[liberationtech] Tox Skype Alternative
With all the chat about Telegram, I am wondering about Tox.im. I realize it’s still in beta, and they admit themselves that you shouldn’t trust them with private conversation yet… but from what I understand their whole system is open and they don’t use server side software, everything is done in the open. Features of Tox: Video Chat Audio Chat Text Chat Public/Private key encryption Decentralized Encryption used: http://wiki.tox.im/Crypto It has a pretty cool looking website, but I know that a cool looking website doesn’t mean it’s secure (see Telegram). I don’t work for or on Tox, just a privacy advocate trying to stay up with latest communication trends. Travis McCrea Pirate Party of Canada -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Open Letter To US Customs
This outlines my experience yesterday at the border. http://falkvinge.net/2013/09/04/open-letter-to-us-border-patrol-cbp/ tl;dr - because I am the leader of a Canadian political party I might be a terrorist-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Snowden masks for Holloween?
I actually disagree... his ownership of his likeness is minimal. He is a public figure and as such anyone who wanted to make a mask would be pretty free to do so. I am not saying someone should go out and do it, and if you do and get sued don't come after me... but if I had the resources available and I thought this could make some money I would do it. Travis McCrea http://www.travismccrea.com USA: 1(206) 552-8728 / CAN: 1(778) 709-4859 Candidate for the Canadian Pirate Party in the Vancouver Centre riding. Any views stated in this email are my own and do not reflect the opinions of the party. On Tue, Sep 3, 2013 at 12:01 AM, Shava Nerad shav...@gmail.com wrote: No one elected him and he may have volunteered for the spotlight but not in the same way that some one does when they campaign for office. Even movie stars have a right to their visages. Where you could say that a sign We are all Snowden is political speech, citizen Snowden also has rights to privacy and dignity, and commercial rights that he does not abandon by being a well-knnown whistleblower, any more than say Rush Limbaugh would by being a well-known radio personality. Just see how fast the lawyers would be layered on top of you if you tried to make Rush masks for Halloween without licensing on the basis of him being a public figure -- and he's been part of our cultural landscape far longer. Scarier, too. ;) SN On Sep 2, 2013 7:43 PM, Paul Elliott pelli...@blackpatchpanel.com wrote: On Mon, Sep 02, 2013 at 05:44:41PM -0400, Shava Nerad wrote: Wouldn't there be a licensing issue? It's a hard argument that he has no right to the commercial exploitation of his likeness on the basis of being a fugitive whistleblower, and I doubt anyone is authorized as an agent to grant that license on his behalf. We have these privacy laws about just using people's images without permission. They are a bit like copyright, but say you can't exploit the subject matter without permission, for profit, with a few exceptions. (Face not recognizable, press reports on public figures, release form signed,… ). CSJ ethics guidelines and EFF's bloggers' guides and Berkman's guide for media creators have good outlines for US law on this stuff. Also my union has a nice guide, the National Writer's Union (AFL-CIO) which I only mention because it's behind a paywall -- and also to explain that since it's May Day… er...Labor Day here in the states, I am lazily quoting all this off the top of my head and making you verify and look up the links. I am on holiday. ;) Is not Snowden a public figure? I am sure bush and obama did not approve all the bush and obama masks? -- Paul Elliott 1(512)837-1096 pelli...@blackpatchpanel.com PMB 181, 11900 Metric Blvd Suite J http://www.free.blackpatchpanel.com/pme/ Austin TX 78758-3117 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Scramble.io, Round Two
I think my only complaint (that doesn't seem to be mentioned, though I could have missed it) is that the email address is generated with your key. This means that you have to create a whole new email account every 6 - 12 months for optimal security. I would suggest that you should allow people to alias their username to their email address, but also realize that doing so would kill one of your security advantages. On 2013-08-27, at 3:05 AM, DC wrote: Hi all, Just arrived in Seoul! I'm travelling this week, sorry for the delayed replies. Thanks for all the feedback. I'll try to answer all in one email: From: h0ost h...@mailoo.org Hi DC, Thanks for sharing this project. I'd like to install it on a server and play with it, but can't find an install doc. https://github.com/dcposch/scramble/blob/master/doc/how.md references a Quick Start, but I can't seem to find it. I'm sure I'm overlooking something, but thought I'd check first. Thanks. Host I hadn't published the Quick Start yet. My mistake. I'll try to correct that today, and I'll send out the URL. From: The Doctor dr...@virtadpt.net To: liberationtech@lists.stanford.edu [...] scramble.io does not play nicely with the Tor Browser Bundle: [...] Problematic. You're right. Unfortunately, this is tricky to fix! It's critical to security that the PGP key pair be generated on the client, and the server never sees the (plain) private key. To generate a key pair on the client, you need a secure random number generator. This is a new JS API that doesn't exist in older browsers, including the Tor Brower Bundle's version of Firefox :( So Scramble over Tor won't be solved until one of two things happens: * The Tor Browser Bundle upgrades to a more recent Firefox * Someone makes an easy-to-use Chromium+Tor bundle From: Griffin Boyce griffinbo...@gmail.com [...] It should give an option to continue anyway, tbh. See above---can't generate the key pair. Maybe I'll simply remove the Generate Account button on older browsers. When the secure RNG API is missing, you *could* log into an existing account, but can't create a new one. That feels a bit dirty, though. From: Nicolai nicolai-liberationt...@chocolatine.org Cool idea. This is also similar to CurveCP and DNSCurve. [...] But I think you meant to say the Base32 encoding of one's public key, not the hash, right? Nicolai Same format as Onion URLs: Base32 encoding of the first 80 bits of SHA1(PubKey) From: Tom Ritter t...@ritter.vg [...] I feel compelled to point out the precedence here. This is a problem known as Zooko's Triangle https://en.wikipedia.org/wiki/Zooko's_triangle Yes! Out of security, decentralization, and short names, you can only pick two. So HTTPS gives you security and short names (eg paypal.com), at the cost of placing trust in a centralized system (the CAs). Scramble, SSH fingerprints, Onion URLs, and others make the opposite tradeoff: security+decentralization, but now your identifiers are hashes. I think the consistent lesson of Prism, Lavabit, Freedom Hosting, etc is that anything centralized is inherently vulnerable. Hence the choice. From: Ali-Reza Anghaie a...@packetknife.com To: liberationtech liberationtech@lists.stanford.edu [...] I'm conceptually really curious about various aspects but before I forget - this time - I'd like to ask two broader questions first: - Is this in any way an officially backed project in any way? Part of a thesis or what-not lets say? Nope. So far, this is just my weekend project over the past four or five weekends :) Several friends have helped me refine the ideas. So far I've written all the code. Hopefully that will change soon! https://github.com/dcposch/scramble From: Michael Rogers mich...@briarproject.org Hi DC, Thanks for the reply. Responses to your responses inline. ;-) [...] 80 bits may not be enough to defend against a well-funded adversary these days - that's one aspect of the Tor hidden services design that needs some love. https://blog.torproject.org/blog/hidden-services-need-some-love Interesting! I'll read about it more carefully. (Note that in the entire history of Bitcoin, the smallest hash a miner has found starts with less than 80 zero bits. So impersonating an Onion URL or Scramble address would take roughly more than the *total* computation done by all Bitcoin miners to date. I think this is quite good.) [...] What block cipher mode of operation do you use? If the mode of operation requires padding, what padding scheme do you use? Do you authenticate the ciphertext? If so, what MAC function do you use, and how do you derive the MAC key? OpenPGP.js defaults. I'll give you a better answer soon. (Re: authenticating the ciphertext: not yet, but I should. Messages and bodies are currently PGP RSA-encrypted messages, but not
Re: [liberationtech] Piratebrowser?
