-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Perhaps a good balance would be to set up a closed email discussion list with a host you trust who has strong privacy guarantees as Miles recommended (Greenhost can provide you with Mailman, or Electric Embers has a great security reputation). And for sharing files you could use something like OwnCloud that you can host yourself, or host with someone you trust.
It doesn't get much more simple than an email discussion list, but you may need to figure out how to verify people are who they say they are, for the sake of privacy. Kristin On 7/11/16 12:32 PM, Miles Fidelman wrote: > That may be - though some of the PGP solutions are pretty close to one-click > install these days. The old Napster never seemed to phase anybody. Maybe, whomever is organizing the group needs to spend a little time picking a system and writing up a how-to-install checklist. > > The reality is that anything that's not encrypted tends to get indexed by google - so, if privacy is a concern (as the OP indicated), then any standard email list, probably including a google group, is problematic - at the very least one has to pay very close attention to configuration, and better to not have an archive (hard to do with google groups). > > At the very least, go with a service that has registration and strong privacy guarantees, or maybe set up a Wordpress or Drupal instance, with access limited to registered users. Point and click on wordpress.com or godaddy. > > Miles Fidelman > > > On 7/11/16 11:26 AM, Steve Weis wrote: >> Hello Miles. I think your suggestions are not practical for an ad hoc group of sexual assault survivors. You're talking about them using PGP, downloading open source clients, or using untested blockchain systems. I think for a random group of people, all of these will fail in practice due to poor usability and platform incompatibility. I think there is little benefit to using a P2P system in this case. >> >> Their threat model is against their abusers and potentially media, bloggers, or trolls who pick up on the story. It's not against hosted services like Google or the NSA. >> >> You want something dead simple that works on every platform and managed by an organization with their own security team. I suggested Google Apps because it's battle-tested, easy, and in this use case, free. Yes, Google would see this survivors' group data. They also see a enterprise data -- even from competitors -- that is much more valuable and targeted. >> >> On Mon, Jul 11, 2016 at 5:09 AM Miles Fidelman <mfidel...@meetinghouse.net <mailto:mfidel...@meetinghouse.net>> wrote: >> >> Personally, I'd recommend staying away from any kind of hosting >> service >> - stick with a peer-to-peer system designed for privacy. >> >> One, really simple notion would be to simply use encrypted email, >> perhaps over a list server. It's a pain, but straightforward. It >> does, >> however expose group membership, in the form of email addresses. >> >> >> > > > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXhTERAAoJEEq2H0u+0mY5R5sP/2p2lXBXKXk7XDhlAqaS5qTf FSyMUe3qIv3+wFHa4Kv0Q3r/4dNAiUwaHKZCuAECgFgi5e22ik/+plZjv/s2gNot k0SU+wkVMFeH8OCnF8F0XT0fzFibKTUzdlzSldv+RB1UnEhudx/0io9ZJMPf6j3y dULMaQMQixTxNpI21CKzZPKgyNKq0m5Q+1RlLOACdG/JlJIy6CzMextSdbCLY6bD 88glwuWco9OhmKuIcx+vT9Uk9vcwkMzQ0ypRbESqrFhKayvyJIYlGGggXVVIij0i VhktjyF5TMwc//rYduWwM8FcjNLSfVQC9GMYTJWgNQBPXxOIqbQ5On3+NDu+tHCL 61USPWLLZBO7VP1NqiGJfS98VOoZ6XiTluytF6yUiyYn3jS29zzxgsqX6Z5VYDRF faAiu2vbNfIpqW1Ss/YJfhZ2fPfLmutybXvQa2g4dPc2H9uYUZUYxm1jocz0BBs5 vrhsp63eARnn33XRmAaZpNtpaaIGbN0rAWx4aggxRms0WciHKYZqC7qYHvsOAqwh mivbtFSupw4zIG2fElazBIRrbxQ5nsczlrwv/p4w/5CSwXCk9jB7fDS9+2XB8zoI 8eLPKJ4DdNUTXq3pc8Cpa4EbP5xvGEkNvJLX3rlvYAYL7AvkSZLB6WKtqy75TPF/ 8g9pqXc7Nils5c7be7iL =vV41 -----END PGP SIGNATURE-----
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
