On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:
We're in the late prototype phase for Groundsourcehttp://groundsourcing.com,
a mobile data collection and engagement platform -- designed for
journalists, researchers, NGO's and others to use to gather first-hand
knowledge. We've
On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote:
Nose to the grindstone Andrew. Use Rich's email to remind you this is hard,
but its still worth doing.
I've read this multiple times and I still have no idea how your remarks
relate to what I wrote in re the (in)security of
On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote:
Mostly I'm taking issue with your nonconstructive demeanor.
Clearly you have no idea how I write when I'm being nonconstructive. ;-)
Think equal proportions Kingsfield[1], Vader, Snape. Season to taste with
HST and Mencken, serve at
On Tue, Mar 26, 2013 at 04:24:33PM -0700, Brian Conley wrote:
I generally read most of your comments on this list as I find
them insightful, however in this case, I was struck by your
entirely hostile attitude.
You're misreading exasperation and frustration as anger, and you're
still focused
I don't think it's a huge leap to suggest that someone may be trying
to hobble telecommunications in/out of the Middle East, that they're
doing so for a reason, and that they'll try again.
---rsk
- Forwarded message from Randy Bush ra...@psg.com -
From: Randy Bush ra...@psg.com
Date:
On Thu, Mar 28, 2013 at 10:48:17AM +0100, Simon Rothe wrote:
- fast and secure hosted by Amazon-Web-Service
I wouldn't.
(a) Nobody with any clue accepts SMTP traffic from Amazon's cloud,
as it's proven itself to be a massive source of spam and other forms of
SMTP-borne abuse. Attempts to get
On Wed, Mar 27, 2013 at 07:45:45PM -0400, Carol Waters wrote:
At the risk of igniting an inbox-exploding smackdown thread [...]
You say that like it's a bad thing. ;-)
I'll quote Marcus Ranum on the subject of educating users, from his essay:
The Six Dumbest Ideas in Computer Security
On Sun, Mar 31, 2013 at 11:47:31AM +0200, M. Fioretti wrote:
How could that happen? In the same, totally unsurprising ways in which
always happen to everybody who takes the same measures as you (no
offense meant, really, just a technical explanation!). It happened in
one of these two ways
I think remote wipe software is a scam. There is no way to know that
the system will ever be remotely accessible[1]; there is no way to know that
it will be booted into the operating system that was installed; there is
no way to know that the storage media will even be in the same system
when
On Fri, Apr 05, 2013 at 10:29:12AM +0100, Dan Lin wrote:
World Congress on Internet Security (WorldCIS-2013)
Technically Co-Sponsored by IEEE Tokyo Section
August 5-7, 2013
Venue: Tokyo University of Information Sciences, Japan
www.worldcis.org
I'm throwing the bullshit flag. I think this
On Tue, May 14, 2013 at 09:14:19PM +0530, Pranesh Prakash wrote:
Heise Security is reporting that Microsoft accesses links sent over
Skype chat.[1]
Everyone who thinks that's the *only* thing that Microsoft is quietly
doing behind everyone's back, raise your hand.
And incidentally, the
On Wed, May 29, 2013 at 03:21:45PM -0700, fr...@journalistsecurity.net wrote:
I appreciate your feedback and your bluntness, Rich.
But you are providing far more guidance about what to avoid than what to
use. If journalists and other users should avoid all commercial based
operating systems
On Sun, Jun 02, 2013 at 10:16:20PM -0400, Nathan of Guardian wrote:
In summary, if the focused threat you need to address is location
tracking by carriers/operators, and you live in an area with a decent
saturation of open wifi hotspots, I feel there is something you can do
about it. Now your
On Tue, Jun 04, 2013 at 06:44:37PM +0100, Bernard Tyers - ei8fdb wrote:
I wonder if there is any connection between these merchants and botnets?
Botnet owners or spammers would seem like a great source of valid IDs.
Let me introduce a term you might/might not have heard before in other
These revelations constitute an existence proof that the number
of backdoors in various services is nonzero.
There's no reason to believe that this nonzero value is 1.
After, if the NSA could backdoor them (with or without their cooperation)
then why couldn't MI6? Or Mossad? Or some other
On Fri, Jun 07, 2013 at 02:48:58PM +0200, Eugen Leitl wrote:
On Fri, Jun 07, 2013 at 08:32:36AM -0400, Rich Kulawiec wrote:
These revelations constitute an existence proof that the number
of backdoors in various services is nonzero.
There's no reason to believe that this nonzero value
(Quoting myself from something I just sent to NANOG in re the
same question: are the Cxx people at Google and elsewhere telling
the truth?)
*puts on evil hat, adjusts for snug fit*
Targeting the technical people who actually have their hands on the
gear might be the best choice. They don't
It's not open-source, therefore it not only *can* be discarded without
any further discussion, it MUST be.
---rsk
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
On Sun, Jun 09, 2013 at 09:45:31AM -0400, Nadim Kobeissi wrote:
I don't agree with x z (and rather agree with you), but I'm really tired of
just how aggressive and rude you always are on Libtech.
First: you've got to be kidding. I've never seen a single message on
this list that goes past
On Mon, Jun 10, 2013 at 01:30:19AM -0700, x z wrote:
First of all, I don't feel offended by Jacob's reply to my email at all,
probably because I know and expect his style of wording. So far I think the
discussion is still pretty civil.
I concur. This is what spirited discussion looks like.
On Mon, Jun 10, 2013 at 01:48:23PM -0700, x z wrote:
@Rich, those are good movie scripts :-). But it does not work for 9 firms,
and hundreds of execs all with diverse values and objectives.
Two responses.
hundreds? Not necessary. Not desirable, from the NSA's point of view,
either. One
http://www.theatlanticwire.com/national/2013/06/where-is-edward-snowden/66072/
I'm reminded of this exchange, which I presume everyone on this
list is familiar with:
I'd like to go back to New York.
You have not much future there. It will happen this way: you
On Tue, Jun 11, 2013 at 05:44:38PM -0400, Richard Brooks wrote:
This lead me to start thinking about the possibility
of deploying something like Fidonet as a tool for
getting around Internet blackouts. Has anyone tried
something like that?
Usenet has long since demonstrated the ability to
On Thu, Jun 13, 2013 at 04:27:17PM -0700, Seth David Schoen wrote:
These properties are really awesome. One thing that I'm concerned
about is that classic Usenet doesn't really do authenticity. It
was easy for people to spoof articles, although there would be
_some_ genuine path information
On Fri, Jun 14, 2013 at 02:14:16PM +0300, Maxim Kammerer wrote:
An interesting article, showing why ?responsible disclosure? of
exploitable bugs is a bad idea.
I concur. I've often argued that there is no such thing as responsible
disclosure -- it's a self-serving fiction concocted to satisfy
On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote:
First of all, thank you for all your valuable input on this list.
You're very kind, but my contributions are minor and unimportant. Others
have done far more.
I wanted to ask you if you have any good resources on getting the
On Fri, Jun 14, 2013 at 06:34:42PM +0200, Eleanor Saitta wrote:
The issue with this approach is that maintaining infrastructure like
this takes an ongoing time commitment by someone who is clueful (and
thus at least moderately expensive for broke organizations where
everyone's constantly
On Sun, Jun 09, 2013 at 10:11:08AM -0400, Nadim Kobeissi wrote:
On 2013-06-09, at 10:08 AM, Rich Kulawiec r...@gsp.org wrote:
Second: stupidity, in all forms, fully deserves to be slapped down --
This is where I stop reading.
I have to admit, even though I've read this half a dozen times,
I
On Tue, Jun 18, 2013 at 08:54:30PM -0700, Mike Perry wrote:
[ one the most insightful, thoughtful messages I've ever read here ]
There's very little I can add to that, except to say that I look
forward to reading the future, longer writeup you mentioned.
Now get to work. ;-)
---rsk
--
Too many
On Tue, Jun 18, 2013 at 11:30:00AM +0200, Julian Oliver wrote:
It'd be also good to add GNU/Linux however. [...[
And the BSD family, notably OpenBSD -- whose development is led in
large part by one of my favorite curmudgeons. (As I've said elsewhere,
some of the people working on OpenBSD are
[ Sorry. Just saw this now. ]
On Tue, Apr 09, 2013 at 07:54:23AM +0100, David Miller wrote:
On 9 April 2013 01:29, Steven Clift cl...@e-democracy.org wrote:
Part of the problem maybe yahoo mail hacked accounts which are an ongoing
disaster.
What's the deal with that - I seem to get
On Thu, Jun 20, 2013 at 01:17:18AM -0700, Raven Jiang CX wrote:
My own concern lies with the fact that the a great deal of academia and
knowledge creation is currently being funded by the inefficient tuition
system. If the transition to MOOC is too sudden, then we might irreversibly
damage our
On Wed, Jun 05, 2013 at 10:16:23PM -0700, Andy Isaacson wrote:
This is a really deeply interesting assertion. You seem to imagine a
bright line of abuse that is agreed on by all parties, with a policy
that can be implemented by thoughtful operators to make the abuse
stop. I submit that that
On Mon, Aug 19, 2013 at 12:32:59AM +0200, Moritz Bartl wrote:
Subject: Avaaz in grave danger due to GMail spam filters
This should be retitled Avaaz allegedly in grave danger due to their
own extremely stupid decisions as regards running their mailing list,
and oh, by the way, Gmail's anti-spam
On Tue, Aug 20, 2013 at 12:27:24PM -0400, Matt Holland wrote:
Rich: We actually do run our email lists in-house, sent from our own MTA's,
with appropriate SPF records, DKIM signature, list-precedence headers, etc.
etc. Our message to members was focused on getting into a particular tab
at
On Wed, Sep 04, 2013 at 10:27:54PM -0700, Jillian C. York wrote:
Is this spam?
No, it is not. Spam is UBE (unsolicited bulk email) and there is no
evidence whatsoever that this is bulk. It may be against list policies
(that is for the list-owners to decide) but that determination is
orthogonal
This is a fraudulent/fake conference being promoted via spam. I recommend
permanently blacklisting the sender.
---rsk
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
On Wed, Sep 04, 2013 at 06:19:35PM -0400, Dave Karpf wrote:
One distinction that I think is worth pondering though: it seems like the
standard of serious about email is in conflict with the goal of
frequently communicating with 20M supporters.
That's a good point. Two responses:
1. At this
That's a valid concern.
But I think you should probably be more concerned that it's only a matter
of time until malware is released which grabs the fingerprint and quietly
uploads it to someone's database. I'm sure they'll find uses for it,
doubly so if it happens to unlock something other than
On Fri, Sep 13, 2013 at 09:14:27AM +1000, Erik de Castro Lopo wrote:
No such agency and the like are almost certainly able (with the
help of carriers and manufacturers) backdoor and exploit all
the major smartphone brands and models [0].
Smartphones are horrendously complex, rely heavily on
On Wed, Dec 05, 2012 at 01:11:08PM -0500, Nicholas Judd wrote:
If I could tap into your hive-mind intelligence for a moment to help me
be more precise about explaining why this is an issue, I would appreciate it
...
Others have articulated a number of reasons for this already,
so I'll attempt
On Sat, Dec 22, 2012 at 12:23:30PM +0200, Nadim Kobeissi wrote:
Isn't it time for an open letter regarding Skype?
No.
Not that I disagree with your concerns or anything like that:
they're valid.
But because there is absolutely no reason to expect truthful and complete
answers from Skype.
In
On Wed, Dec 26, 2012 at 01:45:00AM -0500, bobal...@lavabit.com wrote:
Comments and suggestions would be appreciated. Happy holidays!
A suggested addition, perhaps not worded as succinctly as it could be:
*Third-party Infrastructure*
Some tools, perhaps nearly all tools, rely on third parties
On Thu, Dec 27, 2012 at 01:21:38PM -0500, Miles Fidelman wrote:
That's a rather intriguing concept, though I might look at starting
from UUCP NNTP, or perhaps BITNET, rather than the FIDO model -
the software is a bit more mature, and UUCP at least is still
supported. Mobile devices could
I rather suspect that this is prelude to Facebook monetizing the suckers
again by charging advertizers bulk rates, e.g., $350K to hit 1M users,
where the 1M are targeted a selected based on information in FB's databases.
Once the billing infrastructure is in place (and it sounds like it already
h/t to Lauren Weinstein via his nnsquad mailing list.
Writeup:
http://thenextweb.com/insider/2013/01/09/nokia-seems-to-be-hijacking-traffic-on-some-of-its-phones-grabbing-your-https-data-unencrypted/
Original:
https://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
On Sun, Jan 13, 2013 at 10:41:15AM -0600, Case Black wrote:
Federal Prosecutor Ortiz does not seem like a monster in general...of
course not, neither did Adolf Eichmann.
This is the face of the Banality of Evil for the modern era!
I've been thinking about this, and about Lessig's comments
Suggested changes (all near the beginning):
Is:
Many of these users rely on secure communications - whether they
are activists operating under authoritarian governments or journalists
dealing with sensitive sources.
Suggest:
Many of these users rely on secure communications - whether they are
[ Perhaps some precautions might be appropriate for those using FB in
less than hospitable circumstances. ---rsk ]
- Forwarded message from Lauren Weinstein lau...@vortex.com -
Date: Thu, 17 Jan 2013 18:05:22 -0800
From: Lauren Weinstein lau...@vortex.com
To: nnsq...@nnsquad.org
On Mon, Jan 21, 2013 at 11:48:38PM +, Jacob Appelbaum wrote:
I'm not clear on most of the Retroshare design. Is there a threat model?
I share this lack of clarity. One of the things that I perceive as
a significant threat to software like this is full compromise of
a trusted party's system
There's no such thing as cyberwar, any more than there's a war on
poverty or war on drugs or war on terror. It's a construct either
(a) devised by people who can't come up with a better metaphor -- or
simply abstain from trying and/or (b) devised by people with an agenda,
e.g., further bloating
uncrackable? self-destruct? patent pending? decoy images?
Riiight.
---rsk
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
I'm finding this discussion highly illuminating -- as I find many here.
So before I make my comments, I want to says thanks to everyone for the
education. You've given me *a lot* to think about while running.
My concerns re these sorts of self-destructing documents revolve (first)
around the
Alchemy is to chemistry, astrology is to astronomy, as closed-source
is to open source.
Closed-source is intellectual fraud. It is the equivalent of an academic
paper which has a synopsis and conclusions -- but nothing else. No honest
reviewer would ever approve such tripe for publication in a
Found a downloadable PDF of it here (thank you smb!):
https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf
---rsk
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
On Sun, Jan 27, 2013 at 05:18:46PM -0800, Brad Beckett wrote:
6. Use Gmail, with two factor authentication enabled [...]
Most of this is outside my expertise, but on this point I'll chime in.
Gmail is mediocre, at best -- I'd give it a Gentleman's C, no better.
The spam classification
On Mon, Feb 11, 2013 at 12:54:27AM +0700, Uncle Zzzen wrote:
Obviously systems are too complex for most people to really figure out
what's exactly running on their computer, and modern systems (from smart
phones to unity) make it harder and harder for users (even power users)
to peek under the
The short version is that Ubuntu is now pre-compromised. (Or if you
prefer Stallman's phrasing, and I agree with him, it's spyware.)
