Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
Firstly: I agree with you in principle but these tools need to be available to all. Technology is not used in a sterile, hygienic environment, it is used on the streets, by people who can't write, who use it for their purposes, not necessarily the purpose it was invented for. Hence I disagree with you in practice. ;) Erik de Castro Lopo mle+l...@mega-nerd.com wrote: Bernard Tyers - ei8fdb wrote: Stefan: Why not? For verification, OpenPGP on smartphones is *possibly* ok. For a device used to sign or encrypt smartphones are totally inappropriate regardless of the potential convenience. Given a choice between some level of security and no level of security, users will take the first option, if it makes sense. You can't make people jump through hoops to be totally secure. They will refuse, particularly if they are not security experts. No such agency and the like are almost certainly able (with the help of carriers and manufacturers) backdoor and exploit all the major smartphone brands and models [0]. If the user is not a person if interest to certain US government agencies, then that threat may not be applicable? Smartphones are horrendously complex, rely heavily on untrusted binary blobs, have mutiple CPUs some without direct owner/user control (eg the CPU doing the baseband processing) [1]. I agree with your points about running untrusted binaries and lack of user control. Firefox OS (OS level at least) is open source, right? Cyanogenmod is open source, right? Currently these devices are impossibly difficult to secure. Is the point not securing it 100% (as this is an impossibility). The point is what level of security the user needs to apply. Applying the level of security according to their threat-model. If I am a user at risk of arrest in country_X which has a nasty government, the NSA is not going to assist said nasty government. My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail. If I can use any tool to protect myself from them, isn't it worth seeing that tool exist? Bernard. Erik [0] http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html [1] http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17-01-2011/ -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Sent from Kaiten Mail. Please excuse my brevity.-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
Bernard Tyers wrote: Firstly: I agree with you in principle but these tools need to be available to all. Technology is not used in a sterile, hygienic environment, it is used on the streets, by people who can't write, who use it for their purposes, not necessarily the purpose it was invented for. I do agree, but its important to note that smartphones offer a significantly higher risk than say laptops. Smartphones are horrendously complex, rely heavily on untrusted binary blobs, have mutiple CPUs some without direct owner/user control (eg the CPU doing the baseband processing) [1]. I agree with your points about running untrusted binaries and lack of user control. Firefox OS (OS level at least) is open source, right? Cyanogenmod is open source, right? Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Compare this with a laptop. If you buy a new laptop and are sufficiently paranoid you can use widely available software tools to monitor all network connections from that laptop to the wider internet. My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail. If I can use any tool to protect myself from them, isn't it worth seeing that tool exist? As long as you are aware of the limitations. Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On Fri, Sep 13, 2013 at 06:39:35PM +1000, Erik de Castro Lopo wrote: Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Baseband processors leave the system wide open to all kind of attacks. Countermeasure would be running the 2G/3G/4G stack in an open source SDR radio, or using an open source VoIP device that connects by WLAN to a MiFi, which is considered part of the untrusted Internet. The open source WLAN VoIP handset is more difficult than it appears. In practice you'll have to use e.g. Jitsi with an USB headset on a portable computer. Not exactly painless, and it opens you up to system compromises. If anyone is aware of suitable dedicated hardware, I'd be thankful for pointers. Compare this with a laptop. If you buy a new laptop and are sufficiently paranoid you can use widely available software tools to monitor all network connections from that laptop to the wider internet. My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail. If I can use any tool to protect myself from them, isn't it worth seeing that tool exist? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
Il 9/13/13 10:39 AM, Erik de Castro Lopo ha scritto: Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). That's not a good discussion point: Also personal computer run closed source BIOS/UEFI firmware, *exactly* like normal phones. PGP for Mobile Phones is very important. It's already diffused (there are iOS, Android and Blackberry Implementation) trough the use of third party application. This is a unique opportunity to have a mobile operating system that run by default a OpenPGP secured mobile client without third party application. I remind everyone that: - HKP PGP key servers are starting supporting HTTP/CORS request - OpenHKP Javascript library can interacti with that This will finally enable Javascript application to full interoperate within OpenPGP world, from Web and Mobile environment over HTTPS. I really feel that 2014 is going to be a year plenty of good news for massive adoption of end-to-end encryption :-) -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On 13 Sep 2013, at 09:39, Erik de Castro Lopo mle+l...@mega-nerd.com wrote: Bernard Tyers wrote: Firstly: I agree with you in principle but these tools need to be available to all. Technology is not used in a sterile, hygienic environment, it is used on the streets, by people who can't write, who use it for their purposes, not necessarily the purpose it was invented for. I do agree, but its important to note that smartphones offer a significantly higher risk than say laptops. By design though. Is there any reason why (leaving aside business reasons for the moment) why smartphones can't be lower risk? Is there any technical reason why open source (read verifiable, publically auditable) baseband software can't be created for mobile devices? I don't expect it to be easy. Smartphones are horrendously complex, rely heavily on untrusted binary blobs, have mutiple CPUs some without direct owner/user control (eg the CPU doing the baseband processing) [1]. I agree with your points about running untrusted binaries and lack of user control. Firefox OS (OS level at least) is open source, right? Cyanogenmod is open source, right? Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Agreed. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Yep, I'm aware of those baseband attacks. To carry them out you need access to a Node-B (telecoms equipment mobile phones connect to), real or simulated, and advertise to the device to attach to it. Granted, not impossible, beyond the realms of an average radio-network engineer in a government run telco. Possibly Finfisher have a point-and-click tool for it. However, that threat (ie threat of firmware compromises) can be applied to carrier grade IP switch, router firmware also. Making all IP based traffic vulnerable. But again, in my opinion it's down to the what is the level of your threat. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Heh, I used to, but not any more. Compare this with a laptop. If you buy a new laptop and are sufficiently paranoid you can use widely available software tools to monitor all network connections from that laptop to the wider internet. Agreed, but shouldn't those tools be available for mobile devices too? The trend in technology use is moving (it's already there) towards mobile devices. These tools should be available for mobile devices, as this is where people are. Otherwise, they will continue to use cleartext SMS, or worse whatspp, viber, gmail, and unencrypted phone calls. People need these tools to be available. They need to understand how they fit into the kinds of threats *they face*, and where they should not be used. My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail. If I can use any tool to protect myself from them, isn't it worth seeing that tool exist? As long as you are aware of the limitations. I absolutely agree with you on this. This is one area that I see as being an issue at the moment. Most users don't know what they (limitations) are. They are users of the tools, not experts. I use Firefox and HTTPS everywhere, so I'm secure, right…? Developers of these tools need to communicate, in an understandable way, to potential users where the limitations are. Developing a tool and releasing it is wonderful, but you need to communicate where it works and doesn't work. rant I would argue the HRD and NGO people on this list understand threats and threat-modelling better than the technology people, certainly in the offline world. The tech people understand threat-modelling in terms of where and how to use technology. Both groups clearly are in need of each other. The issue is they're talking on different planes. /rant thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On 13 Sep 2013, at 10:04, Eugen Leitl eu...@leitl.org wrote: On Fri, Sep 13, 2013 at 06:39:35PM +1000, Erik de Castro Lopo wrote: Yes, but Firefox OS and Cryanogenmod only control the user facing part of the smartphone. Loading eg Cryanogenmod onto a android phone leaves the software running the radio part of the phone untouched (otherwise the phone would never have passed the regulator auhorities). The second link I posted reported a vulnerability in that software. Secondly these phones connect to the cell phone network and you and I have no tools to examine what happens on that network. Baseband processors leave the system wide open to all kind of attacks. Countermeasure would be running the 2G/3G/4G stack in an open source SDR radio, or using an open source VoIP device that connects by WLAN to a MiFi, which is considered part of the untrusted Internet. The open source WLAN VoIP handset is more difficult than it appears. In practice you'll have to use e.g. Jitsi with an USB headset on a portable computer. Not exactly painless, and it opens you up to system compromises. If anyone is aware of suitable dedicated hardware, I'd be thankful for pointers. You've reminded me of an episode of the RiskyBusiness podcast, I was listening to a few weeks ago with the grugq. He was talking about the small USB powered device the TPLINK MR11U or TPLINK 3040. [1, 2, 3] He does talk exactly about the same issues - seperating your devices (in his case a laptop) from the GSM network using a portal device. He use is however a laptop, not a mobile device. But what he talks about is figuring out what you need to defend yourself against. I was listening to this thinking, if its so easy (The Grugq is using it! It must be secure!) then why isn't everyone using one? I have one on order from a trustworthy Chinese trader on ebay. ;) What I also thought was interesting was his *recommended* approach was buying a pay-as-you-go phone, presumably closed platform, with closed firmware. Secondly his choice of mobile device was *an iPad*! Seriously though, his advice was interesting. Has anyone else heard it? I'd like to hear opsec peoples' opinions. Hope that helps. Bernard [1] http://risky.biz/RB285 or http://media.risky.biz/RB285.mp3 (it starts at ~ 28:00 mins). [2] http://www.amazon.co.uk/TP-LINK-TL-MR11U-Portable-150Mbps-Wireless/dp/B0098AU7HY [3] http://www.amazon.co.uk/TP-Link-TL-MR3040-Portable-Battery-Wireless/dp/B00842KJOS -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/09/13 10:04, Eugen Leitl wrote: Baseband processors leave the system wide open to all kind of attacks. Countermeasure would be running the 2G/3G/4G stack in an open source SDR radio, or using an open source VoIP device that connects by WLAN to a MiFi, which is considered part of the untrusted Internet. The open source WLAN VoIP handset is more difficult than it appears. In practice you'll have to use e.g. Jitsi with an USB headset on a portable computer. Not exactly painless, and it opens you up to system compromises. If anyone is aware of suitable dedicated hardware, I'd be thankful for pointers. The Samsung Galaxy Player (Samsung Galaxy S WiFi in some countries) is essentially an Android phone without a baseband. I believe you can run CyanogenMod on it. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSMuFgAAoJEBEET9GfxSfMN6MH/i9od0mmSAZAC5kxudPAfvbO fqKJ4l9dlxnn/hlBvq0K+B3FPaLuqOQlnY8bxaGi1uMhCVBqiUUBC601Nk+Bv06m MPO1sdpcYbW/cpPNxOqFthiiWpzm3ZR37ycB7gxtwx/AZDGfLGPefZHxX4Hb0Fif 7RIWS8LkYgHkc0JeFURYE/pkE1PZ088KaiTR7RRl4Ya0IZ37U3fmlvP5uahapM0N l7AQQsVog70+8JFNNh4E2PWA6mwLG3MtUfvnvNiP7PBiFYv9i9knOqzczvgU8KXf uZ5yxuLsBtmwOHQsp7KhXZ9SsJR4RkVwYMx9VYBW58lQIJ079a12RYbVAyQ0SGE= =CTO/ -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] JonDonym (was: Security Focused Live Linux Distros)
Eugen Leitl eu...@leitl.org wrote: On Thu, Sep 12, 2013 at 05:08:10PM -0400, John Love wrote: I'm researching security, privacy, and anonymity focused live Linux environments like Liberté Linux, TAILS, JonDoNYM, and Whonix. There's JonDoNYM is backdoored, and hence not playing in the same league. http://en.wikipedia.org/wiki/Java_Anon_Proxy In July 2003, the German BKA[8][9] obtained a warrant to force the Dresden Mix operators to log access to a specific web address, which had been associated with child pornography. AN.ON then decided to introduce a crime detection function in the server software in order to make this possible. I don't think so. According to: http://anon.inf.tu-dresden.de/strafverfolgung/bericht_en.pdf the backdoor was implemented after being politely asked by the LKA Hessen without any legal obligation to do so. The warrant came afterwards and apparently didn't even require the mix operators to enable the already implemented backdoor (due to being based on StPO §§ 100 g and h) but the operators decided to do it anyway. Later on the logged data was handed over to the officials under protest because it was more convenient than potentially getting equipment seized: | To prevent further damage (through searching of institute rooms and | confiscation of institute computers) to the TU Dresden and the project | partners, the logged data was relinquished under protest to the officials. Given that the court decision was already overruled in September, it's unlikely that the seized computers would have been analysed in time (that is, if they were actually seized in the first place). Fabian -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Linux distribution on encrypted USB?
On 12.09.2013 08:54, Brad Beckett wrote: Use a Live USB distro with LOK-IT encrypted flash drives. All crypto and authentication is handed on the drive itself...therefor bootable and works on any OS: I could not find any refference. Only a lot of marketing talk. 1. Which software is used? Is it public reviewable? 2. Which chips are used? Are they reviewed? It's looks like a rather closed solution. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Linux distribution on encrypted USB?
On 12.09.2013 18:12, The Doctor wrote: For folks that have not yet gone poking around inside a copy of TAILS installed on a USB key, Moon refers to the contents of the file filesystem.squashfs Thank for for the detalied description. Very useful. Myself I did not know all that you have written. like tripwire data, or at least some fingerprints and a file list to confirm the libs haven't turn against you overnight. AIDE would be ideal for this, one would think. It is much more lightweight than Tripwire, and could be set to run at boot or login time. I have chosen tripwire because of its «quite obvious» name. But AIDE looks like a better solution. TAILS does seem to be somewhat problematic in this respect. For example, I tried to install a couple of Firefox plugins that I find very useful (Scrapbook and Calomel-SSL, if anyone is interested) and they didn't persist across reboots. A little irritating, but perhaps it's for the best. That's pretty much the answer Tails should not be used as a regular distro. That and Intrigieri's point: before modifying Tails one should know more both about Tails and Debian. I was thinking for my everyday system portable from one computer to another without touching the installed hard drive. The config is different. And I'm afraid to break stuff. This makes me wonder just how much abuse TAILS can really take before it breaks down... Tails is good at what it does. But it's not an universal solution. Poking around distrowatch again I find it discouraging how much junk there is. Maybe hundreds of repacks of nvidia and ati/amd proprietary drivers labeled as «ease of use» and almost nothing on privacy. Than, if people would be interested in privacy there won't be a Snowden talk. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
A global context would be great. I'll ask around on several country region specific lists that i'm on and share the details back on this list. regards Robert -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2013-09-13, at 12:16 AM, Yosem Companys wrote: From: Burcu Bakioglu bbaki...@gmail.com Hi all, I am looking for suggestions on a student friendly reading on surveillance, something that gives the overall picture, and any interesting readings on the latest NSA incident. Having said that, I should note that I have some materials in my hands, I just can't decide what would be engaging in a classroom setting, hence my query... Any experiences on that regard? Many thanks! -- Thanks, Burcu S. Bakioglu, Ph.D. Postdoctoral Fellow in New Media Lawrence University http://www.palefirer.com -- Come to the dark side, we have cookies! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
From a legal perspective, an interesting recent piece is Neil Richards' The Dangers of Surveillance: http://www.harvardlawreview.org/issues/126/may13/Symposium_9477.php On 13 Sep 2013, at 16:09, Robert Guerra rgue...@privaterra.orgmailto:rgue...@privaterra.org wrote: A global context would be great. I'll ask around on several country region specific lists that i'm on and share the details back on this list. regards Robert -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedomhttp://twitter.com/netfreedom Email: rgue...@privaterra.orgmailto:rgue...@privaterra.org On 2013-09-13, at 12:16 AM, Yosem Companys wrote: From: Burcu Bakioglu bbaki...@gmail.commailto:bbaki...@gmail.com Hi all, I am looking for suggestions on a student friendly reading on surveillance, something that gives the overall picture, and any interesting readings on the latest NSA incident. Having said that, I should note that I have some materials in my hands, I just can't decide what would be engaging in a classroom setting, hence my query... Any experiences on that regard? Many thanks! -- Thanks, Burcu S. Bakioglu, Ph.D. Postdoctoral Fellow in New Media Lawrence University http://www.palefirer.comhttp://www.palefirer.com/ -- Come to the dark side, we have cookies! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edumailto:compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edumailto:compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
From: Richard Forno rfo...@infowarrior.org Here are some of the better timelines that describe (w/links to sources/articles) of the NSA surveillance programs. Might be helpful, or at least a decent resource for your students. Timeline of NSA Domestic Spying https://www.eff.org/nsa-spying/timeline Mass Surveillance in America: A Timeline of Loosening Laws and Practices http://projects.propublica.org/graphics/surveillance-timeline How We Got From 9/11 to Massive NSA Spying on Americans: A Timeline http://www.motherjones.com/politics/2013/09/nsa-timeline-surveillance Blog postings articles from folks like Cory Doctorow, Ed Felten, and (especially) Bruce Schneier should be must-reads, IMHO. Hope that helps some. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
From: Greg Wise greg.w...@asu.edu John Gilliom and Torin Monahan's book SuperVision is very student friendly, and a good overview of surveillance issues. I'm teaching it later this Fall. Greg Sent from my iPhone -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On Fri, Sep 13, 2013 at 09:14:27AM +1000, Erik de Castro Lopo wrote: No such agency and the like are almost certainly able (with the help of carriers and manufacturers) backdoor and exploit all the major smartphone brands and models [0]. Smartphones are horrendously complex, rely heavily on untrusted binary blobs, have mutiple CPUs some without direct owner/user control (eg the CPU doing the baseband processing) [1]. Currently these devices are impossibly difficult to secure. I strongly concur: this echoes something I've said before, here and elsewhere. We've already seen code of dubious provenance and nebulous justification (CarrierIQ); I would be very surprised indeed if that was the only such piece of software in the field. And of course smartphone-based malware is epidemic: the app stores are full of it. (Given recent events, I think it's reasonable to wonder how much of that has been authored by miscreants and how much by various governments.) Whatever the origin, it won't be long until that malware is accessible (for a price) to any government on this planet wants it. Perhaps this has already happened. Add to that the unquenchable thirst of (telcos, governments, marketers) for as much data as they can get any time they can get it, and carrying a smartphone can reasonably be viewed as functionally equivalent to wiretapping yourself. (And let's not think for a moment that even allegedly-benign data collection will remain so: it's all within the reach of any sufficiently-powerful/wealthy/stealthy government that wants it.) And if you (generic you, the reader) think this is unduly pessimistic, I invite you to consider the plethora of security problems already publicly known, and to further consider that attacks always get better: they never get worse. ---rsk -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2013 05:56 AM, Michael Rogers wrote: The Samsung Galaxy Player (Samsung Galaxy S WiFi in some countries) is essentially an Android phone without a baseband. I believe you can run CyanogenMod on it. So is the Nexus 7 (non-GSM/LTE) version for that matter, though a little big. I've talked about this before, but the use of a MiFi portable network device providing wifi to a tablet/phablet running VoIP software on a clean ROM, provides the best of all worlds - telephony, portability and security. I lived life this way for awhile in New York, using combining the Mifi with known open hotspots in my general daily commute. It worked very well. I know many others, including some on the Guardian Project team, do this as well, as daily practice. You also can generally get 3 tablet devices for the private of 1 smartphone, so you can dispose of them and/or distribute them more widely! +n -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSM0KZAAoJEKgBGD5ps3qpSpQP/R2vRsyD+GMyw4ZmfXnu46uf rMgNKADz7Att1ZNi6Rdt7R45tvTovLcWcqZ2eRNfWembPca9O2ifVLPDGFpp9vhC oV7yzgnEQIswxF2Ex3fg5A8ogFWtZMjbfd8Eo9JsAJfvvP/Z8sfYtJKjnj4D0poH Wi/cWGiPXvofBpz1IyX/8B16211+7rnG9szIV7d3wuUbyMMlLntRE1L0rh92t/tK Kv+ybCmfalh6bd6GSWkFzj4/JwzuArnIi9C0aW5A8Nq53aoNu3JyW3DZNwiP+wuw w0RRvmEEqT3zKDVcgUWeOYI0t4FJcISiFqCZ26xWmCHZ3ZYuHL8HhELX3U/kxa77 EPifPB6paNisbCjDHLkvhdeolzmEol2c6hxdIXCLCcgPLYyKk0AjdsfsU8L+foRq 1io5qOL6dncEBxU+H+utOaCo+QoHE7Rx2pvAyLqKiHHr0PdJqQ5BahGF4aYWzjcU b0C8Iq3frtZkpR09H4Lx5kfB4re6B7fS4gDJe8jmFf7+49g6vmDRj/bfiHygjnxY jXr9HJj5USS6UIe0Ik2Hz/JLsPc7zdGDuxQXHNJmsLa6LffEWfcbVrJT2djk0fV7 74hrkcvNv87wsr50w97d8m/hP43qlVFO8uYIMrB6aCr4srSy6WoQZG9qZ1RwRSKn BtqJsucVFUDBEp1w88Zs =ciN/ -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
On 09/13/2013 01:19 PM, Matt Johnson wrote: I would assume the quality of the voice calls would be pretty bad through this kind of setup. How did that work for you? The reality is we have gotten used to terrible voice quality with our GSM and CDMA voice networks. You would be surprised what is possible. The only issue is that depending upon your wifi hardware and device, you may not truely be always availabe, though most apps like CSipSimple allow you to control that. Using the VoIP service we offer (https://OStel.co), you can control the quality of the codec you want to use, all the way up to CD quality if you wish. Even if you use a SIP-to-PSTN (aka a real phone number) gateway service like Callcentric, the quality you get will generally be superior than what you get with your normal phone system. +n -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
I would assume the quality of the voice calls would be pretty bad through this kind of setup. How did that work for you? -- Matt Johnson On Fri, Sep 13, 2013 at 9:51 AM, Nathan of Guardian nat...@guardianproject.info wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2013 05:56 AM, Michael Rogers wrote: The Samsung Galaxy Player (Samsung Galaxy S WiFi in some countries) is essentially an Android phone without a baseband. I believe you can run CyanogenMod on it. So is the Nexus 7 (non-GSM/LTE) version for that matter, though a little big. I've talked about this before, but the use of a MiFi portable network device providing wifi to a tablet/phablet running VoIP software on a clean ROM, provides the best of all worlds - telephony, portability and security. I lived life this way for awhile in New York, using combining the Mifi with known open hotspots in my general daily commute. It worked very well. I know many others, including some on the Guardian Project team, do this as well, as daily practice. You also can generally get 3 tablet devices for the private of 1 smartphone, so you can dispose of them and/or distribute them more widely! +n -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSM0KZAAoJEKgBGD5ps3qpSpQP/R2vRsyD+GMyw4ZmfXnu46uf rMgNKADz7Att1ZNi6Rdt7R45tvTovLcWcqZ2eRNfWembPca9O2ifVLPDGFpp9vhC oV7yzgnEQIswxF2Ex3fg5A8ogFWtZMjbfd8Eo9JsAJfvvP/Z8sfYtJKjnj4D0poH Wi/cWGiPXvofBpz1IyX/8B16211+7rnG9szIV7d3wuUbyMMlLntRE1L0rh92t/tK Kv+ybCmfalh6bd6GSWkFzj4/JwzuArnIi9C0aW5A8Nq53aoNu3JyW3DZNwiP+wuw w0RRvmEEqT3zKDVcgUWeOYI0t4FJcISiFqCZ26xWmCHZ3ZYuHL8HhELX3U/kxa77 EPifPB6paNisbCjDHLkvhdeolzmEol2c6hxdIXCLCcgPLYyKk0AjdsfsU8L+foRq 1io5qOL6dncEBxU+H+utOaCo+QoHE7Rx2pvAyLqKiHHr0PdJqQ5BahGF4aYWzjcU b0C8Iq3frtZkpR09H4Lx5kfB4re6B7fS4gDJe8jmFf7+49g6vmDRj/bfiHygjnxY jXr9HJj5USS6UIe0Ik2Hz/JLsPc7zdGDuxQXHNJmsLa6LffEWfcbVrJT2djk0fV7 74hrkcvNv87wsr50w97d8m/hP43qlVFO8uYIMrB6aCr4srSy6WoQZG9qZ1RwRSKn BtqJsucVFUDBEp1w88Zs =ciN/ -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Is Dropbox opening uploaded documents?
On Thursday, September 12, 2013, Joe Szilagyi wrote: Found online: http://www.wncinfosec.com/**dropbox-opening-my-docs/http://www.wncinfosec.com/dropbox-opening-my-docs/ -- Joe Szilagyi Interesting, thanks for sharing that. Has anyone else tried to reproduce these results? I'm curious what others have seen. I tried this yesterday, only with the .doc file. I haven't been able to reproduce those findings. I tested Dropbox (client and web), SugarSync (client only), and Amazon Cloud Drive (web only). 20 hours later I still don't have any buzzes. Regards, Ryan -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
Might I also suggest Ron Deibert's new book - Black Code: Inside the Battle for Cyberspace. http://blackcodebook.com http://www.theglobeandmail.com/arts/books-and-media/book-reviews/how-to-make-cyberspace-safe-for-human-habitation/article11990902/?page=all On 2013-09-13, at 12:32 PM, Yosem Companys wrote: From: Greg Wise greg.w...@asu.edu John Gilliom and Torin Monahan's book SuperVision is very student friendly, and a good overview of surveillance issues. I'm teaching it later this Fall. Greg Sent from my iPhone -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Is Dropbox opening uploaded documents?
On Fri, Sep 13, 2013 at 1:20 PM, Ryan Getz ry...@getzmail.com wrote: On Thursday, September 12, 2013, Joe Szilagyi wrote: Found online: http://www.wncinfosec.com/**dropbox-opening-my-docs/http://www.wncinfosec.com/dropbox-opening-my-docs/ -- Joe Szilagyi Interesting, thanks for sharing that. Has anyone else tried to reproduce these results? I'm curious what others have seen. I tried this yesterday, only with the .doc file. I haven't been able to reproduce those findings. I tested Dropbox (client and web), SugarSync (client only), and Amazon Cloud Drive (web only). 20 hours later I still don't have any buzzes. Regards, Ryan Dropbox's response: https://news.ycombinator.com/item?id=6377712 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2013 06:06 PM, Stefan wrote: But... PGP/GPG on a smartphone? Are you sure, that you want that? There is enough demand for it that Symantec has published some mobile apps (though they require Symantec's encryption infrastructure software to function). If there wasn't, they wouldn't have spent the time and money developing it: https://itunes.apple.com/us/app/symantec-mobile-encryption/id450235714?mt=8 https://play.google.com/store/apps/details?id=com.symantec.pgpviewersymantechl=en https://www.symantec.com/business/support/index?page=contentid=TECH199169 While it might not be a good idea, the software's out there (and presumably in use). - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ When I was a kid, I was someone's imaginary friend. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIzXAIACgkQO9j/K4B7F8FLHACeM3BpZyE/tr9+4mRHxePJoeVq P1sAn3jD+oNO7U1sl4m2Y620NgB8A7bC =Pwc7 -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Interactive timeline of the PRISM scandal
Hi! Interesting: http://virostatiq.com/interactive-timeline-of-the-prism-scandal/ Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Hardware trojans, RNGs, and Syphermedia
This paper outlines simple changes that can be made to insert vulnerabilities into silicon that are invisible to current reverse-engineering techniques: http://people.umass.edu/gbecker/BeckerChes13.pdf It uses Intel's random number generator as an example, detailing precisely how it can be weakened such that it has predictable output yet still appear perfectly random. This hack can be done by unobtrusive changes to the production masks in the chip fabs. One interesting note in the paper is that Intel has intentionally not included the normal JTAG-style debugging interfaces on the RNG that would allow you to spot this sort of tricker, ostensibly for security. The trade-off here is attackers can't discreetly snoop on your RNG internals by physically connecting to pins on your CPU (though they can still snoop on everything else on your system including the RNG _output_) vs no one can validate the RNG behavior. This choice seems a little suspect. Secondly, the company Syphermedia does this sort of silicon-level trickery as a business: www.smi.tv/SMI_SypherMedia_Library_Intro.pdf Their primary customers appear to be companies making set-top boxes, but it would be interesting to investigate if they have any links to the NSA. -- Mathematics is the supreme nostalgia of our time. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'm working on a journal article on the legal justifications for the NSA programs. I've just written a quick overview of the government's legal arguments from 9/11 until now: https://github.com/morninj/LTWW-Metadata/blob/master/issue-summary/issue-summary.pdf?raw=true The project lives here: https://github.com/morninj/LTWW-Metadata Cheers, Joe On 9/13/13 9:22 AM, Paul Bernal (LAW) wrote: From a legal perspective, an interesting recent piece is Neil Richards' The Dangers of Surveillance: http://www.harvardlawreview.org/issues/126/may13/Symposium_9477.php On 13 Sep 2013, at 16:09, Robert Guerra rgue...@privaterra.org mailto:rgue...@privaterra.org wrote: A global context would be great. I'll ask around on several country region specific lists that i'm on and share the details back on this list. regards Robert -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom http://twitter.com/netfreedom Email: rgue...@privaterra.org mailto:rgue...@privaterra.org On 2013-09-13, at 12:16 AM, Yosem Companys wrote: From: * Burcu Bakioglu*bbaki...@gmail.com mailto:bbaki...@gmail.com Hi all, I am looking for suggestions on a student friendly reading on surveillance, something that gives the overall picture, and any interesting readings on the latest NSA incident. Having said that, I should note that I have some materials in my hands, I just can't decide what would be engaging in a classroom setting, hence my query... Any experiences on that regard? Many thanks! -- Thanks, Burcu S. Bakioglu, Ph.D. Postdoctoral Fellow in New Media Lawrence University http://www.palefirer.com http://www.palefirer.com/ -- Come to the dark side, we have cookies! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJSM1/vAAoJEOcUWQ/jmuBNPUsH/iNFG3wChGz9EUKUBKVWaHhI zKWr3t7sQORc2kwxcYUynh0Z8h6uRQTjKdLeBrQljZeBszzz5/v39ur7fjKpinl9 VNbQFmRX0DsZaRllIYhRkmfY1fwdVrQeBeaT4eSC0pOxON8204y+AB2ZxoVh9gbZ 8hUbxRaMaZS5hS0NrQeVt9toWJplwBwraqNe9uiJbncgiBbdDVwc99O1W/CK+i1/ g2pmKYMYmR7Bn4hE7+cYyoMgxhbHEf4cWUvI5UDaRoGQH+JNm4fSIEBnJ2dgKKtj jjZL98M4JzdhrQzYYhewA5JX7hmu3PsenWYlJ7R6YksppuXFxJn1t3nCF7imCCA= =cDyr -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Recommended surveillance readings?
