Re: [liberationtech] Wicker: D??j?? vu all over again
On Tue, Jun 10, 2014 at 10:08:26AM -0700, Yosem Companys wrote: The mention of NDAs by the Wickr founder makes it a non-starter. Their web site doesn't have any download link for the source files, nor mention of open source, but they do mention patent pending technology. How do they expect anyone to trust closed source, proprietary technology to be secure? Nobody should trust closed source, ever. No matter the reputation of those behind it, no matter how sincere they appear to be: if it's not open source, it's fraud. Once again, I'll refer folks to: https://mailman.stanford.edu/pipermail/liberationtech/2013-February/006964.html and the rather longer and more explanatory: https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html Wickr (and anything like it) can be, should be, and must be immediately and permanently dismissed with prejudice. ---rsk -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] CIPESA Report on Internet Freedom in East Africa
From: Lillian Nalwoga lill...@cipesa.org Last month, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) hosted the Forum on Internet Freedoms in East Africa 2014 in Kampala, Uganda. The forum drew participants from Burundi, Kenya, Ethiopia, Nigeria, Rwanda, Tanzania and Uganda. The forum discussed the status of online freedoms in East Africa, including legal and extra-legal threats to the enjoyment of internet freedoms in the region and also drew recommendations for advancing a free, open and secure internet in East Africa. Please see event report here; http://www.cipesa.org/?wpfb_dl=83 The forum also served as the launch of the State of Internet Freedoms in East Africa 2014 research report. (Please see report here; http://opennetafrica.org/wp-content/uploads/researchandpubs/Report%20on%20the%20Forum%20on%20Internet%20Freedoms%20in%20East%20Africa%202014.pdf). The report produced under the OpenNet Africa Initiative - opennetafrica.org presents the findings of an exploratory study on policy developments and actions related to internet freedoms in Burundi, Kenya, Ethiopia, Rwanda, Tanzania and Uganda over the period 2009 to April 2014. Please feel free to share among your networks. Kind regards, -- Lillian Nalwoga CIPESA www.cipesa.org +256 712 204335 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Can Google's new End to End leak plaintext via the DOM? [was: Re: Mailvelope: OpenPGP Encryption for Webmail]
Uncle Zzzen unclezz...@gmail.com writes: The reason why FireGPG no longer ships with tails is that the DOM of a web app is not a safe place for plaintext https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/ Any architecture where plaintext is stored inside a web app's DOM is dangerous. Especially a webmail app that can be expected to save drafts, but not only. Web apps can be MITMed, XSSed, etc. If it came via the web, it's a suspect. I'd expect a crypto add-on to only accept plaintext (and other sensitive) information via separate GUI that can only be launched manually (not via javascript in an app's DOM) and has a hard-to-imitate look-and-feel (to discourage phishing). The only communication between this add-on and the rest of the browser should be via the clipboard. Users who can't handle copy/paste shouldn't be trusted with a key pair :) A prominent new entry in OpenPGP encrypted webmail is Google's end-to-end [1,2]. Does it avoid this issue? How? [1] https://code.google.com/p/end-to-end/ [2] http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