And given the appallingly tone-deaf nature of Shuttleworth/Canonical's
responses, I very much doubt that this will be the end of it --
that is, I fully expect other
On Tue, Feb 19, 2013 at 04:53:48AM +, Jacob Appelbaum wrote:
Sounds like someone should upload a package that fixes all of the
privacy problems, eh?
I've thought about this for a couple of days and about 20 miles, and
although my initial reaction was yes, they should, I'm now going to
On Fri, Feb 22, 2013 at 01:31:22PM +0100, Eugen Leitl wrote:
- Forwarded message from Rich Kulawiec r...@gsp.org -
Well, I'm flattered (or at least I think I am) that you found my
note to NANOG interesting, but I can't figure out what possible
relevance it has *here*. Even after my
It won't work. Until the bot/zombie is solved, online voting is
a non-starter, since any election worthy of being stolen can be.
It doesn't matter what you do on the server side: you can construct as
elaborate and clever and secure an infrastructure as you wish...because
on the client side,
On Thu, Feb 28, 2013 at 02:19:11PM +0100, Ruben Bloemgarten wrote:
It seems I might have jumped the gun, assuming the discussion was about
voting systems for use in political elections. Disclosing all voter
data, including voter identity would solve much if not all issues
regarding
On Thu, Feb 28, 2013 at 01:43:38PM +, anonymous2...@nym.hush.com wrote:
Every idiot knows Linux is more secure in many ways
than Windows yet sometimes other factors come into play that
require the use of MS.
No. MS is never required. I've heard that contention for decades and
it's
On Thu, Feb 28, 2013 at 08:35:14PM +, anonymous2...@nym.hush.com wrote:
Most of what I have gotten so far are lectures and rhetoric.
I'm not sure what else you expected. (Really, I'm not.)
You didn't explain what you're trying to do. You showed up with
a list of middling-to-hideously-poor
On Sun, Mar 03, 2013 at 04:13:26PM -0500, Griffin Boyce wrote:
If the problem is limited to DDoS attacks, you might find that Cloudflare
offers some relief.
I agree, but: this thread (dating from today) may be of interest:
Cloudflare is down
On Mon, Mar 04, 2013 at 09:42:27AM -0800, Yosem Companys wrote:
7th International Multi-Conference on Society, Cybernetics and Informatics:
IMSCI 2013 (www.2013iiisconferences.org/imsci) to be held in Orlando,
Florida, USA, on July 9-12, 2013.
It's a scam. This is one in a long series of
On Fri, Feb 15, 2013 at 01:35:53PM -0800, Adam Fisk wrote:
At the risk of getting swept up in this by consciously saying something
unpopular, I want to put my shoulder against the wheel of the open source
process produces more secure software machine. [snip]
I've been thinking about your
On Sun, Mar 03, 2013 at 09:10:30PM -0500, Rich Kulawiec wrote:
On Sun, Mar 03, 2013 at 04:13:26PM -0500, Griffin Boyce wrote:
If the problem is limited to DDoS attacks, you might find that Cloudflare
offers some relief.
I agree, but: this thread (dating from today) may be of interest
On Sun, Mar 10, 2013 at 10:29:44AM +0700, Nathan of Guardian wrote:
Glad to see such a great level of academic investigation and discourse
coming out of this esteemed university.
I'll give him a pass on rigor, as this is an informal article and not
intended to be a journal paper. (Besides, I
On Mon, Mar 18, 2013 at 12:59:48PM +0100, Giuseppe Calamita wrote:
Hello, I wonder if application such as Spotflux: http://www.spotflux.com/ in
security general terms and agency proof strength.
At first glance it appears to be a closed-source app which allegedly solves
certain security/privacy
On Tue, Mar 19, 2013 at 07:08:48PM -0400, Joseph Lorenzo Hall wrote:
Has the possibility of reconfiguring libtech to not reply-all by default been
broached? Maybe I'm the only one that trips over it so often. best, Joe
This is something that has been debated numerous, and I do mean *numerous*,
On Wed, Mar 20, 2013 at 05:48:20AM -0400, Michael Allan wrote:
Pardon me, but that's not true. GNU Mailman is a decent list server
and it ships with reply-to-sender. You must go out of your way to
munge the Reply-to header. They recommend against it:
On Tue, Mar 12, 2013 at 06:31:56PM -0500, Kyle Maxwell wrote:
A. This doesn't eliminate phishing because users will still enter
their credentials at a site that doesn't actually match the one where
the cert was previously signed. Otherwise, existing HTTPS controls
would already protect them.
On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts wrote:
One is tempted to suggest using other than Skype. Alternatives exist,
and these are secure, at least according to their claims. As well,
Skype's code is not transparent, in the way that other, open source,
applications' are.
On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote:
To Liberation Tech:
Stanford is implementing a new security policy detailed here:
http://ucomm.stanford.edu/computersecurity/
First, if they were serious about security, they wouldn't be using
Microsoft products.
Second,
On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote:
The main point is Coursera has done something that it's not legitimate.
They were (apparently) forced to do this. It's not like Coursera
staff woke up one day and suddenly decided to block those countries
because they had nothing
On Mon, Feb 03, 2014 at 03:09:24PM -0800, John Adams wrote:
Reality: You don't understand business nor threat modeling.
Reality: I understand both *painfully* well, having worked for/consulted
to a number of Fortune 100 companies and several major universities as well
as a few ISPs and
On Thu, May 15, 2014 at 07:36:07AM +0200, Fabio Pietrosanti (naif) wrote:
i think that would be very important to organize a project to Audit the
functionalities of Auto-Update of software commonly used by human rights
defenders.
Yes, but I'll go one step further: auto-update is a horrible
On Mon, May 19, 2014 at 07:24:39PM -0700, Tony Arcieri wrote:
If you really want secure updates, depending on your threat model doing it
correctly is a very difficult problem.
First, thanks for the pointer to the web site/paper/etc.: that's going to
make for some interesting reading later
It's probably just been hacked. Since the principals haven't commented
yet, I suspect they're probably busy diagnosing and fixing it. I suggest
ignoring the yapping on Twitter, having a nice microbrew, and awaiting
further developments.
And if those further developments amount to it's true,
On Wed, May 28, 2014 at 07:42:02PM -0400, Griffin Boyce wrote:
My suspicion is that either they were hacked (and had their key
stolen), or that they were ordered to shutdown and recommend
Microsoft's (presumably backdoored) BitLocker as a replacement.
BitLocker's enterprise documentation
On Sat, Jun 07, 2014 at 10:39:06AM +0100, Nariman Gharib wrote:
what solution do you have for solve this problem?
Don't use Twitter.
Yes, I'm quite serious. Twitter has clearly stated that they're delighted
to provide censorship-on-demand for any country that asks nicely:
On Mon, Jun 09, 2014 at 11:36:01AM +0100, Amin Sabeti wrote:
Rick, I think you delete the problem instead of solving it!
I suspect that's because I have a different definition of the problem. ;)
Outsourcing your communications to a so-called social network whose
interests (a) diverge markedly
On Tue, Jun 10, 2014 at 10:08:26AM -0700, Yosem Companys wrote:
The mention of NDAs by the Wickr founder makes it a non-starter. Their web
site doesn't have any download link for the source files, nor mention of
open source, but they do mention patent pending technology. How do they
expect
On Mon, Jun 09, 2014 at 07:52:51PM -0700, Seth wrote:
I'm in agreement with pretty much all the points made, but how do
you feel this approach?
1) ALWAYS publish the original source information via
freedom/privacy/dignity respecting services using a name-space (a
DNS
Recommended reading:
http://files.cloudprivacy.net/bundestag-testimony-csoghoian-june-26-final.pdf
---rsk
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
I skimmed this earlier today and plan to read it in depth later: it looks
like superb work.
