from:"Eric S Johnson"

Re: [liberationtech] Resilient Democracy project

2017-03-23 Thread Eric S Johnson

How’s that going, Lorelei—that Resilient Democracy? Got DC fixed yet?

   

 

I hope you’re well.

   Will you come to Reunion?

   We’re planning on it.

   I might try to stop thru DC on my way to Grinnell … touch base 
with some old friends …

 

We moved to Sydney a few months ago!!!

   And just before we moved, we sent elder daughter off to uni …

   … to Grinnell.

   She’s visiting us right now for her spring break (tho fall’s 
approaching here).

   She’s interested in econ.

   Her econ prof’d talked about a summer research project …

   … but has now reneged.

   So we’re talking about summer activities. It’s a little 
late—many summer internship due dates have passed.

   So I thought I’d reach out to … old friends.

   Any suggestions/thoughts for an interesting summer internship?

   Need anyone, yourself?

 

Well, anyway, hope to see you in a few months, one way or another …



Best,

Eric

 

From: liberationtech [mailto:liberationtech-boun...@lists.stanford.edu] On 
Behalf Of Lorelei Kelly
Sent: January 4, 2016 07.20
To: liberationtech@lists.stanford.edu
Subject: [liberationtech] Resilient Democracy project

 

Dear list friends, 

 

I'm starting a project soon called "Resilient Democracy" to examine how to best 
strengthen and modernize Congress in harmony with the information age.  We hope 
this initial research will be followed by pilot projects inside Congress 
itself. 

 

In defining this concept, I intend to blend insights from technology, 
governance and security.  (Resilience an appealing catch all word right now) 

 

If anything occurs to you about resilient systems, I would love any input of 
ideas, links, reading materials, events, or connections with others who might 
be working in overlapping or parallel remits. 

 

Happy New Year!  


 

-- 

Thanks,

 

Lorelei Kelly

 

Resilient Democracy Pilot Lead, Edward M Kennedy Institute for the Senate 
 

 

Affiliated Scholar, Stanford Center on International Conflict and Negotiation 

 

 

Tweeting @loreleikelly

 

 

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] @Liberationtech Daily Digest

2017-03-03 Thread Eric S Johnson

I agree with Aryt; if I want to get tweets, I can go follow the Twitter feed …

 

From: liberationtech [mailto:liberationtech-boun...@lists.stanford.edu] On 
Behalf Of Yosem Companys
Sent: March 4, 2017 09.26
To: liberationtech 
Subject: Re: [liberationtech] @Liberationtech Daily Digest

 

There was interest in having a digest of @Liberationtech tweets sent to the 
list. If the process is not working to the satisfaction of the list 
subscribers, however, I could just discontinue it.

 

Best,

Yosem

 

On Fri, Mar 3, 2017 at 2:22 PM, aryt alasti  > wrote:

Is it possible to just get messages other than Tweets? I can always follow on 
Twitter, and these lists of items are too much for me.

 

   Aryt

 

On Mar 3, 2017 4:37 PM, "Yosem Companys"  > wrote:

@Liberationtech tweeted

The Uberfication of teaching | openDemocracy https://t.co/PcItZr1DRJ

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 11:01AM

via Twitter http://twitter.com/Liberationtech/status/837377096599109634



@Liberationtech tweeted

Does the Internet Threaten Democracy? https://t.co/GVfQBmVSwh

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 11:11AM

via Twitter http://twitter.com/Liberationtech/status/837378623975866368



@Liberationtech tweeted

(New Zealand) Privacy Commission investigates data-for-funding proposal 
https://t.co/oITXDH8wTd

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 12:01PM

via Twitter http://twitter.com/Liberationtech/status/837392237164183552



@Liberationtech tweeted

FCC blocks stricter broadband privacy rules from taking effect 
https://t.co/M9hBCsQjX0 via @Reuters

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 01:06PM

via Twitter http://twitter.com/Liberationtech/status/837407376303079436



@Liberationtech tweeted

Our digital fingerprints are everywhere. How do we protect ourselves? | by 
@jgranick https://t.co/G0eseGDNYR

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 02:06PM

via Twitter http://twitter.com/Liberationtech/status/837422292900671488



@Liberationtech tweeted

Digital Diplomacy on Medium Features @Liberationtech | @ItalyinUS 
https://t.co/7y2v3cCmRr

— Liberationtech (@Liberationtech) March 2, 2017

March 02, 2017 at 03:06PM

via Twitter http://twitter.com/Liberationtech/status/837437481423421440



@Liberationtech tweeted

#China Describes Its Vision Of Government-Controlled Internet 
https://t.co/ag8mMpybMz

— Liberationtech (@Liberationtech) March 3, 2017

March 02, 2017 at 04:11PM

via Twitter http://twitter.com/Liberationtech/status/837452631106781184



@Liberationtech tweeted

What's the cost to privacy in our connected lives? https://t.co/YTyWJB4QC8 
(@AJEnglish)

— Liberationtech (@Liberationtech) March 3, 2017

March 03, 2017 at 08:03AM

via Twitter http://twitter.com/Liberationtech/status/837694116821610496



 

--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu  .


--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu  .

 

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] skype?

2016-07-18 Thread Eric S Johnson

http://www.zdnet.com/article/microsoft-launches-alpha-of-new-skype-app-for-l
inux/ says Skype’s new calling architecture is based on WebRTC!



Do we know anything more about that?



Best,

Eric

 
OpenPGP: 0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR:
 bere...@jabber.ccc.de ● Silent Circle: +1
312 614-0159



-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Burundi

2015-05-19 Thread Eric S Johnson

From a Burundi friend: 

“Bloggers are off line because of their physical security. On police
checkpoints they check phones, laptop,...
Police monitor what people are writing now. 
Many well-known bloggers fled the country or are hidden for their security.
4 private media have been burnt and other forced to close!
I myself didn't reach Burundi. I am in Kigali. 
Not imprisonment until now.
social media such as Face book, whatsapp, viber are blocked. People use
VPN”

 

On May 18, 2015 7:19 AM, Richard Brooks r...@g.clemson.edu
mailto:r...@g.clemson.edu  wrote:

We have noticed that Burundi bloggers are off-line. No
doubt related to the President's crack down after the
failed coup.

Does anyone have any news as to whether this silence is
due to:
-Internet blackout?
-Physical threat/imprisonment?
-Fear?



 

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] White Paper on digital surveillance laws in Pakistan

2014-11-30 Thread Eric S Johnson

Nighat, I found it difficult to read this document in the window provided on 
your site via the link below, so I clicked on “download a copy,” which gave me 
a DOC. When I opened the DOC, I found it still had some comments in it (like 
“for me this section doesn’t add anything. I would consider cutting it”)—you 
might want to clean that up.

 

Re the contents of the White Paper—an interesting read, but I wondered whether 
it could’ve been richer if it provided any examples of abuse. Without examples, 
it feels a little theoretical, abstract.

 

Best,

Eric

 

From: liberationtech [mailto:liberationtech-boun...@lists.stanford.edu] On 
Behalf Of Nighat Dad
Sent: Friday, November 28, 2014 03.03
To: liberationtech@lists.stanford.edu
Subject: [liberationtech] White Paper on digital surveillance laws in Pakistan

 

Hello all,

We have released a white paper on digital surveillance laws and practices in 
Pakistan. Read here http://jasoosibandkaro.pk/whitepaper/

 

Looking forward to hear your feedback.

 

 

-- 

Best,
Nighat Dad
Executive Director,
Digital Rights Foundation
www.digitalrightsfoundation.pk http://www.digitalrightsfoundation.pk 
Twitter: nighatdad
Skype: nighat.dad
Phone: +92 321 4815252



-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Y! / SSL

2014-10-06 Thread Eric S Johnson

(Of course I meant “HTTPS only,” not “HTTP only.”)

 

I’d love to detect an MITM, but in my experience the chances of there truly 
being an MITM attack going on are very small.

 

I tried connecting to Y! from a different location (different ISP) here in 
Shanghai, and the connection (in all 3 browsers) flipped to SSL and connected 
normally/correctly. I wonder whether Y! was redirecting me (to a bad cert) 
depending on how/where it saw me connecting from, or maybe they fixed a problem 
they were having earlier today. TBC

 

From: liberationtech [mailto:liberationtech-boun...@lists.stanford.edu] On 
Behalf Of Andrew Lewis
Sent: Monday, October 6, 2014 11.59
To: liberationtech
Subject: Re: [liberationtech] Y! / SSL

I am also flipping over to HTTPS, and chrome is reporting that the cert is 
valid, and upon inspection all looks as it should be. The trust chain goes up 
to a Versign root cert, so my guess is that is a bad cert you are seeing, and 
if inside china it might just be a plain old mitm.

 

 

On Oct 5, 2014, at 11:52 PM, Eric S Johnson cra...@oneotaslopes.org 
mailto:cra...@oneotaslopes.org  wrote:

I just got back to CN from a vacation. I’m now (in all three main Windows 
browsers) seeing  http://yahoo.com/ yahoo.com automatically flip over to 
HTTPS--and then give a bad cert error. The *root* cert is listed as  
http://yahoo.com/ yahoo.com and is valid “23 Sep 14 to 23 Sep 15.”

 

Is Y! experimenting with making access to their resources always-only-HTTPS? 
Are they having certificate problems? “HTTP only” seems like a good direction 
in which to go, but teaching people to accept bad cert warnings seems like a 
bad direction in which to go.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Y! / SSL

2014-10-06 Thread Eric S Johnson

  I just got back to CN from a vacation. I’m now (in all three main
  Windows browsers) seeing yahoo.com automatically flip over to
  HTTPS--and then give a bad cert error. The *root* cert is listed as
  yahoo.com and is valid “23 Sep 14 to 23 Sep 15.”

 GreatFire.org seems to have seen the same.  At least the certificate life 
 time is
 identical:
 https://twitter.com/GreatFireChina/status/516872770270269440

That's exciting. For the record, the problem occurred this morning, but is 
now no longer in evidence. (I've been out of the country for a week, so 
wouldn't've noticed the problem until now.)

Best,
Eric

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] china's cybersec-soft

2014-08-04 Thread Eric S Johnson

From Bill Bishop’s more-or-less-daily Sinocism newsletter:

 

Foreign security software off China's government procurement list – Xinhua: A 
Chinese government procurement agency has excluded Symantec and Kaspersky, two 
foreign security software developers, from a security software supplier list. 
According to a report from Beijing Youth Daily, all the five antivirus 
softwares in the list are from China, including Qihoo 360, Venustech, 
CAJinchen, Beijing Jiangmin and Rising. 

 

Best,

Eric

OpenPGP 
http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 : 
0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR: bere...@jabber.ccc.de 
mailto:bere...@jabber.ccc.de  ● Silent Circle: +1 312 614-0159

 

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] chinese tweep arrested

2014-06-10 Thread Eric S Johnson

Young Chinese Twitter User Arrested for Proposing Method to Spread Truth about 
June 4th Massacre. By China Change, published: June 9, 2014. On Monday, June 
9th, China’s state-run media outlet China News reported that Beijing police had 
arrested a 22-year-old young female by the family name Zhao for posting an 
article on Twitter that teaches how to use a pseudo base station “to send 
illegal information.” According to the report, the Chinese internet security 
police formed a task force to solve the case as soon as they discovered this 
particular tweet, and a multi-agency investigation led to Zhao’s arrest and the 
confiscation of her “criminal tool”--a laptop computer.

[…] 

A Twitter newcomer asked how the Chinese police could have found out the 
identity of Ms. Zhao Huaxu. A veteran tweep who attended the June 4th vigil in 
Victoria Park in Hong Kong replied, speaking of his return to mainland China 
after the vigil, “As soon as my plane landed, I was approached and interrogated 
by Big Brother’s people. I would say every single tweet is being closely 
watched by someone.”

 

http://chinachange.org/2014/06/09/young-chinese-twitter-user-arrested-for-teaching-a-method-to-spread-illegal-information/

 

(from today’s Sinocism)

 

Best,

Eric

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] FW: Your 4 hourly digest for Ars Technica

2014-04-09 Thread Eric S Johnson

Pursuant to the recent libtech discussion about whether resources should be 
invested in plugging a hole if there’s no known compromise/cost, see this 
sentence in the below: several readers reported their Ars accounts were 
hijacked by people who exploited the bug and obtained other readers' account 
passwords.

Anyone else know of successful heartbleed exploitation?

Best, Eric

Ars Technica
The Art of Technology 
Dear readers, please change your Ars account passwords ASAP 
Apr 9th 2014, 00:49, by Dan Goodin 
For more than two years, the Internet's most popular implementation of the 
Transport Layer Security (TLS) protocol has contained a critical defect that 
allowed attackers to pluck passwords, authentication cookies, and other 
sensitive data out of the private server memory of websites. Ars was among the 
millions of sites using the OpenSSL library, and that means we too were bitten 
by this extraordinarily nasty bug.
By mid morning Tuesday, Ars engineers already updated OpenSSL and revoked and 
replaced our site's old TLS certificate. That effectively plugged the hole 
created by the vulnerability. By installing the OpenSSL update, attackers could 
no longer siphon sensitive data out of our server memory. And although there's 
no evidence the private encryption key for Ars' previous TLS certificate was 
compromised, the replacement ensured no one could impersonate the site in the 
event hackers obtained the key.
With Ars servers fully updated, it's time to turn our attention to the next 
phase of recovery. In the hours immediately following the public disclosure of 
the so-called Heartbleed vulnerability, several readers reported their Ars 
accounts were hijacked by people who exploited the bug and obtained other 
readers' account passwords. There's no way of knowing if compromises happened 
earlier than that. Ars has no evidence such hacks did occur, but two years is a 
long time. There's simply no way of ruling out the possibility.
It's for this reason that Ars strongly recommends all readers change their 
account passwords. A password change is especially urgent for people who logged 
in between Monday evening and mid morning on Tuesday. It's also particularly 
important for anyone who used their Ars password to protect accounts on other 
sites or anyone whose Ars accounts contained private messages of a sensitive 
nature. But again, out of an abundance of caution, Ars strongly urges all users 
to reset their pass codes.
As always, security-conscious readers should choose unique, randomly generated 
passwords at least nine characters long that contain upper- and lower-case 
letters, numbers, and symbols. For a refresher on good password hygiene, see 
Ars senior IT reporter Jon Brodkin's The secret to online safety: Lies, random 
characters, and a password manager.

http://arstechnica.com/security/2014/04/dear-readers-please-change-your-ars-account-passwords-asap/



-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] google ca

2014-02-28 Thread Eric S Johnson

My OpenPGP client (SED) uses user-approved pinning to decide whether to accept 
a never-before-seen certificate when connecting using TLS/SSL to send/receive 
e-mail via SMTP/POP3.

 

Recently it’s been asking me to approve new certificates for each of Google’s 
many mail servers (I see many of them because I travel a lot internationally 
and Google seems to load-share based on geography). (I see the same thing for 
other large free e-mail providers, but none even fractionally as many servers 
as Google. I think I’ve seen about 35 for Google.)

 

The new certs all use “Google CA” as their CA. I assume this is legit, but do 
any of you know for sure? (I haven’t seen much online about it.)

 

Best,

Eric

OpenPGP 
http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 : 
0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR: bere...@jabber.ccc.de 
mailto:bere...@jabber.ccc.de  ● Silent Circle: +1 312 614-0159

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Google Unveils Tools to Access Web From Repressive Countries | TIME.com

2013-10-21 Thread Eric S Johnson

Without answering Jillian’s question directly, I have to say: “the more, the 
merrier.”

 

Right now, in cybercensored countries, it’s true many folks (though far from 
all) have heard about one or more cybercircumvention tools. But most folks’ 
attempts to use them are not entirely successful, either because

*their proxies are blocked too, or

*the proxy to which they can get access is overloaded.

At this point, the need for more proxies to solve these two problems is far 
from exhausted.

 

I still haven’t heard of any cases where someone’s been persecuted because they 
used a proxy. I’m certainly not saying folks shouldn’t care about anonymity, 
just remembering that for the vast majority of cybercensored netizens, 
anonymity isn’t what they perceive to be the issue they face when they browse; 
censorship is.

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 
OpenPGP: 0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR:  mailto:bere...@jabber.ccc.de 
bere...@jabber.ccc.de ● Silent Circle: +1 312 614-0159

 

From: liberationtech-boun...@lists.stanford.edu 
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Jillian C. York
Sent: Tuesday, October 22, 2013 08.01
To: liberationtech
Subject: Re: [liberationtech] Google Unveils Tools to Access Web From 
Repressive Countries | TIME.com

 

Since I already have more skepticism of Google Ideas and Jared Cohen than I 
need, let me pose this question:

 

With the understanding that uProxy provides no anonymity protections, is it 
providing anything that other circumvention tools do not already?  What's 
unique about it?

 

 

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] FW: Urgent notice from PureVPN

2013-10-05 Thread Eric S Johnson

Hmmm (below).

 

 mailto:OpenPGP OpenPGP: 0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR:  
mailto:bere...@jabber.ccc.de bere...@jabber.ccc.de ● Silent Circle: +1 312 
614-0159

 

From: Uzair Gadit [mailto:uzair.ga...@purevpn.com] 
Sent: Sunday, October 6, 2013 11.28
To: [xxx]
Subject: Urgent notice from PureVPN

 







Email not displaying correctly? [xxx] in your browser

 






Dear customer,

I'm sorry to inform you that due to an incident we had to close your account 
permanently. We are no longer able to run an anonymization service due to legal 
issues we are facing.

We had to handover all customer’s information to the authorities unfortunately. 
They might contact you if they need any details about the case they are working 
on. The following information was handed over: your name, billing address and 
phone number provided during purchase and any documents we had on file (for 
example scan of your ID or driver’s license if you have provided these to our 
billing department).

We are also sorry we are not able to refund you, however if you wish your money 
back, please open a dispute on PayPal or file a chargeback with your credit 
card company. This is the only way we can refund you as our bank account is 
frozen during this investigation. We recommend you to do this as soon as 
possible as we can't guarantee all customers will get their money back.

We apologize once more this had to happen.

Yours sincerely,
Uzair Gadit
PureVPN founder

 




To unsubscribe please click [xxx]



Uzair Gadit
8th Floor Gloucester Tower, The Landmark, Central, Central, Central

  
http://email.purevpn.com/wf/open?upn=CMEyNuRuK4se-2BjpgDyEsHMruH8eYe25fuESCklYeIfazjXg-2BKMcMOKH7iYppU7tabicEQzCGszFBKRbG9qb5QzIbJYRjub1ToLfflVDlISDyvDun3ZdV8OKTuINPrkE4tG-2BI52aW-2BqHgW4eotFYPRQkHQKXEhNxeztFAJ0-2B74-2BkqZMmRlH4l4TQDZx1JINFXEuRSCpnSeubki7tA1xkPfB-2BVLcn-2F5OS7yDC2FNHFiUBijSX8vb4JMgxGVyd7hM49dnKDQBlHvEmFtJAQ2RPZYHkgt0cN0w0XreQbFvzo5ZsNO-2F3aPZPFf0Bq5cKA0xWsJtnP7UlX8FwdM2WLnDWpCMDmepte-2Fv10bA4qAN4dnTAxBuD5z-2F4dW42rE5DVSAHtp-2BquTvqxcdXnMc0-2BObqxOw-3D-3D
 

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] SMS questions

2013-08-27 Thread Eric S Johnson

How about a customized version of Mobile Martus?

Best,
Eric
OpenPGP: 0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR: bere...@jabber.ccc.de ●
Silent Circle: +1 312 614-0159

 -Original Message-
 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
 boun...@lists.stanford.edu] On Behalf Of Richard Brooks
 Sent: Tuesday, August 27, 2013 09.36
 To: liberationtech
 Subject: [liberationtech] SMS questions

 I have colleagues living in a small country, far, far away with a history
of
 rigged elections who want to put in place a system for collecting
information
 using SMS. The local government keeps shutting down the systems that they
 put in place.

 I think I understand their needs and wants. SMS is really not my strong
point.
 If anyone with an understanding of SMS, SMS web interfaces, and/or related
 security issues would be willing to point me in the right direction (or
discuss
 potential issues) I (and by extension
 they) would be grateful.

 The alternative is for me to dedicate my excess cycles to researching
those
 issues from scratch, which sounds time consuming. They kind of need help
in
 the near future.

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] SecureGmail Chrome extension

2013-07-24 Thread Eric S Johnson

Wouldn't it be better to use asymmetric encryption-e.g. something
OpenPGP-based, like Mailvelope?

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Rebecca
MacKinnon
Sent: 24 July 2013 23.03
To: liberationtech
Subject: [liberationtech] SecureGmail Chrome extension

 

http://blog.kaspersky.com/send-gmails-that-not-even-google-can-read/

 

Interested in people's opinions of this. 

 

Thanks.

Rebecca


 

-- 

Rebecca MacKinnon
Author, Consent of the Networked http://consentofthenetworked.com/  
Project Lead, Ranking Digital Rights http://rankingdigitalrights.org/ 

Co-founder, Global Voices http://globalvoicesonline.org/ 

Senior Research Fellow, New America Foundation
http://newamerica.net/user/303 

Twitter: @rmack http://twitter.com/rmack 

Office: +1-202-596-3343

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Interesting QA

2013-06-17 Thread Eric S Johnson

 Apple already builds in encryption into many of its products:
 FileVault disk encryption, Mail.app S/MIME support, iMessage 
 Facetime end-to-end encryption, and iCloud keychain are a few
 examples.

File Vault 2, the whole-hard-disk-encryption solution built in to Mac OS
10.7 and up, is super-easy to use--precisely the same as BitLocker, the
analogous solution built in to Windows 7 Ultimate and Windows 8 Pro.
Cybersecurity seminar trainees are often surprised to find they already have
these tools but never knew it. They're not on by default.

Best,
Eric

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Interesting QA

2013-06-17 Thread Eric S Johnson

  I wonder what encryption software would look like if Apple made it as
 friendly as their products
 
 While not from Apple, I think the latest version of GPGtools for the Mac
 (https://gpgtools.org) is quite nice.

Agreed. Even my 13-year-old's using it. I do wish something as easy existed
for MS Outlook users. Symantec Desktop Encryption works well and is much
more powerful but is also much harder to use (besides costing much more!).

Best,
Eric

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Network surveillance

2013-06-05 Thread Eric S Johnson

I've heard that a lot (especially it's the Chinese) but found very little
evidence to support such allegations. 

In Addis last fall, was told by a source with some inside information that
the Ethiopian state's cybersurveillance software came from Israel.

The pictures which rebels shot of the Libyan cybersurveillance center's
equipment (after the Gaddafi government fell) identified it as having been
delivered as part of a (Chinese) ZTE contract.

It does seem reasonable to suppose almost any cybersurveillance system is
based on high-speed routers, which almost by definition came from one of a
very small number of suppliers (Cisco, ZTE, Huawei?).

It would be a super-good thing to gather evidence about such allegations--if
you can ask people who say it's the Chinese what data they have ...

 -Original Message-
 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
 boun...@lists.stanford.edu] On Behalf Of Richard Brooks
 Sent: 06 June 2013 5.07
 To: liberationtech@lists.stanford.edu
 Subject: [liberationtech] Network surveillance
 
 Just talked with a lot of people who think network surveillance
 equipment in their countries are being bought from either
 Israelis or Chinese. It seems that they are competing for
 market share. Was not aware of Israeli companies working in this
 space.

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Fwd: FW: Soliciting Comments: Internet Openness Metric Project

2013-04-11 Thread Eric S Johnson

Sounds a lot like Freedom House's freedom online rating/ranking.

 

Are you happily at home in TBS?

 

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Troy Etulain
Sent: 11 April 2013 20.21
To: liberationtech@lists.stanford.edu
Subject: [liberationtech] Fwd: FW: Soliciting Comments: Internet Openness
Metric Project

 

Just the messenger here...


-Original Message- 
From: K. Daniel Wang [kdani...@gwmail.gwu.edu]
Received: Thursday, 11 Apr 2013, 1:18am
To: Susan Aaronson [saaro...@gwu.edu]
Subject: Soliciting Comments: Internet Openness Metric Project



Dear Colleague:

We hope this note finds you doing well.  We are writing because you
registered for an event related to the Trade and Internet Governance
Project.  We write to encourage you to visit the Internet Openness Metric
Project:
http://www.gwu.edu/%7Eiiep/governance/internet_openness_metric_project/
http://www.gwu.edu/~ iiep/governance/internet _ openness_metric_project/

We are trying to describe and then develop statistics on Internet openness
and freedom and thus could benefit from your insights.  Please comment at
http://www.gwu.edu/%7Eiiep/governance/internet_openness_metric_project/comm
ents.cfm http://www.gwu.edu/~iiep/ governance/internet_openness_
metric_project/comments.cfm

Should you have any questions or concerns, please address them to
saaro...@gwu.edu
http://us.mc1615.mail.yahoo.com/mc/compose?to=saaro...@gwu.edu  or kdaniel
w...@gwmail.gwu.edu
http://us.mc1615.mail.yahoo.com/mc/compose?to=kdani...@gwmail.gwu.edu 

 

We look forward to hearing from you.
With best regards,

Dr. Susan Ariel Aaronson
K. Daniel Wang



-- 
K. Daniel Wang

Ph.D. Student

Department of Political Science

George Washington University

 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

2013-03-21 Thread Eric S Johnson

 I wrote to them and asked these questions, as well as a few others.
 