Some of the readings from week 4 (Privacy and Security) and week 6 (Surveillance and Censorship) might be appropriate for your class. Link to syllabus: http://www.christopher-parsons.com/Main/wp-content/uploads/2008/11/POLI-456-Syllabus-for-Web.pdf * Christopher Parsons Doctoral Candidate Political Science, University of Victoria http://www.christopher-parsons.com ** On 13 September 2013 10:37, Robert Guerra rgue...@privaterra.org wrote: Might I also suggest Ron Deibert's new book - Black Code: Inside the Battle for Cyberspace. http://blackcodebook.com http://www.theglobeandmail.com/arts/books-and-media/book-reviews/how-to-make-cyberspace-safe-for-human-habitation/article11990902/?page=all On 2013-09-13, at 12:32 PM, Yosem Companys wrote: From: Greg Wise greg.w...@asu.edu John Gilliom and Torin Monahan's book SuperVision is very student friendly, and a good overview of surveillance issues. I'm teaching it later this Fall. Greg Sent from my iPhone -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Examples of integrated health delivery using ICTs
From: Atanu Garai atanu.ga...@gmail.com Dear All, ** ** In last few years, several donors announced grants for ICT projects to deliver integrated health services in underserved communities. I am looking for examples of those projects implemented or in the process of being implemented to examine the project design, approach, and implementation methods. Shall be thankful for any references to such projects. ** ** Regards, Atanu-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Examples of integrated health delivery using ICTs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenMRS.org is a great platform and very vibrant open source community focused on supporting healthcare delivery, primarily in Africa. peace, gunner On 09/13/2013 11:57 AM, Yosem Companys wrote: From: *Atanu Garai*atanu.ga...@gmail.com mailto:atanu.ga...@gmail.com Dear All, __ __ In last few years, several donors announced grants for ICT projects to deliver integrated health services in underserved communities. I am looking for examples of those projects implemented or in the process of being implemented to examine the project design, approach, and implementation methods. Shall be thankful for any references to such projects. __ __ Regards, Atanu - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: Better Tools for a Better World Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSM5JOAAoJENVj9yFHsyq3xIAH/AmayOf6bLtdhCzI8xrMcyX8 OO9zQ96v0vLlqpPn7sY1bnwJevWrqkKTACy3XE/umZb9jScXHEf43qPM574v36Tq +pefW25G70ZSMTp6lk2eX/4mjbNlyO1IaKZJB0oh2zOe94T1aUXLUR3jVsvY3eEJ 1MOXiyNlccS2EM4ypb02UEEX60YZGoFDs3AqD3fPuGHLqepJJ7ksWWnHW9DpgLPW UszoemEAnirdO007dii/X/BK4Z+U9MKpPU33s2BJ9RdKbjp4UAZMG1yvXdY7ecOQ 7x+x5gBdAhdl5pcEXWMHGmU3yTWqBN0p7lnAqsW1+3sCl5FsbvuykpQ3jr+X9GM= =ARAI -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Security Focused Live Linux Distros
John Love: I'm researching security, privacy, and anonymity focused live Linux environments like Liberté Linux, TAILS, JonDoNYM, and Whonix. There's obviously a diversity of needs and preferences, and each of these distros has their own approach and community. Assuming all disrtos are not made equal, I'm curious if anyone who's familiar with all, or even a couple, of them could share their experiences, and/or point us to a comprehensive overview/comparison? Thanks, John Hi John! Do you know the comparison page https://www.whonix.org/wiki/Comparison_with_Others already? Cheers, adrelanos (Full disclosure: I am a maintainer of Whonix.) -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.