Hello Sahar,
I am interested in the political economy of digital media and am author
of a forthcoming book about Occupy and social media.
Alternative media and technologies are facing the challenge of acquiring
resources for being run. I am wondering how at RiseUp you organized the
necessary resources (working time, people, software development and
upgrade, system administration etc) and what your experiences were with
voluntary donations? I would be interested to hear how well the donation
system works?
Thanks a lot.
Best wishes,
Christian
--
Christian Fuchs
Professor of Social Media
University of Westminster,
Communication and Media Research Institute,
Centre for Social Media Research
http://fuchs.uti.at, http://www.triple-c.at
http://www.westminster.ac.uk/csmr
@fuchschristian
[email protected]
+44 (0) 20 7911 5000 ext 67380
On 18/10/2013 19:53, Sahar Massachi wrote:
As Elijah wrote, the point of riseup is to serve a specific
constituency. The point is not to help the general public encrypt their
email.
On Oct 18, 2013 1:30 PM, "Jonathan Wilkes" <[email protected]
<mailto:[email protected]>> wrote:
On 10/15/2013 06:47 PM, elijah wrote:
On 10/15/2013 03:07 PM, Yosem Companys wrote:
If you have any thoughts about Riseup, whether
security/privacy-related or otherwise, I'd love to hear them.
I think I am the only person from the Riseup collective who is
subscribed to liberationtech, so I will reply, although what
follows is
not an official position or response from the collective.
We started when it was impossible to get even simple IMAP
service that
was affordable. Very early on, it became apparent that one of the
primary issue facing our constituency (social justice activists)
was the
rapid rise in abusive surveillance by states and corporations.
Riseup does the best it can with antiquated 20th century technology.
Without getting into any details, we do the best that can be done,
particularly when both sender and recipient are using email from
one of
service providers we have special encrypted transport
arrangements with.
Admittedly, the best we can do is not that great. And, of
course, our
webmail offering is laughably horrible.
Riseup is not really a "US email provider". The great majority
of our
users live outside the United States, and email is just one of many
services we provide.
There has been much discussion on the internets about the fact that
Riseup is located in the US, and what possible country would
provide the
best "jurisdictional arbitrage". Before the Lavabit case, the US
actually looked pretty good: servers in the US are not required to
retain any customer data or logs whatsoever. The prospect of
some shady
legal justification for requiring a provider to supply the
government
with their private TLS keys seems to upend everything I have read or
been told about US jurisprudence. Unfortunately, no consensus has
emerged regarding any place better than the US for servers, despite
notable bombast the the contrary.
As a co-founder of Riseup, my personal goal at the moment is to
destroy
Riseup as we know it, and replace it with something that is based on
21st century technology [1]. My hope is that this transition can
happen
smoothly, without undo hardship on the users.
As evidence by the recent traffic on this list, many people are
loudly
proclaiming that email can never be secure and it must be
abandoned. I
have already written why I feel that this is both incredibly
irresponsible and technically false. There is an important
distinction
between mass surveillance and being individually targeted by the
NSA.
The former is an existential threat to democracy and the latter is
extremely difficult to protect against.
It is, however, entirely possible to layer a very high degree of
confidentially, integrity, authentication, and un-mappability
onto email
if we allow for opportunistic upgrades to enhanced protocols. For
example, we should be able to achieve email with asynchronous
forward
secrecy that is also protected against meta-data analysis (even
from a
compromised provider), but it is going to take work (and money)
to get
there. Yes, in the long run, we should all just run pond [2],
but in the
long run we are all dead.
The first thing you should do is remove the social contract from your
registration page. It's creepy and (should be) completely at odds with
your privacy policy. (That is, it should read "even _we_ can't ban you
from using our service to talk about the following things in confidence
with others...")
Furthermore, every single bullet point is ambiguous and would be
subject to a flame war if I posted them here. That is, they are so
wide open that people could reasonably take an opposing view for
any or all of them, in good faith or bad.
Personally, I agree with Riseup's position on those bullet points
(assuming I understand them the same as you). But I disagree
with requiring people to answer them if they want to try to be
safer when they use the internet.
Essentially, a requirement to click such a button is asking people to
lie to themselves in order to use your service. Even the Pope and
the military have seen fit to stop making people do that.
Best,
Jonathan
-elijah
[1] https://leap.se/email
[2] https://pond.imperialviolet.__org/
<https://pond.imperialviolet.org/>
--
Liberationtech is public & archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/__mailman/listinfo/__liberationtech
<https://mailman.stanford.edu/mailman/listinfo/liberationtech>.
Unsubscribe, change to digest, or change password by emailing
moderator at [email protected] <mailto:[email protected]>.
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