I know that Pirate Linux started as a Pirate Party of Canada project, however, I am unsure if it is still being maintained. Though anyone who would like to help us out we would obviously be greatly appreciative of it. On 2013-08-10, at 6:02 PM, lilo wrote: On 10/08/2013 23:32, Mikael MMN-o Nordfeldth wrote: On 2013-08-10 19:50, Al Billings wrote: In a WTF moment for me personally, a preconfigured Firefox 23 with Tor has come out from the Piratebay. http://piratebrowser.com/ I haven't quite followed the latest Mozilla security announcements (just installed the latest version when it hit my apt repository), but is this version patched with the vulnerabilities that were abused against Tor users? Especially as it seems to only be for Windows, which apparently was the in practice insecure Firefox platform. https://piratelinux.org/start/ :-) -- lilo http://wiki.debian.org/LILO -Da grande faro' il cattivo esempio, questo e' uno stage formativo- bit in rebels GnuPG/PGP Key-Id: 0x5D172559 FINGERPRINT: AB62 DC0E 3CB3 2B83 6333 5DF4 9674 A4B3 5D17 2559 server: pgp.mit.edu -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Bring some UX/UI help to open secure apps
I have talked about this in the past, we need to make things look nice otherwise they are not going to be used and they lose their security advantages. I will give a case and point, I recently revoked my old GPG key because it's been active for over a year and I know that my computer has been out of my sight with customs agents a lot lately. I haven't generated a new key because then I have to open up a terminal and go through the process of making a key and then saving my key, etc. If I had a mail client with GPG integrated told me hey your key is a year old! do you want to have it recreated? I could click yes, and have the GUI guide me through key creation, it would update all my mail settings and key servers and life would be good. Because it doesn't do that, I have been not signing my emails for a week or so now waiting to get around to setting it up. I use Skype instead of Jitsi, and honestly when I need to have a conference with someone I tell them you should just download Skype, I don't want to have to guide them through a program that was clearly developed by engineer brained people TL;DR - Shiny things make me use the product more, if someone creates a crowd sourcing campaign for designers I would contribute. On 2013-07-13, at 2:43 PM, Jerzy Łogiewa wrote: Jitsi -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
I would point to Texutal* as a model that does this and works, they release their source code -- but you have to compile it yourself. I don't have an IDE on my computer anymore, and probably would be too lazy to go through the hassle of trying to compile their program than to just give them $3 or whatever for the app. *note - I am my own argument against this, I run http://frextualapp.com - a compiled version of textual available freely but mine hasn't been updated in like 6 months, I was trying to keep it up to date but haven't really had time… which is why people should just pay for textual. Plus their app has an update feature which mine does not. On 2013-07-10, at 9:07 AM, Nick wrote: noone said it would be closed source. That's peoples guess. Like, your guess, I guess. According to their twitter account, the answer is maybe: https://twitter.com/HemlisMessenger/statuses/354927721337470976 Peter Sunde (one of the people behind it) said eventually, but in my experience promises like that tend to be broken: https://twitter.com/brokep/status/354608029242626048 and the feature 'unlocking' aspect of the project - to be indication of a proprietary code base. Frankly I can't see how they could get the feature unlock funding stuff to work well if it's proper open source. As I'd expect people to fork it to remove such antifeatures. It's a pity, as several new funding models have been successful recently which are compatible with free software, but this doesn't look to be one of them. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Dual Citizens and Information Collection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Obviously we don't know much about NSA/CIA spying on citizens and non-citizens but my question is this: I am a dual citizen of the US and Canada, many of the tools I use I identify as a Canadian. I am the leader of a Canadian political party, and in general I am very much a dual citizen (as opposed to having dual citizenship). I was wondering if you guys had any ideas on how to potentially leverage that to perhaps sue the CIA in an effort to ensure they are not collecting any data on Travis McCrea the Canadian who is Travis McCrea the American. Is this possible? Do I have anything I can do? I just want to help and figure this might be an avenue to take. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRuLwxAAoJEES9cOv0A0l0IYAH+gOCLuwkkcz7Ja3qPKHP98bk cBfx9mJ3L8j9MrcxKWPgvE20rJxeT86MYICLrRNV5YG2w7xr+Qvya5X7U/FVfgqy w6m9NaPXmHowK5NYHXJ1k//j1KrjIJt11aPwIgUkl5+LD25gspt/PuAzHspc0b1Z QvEWcG6eDHZfy4BO8T8rk9cEF+a2lnXh5156X/PUQKMibASukQIvlJl2+uUifhwZ PkrrniWcgABKkKbhsYdyHDh2AvlxSEtuJAAtVz0pf8+yHtKedTCh4pY2CSMTVZng fFrrX1MKSiL9Tcba0hJ5+IqysTdu6BciEEzadV1JYlvDfp5TWxHff4B/zVhu64w= =9Urh -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptocat: Translation Volunteers Needed
To be honest, if you are not in a situation that needs cryptocat anyway, and Nadim doesn't make any money from you using cryptocat... and it means less hostile bug reports from you... why would he want you to? No one is forced to use the program, yes, Opera might be used by people we would like to target but as said earlier Opera is coming out real soon with a new version that will be compatible. Why waste effort to support a legacy browser, when he could be focusing his time on making cryptocat better for everyone? I don't speak for CryptoCat so don't use my words against them, I just don't really see why people are getting all agro. We are all on the same team. Catherine Roy wrote: On 11/06/2013 10:07 AM, Nadim Kobeissi wrote: On 2013-06-10, at 8:21 PM, Catherine Roy ecr...@catherine-roy.net wrote: I am not a developer. Must we all be developers to have a significant influence on these types of issues ? No, you can also repeatedly send me blandly demanding emails and then take the issue to the public when I don't answer immediately, and expect me to change Cryptocat's development roadmap to accommodate for you and the 1% that use a browser with a highly limited third-party development API. Seriously, you're really frustrating. For the record, I sent you one very polite email off list 3 days ago to which you never replied. My 2 emails to this list were not blandly demanding either, they were simple and to the point. I do not think any of my messages warranted this type of reply. And neither did they warrant me being insulted off list by someone else from this list. Browser optimization is not something to take lightly and basically dismissing someone by telling them to go contribute code on github is not the best way to handle things either (like I said not everyone is a developer and users should be able to inquire about and request changes regardless). Indeed Opera is perhaps not the browser with the most market share globally (1.52% atm) but by effectively shutting it out, you are ignoring many eastern european countries, among other things. Anyhow, I do use other browsers out of necessity, including Chrome, Chromium and Firefox. But with such user/customer relations, I will not be going to the trouble of taking them out for your product. Best regards, Catherine -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] So, I was buying my nephew a bond...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I was going to buy my nephew a savings bond for his birthday (he is one, what else can you really get him?) and I was trying to sign up on treasurydirect.gov and was appauled by the security so I thought I would share. First they have all these different rules regarding what you must have in your password (which I always think is dumb, let me pick my own password), however they limit you to 16 characters. Then I go to login and find out that the password isn't case sensitive (which makes me question if it's being hashed), and their security is that you can't type your password you have to use their onscreen keyboard (which can easily be fixed by opening up web dev tools and removing readonly=readonly from the input field. http://cl.ly/PYNw I am just saying that I wish the government body which is in charge of money stuff would be a little smarter with their development. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRthu0AAoJEES9cOv0A0l0Me8IALPQPYYSdrriOxg0iw0n8xAV y0pzSChhl0GUvDA9GtD5WEgmEBrQD/Sarj8cly8txfUrxdXtQk1cZcw4dvlIVY/K Knbfwqgsg+IZl+kret818eo3ZuNPRbI3uJkO5Kb1DK1jT3E7tV7Go9EsCZCHFzlv bD5X7LpOQZruiwLMQ/DRGfQjeHTBRkrfJzJwRJUwGlHFqxRh4gRF8zycVDA/eQz1 lbf1O1ooxEX1Jj2anj8KImpRGAQk+yhl3g4/zgmLtZ8jtDXzh9hq91xLk5pUHI5a JS4l7MuhZHdpnT+kHsxx00ta+ZBaZsBEuKqXbz3knkwM01db2R36YRimISxqZFc= =3+jt -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Canadian phone and Internet surveillance program revealed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Pirate Party of Canada has issued a release on this, due to Canadians interest in themselves we are focusing on Canadian surveillance of Canadians rather than foreign cooperation. https://www.pirateparty.ca/newsletter/warrantless-surveillance/ David Golumbia wrote: the buried lede in all these stories is that cooperation agreements mean Canadians can spy on US citizens (but are only ever asked about Canadians, Canadian pols only talk about protections for their citizens), US can spy on Canadians (but are only asked about US, US pols only talk about protections for their citizens), etc., etc.--esp. for UK, NZ, and Aus-- share the info as they like. and not spy on their own citizens and (kind of) tell the truth when they say it. or a half-truth that makes them feel better and appears to comply with letter of the law. On Mon, Jun 10, 2013 at 11:48 AM, Nadim Kobeissi na...@nadim.cc mailto:na...@nadim.cc wrote: Some news in Canada similar to the NSA revelations in the US: Defence Minister Peter MacKay approved a secret electronic eavesdropping program that scours global telephone records and Internet data trails – including those of Canadians – for patterns of suspicious activity. Mr. MacKay signed a ministerial directive formally renewing the government’s “metadata” surveillance program on Nov. 21, 2011, according to records obtained by The Globe and Mail. The program had been placed on a lengthy hiatus, according to the documents, after a federal watchdog agency raised concerns that it could lead to warrantless surveillance of Canadians. http://www.theglobeandmail.com/news/national/data-collection-program-got-green-light-from-mackay-in-2011/article12444909/ NK -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- David Golumbia dgolum...@gmail.com mailto:dgolum...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRtkQ6AAoJEES9cOv0A0l0q34IAIgqfyKCLtgjWjH4UWiP0IPA 3aFTRbQxZmIsoWb5R0IEVJhftpSFD76PyHjR3+qPTExVJzRGnqjNKKuSsH5v42xw zww62bOoNvWFADxQ0sBVChy4ghHI+xG7qIzEbfvLwG24EM63brdsp66VN6i+qT0l wQhPrQtcFDYuXgTRJJuVgdmVhIz216kQUG/nP4/Z9bzWjmiyiXoI3C/vSPIIhYkY LRlRMO0YQ2gMSfpsKvJ3jfhrHQV3TXDPugzM4Omk8e9NuYUUTSO2Mw+VRakMr/T7 7zI4H+p0FoibZPmSdZfH5Gt+fZu3gbphCqUSe/w6Mqn3aH/5lbN+ou5IaQE6wWo= =m6UH -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] [Meta] Mailman to /r/LiberationTech Subreddit bot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have been considering establishing a /r/LiberationTech subreddit, and then building a bot which would submit new threads on the website for each new topic that was created here on the mailing list. Pros: Gives people who use reddit, don't like mailing lists, or can't access personal email at work a method to keep up with Liberation Tech discussions. Exposes more people to Liberation Tech as a mailing list, stanford project, and in the concepts which it values. Reddit seems to be pretty pro-awesome, so it isn't sacrificing our soul. Cons: While all messages posted to this mailing list are already public, perhaps some people would not like their posts automatically going to reddit. It wouldn't give the follow up comments (though, I am sure someone more awesome than me could figure out how to do that), so some might argue it would fracture discussions. Before I even considered a project like this, I would want your input. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRsz9DAAoJEES9cOv0A0l02RgH/REZBgMkWNc/zyUKLsQ/Glxh OJ1igjp4bjF1sOftoakKqMqf/unTKaw8MXh4b2tEsNqK0ABeI8RNH5FNUEheqQtq f+tyE5XEsOC4EV8MCrr+OFPPTd0Vkeh5O0BVUkpDbNXXdoHHRptHHTlEq7sEb/cO HAH1joRTTXcWcpe+i3HyGhPNzwDyaUMZqnVn06P49p2gNseLldvPJ75lhonW9lPi sjLILGvMRfX8CASxRpXVvPUeFfgESNVKoBZMc7IQIPm/1K7Qv+fZLwPgdFPhHZRV R+hf+VrmrpfZaceGeZD/9StDg5ch4zk4wg+TFY6YMEJxNxtVHz3Hpw2og1MnCxo= =XCc9 -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Google Denies PRISM Involvement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://googleblog.blogspot.com/2013/06/what.html I do believe them, but I have no proof to back that up. You would assume they wouldn't make a bold faced lie, they would just not talk about it. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRsmQGAAoJEES9cOv0A0l0vZgH/ArXy3Emx5PbaB5FgUDxvBdc XkzI+C9E57ZNkhC7IOb1FmihMkTBEsbr3WlFre3ECZ3aMDikdMY2zq3cpCUh5tms M28SPkoSE+4MV/bxmKPJuq4M5TopCDKGaDpQbZ1swj5nxCqomImIf3BVX7vfcJzf m8jLe5c6ePScBiG6sNmog18F2eHZabRohfIBAbVUhHYmE/aQy4QfyUGZxCqtyDxO 6gv+RUctTGbM/A99KCjvn9/H3h5DmOI5ynEs0p+2IZsHhopoDwFjnvFMDVsetk0l Sd6bSF8FiVWbFZo4c8hZQ5+ov3ukCcyqvubnrlXlkk51uwxc4rAOq7gpJ9fl7zk= =4usx -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Flaming Google
I don't know how many people watch Doctor Who, and I hate to use it as my example, but there was a planet where people used items of emotional value as currency. This is kinda how I see the future of the Internet going: People trade various details of their life, and they get various services in return (privacy economy?). I use Google services, while I never fully trust anyone, I trust them more than most with the data they collect about me. You sort of give this same level of trust to merchants when you swipe your credit card, not knowing if they are actually collecting your card number and are going to do bad things with it. Services should have the option (as Google does) to pay for a service, and not have to take part in advertising. I would love to pay Facebook $5 a month, and not have any ads and no tracking. Again, however, it comes down to trust -- every website can collect information about you even if they are not running ads. They can be sharing that information, etc. You wouldn't know unless you worked for the company, and realistically probably only if you were in upper management or a small little team. You don't have to trade your privacy for free services, but I choose to. I don't view a company as evil for it. Gregory Foster wrote: Please note the subject change, as the previous subject featured Microsoft - a notable reflection of the tides of history. In short, what price will you pay for your privacy? Google (like Facebook), makes the majority of its money by selling advertisements (I've heard on the order of 95% of Google's revenue is generated by AdWords). Like everything else the Internet touches, advertising has been disrupted by the innovations introduced by companies like Google and Facebook. In this case, the innovation is highly accurate micro-targeting of groups. For example, on Facebook you can place an advertisement that targets only current employees of a particular organization - because individuals document their employment history on Facebook. Disruption of the advertising industry has been enabled by the acquisition and compilation of information on individuals. We, as individuals, voluntarily provide our personal information to these organizations in the process of using the tools and amusements they provide to us - crucially, at no direct financial cost to us. The quantity and accuracy of aggregated personal data largely determines the amount of advertising revenue that can be generated. Therefore these organizations are incentivized to collect more and more personal data. In some circumstances (but not all), these same organizations provide paid versions of their tools which provide privacy guarantees, such as Google Apps for Business which includes GMail. It's worth noting there is no privacy protecting version of Facebook. So this calculus is pretty simple. If your privacy is worth something to you, what will you pay to keep it? Trouble finding privacy protective substitute technologies? Well, that's part of our answer. Technology has a cost for the convenience it provides, and that cost is not just economic. As McLuhan said, every technology is simultaneously an amplification *and an amputation*. And lately, there's a lot of severed personal data being scooped up. gf -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Secure, inexpensive hosting of activist sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Either I missed it, or it wasn't posted: dod.net is a wonderful 501(c)3 which has a great distributed network of servers and is super big on privacy protection and their clients data. It's free to host with them, but they ask for donations. Also BuyVM.net has also been a great host that even up until recently let you run tor exit nodes. Francisco (the owner) has a liberal policy towards linking, and allows torrent trackers (with the official line that they can't track copyrighted material) which is great for dissemination of large files like wikileaks archives. dod.net is shared hosting, with a jailed SSH. buyvm.net is a VPS. Eugen Leitl wrote: On Sun, Apr 21, 2013 at 09:26:05PM -0400, micah wrote: Can't rely on them to be there for what exactly? Just being there and responsive for the entire duration you need them. Where is the liberatory technological element to recommending commercial The liberatory technological element is to use distributed services not linkable to a certain specific server or location. You're welcome. services when they are more than happy when the shit hits it to bend over backwards for law enforcement without bothering even questioning if Have you ever heard of bullet proof hosting? Do you think that snowshoe spammer and carder and malware hosters care a damn thing about the content they host? the request is even legal because that would cut into their profits? I Very simple: they do not care whether it's legal. Their business model is that they don't care, as long as the account gets paid. have to say I agree with ilf, this is pretty depressing for this list. You'll get used to it. I did. How can anyone in good conscience recommend to activists commercial services whose primary goal is to optimize for the bottom line? You How can anyone engage in strawmen of such appalling quality? realize that when the shit hits it you can rely on them to not waste any of their money fighting for you. Not that it matters, because they are already deupitized data collection points for the police, building into their money-making schemes keeping as much logs as they possibily can to maximize profits from various advertising and surveillance efforts. And really, Cloudflare? Comon. After their willingness to roll over on What about Cloudflare? Can't recall mentioning them. the subpoena for Barret Brown and prentend that they were the internet's saviors by making up that whole thing about how they saved the internet from the biggest DDOS ever? This is an amazing statement: free is distinctly unaffordable -- what meaning of free are you using here? There are other things that I'd Free, as in free beer. pay *more* money for if it meant the kind of free that I'm thinking of was in play... But this is 'liberationtech', right? Is the only thing you are concerned about is being liberated from your money when doing tech things? The cognitive dissonance here is deafening. How would you know? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJRdUWqAAoJEES9cOv0A0l0TlgIAMTcfmxdqmJmNtAjJxNmoXtV hz7QZIRdJQ7uhfjcVXmeFrb8SYGujkNBy9QJGNhuiOfKWrYiDoj4lLNe++5eAB5g av6DT7DegXF1Ep0iyXYY/cSTCVKFCl5n6NEObb+gyqrDavUiPNfD5xXHtuBm6Qw5 nWzOt1Rkj4G8C9jbUQI0ZxixCQO2fRi7p6TYGiRjoOmOnUBauMwByn2m9/NAjxJ+ D+xapIhsI16KNxwZ4a2DYraHdqXoXEPjXe3HSu6BmGQP0PCf4lRJnzJQ/ZZ1Po74 v1M7F0SZXQK/41rmTux4eyoM++VYIA8p+r7QAbIFihCFg8OXWGra/1o9y9wuSEA= =xV4C -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Please Vote on Reply to Question
No, it just shows that people didn't understand the rules of voting. Nothing else. Travis McCrea Pirate Party of Canada The Ultimate Ebook Library Kopimist Church of Idaho Phone: 1(206)552-8728 US Call/Text IRC: irc.freenode.net, irc.pirateirc.net (TeamColtra or TravisMcCrea) Web: travismccrea.com IM: teamcol...@451.im (jabber) teamcoltra (AIM) On 2013-03-21, at 12:42 PM, Guido Witmond gu...@witmond.nl wrote: On 03/21/2013 05:33 PM, Trevor Timm wrote: Man, I really wish even if people are voting reply-all that you vote by just replying to Yosef. This is spamming everyone's in box with dozens of emails. Doesn't it prove the point of reply-to-poster? Guido. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Maybe I have a hard time understanding since I don't use email to discuss anything that would be embarrassing, career ending, and most certainly not life threatening. However, it would seem that even if someone /does/ talk about those things using email -- they should be doing it with encryption and thus wouldn't be a problem on the main list. Conversations often get broken up when you disable reply-to-list because people just click reply instead of reply-all and we miss what could be very enlightening conversation. If I was to vote on a matter like this I would either abstain or vote to keep it the way it is, so clearly it's not so important to me that I want to fight about it. I don't view this as a security risk, no more than a person could reveal the same information using reply-all (anyone who has worked at a large company before probably knows countless times when someone has clicked reply all when they only meant to click reply) for recent example http://www.hlntv.com/article/2012/11/28/reply-all-nyu-student-emails-school I see zero need to change it. Travis McCrea Pirate Party of Canada The Ultimate Ebook Library Kopimist Church of Idaho Phone: 1(206)552-8728 US Call/Text IRC: irc.freenode.net, irc.pirateirc.net (TeamColtra or TravisMcCrea) Web: travismccrea.com IM: teamcol...@451.im (jabber) teamcoltra (AIM) On 2013-03-20, at 1:37 PM, Matt Mackall m...@selenic.com wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Mathematics is the supreme nostalgia of our time. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
