Re: [liberationtech] New Twitter transparency report
On Wed, Jul 31, 2013 at 03:10:42PM -0500, Anthony Papillion wrote: orders. We believe it?s important to be able to publish numbers of national security requests ? including FISA disclosures ? separately from non-secret requests. Unfortunately, we are still not able to include such metrics. The day they will be permitted to, it will no longer be relevant. Why make civilians feel uncomfortable day-in day-out if you can PRISM a copy of the entire private traffic of direct messages etc and include it into your XKeyscore search engine? Personally, I wonder what would happen if firms banded together and simply said 'screw it, we're publishing everything short of usernames and investigation details? If a majority of firms did this, how would the government respond? With more PRISM. Don't expose to private companies how much you are using their data. Just grab it all and throw it at your real-time indexer. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download
On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: verification is the least secure method, to the download page? (You can see the design here: [3]) A: 1 in ~11 users. Actually [3] is the same URL as [1]. standards. However, while the number of downloads didn't decrease, the number of signature downloads significantly increased. Which is a good Well, that sample is actually a bit too small for any conclusion. However, I am interested in the change you made. However, 10% is the the number I remember from the times I kept and analyzed download logs. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download
Quoth Werner Koch: On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: verification is the least secure method, to the download page? (You can see the design here: [3]) A: 1 in ~11 users. Actually [3] is the same URL as [1]. 3 should be this: [3]: http://www.webcitation.org/6IX5bl92D -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PassLok updated based on feedback from LiberationTech
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Francisco, On 30/07/13 23:09, Francisco Ruiz wrote: 4. A revamped Key strength meter, which won't give a perfect score until the user has appended his/her email to the Key. This is to combat a powerful attacker (like the NSA) who might be able to make a rainbow table containing public keys for a whole dictionary's worth of likely private keys (Thanks, Michael; not quite the same as adding a random salt, but I think this achieves the objective without inconveniencing the user too much). This is a neat solution to increase the difficulty of dictionary attacks without increasing the burden on the user's memory. However, I'm still concerned that dictionary attacks (without rainbow tables) would be quite easy to carry out. See the following article, for example, which describes current techniques for cracking salted passwords: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ I'd recommend using PBKDF2 or scrypt with a high iteration count to increase the cost of dictionary attacks. Perhaps the iteration count could be determined automatically using your password strength estimation algorithm, so weaker passwords would use more iterations? Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR+kNXAAoJEBEET9GfxSfMYnMH+wRWKY+gPIPyWGMyWhQkuOCb 5LtGHNnyJoCuvBN8z563HF8gjaMIDcsi6r4Z9qoBKh47Q3DN6WgAOqB13brKKBg0 VhfcjgGW8sRpvw1FGRUgg+O91ZQg+KsmvBjQetQ+u7HSj2TomreN1HV9UJWbNFUr QwYzzhXs7DoXCGkrBwfOLqNIh2CrygPrBcP77PMTCc+NdmLm5mpLd5e1N8UAiL1u ZKiBQUU7zknmRayjRbr4EjqEotQ41dTpjICcrAvRBxD5n5kz5sule/J+F6WiYDRA Yk8LcQOQmXFmMdUWPKaC1NZCyPZGiaQGWcD7n/l6fk1bzX0ZD0gpNv5vFye4XYk= =mPeB -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] FreedomHack hackathon in DC to build tools for citizen reporters in Mexico
I'm not the organizer of this event, but I am sure it will go beyond DC-based events. I believe this is the CommunityRED kick off event and it is in DC because the founder, Shauna Dillavou, is here and she is partnering with some other DC orgs. I've let her know about libtech and hopefully she will join soon to talk about it. Were you thinking other city-based hackathons or maybe a virtual one? Kirby Plessas President and CEO Plessas Experts Network, Inc. 202-684-8101 202-403-3528 (fax) On Wed, Jul 31, 2013 at 10:20 AM, Kyle Maxwell ky...@xwell.org wrote: Do you have plans for future efforts to include non-DC-located hackers? On Wed, Jul 31, 2013 at 9:05 AM, Kirby Plessas ki...@plessas.net wrote: FreedomHack is a hackathon put together by CommunityRED along with Amnesty International and Cont3nt.com with the aim of building digital tools to aid citizen reporters in Mexico. Mexico is consistently rated as one of the most dangerous places in the world for reporters, due to violence and targeting from drug cartels. The tools developed during FreedomHack will capitalize on existing open source goodness to help journalists report stories anonymously and securely - a total necessity for more reporting of corruption in government and cartel-related violence. This is an excellent opportunity to launch the good work of CommunityRED, which provides digital safety for journalists, activists, and citizen journalists in conflict zones. If you like open source stuff, tech for good, or just plain doing good, come join us! Oh yeah, use this link for a 100% discount: http://freedomhack.eventbrite.com/?discount=TLM4EVER (It's free! Of course.) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] // KillPacket: Android implementation, reference code //
Hi list, I've put together a reference Android application, following up from the earlier thread 25/02 The 'Kill Packet' - feedback wanted. //-- KillPacket v0.1 Android tool and server side code. Proposal and reference implementation This project was started to address a hypothetical case one has volatile data on a remote machine that needs to be removed as fast and as discretely as possible. In such situations opening up a laptop and logging in via SSH, an SFTP/FTP browser etc may simply be too slow. Rather, it would be more convenient to long-press a single button on your phone that sends a network packet to the server, triggering a script that proceeds to delete your data and/or back it up to another trusted server. It is considered this functionality may be of use to journalists, activists and others believing that their data may be under threat of physical seizure and have only the phone in their pocket to do something about it. Someone sniffing on the wire will indeed see a string, the ‘kill signature’, going out in the clear to the remote server at the given port. They will see no other information. If the packet is blocked, captured and sent by an opponent, they do the work for you. If it is simply blocked, your data sees another day. Only a person with ssh access to the server can modify the kill signature, define target directories for deletion and set the port. This preliminary (read ‘alpha’) implementation utilizes ‘socat’ for network packet capture on the server side and a hand-rolled Android application for the client. While functional, it is only intended for testing and study toward the ends of releasing a finished application. DISCLAIMER: Nothing beats good disk encryption on the server side. //-- Project page: http://julianoliver.com/output/kill-packet GitHub repo: https://github.com/JulianOliver/KillPacket Feedback, commits, merciless criticism gladly accepted. Cheers, -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.
On Wed, Jul 31, 2013 at 02:29:20PM -0700, Steve Weis wrote: I don't really see a practical use case for one-time pads. You have to assume that you can securely deliver the pad to someone in advance of any other communications. This is the key management problem. If I want to secure a 10MB/day channel, I have to deliver a 64GB microSD card to my correspondent every 150 years. Not significantly worse than any other cryptography key management problem (most of which, in practice, for truly paranoid users, turn into a physical transaction). Then someone may force you to exhaust your pad bits by corrupting or dropping messages in transit. An attacker with control of your wire can deny you service. News at 11! What cryptosystem does not have this property? Regardless, you could use a one-time MAC on the ciphertext. Here are some lecture notes on the topic: http://cs.nyu.edu/~dodis/randomness-in-crypto/lecture1.pdf Thanks for the link, that looks very helpful (although too dense for me to absorb quickly right now). For each message, you will need to uniformly sample a pairwise-independent hash function to compute an authentication tag. That hash function will either limit the max size of your message to the domain of the function, or you will need to use a message digest function and uniformly map its output into the domain of the hash. For my 10MB/day channel usecase, a 2x ciphertext expansion and 2x pad consumption factor is acceptable, which I am pretty confident can provide a information theoretic probabilistic message integrity guarantee to coin a phrase. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.
On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: Since a OTP depends critically on never using the same pad to encrypt multiple plaintexts, it conversely also depends on the same pad only decrypting a single ciphertext. If a onetime implementation implements a decryption oracle, an attacker can almost certainly leverage multiple decryption attempts with timing or error discrimination to break the pad entirely. Sorry, meant to add -- therefore, it's important that onetime record that a given range of pad is consumed *on decryption* and is only used, thereafter, to decrypt the identical ciphertext. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Successful experiment boosting the number of users using OpenPGP verification for file download
Werner Koch: On Wed, 31 Jul 2013 19:30, adrela...@riseup.net said: verification is the least secure method, to the download page? (You can see the design here: [3]) A: 1 in ~11 users. Actually [3] is the same URL as [1]. Sorry about that. [1]: www.webcitation.org/6IWk5h4E9 [3]: www.webcitation.org/6IX5bl92D standards. However, while the number of downloads didn't decrease, the number of signature downloads significantly increased. Which is a good Well, that sample is actually a bit too small for any conclusion. You can argue the results away pointing out many violations in scientific methods. Just check the different page designs and imagine if that could work, if the answer is yes and you are up for an experiment yourself, try. :) However, I am interested in the change you made. However, 10% is the the number I remember from the times I kept and analyzed download logs. Old [1]: www.webcitation.org/6IWk5h4E9 New [3]: www.webcitation.org/6IX5bl92D -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NSA Xkeyscore VPN reference question
The pdf Xkeyscore document listed on the Guardian website ( http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data ) makes a reference on how the NSA can potentially decrypt VPN traffic and user data. Is there a sense on what this could mean? Are they talking about PPTP-based VPNs, OpenVPN, or any VPN protocols in use today? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA Xkeyscore VPN reference question
Well, we know MS CHAPv2 is totally broken... and people are probably still using it -- Tony Arcieri -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA Xkeyscore VPN reference question
..on Wed, Jul 31, 2013 at 06:29:32PM -0400, h0ost wrote: The pdf Xkeyscore document listed on the Guardian website ( http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data ) makes a reference on how the NSA can potentially decrypt VPN traffic and user data. Is there a sense on what this could mean? Are they talking about PPTP-based VPNs, OpenVPN, or any VPN protocols in use today? It looks very bogus to me precisely because it's so general, like aspects of some other slides. Perhaps the slide is a where we want to be in 5 years rather than what we can do now. Perhaps the slide is from a pitch for more funding rather than a walkthrough of capability. Cheers, -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Rural Mesh Network Design Using MPs and NS2s
From: matt.bow...@ewb-uk.org Later this year I will be travelling to Nepal to implement a mesh network and I am hoping that you might be able to give me a helping hand. My network will provide 14 schools with internet access and VOIP. I intend to use 3 NS2's for the basestation with a single MP or NS2 mounted at each school. The 14 schools will act in a mesh. Connected via Ethernet to each school node will be a further MP acting on an independent channel. This MP will feed a local computer via Ethernet and will also provide a local wifi hot spot for users in the school. Each school is a central hub for the community and I hope that eventually they will expand the network by adding further MPs to form a local mesh neighbourhood around each school. RadioMobile indicates my links are feasible and all seems well. Except I'm confused with some basics: - MPs come with SECN 1.1 installed. What SECN version should I therefore install on the NS2's? Doesn't appear to be an equivalent in download.villagetelco.org - I want to implement a server to visualise the network, provide user accounts and billing - which server package is best for this? Is the VT Server now excluded because I am using SECN? - Finally, the latest Ubuntu version is 12.94LTS or 13.04. Should I definitely use 10.04 as advised in the wiki pages? I hope I'm not repeating covered ground, any help much appreciated. Matt -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.
On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson a...@hexapodia.org wrote: On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: Since a OTP depends critically on never using the same pad to encrypt multiple plaintexts, it conversely also depends on the same pad only decrypting a single ciphertext. If a onetime implementation implements a decryption oracle, an attacker can almost certainly leverage multiple decryption attempts with timing or error discrimination to break the pad entirely. Sorry, meant to add -- therefore, it's important that onetime record that a given range of pad is consumed *on decryption* and is only used, thereafter, to decrypt the identical ciphertext. If this is true in a strict sense, it means that any protocol that use retransmission is incompatible with OTP. Alexander -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA Xkeyscore VPN reference question
On Thu Aug 1 12:26:59 2013, Julian Oliver wrote: It looks very bogus to me precisely because it's so general, like aspects of some other slides. Perhaps the slide is a where we want to be in 5 years rather than what we can do now. Perhaps the slide is from a pitch for more funding rather than a walkthrough of capability. Well, the last slide (p. 32) has a future work statement that includes other stuff (like VOIP). The exact language from this slide says, Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users Not clear to me what startups is... new companies? new sessions? Are they decrypting the stream or just enough VPN session metadata to discover the users (like originating tunnel IP address or something rather than the VPN's IP). :/ Pretty unclear to me. best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.
Comments inline... On Thu, Aug 1, 2013 at 7:58 AM, Andy Isaacson a...@hexapodia.org wrote: Then someone may force you to exhaust your pad bits by corrupting or dropping messages in transit. An attacker with control of your wire can deny you service. News at 11! What cryptosystem does not have this property? With a one-time pad, the attacker only needs to deny service for a fixed amount of messages until you run out of bits. Regardless, you could use a one-time MAC on the ciphertext. Here are some lecture notes on the topic: http://cs.nyu.edu/~dodis/randomness-in-crypto/lecture1.pdf Thanks for the link, that looks very helpful (although too dense for me to absorb quickly right now). Here are a couple more lecture notes that may be relevant: https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf http://www.cs.nyu.edu/courses/fall08/G22.3210-001/lect/lecture11.pdf -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] OneTime 2.0 (beta): one-time pad system.
On Thu, Aug 01, 2013 at 05:22:48PM +0200, Alexander Kjeldaas wrote: On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson a...@hexapodia.org wrote: On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: Since a OTP depends critically on never using the same pad to encrypt multiple plaintexts, it conversely also depends on the same pad only decrypting a single ciphertext. If a onetime implementation implements a decryption oracle, an attacker can almost certainly leverage multiple decryption attempts with timing or error discrimination to break the pad entirely. Sorry, meant to add -- therefore, it's important that onetime record that a given range of pad is consumed *on decryption* and is only used, thereafter, to decrypt the identical ciphertext. If this is true in a strict sense, it means that any protocol that use retransmission is incompatible with OTP. You just have to retransmit the identical ciphertext and you're fine. -andy -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Publishing material smuggled from bad countries
..on Thu, Aug 01, 2013 at 04:17:25PM -0400, Richard Brooks wrote: Got a message from one of my contacts who wants to try to publish information he finds important. He is from a country ranked by Freedom House as not free. I'm a techie and not a reporter. Any idea as to who might be interested (I could contact)? The general region is Sub-Saharan Africa. Cryptome: http://cryptome.org http://cryptome.org/#Cryptome%20PK -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Publishing material smuggled from bad countries
Got a message from one of my contacts who wants to try to publish information he finds important. He is from a country ranked by Freedom House as not free. I'm a techie and not a reporter. Any idea as to who might be interested (I could contact)? The general region is Sub-Saharan Africa. -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] LeastAuthority.com announces a Spy-Proof Storage Service
Dear people of liberationtech: I've read this list for a long time, and I've posted to it occasionally. I'm writing today to tell you about our press release from LeastAuthority.com. Here's the press release in HTML form: https://leastauthority.com/press_release_2013_07_30 Here is the text of it, and following the text I'll explain why we are marketing our service in these terms. This is in response to this criticism from the liberationtech twitter account: “No such thing | http://LeastAuthority.com Announces a Purportedly Spy-Proof Storage Service https://LeastAuthority.com” (https://twitter.com/Liberationtech/status/362913144772890624). --- begin text of press release LeastAuthority.com Announces A Spy-Proof Storage Service LeastAuthority.com today announced Simple Secure Storage Service (S4), a backup service that encrypts your files to protect them from the prying eyes of spies and criminals. “People deserve privacy and security in the digital data that make up our daily lives.” said the company's founder and CEO, Zooko Wilcox-O'Hearn. “As an individual or a business, you shouldn't have to give up control over your data in order to get the benefits of cloud storage.” === Verifiable end-to-end security The Simple Secure Storage Service offers verifiable end-to-end security. It offers “end-to-end security” because all of the customer's data is encrypted locally — on the customer's own personal computer — before it is uploaded to the cloud. During its stay in the cloud, it cannot be decrypted by LeastAuthority.com, nor by anyone else, without the decryption key which is held only by the customer. S4 offers “verifiable end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see. Not only is the source code publicly visible, but it also comes with Free (Libre) and Open Source rights granted to the public allowing anyone to inspect the source code, experiment on it, alter it, and even to distribute their own version of it and to sell commercial services. Wilcox-O'Hearn says “If you rely on closed-source, proprietary software, then you're just taking the vendor's word for it that it actually provides the end-to-end security that they claim. As the PRISM scandal shows, that claim is sometimes a lie.” The web site of LeastAuthority.com proudly states “We can never see your data, and you can always see our code.”. === Trusted by experts The Simple Secure Storage Service is built on a technology named “Least-Authority File System (LAFS)”. LAFS has been studied and used by computer scientists, hackers, Free and Open Source software developers, activists, the U.S. Defense Advanced Research Projects Agency, and the U.S. National Security Agency. The design has been published in a peer-reviewed scientific workshop: Wilcox-O'Hearn, Zooko, and Brian Warner. “Tahoe: the least-authority filesystem.” Proceedings of the 4th ACM international workshop on Storage security and survivability. ACM, 2008. http://eprint.iacr.org/2012/524.pdf It has been cited in more than 50 scientific research papers, and has received plaudits from the U.S. Comprehensive National Cybersecurity Initiative, which stated: “Systems like Least-Authority File System are making these methods immediately usable for securely and availably storing files at rest; we propose that the methods be further reviewed, written up, and strongly evangelized as best practices in both government and industry.” Dr. Richard Stallman, President of the Free Software Foundation (https://fsf.org/) said “Free/Libre software is software that the users control. If you use only free/libre software, you control your local computing — but using the Internet raises other issues of freedom and privacy, which many network services don't respect. The Simple Secure Storage Service is an example of a network service that does respect your freedom and privacy.” Jacob Appelbaum, Tor project developer (https://www.torproject.org/) and WikiLeaks volunteer (http://wikileaks.org/), said “LAFS's design acknowledges the importance of verifiable end-to-end security through cryptography, Free/Libre release of software and transparent peer-reviewed system design.” The LAFS software is already packaged in several widely-used operating systems such as Debian GNU/Linux and Ubuntu. https://LeastAuthority.com --- end text of press release Now, the liberationtech twitter account objected to the term “Spy-Proof”. I have to admit that we hesitated to use that term when writing the press release, because we really don't want to oversell. Some members of our team urged me to replace “Spy-Proof” with “Spy-Resistant” in that press release. I finally decided to go ahead with “Spy-Proof”, and I'll tell you why. The big issue we are facing today is the *automation* and *generalization* of surveillance and control. These systems, while numerous and heterogeneous, are now known to the public under the
[liberationtech] Fwd: The EW Octagon: A way to test Cognitive EW
-- Forwarded message -- From: Brock Sheets - AOC she...@crows.org Date: Aug 1, 2013 10:32 PM Subject: The EW Octagon: A way to test Cognitive EW To: dah...@gmail.com Cc: http://r20.rs6.net/tn.jsp?e=001ApbboAg9oew2IiVvcauCHNznz2RqzY-ds1X8UuvhacyVLCTANrWLP6kWlSltDd77VvjCytgK1zDXMaPME0LJq4RdQF6hEX_J_Ejqzx6KgVJA-kW8du_Et1b_bz1v8Jj-UoF-fnVdVwcBbS1u4JAjFA_dZQ0ZLWHnUpK81WNd7o8CXY5ymHpgu9XkdQeESaiRD8f0EQOHJvP64wDR_sI3C-_QGcRTSclg3r3vXtBlqPwtOSJFqa3XN0mZoj26e7LupqSLOJeP-U1bK4v8B67co0lmzOOrDkT6wtQYikg6GlTNT153AuMzsXqssMupwQ6g1aggEElbhrsBA8PylWhQzNYmLpx6ruh3u86P2ZuyC3pGt0yv4DM-UFvjdIKGQm4pw2pfFdswSpPJ1LHSH3FCimBU11eJz1E-2syK5UqPAynVuiQIG-dgEaEXALv2geJ26nS7PyoR3pMCXXr4TYimU8LeaBJHwgeqdQoXtJk0Qn1eUo_De-jUHobqCK_KoyQLQGzFb5sF_L2kzKKpI8yzNZBYd-jGTtqznlfHpOIckbNZenSOsDxlkaT9AitsoXOtOwBiXvm8H_UYjCrOcR9E-4pNFuFSLQS7mX6se4eDAEuxkCHtQj7KIDAjTWO7Z_Qi7tuS1emRTIBxou7GInfL7W0i9moWDU6_qU436USxLq8R7ikCgfZg9w== Greetings! Please join us for: *The EW Octagon: * *A way to test Cognitive EW* August 22th, 2013 | 1400-1445 EDT Platinum Sponsorship By: http://r20.rs6.net/tn.jsp?e=001ApbboAg9oew2IiVvcauCHNznz2RqzY-ds1X8UuvhacyVLCTANrWLP6kWlSltDd77VvjCytgK1zDXMaPME0LJq4RdQF6hEX_J_Ejqzx6KgVJA-kW8du_Et1b_bz1v8Jj-UoF-fnVdVwcBbS1u4JAjFA_dZQ0ZLWHnUpK81WNd7o8CXY5ymHpgu9XkdQeESaiRD8f0EQOHJvP64wDR_sI3C-_QGcRTSclg3r3vXtBlqPwtOSJFqa3XN0mZoj26e7LupqSLOJeP-U1bK4v8B67co0lmzOOrDkT6wtQYikg6GlTNT153AuMzsXqssMupwQ6g1aggEElbhrsBA8PylWhQzNYmLpx6ruh3u86P2ZuyC3pGt0yv4DM-UFvjdIKGQm4pw2pfFdswSpPJ1LHSH3FCimBU11eJz1E-2syK5UqPAynVuiQIG-dgEaEXALv2geJ26nS7PyoR3pMCXXr4TYimU8LeaBJHwgeqdQoXtJk0Qn1eUo_De-jUHobqCK_KoyQLQGzFb5sF_L2kzKKpI8yzNZBYd-jGTtqznlfHpOIckbNZenSOsDxlkaT9AitsoXOtOwBiXvm8H_UYjCrOcR9E-4pNFuFSLQS7mX6se4eDAEuxkCHtQj7KIDAjTWO7Z_Qi7tuS1emRTIBxou7GInfL7W0i9moWDU6_qU436USxLq8R7ikCgfZg9w== *Presenting the Topic: * Marine EA-6B Electronic Countermeasures Officer, flight instructor at VT-86, *Major Kenneth Beldar Hollinger.* *About the Webinar:* The ability to transmit and receive information to and from nodes on the battlefield can be the key to winning or losing a fight. The EMS is the information pathway of choice in any kind of maneuver warfare. With the exponential increase of sensors on the battlefield, we are quickly running out of maneuver space within the EMS. It is not hard to imagine a scenario where a contest between two adversaries is won or lost solely from the ability to dominate the EMS. The side with EMS dominance will be able to see the battlefield and communicate-while the other side will be rendered blind and dumb. In a contested EMS environment, what is the best strategy to guarantee use of the EMS while denying the enemy the same? Assuming an equal power budget, what strategy will give you the correct mix of sensing, transmitting, jamming, bit checking, and processing to maximize the delta between you and your enemy's ability to make use of the EMS? As strategies and theories for EMS dominance are developed it will be necessary to establish a proving ground in which to test them. *What is the EW Octagon?:* *A concept to create an environment to facilitate the maturation of 'Cognitive EW' -or the ability to autonomously sense and react to what the enemy is doing and dominate the EMS.* The idea is to force two opposing Cognitive EW RF systems to operate within a contested RF band in order to test and develop Cognitive EW strategies. Furthermore, force the systems to operate with a restricted amount of power and enough RF bandwidth to maneuver, but not more bandwidth than each system could take full advantage of. In other words, the 'Octagon' is a set of contest rules, and a contest environment, crafted properly in order to facilitate 'a good fight'. The 'EW Octagon' is a concept that could be a useful tool for developing strategies and technologies that will allow us to maintain EMS dominance in a future, contested EMS environment. *Can't attend live? * The entire presentation and QA will be recorded for viewing at a later date. You can join the conversation and find the link to the recording in our AOC Virtual Series Subgroup on LinkedIn.http://r20.rs6.net/tn.jsp?e=001ApbboAg9oeyaSwla1Q4UMzmWIIhF2JHbP0HnzlHXiHt-GivAmVQuRMFzw-OtPofzcxabsHDAjzuFV0H6P2c-84xfdWfBh7qCU38CuGscKCGYaVSjMcoFdIR5lVzi0_CROINQwyOKfx2wusOjBqNrQIKim9gGITXe8gzofiCVwgY= All participants are welcome to attend the AOC Virtual Series at *no charge*. * *
Re: [liberationtech] My design to implement PGP in commercial email system
*I don't see how this scheme would work with contextual based advertisements? Or maybe you are talking about a premium subscription service that does not rely on advertisements for revenue. (?)* From OP, The only downside of this approach is that email providers are not able to filter spam or provide related Ads based on email content. Even this might be solved in the future because of private outsourced computation Private outsourced computation will let you search Google without revealing to Google what you searched for(thus getting the Ads). However, this cryptography function is still in experiment, for now, Google might provide Geo-location ads or just show ads from users' search history,etc -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Post-doc Fellow Opportunities at the Citizen Lab
Hi Libtech, We pleased to announce two calls for post-doctoral fellows at the Citizen Lab at the Munk School od Global Affairs, University of Toronto. One for a 1 year term (starting October 1 2013) and one for a 6 month term (starting January 1 2014). For both positions we encourage applications from scholars in either technical or social science disciplines with a project in the general thematic areas of Internet governance, information controls (e.g. surveillance and censorship), information security, and human rights. Our past Postdoctoral Fellows have included scholars from the fields of political science, sociology, computer science, information studies, and law. Please see details below and distribute widely: *Citizen Lab Postdoctoral fellowship (1 year term)* Posting here: https://citizenlab.org/2013/08/citizen-lab-postdoctoral-fellowship-2013-2014/ The Citizen Lab and Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto are currently seeking a Postdoctoral Fellow to join our group for the 2013-2014 term (start date October 1, 2013 and end date August 31, 2014). Postdoctoral Fellows receive a competitive annual stipend, work space, and staff support. They will become members of a vibrant community of faculty, postdoctoral researchers, and students with wide-ranging interests in information communication technologies, human rights, and global affairs. We encourage applications from either technical or social science disciplines with a project in the general thematic areas of Internet governance, information controls (e.g. surveillance and censorship), information security, and human rights. Our past Postdoctoral Fellows have included scholars from the fields of political science, sociology, computer science, information studies, and law. *Eligibility* Candidates must have completed a doctoral dissertation no more than three years prior to the submission of the Fellowship request or the anticipated date of receiving PhD degree prior to the start of the Fellowship (Fall 2013). *Application Procedure* Applications should include the following: A three-page (maximum) description of proposed research that identifies clearly the relationship of their research to the research agenda of the Citizen Lab. Include page numbers and applicant name on each page; Statement of interest and curriculum vitae (CV). Include page numbers and applicant name on each page. The above mentioned documents should be sent in PDF format to info [at] citizenlab.org with the subject line “PostDoc 2013-2014” by August 31, 2013. Letter of recommendation from a doctoral supervisor. The recommendation letter from a doctoral supervisor must be sent in a sealed and initialed envelope addressed to: Professor Ronald J. Deibert Citizen Lab, Munk School of Global Affairs, University of Toronto 315 Bloor Street West Toronto, Ontario, M5S 1A3 Canada The postmark deadline is August 31, 2013. Incomplete or late applications will not be considered. We will send notification by email on or before September 15, 2013. The start date of the Fellowship is October 1, 2013. For further information, please contact info [at] citizenlab.org. *Munk School Postdoctoral Fellowships (6 month term)* Posting here: https://citizenlab.org/2013/08/munk-school-postdoctoral-fellowships-2013-2014/ The Munk School of Global Affairs attracts top researchers in global affairs and has three research labs actively engaged in innovative, interdisciplinary work: The Citizen Lab deals with cyber security and cyber governance; The Innovation Policy Lab deals broadly with the impact of policy on innovation and the demand side of the innovation equation; The Global Justice Lab deals broadly with social science research on global justice institutions and human rights regimes. *Description* The Munk School currently have two six-month opportunities for scholars to work in the Citizen Lab (see below) and the Global Justice Lab (see below). Successful applicants will work in one of these laboratories, assisting the director of the lab, advancing their own research, and teaching as appropriate under University regulations in one of the academic programs at the Munk School. Fellows will receive a taxable stipend of C$20,000 for the six month period as well as work space and staff support. They will become members of a vibrant community of faculty, post-doctoral researchers, and graduate students. *Application Procedure* Application package should include: Application letter, signed and dated by the applicant linking proposed research to the research lab they wish to join. The applicant should provide complete contact information by filling out the postdoctoral information form [pdf] and attach it to the letter. A three-page (maximum) description of proposed research that identifies clearly the relationship of their research to the research agenda of their chosen lab – with page numbers and applicant name
Re: [liberationtech] CJDNS hype
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Caleb, On 01/08/13 17:20, Caleb James DeLisle wrote: At this point, Alice knows that Carol is real in the sense that someone owns Carol's private key and uses it to respond to pings. But Alice has no way to determine whether Bob and Carol are actually the same person. In other words, Alice can't tell whether Carol is a Sybil. Correct. So if Alice can't tell whether Carol's a Sybil, presumably Alice can't avoid sharing information about Sybils when sharing routing table entries. So people who trust Alice to be honest and diligent can't trust her to give them non-Sybil routing table entries. To rephrase, given the architecture, I don't know of any attack which would be effective enough to warrant specific defenses. Of course changing IP addresses to send SMTP spam or evade IRC bans could be considered a sybil attack. I was thinking of more subtle attacks, such as dropping (some or all) data packets while responding correctly to pings. Sybil identities would serve two purposes in such an attack: filling as many routing table slots as possible with attacker-controlled identities, and evading fault detection by replacing any identities detected as faulty. Yes, I agree that detecting and dropping faulty nodes is pointless as long as there's no limit on the creation of identities. This is not true. If I want to ban you, I won't express the ban as your key where you can just make another, I'll express it as your peer's key and the interface index which is used to get from him to you. This way you can ban sybil edges if you can identify them. That's a big if. Do you currently have a way to detect Sybil edges? Returning to the example above: Alice's friend Bob tells her about his friend Carol. Alice can't tell whether Carol's a Sybil. So if Alice detects (somehow) that Carol is misbehaving, should she (a) ban Carol, (b) ban the edge from Bob to Carol, (c) ban Bob, or (d) ban the edge from Alice to Bob? If it turns out that Carol is a Sybil created by Bob then (a) and (b) are a waste of time - Bob can just create a new Sybil. If it turns out that Carol wasn't created by Bob then (c) and (d) are collateral damage: the attacker has caused a genuine node or edge to be banned. Alice doesn't know whether Carol was created by Bob, so whatever action she takes is useless at best and harmful at worst. The non-forwarding node attack does concern me since it's hard to identify but again it is a physically local attack. The cjdns implementation conservatively forwards to the physically nearest node which makes any forward progress in address space and since the routing table is heavily duplicated, I'm likely to get to the destination long before I reach a non-forwarding node. Sorry, I don't understand how forwarding to the physically nearest node at each hop will help to avoid faulty nodes. It seems like you're assuming that by minimising the physical distance covered by each hop, you can reach the destination without ever travelling physically far from the source. But in the general case that can't be true, because the destination may not be physically close to the source. Furthermore, the source and destination are at random points in the address space, and every hop must make progress in the address space. So even if the source and destination are physically close together, there's no guarantee that there's a path between them where every hop makes progress in the address space while remaining physically close to the source. What's more, the routing algorithm doesn't even try to find such a path - it tries to find a path where every hop makes progress in the address space while remaining physically close to the *previous hop*. The difference is significant: if I walk without ever stepping far from my previous step, I can still end up far from where I started. So I'm not convinced that the routing algorithm avoids passing through nodes that are physically distant from the source. After looking over the first couple pages of Eclipse Attacks on Overlay Networks: Threats and Defenses I can see a tablespace exhaustion attack based on answering every DHT query with a fake node which is numerically very close to the target. Unless they're physically close to the victim they won't normally be routed to but they will take up space in a size limited table which would reduce the duplication of the routing table causing packets to be routed further and making localized sybil attacks have a wider reach. This attack, as with many others, depends on the implementation of cjdns. Because there are hard rules preventing loops, we could adopt a new table population algorithm which favors physical diversity of nodes, mitigating this and other sybil type attacks without breaking the cjdns protocol. Could you explain how favouring physical diversity of nodes would mitigate eclipse attacks and Sybil attacks? Cheers, Michael
Re: [liberationtech] Publishing material smuggled from bad countries
Hi Richard and Libtech, I am a journalist with WhoWhatWhy, a NYC-based nonprofit. Here is one of my articles for them in conjunction with which WikiLeaks published new Stratfor emails: http://whowhatwhy.com/2013/07/17/are-mexican-drug-lords-the-next-terrorist-targets-a-who-exclusive-series-part-i-of-iii/ If the information relates to the current Zimbabwe elections, I might be interested or may be able to get the information looked at by activists who are interested in them. I can use PGP, OTR, etc. Otherwise, the earlier suggestion of Cryptome is a good one. Thanks, Douglas +1 817 343 7174 On 08/01/2013 03:17 PM, Richard Brooks wrote: Got a message from one of my contacts who wants to try to publish information he finds important. He is from a country ranked by Freedom House as not free. I'm a techie and not a reporter. Any idea as to who might be interested (I could contact)? The general region is Sub-Saharan Africa. -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] WC3 and DRM
On Wed, Jul 31, 2013 at 10:48:59PM -0700, Steve Weis wrote: I think what you're saying was true in the past, but the game is changing with modern hardware. There have been advances in CPU features that make it possible to reduce the trust perimeter to just the CPU and TPM. If I trust those two components, I can privately compute on remote hardware, even if you have physical access and time. If my computation involves sending video out to a device in the clear, then yes, you'll get that video. So, this doesn't help with traditional DRM. But it does help protect me when I run in environments outside my control, e.g. in infrastructure-as-a-service. I'm not sure I can see scenarios that involve local I/O which give you much protection, but I bet I can be surprised. Note, if an adversary can subvert the CPU itself, you lose. There are also known flaws in TPM specs and implementations, although these have a higher bar to exploit than other low-cost physical attacks. One part of this is definitely what guarantees can be made -- early TPM work was very specific that if you have physical access, all bets were off, and I don't think I've seen anyone who is comfortable relaxing that constraint. Fortunately, there are some interesting CPU features in the pipeline which may eliminate the dependency on TPMs completely. I can take it off-list if you want to discuss further. I'd be really interested, and we can maybe summarise a little back to the list. EFF's tech expertise is more highly distributed right now across Amsterdam and Nevada than usual, but it might make sense to meet soon to discuss some of these developments. Local and cloud security has never looked so precarious, nor attacks more well-funded. d. On Wed, Jul 31, 2013 at 7:32 PM, Danny O'Brien da...@eff.org wrote: Of course, such remote attestation/control works as well for privacy-preservation as it does for DRM -- not very. If you *have* the data, you can do whatever you want with it. My computer can attest all it want, but if I want that video or that cable, I'll get it. Indeed, I already *have it*. all you're doing is determining the process by which I'll obtain a reproducible copy. It's not even that quantifiable as a cost, because we're already assuming I have physical access and time enough. -- International Director, EFF | +1 415 436 9333 x150 | 815 Eddy Street, SF, CA 94109 -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech