[liberationtech] NSA collects millions of e-mail address books globally
http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html?wpisrc=al_national NSA collects millions of e-mail address books globally Video: In June, President Obama said the NSA’s email collecting program “does not apply to U.S. citizens.” By Barton Gellman and Ashkan Soltani, Tuesday, October 15, 12:53 AM E-mail the writer The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top-secret documents provided by former NSA contractor Edward Snowden. The collection program, which has not been disclosed before, intercepts e-mail address books and “buddy lists” from instant messaging services as they move across global data links. Online services often transmit those contacts when a user logs on, composes a message, or synchronizes a computer or mobile device with information stored on remote servers. Rather than targeting individual users, the NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world’s e-mail and instant messaging accounts. Analysis of that data enables the agency to search for hidden connections and to map relationships within a much smaller universe of foreign intelligence targets. During a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, according to an internal NSA PowerPoint presentation. Those figures, described as a typical daily intake in the document, correspond to a rate of more than 250 million a year. Each day, the presentation said, the NSA collects contacts from an estimated 500,000 buddy lists on live-chat services as well as from the inbox displays of Web-based e-mail accounts. The collection depends on secret arrangements with foreign telecommunications companies or allied intelligence services in control of facilities that direct traffic along the Internet’s main data routes. Although the collection takes place overseas, two senior U.S. intelligence officials acknowledged that it sweeps in the contacts of many Americans. They declined to offer an estimate but did not dispute that the number is likely to be in the millions or tens of millions. A spokesman for the Office of the Director of National Intelligence, which oversees the NSA, said the agency “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.” The spokesman, Shawn Turner, added that rules approved by the attorney general require the NSA to “minimize the acquisition, use and dissemination” of information that identifies a U.S. citizen or permanent resident. The NSA’s collection of nearly all U.S. call records, under a separate program, has generated significant controversy since it was revealed in June. The NSA’s director, Gen. Keith B. Alexander, has defended “bulk” collection as an essential counterterrorism and foreign intelligence tool, saying, “You need the haystack to find the needle.” Contact lists stored online provide the NSA with far richer sources of data than call records alone. Address books commonly include not only names and e-mail addresses, but also telephone numbers, street addresses, and business and family information. Inbox listings of e-mail accounts stored in the “cloud” sometimes contain content, such as the first few lines of a message. Taken together, the data would enable the NSA, if permitted, to draw detailed maps of a person’s life, as told by personal, professional, political and religious connections. The picture can also be misleading, creating false “associations” with ex-spouses or people with whom an account holder has had no contact in many years. The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss the classified program. “None of those are on U.S. territory.” Because of the method employed, the agency is not legally required or technically able to restrict its intake to contact lists belonging to specified foreign intelligence targets, he said. When information passes through “the overseas collection apparatus,” the official added, “the assumption is you’re not a U.S. person.” In practice,
Re: [liberationtech] NSA collects millions of e-mail address books globally
On Tue, Oct 15, 2013 09:50:12 AM +0200, Eugen Leitl wrote: http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html?wpisrc=al_national NSA collects millions of e-mail address books globally I am very grateful to NSA. Really. I can't imagine what they could have done better than this: During a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, according to an internal NSA PowerPoint presentation. Those figures, described as a typical daily intake in the document, correspond to a rate of more than 250 million a year. to prove that quick dirty solutions like the percloud is needed NOW http://www.indiegogo.com/projects/personal-cloud-free-software (to know more about the percloud, and why it **is** needed in spite of FreedomBox etc... pls check the slideshow at http://per-cloud.com and my posts on the same topic at http://stop.zona-m.net/tag/percloud ) Marco -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Tech equivalent of Physicians for Social Responsibility?
Hey Liberation Tech, I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) Thanks, Ringo -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
there used to be http://cpsr.org/ but I think they dissolved. there's http://www.ict4d.org.uk/ which is close, but not quite what you're after. ___ http://www.yishaymor.org learning; design; technology; research On 15 October 2013 10:07, Ringo ri...@hackbloc.org wrote: Hey Liberation Tech, I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) Thanks, Ringo -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
Hello Ringo, IFIP ( International Federation for Information Processing) has a working group on social accountability and computing: http://ifipwg92.org/ You also might be intrested in the ETHICOMP conferences: Last one: http://www.sdu.dk/en/Om_SDU/Institutter_centre/Idk/Arrangementer/Tidligerearrangementer/ethicomp2013 Next one: http://ethicomp2014.org/ bests, Alberto -- Alberto Cammozzo http://cammozzo.com/en http://tagmenot.info On 10/15/2013 11:07 AM, Ringo wrote: Hey Liberation Tech, I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) Thanks, Ringo -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
Ringo: Hey Liberation Tech, I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) FIfF in Germany maybe: http://fiff.de/ Georg -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA collects millions of e-mail address books globally
On 10/15/2013 10:59 AM, M. Fioretti wrote: to prove that quick dirty solutions like the percloud is needed NOW http://www.indiegogo.com/projects/personal-cloud-free-software (to know more about the percloud, and why it **is** needed in spite of FreedomBox etc... pls check the slideshow at http://per-cloud.com and my posts on the same topic at http://stop.zona-m.net/tag/percloud ) Can you *please* stop spamming lists with advertisements of your project in every other thread? It is okay to introduce it once, in a separate thread, with non-buzzword real technical explanations on what you are actually aiming to do, but do you think anyone will take you serious if you spam around? A self-hosted mail provider will obviously *not* help much against NSAs mass collection of emails and email addresses. Don't sell it as a solution in this context. And, about your project: I am not impressed, and it is not going to happen this way. I wish you a good experience. You can learn from it. Moritz -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
Yes, Computer Professionals for Social Responsibility was dissolved (although the web site is still available.) There is still a need! I think FIFF is a good example and I believe there are several more. I'm hoping to add these to http://publicsphereproject.org/civic_organizations. (Ideally people would add their own but I'm willing to do it if necessary) On Tue, Oct 15, 2013 at 2:50 AM, Georg Koppen g.kop...@jondos.de wrote: Ringo: Hey Liberation Tech, I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) FIfF in Germany maybe: http://fiff.de/ Georg -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA collects millions of e-mail address books globally
On Tue, Oct 15, 2013 11:49:46 AM +0200, Moritz Bartl wrote: A self-hosted mail provider will obviously *not* help much against NSAs mass collection of emails and email addresses. Don't sell it as a solution in this context. why? No, seriously. Marco -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] NSA collects millions of e-mail address books globally
On Tue, Oct 15, 2013 at 11:49:46AM +0200, Moritz Bartl wrote: A self-hosted mail provider will obviously *not* help much against NSAs mass collection of emails and email addresses. Don't sell it as a solution in this context. Well the article seems to be talking about address books, as opposed to just harvesting email addresses without context. The same thing could be (and is being) done through metadata capture too, but if I read the article correctly, the direct address book pillaging (which may have extra useful metadata on contact networks compared to collecting email headers over time) is something that using any (secure) self-hosted provider (or local client) would defeat. But as to your general point, I agree that hijacking every thread with adverts for a project is certainly not an activity that is OK, and is not the sort of behaviour that fills me with confidence about said project. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
On 10/11/13 9:43 AM, LilBambi wrote: I hope others may also consider making the hard decision to join EFF in leaving this group until they can be more effective. It is scary to think that faith in a group of this nature can no longer be trusted because of government meddling. Frankly, I hope the opposite (that this spurs deeper engagement between civil society and GNI members). -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] OUT of: NSA collects millions of e-mail address books globally
On Tue, Oct 15, 2013 11:49:46 AM +0200, Moritz Bartl wrote: A self-hosted mail provider will obviously *not* help much against NSAs... Nick already pointed out that today's news is about direct copy of address books from centralized providers. Anyway, the ONLY reason I'm posting this email is this: Can you *please* stop spamming lists with advertisements of your project in every other thread? just for the record, I just checked the every other thread in the archives. From August 1st to ten minutes ago there have been 1404 messages to this list. Of all those 1404 messages, only EIGHT were from me (including my 2 first replies to this thread today). Don't worry, however. This is my LAST post on this list about this topic. Marco -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] per-cloud or How to get something ready for folks to use really quick
Moritz is right, mentioning the same project 8 times is a bit much, but I can understand that it's annoying if noone bothers to tell you what they are thinking about it. You need some decent feedback. On Tue, Oct 08, 2013 at 01:07:20AM +0200, M. Fioretti wrote: http://stop.zona-m.net/2013/10/the-real-problem-that-the-percloud-wants-to-solve-and-why-its-still-necessary/ EXECUTIVE SUMMARY: 1) I think mine is the ONLY short-term, feasible way to get the masses of average Internet users OUT of walled gardens while still working and feeling as a real and easy to use cloud service, while being a p2p federation of individually owned and used clouds, completely compatible with the rest of the current Internet I know a short-termer way to do it, requiring a lot less work than what I see on your roadmap. Also I see bumps in the road of your roadmap which aren't easy and short-term to solve - or somebody else would have done it already. 2) I will ONLY be able to work on it if I get enough funding, so please contribute if you can, and in any case please spread the word as much as possible! Other projects are a lot further ahead than yours, so I don't think there is such a necessity in doing what you would like to do. I'll elaborate on the road bumps so you don't feel like I'm making this up. http://per-cloud.com/doku.php?id=roadmap write down a complete, CLEAR definition of the system, including: which functions it can/must realistically provide (email + blog + online storage and bookmarking, social networking ) E-Mail: use Pond, RetroShare or Briar over Tor Blog: use Tahoe-LAFS, Freenet, RetroShare channels, Tor Hosting, I2P or whatever P2P tech I forgot Storage: use Tahoe, Freenet, I2P or some ownCloud-app over Tor. Maybe a private RetroShare channel works, too. Best if you write a dedicated plug-in for the job. Social Bookmarking: depends on Social Networking Social Networking: This one is currently not solved for the reasons I detailed in http://secushare.org/pubsub but the opportunistic broadcast features of apps like RetroShare allow you to do some little things without resorting to Faceboogle. which existing Free Software components should be used (e.g Postfix+IMAP+Mailpile for email, apache or nginx + PHP for Web frontends, Semantic Scuttle for bookmarking, pump.io for social networking) ) E-Mail is broken, there is no way you can make it privacy- compatible. We had a discussion on 10 reasons not to use it in this list. Web frontends: All apps that need them already have them, no? Semantic Scuttle sounds like something that could make up a fine RetroShare plugin so it actually respects privacy. pump.io doesn't have an elaborate distribution strategy, so it only works as long as you don't follow any VIP or become a VIP yourself - so don't expect it to perform better than.. uh.. RetroShare. Of course pump.io would have to run behind Tor for minimum privacy. how to integrate those components, that is how to package them and distribute it That would be useful work. But first you have to get to know all the software that can actually do the job. how to implement federation/social networking, with pump.io or similar open standards, to make things like these possible: Federation is evil, see http://my.pages.de/dsn-vn/ - unless you do it with home devices over Tor hidden services, cutting out the DNS and X.509 dependencies in the process. Open standards for things that do not work yet are evil, too. There are no open standards that handle THE threat model and scalability challenge we are talking about. Get over it. Joe's percloud user panel shows when Mary mentions Johns in her user panel, which is running autonomously on another server That is the distribution problem I was alluding at... here and in the pubsub document. This will only work for small social groups with no VIPs involved. Any opportunistic distribution scheme will in that scenario be okay, so you can also use RetroShare or Briar. describe how to maintain the software bundle when updates or bug fixes are released for any of its components Deterministic build procedure and multiply signed distribution. Debian folks are working on this. You can also use one of the tools for its own distribution, like RetroShare with its binary build channels. Users can choose which channel to use and thus which author to trust. Not good enough, but better than HTTP(S) download. Yes you are right that this work needs to be done. If you are willing to give up on DNS/X.509 based systems and ready to make one that at worst depends on a DHT (like Tor), then I suggest openITP should give you some money to stir up an almost-do-all package. IMHO right now the best bet at getting something up and running really quick would be to make a RetroShare + Tor package. In that case you would turn off RS's DHT and only use Tor's, thus cutting out the
[liberationtech] [Job] HRDAG is looking for Tech lead with a hacker's heart.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear all, The Human Rights Data Analysis Group is hiring a Technical lead with a hacker's heart. If you are interested in working with brilliant people while supporting ground-breaking Human Rights projects in Syria, Colombia, DR Congo, Guatemala, Serbia, and other places, this an amazing opportunity. More info at: https://hrdag.org/hiring-tech-lead/ Best, Enrique - -- Enrique Piracés Vice President, Human Rights Program Benetech https://www.benetech.org https://www.martus.org https://www.twitter.com/epiraces -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJSXWdMAAoJEDU0GlswZf+dq0wIAKphEZNj8f5YVjTFbLx/phCu 1ro2KtjWaUO8MXX7kUjZP80Of9vtpVA5DlolyacaijLWBNtwLNp42sSGHBRjm1Kz 5wXQs9eLIHM71QWxxhGt/F86dV9v+qi7i2ZTq3200D6BLSyej8WPNg9Xg23srIaL PB1cdmUgzIN0Ob6ndpbfGjTBUfAvVWATHevVQscZFMEmpqU39O0PNRlW/Dxn/mj3 /5dJdsfHCSts6gYaRIz6VgRtDbX8WRHxvnnwBqvZs4cKNQZsO5t4iAtidcpqLk2k RIA4i/n6wVvZY+2S/3XBtaGcjLSr+WzS9Z68h4HJx4+7rgzWC//kzsLn7Ruw+BA= =HACn -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] per-cloud or How to get something ready for folks to use really quick
Message appears to have gotten caught in the Liberationtech filter, so re-sending on behalf of poster... YC -- Forwarded message -- From: carlo von lynX l...@time.to.get.psyced.org Date: Tue, Oct 15, 2013 at 6:40 AM Subject: [liberationtech] per-cloud or How to get something ready for folks to use really quick To: liberationtech liberationt...@mailman.stanford.edu Moritz is right, mentioning the same project 8 times is a bit much, but I can understand that it's annoying if noone bothers to tell you what they are thinking about it. You need some decent feedback. On Tue, Oct 08, 2013 at 01:07:20AM +0200, M. Fioretti wrote: http://stop.zona-m.net/2013/10/the-real-problem-that-the-percloud-wants-to-solve-and-why-its-still-necessary/ EXECUTIVE SUMMARY: 1) I think mine is the ONLY short-term, feasible way to get the masses of average Internet users OUT of walled gardens while still working and feeling as a real and easy to use cloud service, while being a p2p federation of individually owned and used clouds, completely compatible with the rest of the current Internet I know a short-termer way to do it, requiring a lot less work than what I see on your roadmap. Also I see bumps in the road of your roadmap which aren't easy and short-term to solve - or somebody else would have done it already. 2) I will ONLY be able to work on it if I get enough funding, so please contribute if you can, and in any case please spread the word as much as possible! Other projects are a lot further ahead than yours, so I don't think there is such a necessity in doing what you would like to do. I'll elaborate on the road bumps so you don't feel like I'm making this up. http://per-cloud.com/doku.php?id=roadmap write down a complete, CLEAR definition of the system, including: which functions it can/must realistically provide (email + blog + online storage and bookmarking, social networking ) E-Mail: use Pond, RetroShare or Briar over Tor Blog: use Tahoe-LAFS, Freenet, RetroShare channels, Tor Hosting, I2P or whatever P2P tech I forgot Storage: use Tahoe, Freenet, I2P or some ownCloud-app over Tor. Maybe a private RetroShare channel works, too. Best if you write a dedicated plug-in for the job. Social Bookmarking: depends on Social Networking Social Networking: This one is currently not solved for the reasons I detailed in http://secushare.org/pubsub but the opportunistic broadcast features of apps like RetroShare allow you to do some little things without resorting to Faceboogle. which existing Free Software components should be used (e.g Postfix+IMAP+Mailpile for email, apache or nginx + PHP for Web frontends, Semantic Scuttle for bookmarking, pump.io for social networking) ) E-Mail is broken, there is no way you can make it privacy- compatible. We had a discussion on 10 reasons not to use it in this list. Web frontends: All apps that need them already have them, no? Semantic Scuttle sounds like something that could make up a fine RetroShare plugin so it actually respects privacy. pump.io doesn't have an elaborate distribution strategy, so it only works as long as you don't follow any VIP or become a VIP yourself - so don't expect it to perform better than.. uh.. RetroShare. Of course pump.io would have to run behind Tor for minimum privacy. how to integrate those components, that is how to package them and distribute it That would be useful work. But first you have to get to know all the software that can actually do the job. how to implement federation/social networking, with pump.io or similar open standards, to make things like these possible: Federation is evil, see http://my.pages.de/dsn-vn/ - unless you do it with home devices over Tor hidden services, cutting out the DNS and X.509 dependencies in the process. Open standards for things that do not work yet are evil, too. There are no open standards that handle THE threat model and scalability challenge we are talking about. Get over it. Joe's percloud user panel shows when Mary mentions Johns in her user panel, which is running autonomously on another server That is the distribution problem I was alluding at... here and in the pubsub document. This will only work for small social groups with no VIPs involved. Any opportunistic distribution scheme will in that scenario be okay, so you can also use RetroShare or Briar. describe how to maintain the software bundle when updates or bug fixes are released for any of its components Deterministic build procedure and multiply signed distribution. Debian folks are working on this. You can also use one of the tools for its own distribution, like RetroShare with its binary build channels. Users can choose which channel to use and thus which author to trust. Not good enough, but better than HTTP(S) download. Yes you are right that this work needs to be done. If you are willing to give up on
[liberationtech] The Martus Software Project 10th Anniversary The Future of Human Rights Tech.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear all, We are organizing a small event to celebrate Martus 10th anniversary. Martus (https://www.martus.org/) is a secure human rights documentation system used by human rights initiatives to document and preserve evidence and testimonies of human rights violations. We want to take advantage of this important milestone and discuss the challenges and opportunities that we will encounter at the intersection of human rights and technological innovation over the next 10 years, including the growing intersection with journalistic work and the relevance of open source and end-to-end encryption. Human Rights Watch and WITNESS, long term friends and partners, will join the conversation. Cocktail reception will follow. It will be in Silicon Valley on Nov 6th, if any of you will be in the Bay Area or Silicon Valley during that week, please let me know if you are interested in attending. Also, if you know of anyone in the area that may be interested, please feel free to pass my contact info around. Thanks in advance, Enrique - -- Enrique Piracés Vice President, Human Rights Program Benetech https://www.benetech.org https://www.martus.org https://www.twitter.com/epiraces -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJSXW+8AAoJEDU0GlswZf+diJkH/3EiPneDT9pduio0kkv4auN3 6r2r7TDLAyEt75I98WUIr6CFc9mNZHz/78U2zghOnkaLEr0M08WN1uATZD3xTOWo hIZktFkVCz1/FswyxlcZlOyMYmgGrEyXeJv9YGGUTQmpArCe+MbyPwM30CCB6oea 2VDs8QorWKKZyHZ/+TifwgZnVFCKEz9MP4YEHkzFDqmgcmEgkUK3smZbWM7WhL+y WSxBEoo9mj9eiSLzgoKIaS8gqgC1QponL+j0V5LXS/ZTbxLiIqzGmiCw6jY9TbrS DzfOHPdf/jdsKJVJw8N/7ZVMog6Sz2kTM5UBT/eWzTpuC9tSXGJsC2NehYJBuKA= =d4hP -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] NSA must be best informed entity regarding viagra market
Since most email is spam, how productive is the NSA dragnet? http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/15/the-nsas-giant-utah-data-center-will-probably-hold-a-bunch-of-spam/?wpisrc=nl_tech -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
On 2013-10-15 04:07, Ringo wrote: I was wondering if anybody here knew of any organizations for IT professionals/computer repair technicians that are in the same vein as physicians for social responsibility? Obviously there are civil advocacy groups like the EFF, but I was wondering if there were any more specific orgs that are membership/profession-based? And yes, I googled it first : ) Yes and no... As has been pointed out, CPSR is now defunct. TechSoup used to be CompuMentor and, when it was that former entity, helped match nonprofits with screened IT professionals ready to donate their services to help with various tech issues in the SF Bay Area - it doesn't do that anymore (except online, via its forum - help on an ad hoc basis, and contributing online volunteers aren't screened). That kind of circuit rider movement lead to the creation of organizations like NTEN (http://www.nten.org/history), which still exists. Lasa is a social welfare law and tech charity based in the London, and long ran the UK version of Circuit Riders, but I'm not sure that exists anymore. Internationally, there's the World Computer Exchange, which mobilizes tech volunteers (http://www.worldcomputerexchange.org/volunteer). The United Nations Information Technology Service (UNITeS) was a global volunteer initiative to help bridge the digital divide. UNITeS both supported volunteers applying information and communications technologies for development (ICT4D) and promoted volunteerism as a fundamental element of successful ICT4D initiatives. UNITeS was launched in 2000 by then UN Secretary General Kofi Annan, and was hosted by the United Nations Volunteers programme. Its archived web site is here: http://www.coyotecommunications.com/unites/ UNITeS is defunct, but the UN still has IT4D focused initiatives, and UNV still recruits and places IT volunteers for assignments. I maintain a Twitter list called Tech4Good ICT4D that has other leads for you: https://twitter.com/jcravens42/tech4good-ict4d/members -- Ms. Jayne Cravens MSc Portland, Oregon, USA The web site - http://www.coyotecommunications.com The email - j...@coyotecommunications.com Me on Twitter, other social networks, my blog: http://www.coyotecommunications.com/me/jayneonline.shtml -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 13 reasons not to start using PGP
carlo von lynX: People expect PGP to be secure without having such a clear idea of what they mean by secure. Suddenly, times have changed. This summer times have changed and nothing is as it was. Now we know just being able to encrypt and sign is not enough for most situations in life. It's no longer secure. but, again, pgp/gpg never pretended to provide anonymity. if the public perception of secure now includes anonymity, that is neither the fault of the tech nor a reason not to use it. rather, it's a reason to learn tools that will help to anonymize a connection if that is what one desires. You can't just use it over Tor, you also need a mail server willing to give you an account anonymously and then you need all your communication partners to do all of that configuration and finally you need to configure PGP so it won't expose who you are sending to. correct. people need to learn appropriate opsec based on the circumstances they are dealing with. it is more than possible for any user to have a key associated only with an email address that has never been touched by anything but tor from their side. plenty of services exist that provide e-mail addresses for free without blocking tor. the question of how private those services may keep your communications is an entirely different issue, which is why the use of pgp/gpg is still a good idea. On 10/11/2013 09:10 PM, Tempest wrote: a fair point. but one could significantly address this issue by hosting the public key on a tor hidden service. that would greater ensure that, in order to get your key, they would be using a system that protects against such threats. hardly an easy solution. but it can be solved with a little extra planning. I was just thinking to answer that you could leave out PGP entirely in this scenario, but... On 10/11/2013 09:24 PM, Gregory Maxwell wrote: Of course, if you can do this and the HS is secure, then you can just dispense with the PGP altogether. Gregory said just that ;) this would assume that servers never get discovered or compromised in some way. a perfect real world example right now to refute the above notion is silkroad. any person who used pgp/gpg to encrypt their communications with each other via that service is likely in a much better place right now. just because a server appears to be fully secured within the tor network is no reason to abandon pgp/gpg encryption of private communications. i still do not see how you've made good arguments to support your title. nobody has ever said pgp/gpg is perfect. but to make the claim that people shouldn't bother starting to ue it is too simplictic and, therefore, just a bit reckless under the circumstances. - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
On Tue, Oct 15, 2013 at 3:36 AM, Joseph Lorenzo Hall j...@cdt.org wrote: On 10/11/13 9:43 AM, LilBambi wrote: I hope others may also consider making the hard decision to join EFF in leaving this group until they can be more effective. It is scary to think that faith in a group of this nature can no longer be trusted because of government meddling. Frankly, I hope the opposite (that this spurs deeper engagement between civil society and GNI members). Hi - EFFer here. I agree with Joseph. We didn't leave so that others would follow, we left because we could no longer in good faith cosign GNI statements when companies can't be honest with us. I would sincerely hope that our leaving puts the remaining NGO representatives in a better position to push the companies harder. GNI membership offers quite a few benefits for many of the international (and domestic) groups that take part, so the best outcome here would be for it to become a stronger organization than it has been. Best, Jillian -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- *Note: *I am slowly extricating myself from Gmail. Please change your address books to: jilliancy...@riseup.net or jill...@eff.org. US: +1-857-891-4244 | NL: +31-657086088 site: jilliancyork.com http://jilliancyork.com/* | * twitter: @jilliancyork* * We must not be afraid of dreaming the seemingly impossible if we want the seemingly impossible to become a reality - *Vaclav Havel* -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] RiseUp
Hi All, Lately, I've been receiving inquiries from Internet users seeking to replace their commercial email accounts (e.g., Gmail) with more private and secure alternatives. A number of these inquiries pertain to Riseup (https://mail.riseup.net). While I admire the work of the Riseup team, I don't think we've ever had a discussion of its products' benefits and limitations as they pertain to security and privacy. If you have any thoughts about Riseup, whether security/privacy-related or otherwise, I'd love to hear them. Thanks, Yosem -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Mykolab.com [Was: Re: RiseUp]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can't speak to RiseUp, but I moved most of my personal GMail traffic over to http://mykolab.com/ based in Switzerland. It is *not* free. :-) - - ferg On 10/15/2013 3:07 PM, Yosem Companys wrote: Hi All, Lately, I've been receiving inquiries from Internet users seeking to replace their commercial email accounts (e.g., Gmail) with more private and secure alternatives. A number of these inquiries pertain to Riseup (https://mail.riseup.net). While I admire the work of the Riseup team, I don't think we've ever had a discussion of its products' benefits and limitations as they pertain to security and privacy. If you have any thoughts about Riseup, whether security/privacy-related or otherwise, I'd love to hear them. Thanks, Yosem -BEGIN PGP SIGNATURE- Version: PGP Desktop 10.2.0 (Build 2317) Charset: utf-8 wj8DBQFSXb+Fq1pz9mNUZTMRAjN+AJ0fZxBZX2pODoKO5PHpG8G2VSVIPQCfUN1g KFLHzmBvDBotbDQn8AdAspA= =ZpUF -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] RiseUp
On 10/15/2013 03:07 PM, Yosem Companys wrote: If you have any thoughts about Riseup, whether security/privacy-related or otherwise, I'd love to hear them. I think I am the only person from the Riseup collective who is subscribed to liberationtech, so I will reply, although what follows is not an official position or response from the collective. We started when it was impossible to get even simple IMAP service that was affordable. Very early on, it became apparent that one of the primary issue facing our constituency (social justice activists) was the rapid rise in abusive surveillance by states and corporations. Riseup does the best it can with antiquated 20th century technology. Without getting into any details, we do the best that can be done, particularly when both sender and recipient are using email from one of service providers we have special encrypted transport arrangements with. Admittedly, the best we can do is not that great. And, of course, our webmail offering is laughably horrible. Riseup is not really a US email provider. The great majority of our users live outside the United States, and email is just one of many services we provide. There has been much discussion on the internets about the fact that Riseup is located in the US, and what possible country would provide the best jurisdictional arbitrage. Before the Lavabit case, the US actually looked pretty good: servers in the US are not required to retain any customer data or logs whatsoever. The prospect of some shady legal justification for requiring a provider to supply the government with their private TLS keys seems to upend everything I have read or been told about US jurisprudence. Unfortunately, no consensus has emerged regarding any place better than the US for servers, despite notable bombast the the contrary. As a co-founder of Riseup, my personal goal at the moment is to destroy Riseup as we know it, and replace it with something that is based on 21st century technology [1]. My hope is that this transition can happen smoothly, without undo hardship on the users. As evidence by the recent traffic on this list, many people are loudly proclaiming that email can never be secure and it must be abandoned. I have already written why I feel that this is both incredibly irresponsible and technically false. There is an important distinction between mass surveillance and being individually targeted by the NSA. The former is an existential threat to democracy and the latter is extremely difficult to protect against. It is, however, entirely possible to layer a very high degree of confidentially, integrity, authentication, and un-mappability onto email if we allow for opportunistic upgrades to enhanced protocols. For example, we should be able to achieve email with asynchronous forward secrecy that is also protected against meta-data analysis (even from a compromised provider), but it is going to take work (and money) to get there. Yes, in the long run, we should all just run pond [2], but in the long run we are all dead. -elijah [1] https://leap.se/email [2] https://pond.imperialviolet.org/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Tech equivalent of Physicians for Social Responsibility?
ACM (assoc for Computing Machinery) are one of the oldest and I think still the largest professional society in the field. They have many SIGs (special interest groups). Try this one: http://www.sigcas.org/ Also try IEEE http://www.ieee.org/index.html I went to one Computers, Freedom Privacy (CFP) conference and it was great. Both geeks with some social awareness and lawyers or political types with some technical understanding seem to be rather rare types, and this is distinctly unfortunate. That conference had quite a few of both. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.