The most disturbing thing about it is the realization that this can't
possibly be the only such project. Surely there are others. Many others.
And since there are others, it's necessary to ask: are any
I think this list is a pretty good starting point. Of course,
having said that, now I want to edit it. ;)
On Fri, Aug 01, 2014 at 02:21:12PM -0700, Bill Woodcock wrote:
BIND
NSD
add unbound, I think
Sendmail
add postfix, exim, courier
add
This is (unsurprisingly) spam from one of the many fake conference scams
currently polluting the Internet. I recommend permanently blacklisting the
sender and the referenced domain.
---rsk
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get
[ Forwarded from Dave Farber's most excellent IP mailing list. ---rsk ]
- Forwarded message from David Farber via ip i...@listbox.com -
Date: Wed, 1 Oct 2014 12:15:09 -0400
From: David Farber via ip i...@listbox.com
To: ip i...@listbox.com
Subject: [IP] Sophisticated iPhone and
1. Well, this has certainly been an interesting discussion, but until
Espionage is FULLY open-source, it's moot, because it hasn't (yet) been
exposed to unlimited peer review by arbitrary, independent third parties.
Please see:
On Thu, Oct 02, 2014 at 05:50:08PM -0700, Greg wrote:
K, thanks for the read (I read it but nothing there seems to apply,
perhaps some of its points will be addressed below).
I'm sorry that you feel that way; I included that link because I think
the entire message applies, particularly this
On Fri, Oct 03, 2014 at 10:23:09PM +, Jonathan Wilkes wrote:
Hi Rich, Your footnote #1 is dubious at best. The cost of
aiming peoples eyes at bugs is _not_ $0. Until it is, the free software
community has a problem with too few resources chasing too many bugs.
I'm not sure why you're
This is dragging out, so I'm going to try to be brief.
On Fri, Oct 03, 2014 at 06:07:36PM -0700, Greg wrote:
You may also be misunderstanding our NDA.
I'm not misunderstanding it. I didn't bother to read it, because the
mere fact that it exists is the problem. People who are serious about
On Thu, Jan 15, 2015 at 02:46:56PM -0800, Al Billings wrote:
I thought software freedom and access to the source code was considered
a requirement for considering a system secure.
According to whom? I think open source (I???ll leave aside whether ???open
source??? is ???free software???)
On Fri, Jan 16, 2015 at 10:19:22AM -0800, Al Billings wrote:
The problem is that I am a practical person who lives in the real world.
The largest, most successful project in the history of computing has
been built entirely on open standards, open protocols, open formats,
and open source: you're
On Tue, Feb 17, 2015 at 07:17:18PM +0100, Christian Huldt wrote:
Who are mailchimps.com and why should I trust them?
Spammers for hire, and no, you shouldn't -- doubly so since (like many
such operations) they embed unique-per-recipient tracking links in every
message they send. Last time I
On Wed, Jan 28, 2015 at 01:19:05PM -0500, Joe Hall wrote:
Mailing lists like this often include a header element like this that
you can use to unsubscribe yourself:
List-Unsubscribe:
https://mailman.stanford.edu/mailman/options/liberationtech,
I think there's a more fundamental problem here. We're all talking
about add-ons that perform various security/privacy functions.
Why are these add-ons? Why are they not designed-in and built-in
to the browser?
Those are only quasi-rhetorical questions, because I'm pretty sure
we all know at
On Thu, Oct 16, 2014 at 04:54:35PM +0100, Yishay Mor wrote:
Revealed: how Whisper app tracks 'anonymous' users
http://gu.com/p/42bqn
It's apparently much, MUCH worse than that:
a confederacy of 'privacy' dunces: what we found under the hood of
an 'anonymous' chat app used
1 - 100 of 125 matches
Mail list logo