developed] fetch-a-button ajax widget with buttons like (lame phrasing): I want to like this or I want to tweet this. These would fetch the code (and thus - snitch) only for people planning to publicly admit they've watched the page :-) - -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPxl3fAAoJENsz1IO7MIrriL4H/2Yja2pkABNX7n7bBIfZjHzH axDTxO2OnfRrbKyFAfK7Y/TRXSTuq5Q+zrKxt4bjiFiYCeXhnDoBfMzGVAeBjllT 92zfBKTtjfqx2ki1phdCqFwCXojaNnTzxkOCEJNmUeZ6UEm7T3emtOHtwXc8a92H 4cmCi1YD+9dCu5V0x/r7BX/FSc4LYqdUD9B3UXURl9OcIAEwrk3WnTwqq7SUlv72 1bj5yH6xlU0abmg2vWq50P/CtJ2phQyngYFCFGLuN9PDo3Bz4WEqkqigUnh6NcV5 LVVwt751Vxbo/42i//HMWYb7ZDJVZXZ0w7+vADSxVsd1pYet4rEWXtYyIKwDtS4= =4dI8 -END PGP SIGNATURE- ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech