[liberationtech] After the Green Movement, Internet Controls in Iran, 2009-2012
Hi LibTech I am pleased to announce the Citizen Lab's latest report, produced for the OpenNet Initiative, entitled After the Green Movement, Internet Controls in Iran, 2009-2012. The full report is here: http://opennet.net/blog/2013/02/after-green-movement-internet-controls-iran-2009-2012 And the testing data is here: https://citizenlab.org/data/iranreport/ A summary and key findings follows: This report, titled After the Green Movement: Internet Controls in Iran, 2009-2012, details Iran’s increasing Internet controls since 2009, when protests against the victory of Iranian President Mahmoud Ahmedinejad rocked the country. The election protest campaign--dubbed the “Green Movement”--was marked for the high use of social media and other information and communication technologies (ICT) to organize protests and disseminate information. Since the protests, however, the regime has tightened its controls on the use of ICTs while also seeking to use that technology to promote its own national narrative in cyberspace. While the filtering of web content has continued unabated, Iran has increasingly moved toward political centralization of its control regime, involving members of the country’s religious, administrative, and defence organizations as stakeholders in what the government sees as an ideological threat against the country’s values and national security. Key findings from the report include: • Since the “Green Movement” protests in 2009, the Iranian regime has adopted increasingly complex surveillance and monitoring techniques, complementing Internet filtering with legal frameworks and information manipulation. • These techniques of control overlap: Internet filtering is reinforced by a more constricted legal environment and efforts to “nationalize” Iranian cyberspace. • ONI testing over the past several years has revealed consistent filtering of websites pertaining to social media, international news channels, non-Shi’ite religions, social and religious taboos, and anything remotely opposed to official government policies. • The creation of the Supreme Council on Cyberspace indicates the Iranian government’s interest in centralizing their approach towards the Internet as well as their view of cyberspace as a larger security concern. • Internet censorship in Iran—culminating in the National Information Network—is framed as a way to protect the nation’s unique culture and identity and defend against the onslaught of Westernization. • The Iranian regime considers cyberspace a geopolitical as much as a domestic policy realm. Surveillance and censorship are simultaneously tools of suppression and a means of national defence. Ronald Deibert Director, the Citizen Lab and the Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto (416) 946-8916 PGP: http://deibert.citizenlab.org/pubkey.txt http://deibert.citizenlab.org/ twitter.com/citizenlab r.deib...@utoronto.ca -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cryptography super-group creates unbreakable encryption
When I say million, I always mean billion... On Fri, Feb 15, 2013 at 1:35 PM, Adam Fisk a...@bravenewsoftware.org wrote: At the risk of getting swept up in this by consciously saying something unpopular, I want to put my shoulder against the wheel of the open source process produces more secure software machine. The reasons for software licensing are complex, as we all know, but I'm certainly more confident in the overall security of silent circle in its first release than I was in the overall security of cryptocat 1. Why? Because there are much more experienced people involved (not meant as a jab Nadim - PZ had about a 25 year head start if not more) and also because they have judiciously sought the review of experts prior to release. If you have to choose between open and closed in terms of the potential for building a secure architecture, of course open is overall better, but there are many other factors at play, including the resources and expertise an organization is able to devote to the problem. Apple, for example, has an overall great security track record, with most of that code closed source. Having $100 million in the bank helps. A lot. It helps a lot more than the license. In fact the overall number of eyes on the code is likely the more relevant factor - the precise area where open source ostensibly scores such a resounding victory, but only if in fact more experienced eyes review the code than they do comparable closed source systems. It just seems healthier to recognize this is a complex issue, and I don't think reducing it to open versus closed source does that complexity justice. -Adam On Wednesday, February 6, 2013, Nadim Kobeissi wrote: What I'm trying to point out is that Silent Circle can call itself a super-group creating unbreakable encryption, market closed-source software towards activists, and some experts will still speak out for them favourably. NK On Wed, Feb 6, 2013 at 11:21 PM, Brian Conley bri...@smallworldnews.tv wrote: C'mon Nadim, that's a bit of a cheap shot, no? Do you disagree fundamentally with anything he said there? Brian On Feb 6, 2013, at 19:56, Nadim Kobeissi na...@nadim.cc wrote: Chris Soghoian gives Silent Circle's unbreakable encryption an entire article's worth of lip service here, it must be really unbreakable: http://www.theverge.com/2013/2/6/3950664/phil-zimmermann-wants-to-save-you-from-your-phone NK On Wed, Feb 6, 2013 at 10:49 PM, Brian Conley bri...@smallworldnews.tv wrote: I heard they have a super secret crypto clubhouse in the belly of an extinct volcano. Other rumors suggest they built their lab in the liberated tunnels beneath bin ladens secret lair in Pakistan... Sent from my iPad On Feb 6, 2013, at 19:42, Nadim Kobeissi na...@nadim.cc wrote: Actual headline. http://www.extremetech.com/mobile/147714-cryptography-super-group-creates-unbreakable-encryption-designed-for-mass-market NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Sent from Gmail Mobile -- Adam pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Blogger who initiated Bangladesh's Shahbag movement killed
For more info, contact @halderbuddha. YC http://bdnews24.com/bangladesh/2013/02/15/shahbagh-protest-nonstop Shahbagh back to 24-hour protest Demonstrators demanding death sentences for all ‘war criminals’ announced that they were reverting to nonstop protests occupying Shahbagh intersection after one of their men was killed in Dhaka on Friday. The announcement came barely six hours after a decision to limit their demonstrations to seven hours every day. Imran H Sarker, one of the initiators of the unprecedented movement, made the announcement around 11pm at the Ganajagaran Mancha after a blogger active in the 11-day long protest was hacked to death near his house. “We’ve been hit. One of our bloggers has been murdered in Mirpur. In this situation, we cannot return from the streets and we won’t,” he said. Ahmed Rajib Haider, 26, an architect who used to blog with the nickname “Thaba Baba (Claw)”, was found dead in Mirpur’s Pallabi in the evening. Haider had been actively taking part in the demonstrations at Shahbagh. The demonstrators demanded authorities arrest the murderers without any delay and punish them. Around 12:30am on Saturday, from the Ganajagaran Mancha Imran Sarker demanded authorities ban the ‘Sonar Bangla’ blog which had been issuing life threats over the past four days and arrest everyone associated with the blog. The protesters have asked everyone to sport black badges on Saturday protesting the murder. They have also announced to hold Haider’s namaz-e-janaza in the afternoon at the intersection. The demonstrators also took a vow to thwart the Jamaat-e-Islami’s countrywide shutdown for Monday. Earlier the day, the protesters announced seven-hour protest rallies every day from Friday’s ‘Jagaran Samabesh’, or the Uprising Rally. However, several organisations campaigning for execution of war crimes perpetrators rejected the seven-hour protest plan saying it was a ‘betrayal’ of the spirit of the movement. They declared to press ahead until the demands were met. The organisations that took the staunch stand are Shahid Janani Jahanara Imam Squad, Tirandaz, Slogan 71 and Theatre Art Unit, Dhaka University Shikkharthhi Odhikar Mancha, Natyabed, Mubiana Film Society, Chhobir Haat and Shahbagh Cyber Judda. Even many of the bloggers, who had initiated the movement, also announced that they will not leave the streets just about now. One of the factors fuelling that determination is the widespread belief that things have simply gone too far to turn back now. Around 10pm, a procession by youths circled Shahbagh and the surrounding areas chanting slogans urging everyone to continue demonstration until Jamaat was banned. The news of Haider’s murder stirred the demonstrators who in slogans pledged to persist with their demonstrations. Sarker then went to the stage and announced round-the-clock demonstration instead of daily seven-hour agitations. The demonstrators observed a minute’s silence in the memory of the deceased online activist. The announcement came after 11 days of round-the-clock demonstrations since Feb 5, when the International Crimes Tribunal-2 sentenced Jamaat leader Abdur Quader Molla to life in prison for crimes against humanity during the War of Liberation in 1971. Meanwhile, around 100 students studying in Sweden’s Lund University and Malmo University paraded the streets expressing solidarity with the Shahbagh movement. They took out a nearly two-and a-half-hour long procession around 3pm local time in the Malmö city braving freezing cold. They also held a candlelight vigil on Thursday. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Cryptocat is Hiring: Looking for mpOTR developers
Cryptocat Development Blog post: https://blog.crypto.cat/2013/02/mpotr-developer-were-hiring/ We’re pleased to announce that Cryptocat is looking to hire an mpOTR developer to work full-time on the development of an mpOTR specification, based on Dr. Ian Goldberg’s researchhttp://www.cypherpunks.ca/~iang/pubs/mpotr.pdf and the notes we have so far https://github.com/cryptocat/mpotr. mpOTR will be the first multi-party version of Off-the-Record messaging — it will benefit not only the Cryptocat project but will create a world standard that can be used by projects everywhere. What we’re looking for: - Expertise in cryptography specification writing and engineering, - Experience with the development and implementation of cryptographic messaging protocols. The requirements are few but set a high standard. Please contact na...@crypto.cat if you would like to apply. We’re looking forward to hearing from you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] FBX Server/Client Communication Model and Threat Modeling
Hi folks, here's an active question that I'd appreciate your input on. What is an appropriate threat-model for the FreedomBox's client-server communications? Please discuss on list or feel free to add to the FBX wiki: http://wiki.debian.org/FreedomBox/ClientServerCommunication This question has a number of obvious answers, but keep in mind the project's end-goals: to bring communication freedom to as many folks in as many situations as possible. To that end, what are appropriate compromises between server and client security, accessibility, and availability? It seems to me that client devices fall into one of two basic categories: 1. Those on which the user has root privileges and fully trusts (like their own laptop, running a fully free operating system and BIOS, in which no mal/spy/inscrutable-ware exists). 2. Those on which the user doesn't have root privileges and therefore can't fully trust (an iPhone, a laptop with non-free software and/or binary kernel blobs, a desktop with a non-free BIOS). I've illustrated the fact that there's a range of trustworthiness, though I don't know how to meaningfully measure this quantitatively (I'd like to survey and classify devices, but I don't know how to massively and remotely detect un-trustworthy or malicious software, suggestions are welcome). At this point, I'm worried about secret key (identity) material. This, being the most important and secret of data, can teach lessons that can be applied to nearly all other data. I'll start by throwing out a few more directed questions to start off the discussion: 1. Who can be trusted with which secret key material? 1.A. Can servers be trusted with the client's key? 1.B. Which clients can be trusted with parts of the server's key? 2. In what ways is it acceptable for devices to give up which secrets? For example, is it acceptable if the client's secret key be exposed when the box is rooted by attackers? (Probably not, but that does let the host act as a trust proxy without relying on subkeys, or other weird yet conceptually interesting trust models). 3. What is the client application delivery model? Is it: 3.A. Browser-based interaction between client and server? 3.B. Browser-plugin-based interaction? 3.C. Appstore-based interaction? Thanks for your time, Nick -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech