Then I will wait for your post and then post in Farsi about it. Thanks Nadim.
A On 29 October 2012 01:58, Nadim Kobeissi <[email protected]> wrote: > Hm. I'm frustrated by Eric's reply to the point where I'm going to do a > complete audit of OkayFreedom and post any vulnerabilities and exploits > I may find in public on my blog, including detailed instructions on how > to break everything. > > Expect something within weeks. > NK > > On 10/28/2012 9:46 PM, Eric S Johnson wrote: > >> misremember the entire discussion; it happens to all of us! > > > > I imagine we each remember what best supports our own point of view. I'm > > sure it happens to all of us! > > > >> open at the moment for those in the US is if we will have some kind of > >> justice for this spying on all of us. It sure seems bleak. > > > > Yes, it does. I hope all the Amcits on this list have voted (or will do > so)! > > > >> to make their own choices, to show data and stories about lessons we've > >> learned the hard way, and when we are able, to offer solidarity where it > >> is possible and welcome. > >> What matters is that users must be protected against serious > >> attackers. > > > > Agreed. > > > >> I personally feel like it is often suggested > >> that the burden to show something is unsafe is on us. > > > > You assume everything is unsafe. Saying "telephones are dangerous. VPNs > are > > dangerous. Anything Microsoft is dangerous. Everything's > dangerous"--well, > > okay, sure, so is walking across the street (let alone just breathing, > > especially for those of us who live in China). But if you have only ten > > minutes to get this journo in Gyanja, Gomel, or Gonder to do something > > different, even you (let alone the rest of us relative neophytes) aren't > > going to be able to get him using TAILS. So, we have to prioritise. > > One way to prioritise is to assign various levels of likelihood to > > the possible threats. And one way to do that, in turn, is to assess what > we > > do know about the threats which have proven problematic in the past. > Sure, > > we don't know what we don't know: epistemology and all that. But we can > > tally up what we have learned, and use that as a basis, however > imperfect, > > for saying to the activist from Gweru: if we only have ten minutes, the > goal > > is to move toward mitigating problem X (and we'll only be able to provide > > the simple solution which takes partial care of the problem--not a > solution > > which would keep the NSA off Jake's back, but a solution which is likely > to > > make this particular person safer). If we have an hour, we should be > able to > > help mitigate X, Y, and Z. Ideally, we'll have three days, and then we > can > > help mitigate all 15 top problems. > > To "there's no point in anything less than perfection"--well, yes, > > we'll have to agree to disagree on that. I think there's huge value in > > getting someone to use a solution which is "more secure" in their > particular > > context (ideally we get that knowledge from on-the-ground research in > > addition to reports in Western media), even if it's not a perfect > solution. > > > > What I don't get is why you work so hard to discredit folks rather than > > educating them. All of us on this list know you're a God (despite your > > sarcastic "perhaps I'm just dense"). We all understand you know more > about > > cybersecurity and cybersurveillance (never mind that you hate certain > words) > > than the rest of us combined. Everyone loves gaining from your experience > > (e.g. (just to name the most recent examples) your teardown of > OkayFreedom, > > the VPN security paper to which you referred a couple days ago, etc.). > > > > Best, > > Eric > > > > -- > > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
