Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Hello Carlo. This is about backward compatibility. WhatsApps is running on hundreds of millions of iOS, Android, Windows, Blackberry and Nokia phones. There are even people using it on 8 year old Java ME feature phones. It's not feasible to simultaneously upgrade their installed apps to support end-to-end crypto at once. Upgrading all those clients takes time and there will be a significant fraction of non-e2e clients for a while. Until enough clients are upgraded, senders will need to distinguish which receivers support end-to-end encryption and will need to retain the ability to fallback to transport-only encryption. The original message https://moderncrypto.org/mail-archive/messaging/2014/001133.html you cited by Nadim Kobeissi mentions this: Upgrading [old WhatsApps] clients to Axolotl might be challenging. Moxie Marlinspike also addresses it in one of the replies https://moderncrypto.org/mail-archive/messaging/2014/001140.html: *Clients need to negotiate encryption capability until all clients support encryption. We'll be surfacing this into the UI for each client once protocol support is complete on that client. Rolling something like this out to 600MM+ devices is an incremental process that takes time.* Note you said users will never know if e2e is being used, but as Moxie says we'll be surfacing this into the UI of upgraded clients. On Thu, Jan 15, 2015 at 5:26 AM, carlo von lynX l...@time.to.get.psyced.org wrote: Concerning Whatsapp there is a very interesting clue in a thread on messaging that suggests users will never know if end-to-end encryption is being used, since the server decides whether they are allowed to, and the user is not informed. Knowing the NSA that means that Whatsapp would never encrypt anything end-to-end. Whatsapp should therefore be considered a Trojan horse for people seeking easy to use privacy. Read about that at -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote: Note you said users will never know if e2e is being used, but as Moxie says we'll be surfacing this into the UI of upgraded clients. There is a systemic legal problem by which neither Facebook, nor Whatsapp, nor Textsecure nor Moxie are in a position to guarantee that whatever is surfaced into the UI actually means what it says. Still, as long as these systems are operating from U.S. American ground, the current legal situation is such that the President of the U.S. has under the U.S. Constitution the sole and final power of deciding whether companies and individuals in these companies get to implement anything they would like to implement, or not. [1] And the services we have been hearing about a lot operate under direct executive mandate of the POTUS. So, I again express respect to Moxie and everyone involved for trying to improve the lives of everyday users, but I see a terrible risk in promoting any such technology considering the NSA's track record on making use of its given privileges. The chances this is actually happening can only be considered minimal. It would take millions of people running independenlty built clients from source code, and a credible procedure thereof - only then would a hindrance for the NSA exist to exercise its privileges. As we are by now familiar with its inner workings and strategies, the agency will intervene in the process early enough to impede anything like this from happening. Prove me wrong. Give us a way to reproduce the exact client millions of humans are relying on, from source code. And make that information arise to the UI surface. Then we will know that Whatsapp and TextSecure are doing the right thing, and we will have to continue worrying about Google and Apple (the NSA may choose to pick up the TextSecure ratchets or private keys via Android/iOS backdoors). [1] Caspar Bowden, 31c3, http://cdn.media.ccc.de/congress/2014/webm-sd/31c3-6195-en-The_Cloud_Conspiracy_2008-2014_webm-sd.webm.torrent -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Actually, you also need to have source code for the compilers used and the compiler's compilers... And that ignores the use of hardware trojans. On 01/15/2015 12:29 PM, carlo von lynX wrote: On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote: Note you said users will never know if e2e is being used, but as Moxie says we'll be surfacing this into the UI of upgraded clients. There is a systemic legal problem by which neither Facebook, nor Whatsapp, nor Textsecure nor Moxie are in a position to guarantee that whatever is surfaced into the UI actually means what it says. Still, as long as these systems are operating from U.S. American ground, the current legal situation is such that the President of the U.S. has under the U.S. Constitution the sole and final power of deciding whether companies and individuals in these companies get to implement anything they would like to implement, or not. [1] And the services we have been hearing about a lot operate under direct executive mandate of the POTUS. So, I again express respect to Moxie and everyone involved for trying to improve the lives of everyday users, but I see a terrible risk in promoting any such technology considering the NSA's track record on making use of its given privileges. The chances this is actually happening can only be considered minimal. It would take millions of people running independenlty built clients from source code, and a credible procedure thereof - only then would a hindrance for the NSA exist to exercise its privileges. As we are by now familiar with its inner workings and strategies, the agency will intervene in the process early enough to impede anything like this from happening. Prove me wrong. Give us a way to reproduce the exact client millions of humans are relying on, from source code. And make that information arise to the UI surface. Then we will know that Whatsapp and TextSecure are doing the right thing, and we will have to continue worrying about Google and Apple (the NSA may choose to pick up the TextSecure ratchets or private keys via Android/iOS backdoors). [1] Caspar Bowden, 31c3, http://cdn.media.ccc.de/congress/2014/webm-sd/31c3-6195-en-The_Cloud_Conspiracy_2008-2014_webm-sd.webm.torrent -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Telecommunications to Cuba in New Policies
Hello Libtech, The Cuba new rules are out, since there are two jurisdictions covering the country, they are split between services (Treasury's OFAC) and goods (Commerce's BIS). The short story is that Cuba is close to Iran's policies now, which a bit of difference owing to how it was done. Positive news though. OFAC: https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-00632.pdf BIS: https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-00590.pdf Cordially, Collin On Thu, Jan 8, 2015 at 11:37 AM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: I agree that the credit card stuff is by far the most important, and not principally because of its implications in terms of tech Not sure about the impact or not of the democracy promotion programs, but my feeling is that there's going to be a surge of those programs! So what? I'm pretty sure though that hardly anybody in Cuba would stop making a CC transaction in the island thanks to his US relatives Obama because of that.. Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (347) 766-5008 On Wed, Dec 17, 2014 at 7:47 PM, Collin Anderson col...@averysmallbird.com wrote: On Wed, Dec 17, 2014 at 8:33 PM, Ellery Biddle ellery.bid...@gmail.com wrote: The financial piece here is also really important to follow, I think. Although a lot of what Obama laid out today was actually somewhat preliminary and short on detail, he very explicitly stated that US credit cards would now be accepted in Cuba. Actually in this regard, perhaps the most important contribution will be the removal of Cuba from the state sponsors of terrorism list and the allowance of direct correspondent banking relationships. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Jan 15, 2015, at 11:20 AM, J.M. Porup j...@porup.com wrote: On 01/15/15 13:45, Al Billings wrote: Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. From there, the list of demands gets rather high and the list of solutions non-existent. I’m well aware of the Snowden revelations. I’m also well aware that people like Moxie are doing good work to try to counter some of the NSA grabs of Internet data. The post read like crazy person FUD. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? There is no utopia of freedom. But we can avoid the dystopia of tyranny the United States is rapidly becoming. By going where? Please do say. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Good point, it's unfair to isolate out just the US. Seems like some other nations viewed the Snowden disclosures as prescriptive or aspirational, or were already aligned. Britain, for instance! So tragic what's happening there. There are some countries where the respect for individual sovereignty seems a bit more integral - Switzerland, Iceland perhaps - where government efforts to compell private actors within their borders to compromise security seems unlikely, and where business models typically seem less surveillance-based. But that's a pretty weak foundation, I concede. It's just the US has become such an embarrassingly good example of this. Brian On Thu, 15 Jan 2015, Al Billings wrote: So, which countries exist where we *can* trust the binaries when they’re made within them? On Jan 15, 2015, at 10:38 AM, Brian Behlendorf br...@behlendorf.com wrote: Sadly, given what we know about the current state of play and the actors involved (state-based, non-state, ad-tech companies, etc) it's sadly the case that we can't trust binaries made in the US if the public can't reproduce the build from source. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Centralization is the problem. If we assume that all centralized software has been commandeered (as we should), I would rather see that commandeering evenly distributed around the world, competing against each other, than concentrated into the vile, toxic stew that is Silicon Valley in the US. On 01/15/15 14:44, Al Billings wrote: You’re avoiding the question. Please name a nation state in which software can be produced which isn’t subject to the kind of legal pressures or potential requirements as the USA when it comes to national security, spying, and the like. Russia? Nope. The UK? Nope. Germany? Nope. I could go on. So, since you can’t trust any software (so you say) produced in the USA, rather than just making snide comments about “Merkans,” please tell us which nation will not have these problems so we can all make our software there. On Jan 15, 2015, at 11:41 AM, J.M. Porup j...@porup.com wrote: I know it's hard for some Merkans to understand, but there is this magical place called Rest of the World. There are even parts you haven't bombed yet! You might try there. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Not by going elsewhere. By changing the direction and/or leadership of the country. I'd like to go back toward the direction of land of the free and home of the brave instead of a place where it's illegal to buy a Big Gulp and it's considered unfair that I work my butt off and earn a lot of money because people who don't want to work aren't satisfied with the level of food stamps they receive or the brand of free cell phone they get from a free government program. ALSO, a place where my last sentence wouldn't be considered racist. It's ridiculous that my 13 year old son feels compelled to apologize every time he uses the word black, even when he's describing the color of a kitchen appliance. Sorry, not tech related, but I had to chime in. Aloha! On 1/15/2015 9:25 AM, Al Billings wrote: On Jan 15, 2015, at 11:20 AM, J.M. Porup j...@porup.com wrote: On 01/15/15 13:45, Al Billings wrote: Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. From there, the list of demands gets rather high and the list of solutions non-existent. I’m well aware of the Snowden revelations. I’m also well aware that people like Moxie are doing good work to try to counter some of the NSA grabs of Internet data. The post read like crazy person FUD. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? There is no utopia of freedom. But we can avoid the dystopia of tyranny the United States is rapidly becoming. By going where? Please do say. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On 01/15/15 14:25, Al Billings wrote: On Jan 15, 2015, at 11:20 AM, J.M. Porup j...@porup.com wrote: On 01/15/15 13:45, Al Billings wrote: Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. From there, the list of demands gets rather high and the list of solutions non-existent. I’m well aware of the Snowden revelations. I’m also well aware that people like Moxie are doing good work to try to counter some of the NSA grabs of Internet data. The post read like crazy person FUD. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? There is no utopia of freedom. But we can avoid the dystopia of tyranny the United States is rapidly becoming. By going where? Please do say. I know it's hard for some Merkans to understand, but there is this magical place called Rest of the World. There are even parts you haven't bombed yet! You might try there. JMP -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. From there, the list of demands gets rather high and the list of solutions non-existent. I’m well aware of the Snowden revelations. I’m also well aware that people like Moxie are doing good work to try to counter some of the NSA grabs of Internet data. The post read like crazy person FUD. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? On Jan 15, 2015, at 10:30 AM, hellekin helle...@gnu.org wrote: Signed PGP part On 01/15/2015 02:35 PM, Al Billings wrote: Pull that tinfoil hat a little tighter. *** Aren't the Snowden leaks enough? What else do you need really? Then go visit the GNU.org section on Malware. Deflecting legitimate criticism with such a tongue-in-cheek comment is not going to change the fact that the USA have been led by tricksters doing whatever in their power to confuse their and other countries citizens in order to serve the short term and strategic interests of the military industrial complex, with impunity and a complete lack of touch with reality and ethics. If by now this is not clear to you, you're delusional or a part of that system. You can certainly criticize lynX's hard position if you like, but dismissing its criticism as lunatic is entirely on you. Frankly, having a security person from Mozilla do this is a bit staggering. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/15/2015 02:35 PM, Al Billings wrote: Pull that tinfoil hat a little tighter. *** Aren't the Snowden leaks enough? What else do you need really? Then go visit the GNU.org section on Malware. Deflecting legitimate criticism with such a tongue-in-cheek comment is not going to change the fact that the USA have been led by tricksters doing whatever in their power to confuse their and other countries citizens in order to serve the short term and strategic interests of the military industrial complex, with impunity and a complete lack of touch with reality and ethics. If by now this is not clear to you, you're delusional or a part of that system. You can certainly criticize lynX's hard position if you like, but dismissing its criticism as lunatic is entirely on you. Frankly, having a security person from Mozilla do this is a bit staggering. == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJUuAchXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg910cQALR12wgEKiobl6tRir7agfyE PDLTn+7rUJiTOOcD45+QL+6zaz4+WiGffOebBk9eoYGcJK/gS6mTpgTWokZ/nIW9 BZynEasnKSCz1MiPiVnmH6R3Zkz7ECOeXKJt05YyGiQHsdw/metH4Iti9nBhzf0M L5L3+dlJo2KMCT3U+/+vNM/C4fGFy7Q1s+4sLE/5zoEHYNuugt+ROTyrQbuDGXLP CvGuKWoI0CjWn0g28QQ+lAvnFE4oXYY1ULLgOiSRGRawiT2rRpYDGxYKxbHk5Wq3 aAySlljlmCxCQxoOn5E3ZcY+g/IQiAgaI+l6MSiySr0taLhesDtYAinAFBaZch8T 1mJnVv7HbTkUHAehq2ClDOR5ixKDbYojJ3Fuc4+sk7kLwx09t4UkU/n8ShcI5ixV wueFIerfHDyKTA3Uwx9ITqtTkoRGab/hqifxxD+XcZ24wNY6p1s6LjmcqbnjBshk BIhOmPnEIba9AtLLzBE3gdoqlZVeY6v2OH4u80JL+mW+PlH2lN6/vcPTg4FzxCXj bYnYQx7Mrx1wWn9YZ8vlMimmgyKCsBah2Pqe/KrW6zQiyg1O6gHZx1RoMit2CBtR rUSHVYmriit+nppTY2ArDZSzkHYa8PnRwxYsJiEm0jHRBOaxzUdLvj8qufLXCGw7 /OIVM6SgCGj3t5fkCYk3 =rRWb -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
So, which countries exist where we *can* trust the binaries when they’re made within them? On Jan 15, 2015, at 10:38 AM, Brian Behlendorf br...@behlendorf.com wrote: Sadly, given what we know about the current state of play and the actors involved (state-based, non-state, ad-tech companies, etc) it's sadly the case that we can't trust binaries made in the US if the public can't reproduce the build from source. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Thu, 2015-01-15 at 11:44 -0800, Al Billings wrote: You’re avoiding the question. Please name a nation state in which software can be produced which isn’t subject to the kind of legal pressures or potential requirements as the USA when it comes to national security, spying, and the like. Russia? Nope. The UK? Nope. Germany? Nope. I could go on. Hell, none of these choices even get you out from under the NSA's thumb, despite being off USA soil. If you are a communications company with a non-trivial number of users, you will be a target of multiple national security organizations. If you don't have the capability to do regular CIA-level background checks on all your employees and contributors, you can be infiltrated. -- Mathematics is the supreme nostalgia of our time. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Thu, Jan 15, 2015 at 12:50:41PM -0500, Richard Brooks wrote: Actually, you also need to have source code for the compilers used and the compiler's compilers... Yes, we have those. We have systems completely produced from source and others that are working on complete reproduceability. And that ignores the use of hardware trojans. No, it puts things in perspective. Hardware backdoors I think are more likely to be suitable for targeted surveillance, not mass surveillance. Targeted surveillance is not a problem for democracy as much as bulk surveillance, so I consider that progress. Also having to bring backdoors down into the hardware drives up the cost of surveillance. That is good. Surveillance must be expensive if we want democracy to prevail. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Thu, 15 Jan 2015, carlo von lynX wrote: On Thu, Jan 15, 2015 at 12:50:41PM -0500, Richard Brooks wrote: Actually, you also need to have source code for the compilers used and the compiler's compilers... Yes, we have those. We have systems completely produced from source and others that are working on complete reproduceability. If anyone would like a decent intro and overview of why this is important and what the current state is, Mike Perry's and Seth Schoen's presentation from CCC is worth the time: http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html#video Sadly, given what we know about the current state of play and the actors involved (state-based, non-state, ad-tech companies, etc) it's sadly the case that we can't trust binaries made in the US if the public can't reproduce the build from source. This is tragic both for users and for US firms in this space. This is not tinfoil-hat terrain. The good news is every incremental step towards that goal - reproduceable builds from public source - brings some benefit. So no need to be cynical or feel helpless. Axolotl seems like a good first step; maybe it'll be a gateway drug to ChatSecure. Brian -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Thu, Jan 15, 2015 at 10:45:16AM -0800, Al Billings wrote: Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. You are free to trust him to spend a night at your home. I would if he was my friend, but I never met him. Yet the word trust in politics is the root of most evil, and to entrust a person with the responsability for millions of people whose civil rights may be respected or infringed without them even finding out.. well, that is more than trust. That is irresponsible towards all involved people, including Moxie. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. Similar issues, at times, but not the same. Like Germany has this rule that secret service wants access if you're a communications provider for more than 9'999 users (if I was told correctly). But the way that law is written it would not allow the secret service to impose on the company not to deliver end-to-end encryption to the users. The way laws do not apply on this topic is specific to the U.S, shared only with non-democratic regimes. Only the U.S. Supreme Court or an amendment to the Constitution could rectify the power balance between citizen and president in this matter. [1] You and I know, that no binary distribution should be trusted, no matter where on Earth it was compiled. But that is not a point of view the general public is ready to adopt. The mainstream press and the majority of people out there still believe that companies can have an ethos, can actually do what they market, and that proprietary software could possibly be trustworthy - at least as long as the press says good things about it. To these people it is no viable argumentation to say, you must only use free software (I say that all the time), but it does mean something to them to find out that the laws are such that the promises a company is making are 1. irrelevant and 2. have to be deceptive because that is what is expected from them. That *is* news. At least in other countries this kind of behavior is ILLEGAL. We don't know if it's not happening, but at least it could get some people in trouble if they got caught with their hands in the pudding. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? Utopia is nowhere. But you as a U.S. citizen are better off in most democratic countries on Earth: not only do almost all countries respect your civil rights even if you're a foreigner (The U.S. is the only country that treats foreigners as vegetables by law [1]. Other countries at least infringe their own laws when they do this.) Plus, by leaving the U.S. the NSA is still supposed to not spy on you, so it needs the GCHQ to take care of that. It may be hard to prove, but I believe GCHQ is breaching its laws when it does that favor to the U.S. There are more reasons why some countries qualify as less bad but I prefer not to elaborate. [1] as before -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On Jan 15, 2015, at 2:33 PM, hellekin helle...@gnu.org wrote: Signed PGP part On 01/15/2015 04:44 PM, Al Billings wrote: So, since you can’t trust any software (so you say) produced in the USA *** Not any software: non-free software, and software running on servers subjected to gag orders, as you well know for being a compatriot of the late Lavabit service. ? I’ve never used Lavabit or been associated with it. I’ve met one or two of the folks from it at a security conference, I think. I’ve worked for the same company for 7 1/2 years now, an open source one, in fact. Since when the LiberationTech mailing list discusses non-free software? I thought software freedom and access to the source code was considered a requirement for considering a system secure. According to whom? I think open source (I’ll leave aside whether “open source” is “free software”) is ideal but it is not the only thing worth discussing. Otherwise, we wouldn’t be discussing most mobile applications. Most people don't understand the extent of the compromise and will happily use whatever the experts say is good enough. There's a social responsibility of technicians towards we, the people, that cannot simply be dismissed as lunacy. I applaud what Moxie has been doing, as it provides better-than-nothing for an immediate need of many. But it's patching a sieve with tape: it will slow down the catastrophe but won't solve the bigger issue. And your solution is what? Al -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/15/2015 04:44 PM, Al Billings wrote: So, since you can’t trust any software (so you say) produced in the USA *** Not any software: non-free software, and software running on servers subjected to gag orders, as you well know for being a compatriot of the late Lavabit service. Since when the LiberationTech mailing list discusses non-free software? I thought software freedom and access to the source code was considered a requirement for considering a system secure. As you also well know, there's no way to either escape NSA's tentacles, nor leave the planet. When you're not subjected to forced silence by terrorist laws of the USA, you're subjected to illegal cracking of machines by the FVEY, as revealed by the FBI's right to consider any foreign system as a potential target. It's very damageable to think that because the reach of NSA and foes is unlimited, although illegal, we cannot criticize the claims to offer am allegedly secure solution to hundreds of millions of people by merging well-intended and paladin code of trusted people with an inherently insecure proprietary system. It's certainly better than nothing at all, but from this to uphold it as an acceptable solution is understating if not dismissing the need to provide technical solutions to effectively thwart global surveillance. Most people don't understand the extent of the compromise and will happily use whatever the experts say is good enough. There's a social responsibility of technicians towards we, the people, that cannot simply be dismissed as lunacy. I applaud what Moxie has been doing, as it provides better-than-nothing for an immediate need of many. But it's patching a sieve with tape: it will slow down the catastrophe but won't solve the bigger issue. And no, there's no nation on Earth that can solve that problem either: global surveillance knows no border, although legally it should. Global surveillance is totalitarianism justified by the conviction the watchers are the good guys defending our values; they decided unilaterally that because it's technically feasible, they can do it, regardless of the rule of Law and ethics. Therefore no technical solution alone can remove their power, but what serious technical solutions can do is to remove the support for such power: centralized services, reliance on servers and proprietary software. Cloud providers in the USA know very well the cost of NSA's abuse of power as foreigners prefer using cloud services outside of the Empire's jurisdiction. But that is not enough, as TPP, TTIP and other upcoming legislations crafted in secret by corporate U.S. and transnational interests of the Northern Hemisphere demonstrate, which are leading to, or more precisely aiming at removing national sovereignty everywhere. If we start taking a beaver's dam for a polder, we're not going anywhere. == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJUuEBOXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9K/4P/iHD+CfwIkq8sTBNVf0tS+gj uAYt5TmZ9jGy0HZ8uuuscUYKSegJpKVji7H/f5Jn9rloCFs7RwL0sq038z6I9nEP 3jDRznGMZL9gSdbu29it4J5wc1gPuyKuxUaIpSA9Qq25vDLyqgkiKkn6phwStwUp 9zbfzUy6rseL0kE5oknLPDmzU5iWs34g9uOJWTdrKNO8hKIAbFKmnB2VgAXCb/P+ 4ugXnWfcaA1eg+1UMmj5G6JmE/mzmsrtVuyovIpqyQX2pCp4aqm6H+1a6DObVu3S wctIon0HTj6axgFKDpbPUpWOAK44y2WTgDh4rE64A/XMWuq1PrmlgA5vUyOfO0bn BaNCSL9ou6/lpqUU/B7ETX3iQAxwGXDljDJ6nwi5NNa69e1YQGAGoVi7X9fQ0TnX MZ5LqL6ToX0euvhMizFAWGuTfBuz16o2DGz9HJQnoyYfPP/tW4O5Zxa2lMJ98xoJ slxbXm8ECKr8gzYx2tuiELazR+2OYn0wIXDKPJgMDzxGGU4+ps2HDP59bV10wBs+ V1jbdiHyfUg7KUovutXLrquwjh6tQEg4YJG7bKmKTGdA5WS93lSvGZTWQ6wsyHfP DJUqmR7UTj4juB446JOgy8sGdVeryDPSnhF66vXALYzxRMPKj9v72eenypxxr/AT FAlUUpvFCcCU/1jnMFU/ =ZFnB -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Of course I know about Lavabit. That’s not what you said though. You said that I was a “compatriot of that service” when I have no association with it. You seemed to presuming some kind of involvement with it on my part. I take it that English isn’t your first language though so perhaps this is one of those language things. On Jan 15, 2015, at 4:00 PM, hellekin helle...@gnu.org wrote: I’ve never used Lavabit or been associated with it. *** I certainly hope you know what I'm talking about. If not, the Lavabit owner preferred to close the service instead of being subjected to a gag order and betraying his customers and convictions. Nothing like this happened with other services subjected to such treatment or worse. I won't make you the insult of presuming you didn't hear about PRISM as well. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] TICSA New Zeland Law killing freedom of innovation and research
Title : The New-Zealand NSA, GCSB won't wear a CARDIGAN How the networking research and innovation project CARDIGAN [1] http://conferences.sigcomm.org/sigcomm/2013/papers/hotsdn/p169.pdf in Software Defined Networking SDN Openflow [13] http://archive.openflow.org/wp/learnmo have been killed by the New Zealand NSA local agency GCSB [5] http://www.gcsb.govt.nz/our-work/[6] http://en.wikipedia.org/wiki/Government_Communications_Security_Bureau law TICSA [4] http://www.ncsc.govt.nz/ticsa/[7] http://www.police.govt.nz/about-us/programmes-and-initiatives/telecommunications/questions-answers: All New-Zealander operators have to declare the manufacturing origin of all their network equipment. How all the component of a complex pieces of hardware like an Ethernet switch could have single origin ?! All New-Zealander operators have to declare 20 days in advance any type of change on their network, for example adding a new routing policy or a activating a new link. If there is no respect of one of those two points they will have to pay a monstrous redundant daily fine. The REANNZ CARDIGAN [1] http://conferences.sigcomm.org/sigcomm/2013/papers/hotsdn/p169.pdf[2] http://homepages.ecs.vuw.ac.nz/foswiki/pub/Users/Josh/TREEHOUSE/fla-poster.pdf [3] http://www.zdnet.com/article/treehouse-software-defined-networking-project-claims-a-breakthrough/ [11] http://reannz.co.nz/about-reannz was the first SDN IXP distributed fabric network in operation. It was running for more than two years and important on going academic project like OONI [8] could have reprogrammed dynamically the fabric routing policy to counter possible censorship. But no, REANNZ could not offer the economic risk as GCSB did not like or/and understand the CARDIGAN project. FVEY[9] http://en.wikipedia.org/wiki/Five_Eyes laws are killing the Academic Freedom [12] http://en.wikipedia.org/wiki/Academic_freedomto preserve interceptions against our privacy. SDN for IXP [10] http://en.wikipedia.org/wiki/Internet_exchange_point projects can be used to insure a better control by the citizens on their own digital contents during local transit and peering. - [1] http://conferences.sigcomm.org/sigcomm/2013/papers/hotsdn/p169.pdf [2] http://homepages.ecs.vuw.ac.nz/foswiki/pub/Users/Josh/TREEHOUSE/fla -poster.pdf [3] http://www.zdnet.com/article/treehouse -software-defined-networking-project-claims-a-breakthrough/ [4] http://www.ncsc.govt.nz/ticsa/ [5] http://www.gcsb.govt.nz/our-work/ [6] http://en.wikipedia.org/wiki/Government_Communications_Security_Bureau [7] http://www.police.govt.nz /about-us/programmes-and-initiatives/telecommunications/questions-answers [8] https://ooni.torproject.org/ [9] http://en.wikipedia.org/wiki/Five_Eyes [10] http://en.wikipedia.org/wiki/Internet_exchange_point [11] http://reannz.co.nz/about-reannz [12] http://en.wikipedia.org/wiki/Academic_freedom [13] http://archive.openflow.org/wp/learnmo -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Fwd: Call for Applications: Fletcher Summer Institute 2015. Application Deadline February 16
Greetings Liberation Tech Community! I wanted to pass along the annual call for applications to the Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict http://www.nonviolent-conflict.org/index.php/learning-and-resources/educational-initiatives/fletcher-summer-institute, a joint executive education program put on by International Center on Nonviolent Conflict http://nonviolent-conflict.org/ and The Fletcher School of Law and Diplomacy. This rigorous, week-long interdisciplinary program explores the theory and practice of strategic nonviolent conflict (a.k.a. civil resistance) and how it has shaped both history, as well as the conflicts of today and into the future. The institute brings together a dynamic group of activists, scholars, journalists, policy makers, and members of civil society from all over the world for an intense and gratifying week! I hope you will share the announcement with friends and colleagues you think might be interested. If you or anyone you know has questions about the program or how to apply, please feel free to have them email me in the coming weeks. Best, Althea *Apologies if you already received the announcement* --- *Althea Middleton-Detzner* Facilitator | Trainer | Strategist Skype: altheamd Twitter: @altheamarie https://twitter.com/altheamarie Connect via LinkedIn https://www.linkedin.com/in/altheamd Having trouble viewing this email? Click here http://campaign.r20.constantcontact.com/render?ca=9fac0814-70d9-42a6-b691-8cc33cdf1f75c=417e4230-3531-11e3-b725-d4ae527536d1ch=424a92e0-3531-11e3-b88d-d4ae527536d1 *Call for Applications: Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict* http://r20.rs6.net/tn.jsp?f=001fy-wfTrPJ5VKBSkIltAEiBwWOIfZbwSMCt_uVG7sOalAXVLprJWL2i6s0rzc_yPeP0hjp558M6PPJRKdZrA9ONKDIk9Hp00HpME04zmGwDfD93pXU8dnK7QhWnVwgxnM137KkohTL6LuiG6xZxisaomGU24EPdnKcJ8j-8R5vlZjfbFNmBeUwSDr-uAZlzkjfytzcVuk5lU9VOAACqSTjRYIS0klhG1Od5wcxElv21-gv68WM7Dy6JFl7LF14Q9ARoEclfeOGDiEHG3bK02PexSLVU_i9mG1BhFIKm6lHxPIwB99BHEnpOBZyPjrtr8hc=qzTU21aeMbNKgmiJpV5BReWdF04gYYY5GPiN8bWdFFqIfVR5lYZzmA==ch=o0WdMbiegYoBoTstZFXOQQLeQz8N5GfpmUQs_EtM41ITNQcAmdtOzw== * Deadline to apply is February 16, 2015 * The Fletcher Summer Institute for the Advanced Study of Nonviolent Conflict (FSI) http://r20.rs6.net/tn.jsp?f=001fy-wfTrPJ5VKBSkIltAEiBwWOIfZbwSMCt_uVG7sOalAXVLprJWL2i6s0rzc_yPeSqNLRoV4VfYZ6upewUcV6_vzYHF69_HzrNdS9GvXQlSygQKcwwhbxevv7EBIBqo0-2LTr2V__es10xQhEwsS01_gWIeqOle0Ne8fOl2XUS0=c=qzTU21aeMbNKgmiJpV5BReWdF04gYYY5GPiN8bWdFFqIfVR5lYZzmA==ch=o0WdMbiegYoBoTstZFXOQQLeQz8N5GfpmUQs_EtM41ITNQcAmdtOzw== is the leading executive education program in the world focusing on the advanced, interdisciplinary study of civil resistance. Civil resistance campaigns for rights, freedom, and justice are capturing the world's attention as never before. Campaigns to protect democracy in Hong Kong, for women's rights in India, for indigenous rights in Latin America, for police accountability in the United States, against violence in Mexico, against corruption in Cambodia, against growing autocracy in Ukraine and against dictatorship in Burkina Faso are all examples in the last year of a profound global shift in how political power is developed and applied. Since 2006, over 400 participants from more than 90 countries have gathered at FSI to learn and share knowledge. The program is taught by leading international scholars, practitioners, organizers and activists from past and current struggles. It provides both a firm academic grasp of the subject of civil resistance as well as a practical understanding of the use of nonviolent struggle in a variety of conflicts for a wide range of goals. Organized in conjunction with the Fletcher School of Law and Diplomacy at Tufts University, the program offers a certificate in the Advanced Study of Nonviolent Conflict. * When: June 7-12, 2015Where: The Fletcher School, Tufts University, Boston, Massachusetts, USA Deadline:February 16, 2015 * - Click here to learn more and apply http://r20.rs6.net/tn.jsp?f=001fy-wfTrPJ5VKBSkIltAEiBwWOIfZbwSMCt_uVG7sOalAXVLprJWL2n9eLovMaMVnIV26OOBYRW2eZwOPTKVOBdjaUMOGYfOjtE2sqdjpvxWi_8VJznwnnhGPQbBmoEY7EjGw7YynxAFK4_aqTgSDQJtl3vexCS-9uUgsJ75_G-5brH34E4Lkin-nVcON-xv6n0Jcn2ey9-PMBeqOrj5PrPH_AlOIO4BXdWXaQS4pu5VrqeAeDTU3AUiu4TR02geofxa-iCOj_Futk5rIh7E-B1Jjd_7-dlP1gqQYRSmLKzRf3OzPugRaYg==c=qzTU21aeMbNKgmiJpV5BReWdF04gYYY5GPiN8bWdFFqIfVR5lYZzmA==ch=o0WdMbiegYoBoTstZFXOQQLeQz8N5GfpmUQs_EtM41ITNQcAmdtOzw== - Click here to download the FSI 2015 flyer
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
On 01/15/15 13:45, Al Billings wrote: Insisting that we both can and cannot (at the same time) trust people like Moxie simply because they live in the USA and the NSA exists is stupid. I don’t see a suggestion of what jurisdiction the author thinks people can live within where there won’t be the same issues. From there, the list of demands gets rather high and the list of solutions non-existent. I’m well aware of the Snowden revelations. I’m also well aware that people like Moxie are doing good work to try to counter some of the NSA grabs of Internet data. The post read like crazy person FUD. Which country should people be in where the government isn’t going to try to potentially legally compel them to do things or spy on their communications? Where is your utopia of freedom? There is no utopia of freedom. But we can avoid the dystopia of tyranny the United States is rapidly becoming. JMP -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
You’re avoiding the question. Please name a nation state in which software can be produced which isn’t subject to the kind of legal pressures or potential requirements as the USA when it comes to national security, spying, and the like. Russia? Nope. The UK? Nope. Germany? Nope. I could go on. So, since you can’t trust any software (so you say) produced in the USA, rather than just making snide comments about “Merkans,” please tell us which nation will not have these problems so we can all make our software there. On Jan 15, 2015, at 11:41 AM, J.M. Porup j...@porup.com wrote: I know it's hard for some Merkans to understand, but there is this magical place called Rest of the World. There are even parts you haven't bombed yet! You might try there. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?
Concerning Whatsapp there is a very interesting clue in a thread on messaging that suggests users will never know if end-to-end encryption is being used, since the server decides whether they are allowed to, and the user is not informed. Knowing the NSA that means that Whatsapp would never encrypt anything end-to-end. Whatsapp should therefore be considered a Trojan horse for people seeking easy to use privacy. Read about that at https://moderncrypto.org/mail-archive/messaging/2014/001133.html Careful on using that mailing list however. If I understood correctly it is being maintained by one of the developers of TextSecure, which is the end-to-end encryption system that has been integrated into Whatsapp, possibly with the purpose of looking good, making good headlines and never being actually run. http://www.wired.com/2014/11/whatsapp-encrypted-messaging/ Of course I assume everyone is operating in the best of intentions, including the NSA. This is just FYI. -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