 What other questions should we pose to them, I wonder?

Why are RU and CN (most glaringly) absent from the first chart enumerating
the number (and type) of requests by country? It's hard to believe those
countries' security services have no interest in (non-Skype) Microsoft data.
Is MS defining those countries as having no legal standing to request MS
data, and therefore any requests from them would be rejected out-of-hand?

We provide SSL encryption for Microsoft services and Skype-Skype calls on
our full client (for full function computers) are encrypted on a
peer-to-peer basis; however, no communication method is 100% secure. For
example ... users of the Skype thin client (used on smartphones, tablets and
other hand-held devices) route communications over a wireless or mobile
provider network.
--Is the implication that the Skype clients used on smartphones
don't provide the same end-to-end encrypted-by-session-specific-keys level
of security that the Skype for Windows client does?

Skype received 4,713 requests from law enforcement. ... Skype produced no
content in response to these requests.
--It's hard to believe that LEAs never validly requested a record of
a Skype user's IM sessions. Perhaps LEAs don't know those data exist?

Best,
Eric

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] wordpress

2013-03-17 Thread Eric S Johnson

Seeking direct contact with any authority at WordPress.com (Matt Mullenweg?
Someone else?) to help substantiate ownership of one of Vietnam's top
independent blogs (blocked from within Vietnam, of course, but very popular
nonetheless), which has been so thoroughly hacked that the owners can't get
back control of it.

   Can anyone help?

 

Best,

Eric

PGP
http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 

 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] wordpress

2013-03-17 Thread Eric S Johnson

Hosted on wordpress.com infrastructure ... hence the need to talk to someone
actually at wordpress.com ...

 -Original Message-
 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
 boun...@lists.stanford.edu] On Behalf Of Kyle Maxwell
 Sent: 18 March 2013 7.47
 To: liberationtech
 Subject: Re: [liberationtech] wordpress

 Is the blog hosted on Wordpress.com infrastructure, or does it just
 use the Wordpress platform on its own server?

 On Sun, Mar 17, 2013 at 6:30 PM, Eric S Johnson cra...@oneotaslopes.org
 wrote:
  Seeking direct contact with any authority at WordPress.com (Matt
 Mullenweg?
  Someone else?) to help substantiate ownership of one of Vietnam's top
  independent blogs (blocked from within Vietnam, of course, but very
popular
  nonetheless), which has been so thoroughly hacked that the owners can't
get
  back control of it.

 Can anyone help?

  Best,

  Eric

  PGP

  --
  Too many emails? Unsubscribe, change to digest, or change password by
  emailing moderator at compa...@stanford.edu or changing your settings at
  https://mailman.stanford.edu/mailman/listinfo/liberationtech
 --
 Too many emails? Unsubscribe, change to digest, or change password by
 emailing moderator at compa...@stanford.edu or changing your settings at
 https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Man-in-the-middle attack on GitHub in China

2013-01-30 Thread Eric S Johnson

 He didn't know anything about censorship, nor about the great firewall.

I would second Martin. I'd estimate that
50% of China's 500M+ netizens don't know about the GFW
half the rest (25%) don't care
half the rest care, but aren't sure what they're missing.
The remaining 10%+ care, and know what they're missing, and at least
occasionally cybercircumvent.

But these are guesses just like Martin's and Bert's. That I know of, the
only hard data comes from polls done by the CASS, the most recent of which
(that I have) are several years old.

Best,
Eric

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Modern FIDONET for net disable countries?

2012-12-30 Thread Eric S Johnson

For the record, Burma/Myanmar (MM) has very little cybercensorship now (the 
previous censorship started loosening up in about August 2011 and was 
basically—not entirely, but mostly—dropped by the end of October 2011).

   I’ve been visiting MM since the mid-aughts and have never 
encountered FidoNet there. Haven’t seen it since Africa, mid-nineties. But that 
doesn’t mean it wasn’t/isn’t there.

 

(Vietnam still has a measurable amount of online censorship, but it’s not 
nearly as heavy-handed as China’s or Iran’s. It’s more like Ethiopia’s.

Some of Cambodia’s ~30 ISPs censor a half-dozen sites, but that’s hardly 
serious (the largest, Vietnamese-controlled, ISP doesn’t!).)

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 PGP

 

From: liberationtech-boun...@lists.stanford.edu 
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Peter Fein
Sent: 30 December 2012 22.09
To: liberationtech
Subject: Re: [liberationtech] Modern FIDONET for net disable countries?

 

I should add that I've heard FIDONET is still used in some highly censored SE 
Asia countries for this purpose (Myanmar IIRC) - laptops on the back of dirt 
bikes come to villages once a week...

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Comments on Internews new information security guide

2012-11-13 Thread Eric S Johnson

Alternatively, since (like OTR) no Skype communication is known to have ever
been successfully in-line-intercepted, the question might be one of
priorities: what cybersec weakness has most often resulted in compromise of
an activist?

 --hard drive isn't encrypted, computer's confiscated

 --software's not patched, user's hacked

 --user clicks on attachment, is infected by malware

. if our goal is mitigating dangers activists face, those are probably
worthwhile targets for our assistance.

 

I can't speak for Skype (or any other company), but if I were a
software/service provider, I too would be very circumspect about claims
about the level of security provided, else if/when a vulnerability's
discovered, issues of liability arise.

 

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Peter Fein
Sent: 13 November 2012 23.51
To: liberationtech
Subject: Re: [liberationtech] Comments on Internews new information
security guide

 

The question about Skype's encryption has always seemed somewhat secondary
(though still important). The primary concern is who has the keys and who do
they share them with.

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] No Disconnect

2012-11-07 Thread Eric S Johnson

Hi Jill,

 

No Disconnect Strategy is the name for the EC's internet freedom grants
program (mentioned by Commissioner Kroes at the December 2011 Freedom Online
conference in Den Haag). This summer the invitation to submit concept
notes was issued in June, deadline mid-July. The EUR3M invitation was lot
three of the more-or-less annual EIDHR call for proposals. If I had to
guess, I would suppose the ratio will be something like it was for DRL-~30%
of the concept notes are invited to submit full proposals, and ~30% of those
get funded. I think the first cut will be announced shortly.

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Jill Moss
Sent: Wednesday, 07 November 2012 19:36
To: Liberation Technologies
Subject: [liberationtech] No Disconnect

 

All:  Anyone have information about the EU initiative, No Disconnect?

http://www.slate.com/blogs/future_tense/2012/11/06/european_capability_for_s
ituation_awareness_program_to_monitor_internet.html

 

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] No Disconnect

2012-11-07 Thread Eric S Johnson

Hi Jill,

 

I'm not sure there'll be any announcement, unless you were one of the
applicants who submitted a concept note in July.

 

I don't know anything about the workshop. I'll inquire.

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Jill Moss
Sent: Wednesday, 07 November 2012 22:15
To: liberationtech
Subject: Re: [liberationtech] No Disconnect

 

Thanks Eric.  I'll keep my eyes open for an announcement.  As much, I wonder
who may be attending the workshop later this month in Brussels?  jill

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Eric S
Johnson
Sent: Wednesday, November 07, 2012 1:04 PM
To: 'liberationtech'
Subject: Re: [liberationtech] No Disconnect

 

Hi Jill,

 

No Disconnect Strategy is the name for the EC's internet freedom grants
program (mentioned by Commissioner Kroes at the December 2011 Freedom Online
conference in Den Haag). This summer the invitation to submit concept
notes was issued in June, deadline mid-July. The EUR3M invitation was lot
three of the more-or-less annual EIDHR call for proposals. If I had to
guess, I would suppose the ratio will be something like it was for DRL-~30%
of the concept notes are invited to submit full proposals, and ~30% of those
get funded. I think the first cut will be announced shortly.

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Jill Moss
Sent: Wednesday, 07 November 2012 19:36
To: Liberation Technologies
Subject: [liberationtech] No Disconnect

 

All:  Anyone have information about the EU initiative, No Disconnect?

http://www.slate.com/blogs/future_tense/2012/11/06/european_capability_for_s
ituation_awareness_program_to_monitor_internet.html

 

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] encryption of data at rest

2012-11-06 Thread Eric S Johnson

Had the opportunity to test out Windows 8's whole-hard-drive encryption
the other day and was impressed:

.cheap upgrade (USD40, compared to Win 7 Ultimate's USD140+), and
Win 8 Pro (which has BitLocker) is automatically selected (until 31 Jan
2013)

.upgrade seems to function fine even on top of pirated Windows (Win
7's didn't always)

.no longer requires TPM (compared to Win 7's, which for all
practical purposes did)

.allows user to back up private key online to Microsoft account
(analogous to that offered by the FileVault2 in Mac OS 10.7+)

Would be interested in hearing others' experience. (Yes, it's proprietary,
therefore theoretically inferior to e.g. TrueCrypt.)

 

Inconvenience: upgrade is transparent only from Win 7; from XP or Vista,
installed programs aren't preserved.

 

Best,

Eric

PGP
http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] OkayFreedom

2012-10-28 Thread Eric S Johnson

 misremember the entire discussion; it happens to all of us!

I imagine we each remember what best supports our own point of view. I'm
sure it happens to all of us!

 open at the moment for those in the US is if we will have some kind of
 justice for this spying on all of us. It sure seems bleak.

Yes, it does. I hope all the Amcits on this list have voted (or will do so)!

 to make their own choices, to show data and stories about lessons we've
 learned the hard way, and when we are able, to offer solidarity where it
 is possible and welcome. 
 What matters is that users must be protected against serious
 attackers.

Agreed.

 I personally feel like it is often suggested
 that the burden to show something is unsafe is on us. 

You assume everything is unsafe. Saying telephones are dangerous. VPNs are
dangerous. Anything Microsoft is dangerous. Everything's dangerous--well,
okay, sure, so is walking across the street (let alone just breathing,
especially for those of us who live in China). But if you have only ten
minutes to get this journo in Gyanja, Gomel, or Gonder to do something
different, even you (let alone the rest of us relative neophytes) aren't
going to be able to get him using TAILS. So, we have to prioritise.
One way to prioritise is to assign various levels of likelihood to
the possible threats. And one way to do that, in turn, is to assess what we
do know about the threats which have proven problematic in the past. Sure,
we don't know what we don't know: epistemology and all that. But we can
tally up what we have learned, and use that as a basis, however imperfect,
for saying to the activist from Gweru: if we only have ten minutes, the goal
is to move toward mitigating problem X (and we'll only be able to provide
the simple solution which takes partial care of the problem--not a solution
which would keep the NSA off Jake's back, but a solution which is likely to
make this particular person safer). If we have an hour, we should be able to
help mitigate X, Y, and Z. Ideally, we'll have three days, and then we can
help mitigate all 15 top problems.
To there's no point in anything less than perfection--well, yes,
we'll have to agree to disagree on that. I think there's huge value in
getting someone to use a solution which is more secure in their particular
context (ideally we get that knowledge from on-the-ground research in
addition to reports in Western media), even if it's not a perfect solution.

What I don't get is why you work so hard to discredit folks rather than
educating them. All of us on this list know you're a God (despite your
sarcastic perhaps I'm just dense). We all understand you know more about
cybersecurity and cybersurveillance (never mind that you hate certain words)
than the rest of us combined. Everyone loves gaining from your experience
(e.g. (just to name the most recent examples) your teardown of OkayFreedom,
the VPN security paper to which you referred a couple days ago, etc.).

Best,
Eric

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] OkayFreedom

2012-10-26 Thread Eric S Johnson

Whew. Stirred up a hornet's nest.

We all have good experiences to share. I worry, though, that if we spend a
huge amount of time fighting each other, we'll not be spending that time
helping the people who really need it. None of us actually disagree with
each other on whether an activist in a cyberdangerous country should be
using a government-managed VPN. We all know about MITMing, and FinFisher,
and OpenVPN, etc. etc. etc.

The most important points I think worth making is that it's really important
to a) understand the threat, and b) prioritise the response.

There are so many threats that if we try to solve all problems (both known
and theoretical), most end users simply won't accomplish much (not to
mention that our resources are limited). I can't count the number of times I
find an activist in Ethiopia, Uzbekistan, or Vietnam who's still accessing
her @yahoo.com e-mail account unencryptedly, even after having been to a
cybersecurity seminar one of us taught. Or whose OS hasn't been patched
since it was installed two years ago. Or whose entirely-unencrypted hard
drive has been taken.

So we (and those who depend on our help) are hugely benefitted by tallying
up how much/often we know a particular threat has been used to persecute
someone, and then focusing our efforts on solving that threat first ... then
solving the next-most-dangerous threat ... etc.
My main point about VPNs was that (in my experience) I know of no
situation in which we've learned that it was a government-owned VPN which
caused an activist's compromise, but I do know of lots of situations in
which the compromise resulted from lack of endpoint security or the physical
loss of unencrypted media, and some in which data were intercepted in-line.
So these latter are deserving of more attention on the part of cybersecurity
trainers.

As to 99.9% of VPN users are principally looking for
cybercircumvention--nope, no statistical proof. Just lots of real-life
experience (which is in no way minimizing the experience of everyone else on
this list).

Best,
Eric

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] OkayFreedom

2012-10-25 Thread Eric S Johnson

The vast majority of netizens in cybercensored countries who use a VPN (or 
other form of proxy) are doing so in order to access otherwise-blocked content, 
without any particular expectation of (or need for) security. So, any VPN will 
do (and OkayFreedom’s as good as any other).

 

Conceivably, a government which is trying to prevent access to certain content 
might be upset at cybercircumventing netizens, in which case issues of 
anonymity/privacy come into play. But I’ve never heard of a case in which a 
user has been punished merely for cybercircumventing. I’d love to hear of such 
a situation. (NB I’m not talking about an AUP or TOS or contract, or a 
regulation or decree or rule or law, or a declaration or assertion or speech, 
or … or … or …)

 

Conceivably, a cybercensoring government could come up with all sorts of tricky 
ways to “poison” cybercircumventing citizens by, say, seeding local VPN 
resellers with a VPN that delivers a “fake” site loaded with malware. But 
again, that’s purely theoretical; I know of no cases in which a government has 
deviously provided a cybercircumvention service to its netizens in order to 
nefariously identify or spy on them. I’d love to hear of such a situation. (I’m 
not talking about merely setting up a mirror with slightly different content, 
or DNS poisoning, or MITMing, or socially-engineered malware-by-email, or 
targeted clickjacking, or … or … or …)

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 PGP

 

From: liberationtech-boun...@lists.stanford.edu 
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Amin Sabeti
Sent: Friday, 26 October 2012 00:02
To: Liberation Technologies
Subject: [liberationtech] OkayFreedom

 

Hi team,

 

Some users from inside Iran have used OkayFreedom VPN: 
http://www.okayfreedom.com/

 

I'd like to know is it secure or not? Because I haven't read any news, review, 
etc. about it.

 

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Viber is secure?

2012-09-21 Thread Eric S Johnson

From today’s Dragon News Bytes:

 

Title: Viber Communication Security - unscramble the scrambled

Author: Michiel Appelman, Jeffrey Bosma and Gerrie Veerman

Source: SNE/OS3

Date Published: 24th December 2011

 

'In the past couple of years more and more communications which

used to use the regular mobile operator networks started moving

towards ip-based networks. This has given rise to ‘apps’ on

smartphones that enable consumers to connect to each other without

the use of their mobile operator. More recently the security

implications of switching from the closed network of the operator to

the open Internet have become apparent after some ‘apps’ have shown

severe weaknesses. In this project we will take a look at one app in

particular: Viber, a voip application used on cellphones. The report

tries to answer the question how Viber performs — security-wise — in

comparison to other services. A definitive conclusion has not been

found but most details of the protocol used to transfer the voice

data have been documented. The application code has been analyzed

but no real weaknesses were found. This lack of weaknesses found

doesn’t mean that the app is secure, due to limited time and

experience of the authors a lot of investigation is

still to be done..'

 

https://www.os3.nl/_media/2011-2012/students/jeffrey_bosma/ssn_report.pdf

 

Haven’t read it yet.

 

Best,

Eric

PGP http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 

 

From: liberationtech-boun...@lists.stanford.edu 
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Amin Sabeti
Sent: Friday, 21 September 2012 17:53
To: liberationtech
Subject: Re: [liberationtech] Viber is secure?

 

Thanks guys, I sent an email to Viber and I haven't received any responses from 
them.

 

Nathan is there any chances you or your colleagues test it and publish the 
result? Because it so popular amongst the Iranian activists.

 

Thanks,

 

A 

On 21 September 2012 01:04, Eric S Johnson cra...@oneotaslopes.org wrote:

Popular in Ethiopia too (where I was, last week).

 

PGP http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2 

 

From: liberationtech-boun...@lists.stanford.edu 
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Amin Sabeti
Sent: Thursday, 20 September 2012 23:07
To: Liberation Technologies
Subject: [liberationtech] Viber is secure?

 

Hey LibTech,

 

At this time, Viber (http://www.viber.com/) is so popular amongst the Iranian 
people and it is one of the popular communication ways in Iran. 

 

I was wondering to know this app is secure or not? The data is encrypted or not?

 

Thanks,

 

Amin


--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

As far as I can tell, China doesn't keyword-filter in the sense most
people think of that phrase. That is, the Great Firewall isn't inspecting
all the text which flows through it, failing to deliver any web pages which
have offending words. The filtering is of two main types:

1)  any of thousands of domains or specific URLs are on a static
blacklist, and

2)  there is a small list of words which, if present in a URL, will
dynamically result in blocking.

The blocking is generally manifested as a connection reset page which
looks to most users like page not found. China also poisons the DNS for
some of the domains it blocks, but this is (as far as I can tell) redundant
because of 1 above. (I guess it trips up some users whose VPN fails to
tunnel DNS requests.)

   Sometimes (inconsistently), an attempt to see blocked content
results not only in the content not being delivered, but also a punishment
meted out to the offending user: all attempts to access servers outside
China fail for a period of between 5 and 10 minutes.

   It's 2 above which can be used to censor searches, since
unencrypted access to Google from inside China (or to Baidu from outside
China) puts the search terms into the URL. This censorship can easily be
neutralised by accessing Google via HTTPS.

   There are persistent reports that China's cybercensorship can
sometimes vary (a little) by ISP, but I've never seen this (I've only been
to ~13 of the 34 PRC-defined provinces), and Alkasir hasn't ever detected
any such variations. (The internet in 3 of those provinces isn't filtered:
Hong Kong, Macao, and Taiwan. Of course, even if the PRC thinks Taiwan's a
province, Taiwan doesn't think that.)

 

Best,

Eric

 

 -Original Message-

 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-

 boun...@lists.stanford.edu] On Behalf Of Philipp Winter

 Sent: Monday, 13 August 2012 16:15

 To: Stanford tech list

 Subject: Re: [liberationtech] Images of Blocking in Different Countries?

 

 On Sun, Aug 12, 2012 at 09:14:48PM -0700, Adam Fisk wrote:

  My understanding is that China just shows a blank page. Is that correct?

 

 That depends on the type of filtering. The keyword filtering
infrastructure

 forcefully terminates connections and depending on the browser you will
get an

 error message saying something like The connection was reset.

 

 You can actually test it yourself by going to baidu.com and searching for

 falun.

 

 Philipp

 ___

 liberationtech mailing list

  mailto:liberationtech@lists.stanford.edu
liberationtech@lists.stanford.edu

 

 Should you need to change your subscription options, please go to:

 

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 If you would like to receive a daily digest, click yes (once you click
above) next

 to would you like to receive list mail batched in a daily digest?

 

 You will need the user name and password you receive from the list
moderator

 in monthly reminders. You may ask for a reminder here:

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 Should you need immediate assistance, please contact the list moderator.

 

 Please don't forget to follow us on
http://twitter.com/#!/Liberationtech http://twitter.com/#!/Liberationtech

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

As far as I can tell, China doesn't keyword-filter in the sense most
people think of that phrase. That is, the Great Firewall isn't inspecting
all the text which flows through it, failing to deliver any web pages which
have offending words. The filtering is of two main types:

1)  any of thousands of domains or specific URLs are on a static
blacklist, and

2)  there is a small list of words which, if present in a URL, will
dynamically result in blocking.

The blocking is generally manifested as a connection reset page which
looks to most users like page not found. China also poisons the DNS for
some of the domains it blocks, but this is (as far as I can tell) redundant
because of 1 above. (I guess it trips up some users whose VPN fails to
tunnel DNS requests.)

   Sometimes (inconsistently), an attempt to see blocked content
results not only in the content not being delivered, but also a punishment
meted out to the offending user: all attempts to access servers outside
China fail for a period of between 5 and 10 minutes.

   It's 2 above which can be used to censor searches, since
unencrypted access to Google from inside China (or to Baidu from outside
China) puts the search terms into the URL. This censorship can easily be
neutralised by accessing Google via HTTPS.

   There are persistent reports that China's cybercensorship can
sometimes vary (a little) by ISP, but I've never seen this (I've only been
to ~13 of the 34 PRC-defined provinces), and Alkasir hasn't ever detected
any such variations. (The internet in 3 of those provinces isn't filtered:
Hong Kong, Macao, and Taiwan. Of course, even if the PRC thinks Taiwan's a
province, Taiwan doesn't think that.)

 

Best,

Eric

 

 -Original Message-

 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-

 boun...@lists.stanford.edu] On Behalf Of Philipp Winter

 Sent: Monday, 13 August 2012 16:15

 To: Stanford tech list

 Subject: Re: [liberationtech] Images of Blocking in Different Countries?

 

 On Sun, Aug 12, 2012 at 09:14:48PM -0700, Adam Fisk wrote:

  My understanding is that China just shows a blank page. Is that correct?

 

 That depends on the type of filtering. The keyword filtering
infrastructure

 forcefully terminates connections and depending on the browser you will
get an

 error message saying something like The connection was reset.

 

 You can actually test it yourself by going to baidu.com and searching for

 falun.

 

 Philipp

 ___

 liberationtech mailing list

  mailto:liberationtech@lists.stanford.edu
liberationtech@lists.stanford.edu

 

 Should you need to change your subscription options, please go to:

 

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 If you would like to receive a daily digest, click yes (once you click
above) next

 to would you like to receive list mail batched in a daily digest?

 

 You will need the user name and password you receive from the list
moderator

 in monthly reminders. You may ask for a reminder here:

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 Should you need immediate assistance, please contact the list moderator.

 

 Please don't forget to follow us on
http://twitter.com/#!/Liberationtech http://twitter.com/#!/Liberationtech

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

Rebecca's brilliant study (cited by Ivan) was about how companies which host
content domestically (in China) monitor that content and delete anything
they think doesn't belong. It has nothing to do with ISPs, and nothing to do
with the blocking of foreign content (the Great Firewall).

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: Ivan Sigal [mailto:ivan.si...@gmail.com] 
Sent: Wednesday, 15 August 2012 21:39
To: Paul Hyland
Cc: Eric S Johnson; Stanford tech list
Subject: Re: [liberationtech] Images of Blocking in Different Countries?

 

Rebecca's study is here:

 

http://firstmonday.org/article/view/2378/2089

 

She found significant variation in ISP practices at the time.

 

Cheers 

 

Ivan

 

 

Ivan Sigal

Executive Director, Global Voices

i...@globalvoicesonline.org l +1 202 361 2712

www.globalvoicesonline.org

 

On Aug 15, 2012, at 9:35 AM, Paul Hyland wrote:





Rebecca MacKinnon would be one to ask about Internet censorship in China -
she studied it at the University of Hong Kong a few years ago, and is on the
board of Global Voices Online. She's now a fellow at the New America
Foundation. 

 

Bio/contact info: http://newamerica.net/user/303

On Aug 15, 2012, at 2:46 AM, Eric S Johnson cra...@oneotaslopes.org
wrote:

As far as I can tell, China doesn't keyword-filter in the sense most
people think of that phrase. That is, the Great Firewall isn't inspecting
all the text which flows through it, failing to deliver any web pages which
have offending words. The filtering is of two main types:

1)  any of thousands of domains or specific URLs are on a static
blacklist, and

2)  there is a small list of words which, if present in a URL, will
dynamically result in blocking.

The blocking is generally manifested as a connection reset page which
looks to most users like page not found. China also poisons the DNS for
some of the domains it blocks, but this is (as far as I can tell) redundant
because of 1 above. (I guess it trips up some users whose VPN fails to
tunnel DNS requests.)

   Sometimes (inconsistently), an attempt to see blocked content
results not only in the content not being delivered, but also a punishment
meted out to the offending user: all attempts to access servers outside
China fail for a period of between 5 and 10 minutes.

   It's 2 above which can be used to censor searches, since
unencrypted access to Google from inside China (or to Baidu from outside
China) puts the search terms into the URL. This censorship can easily be
neutralised by accessing Google via HTTPS.

   There are persistent reports that China's cybercensorship can
sometimes vary (a little) by ISP, but I've never seen this (I've only been
to ~13 of the 34 PRC-defined provinces), and Alkasir hasn't ever detected
any such variations. (The internet in 3 of those provinces isn't filtered:
Hong Kong, Macao, and Taiwan. Of course, even if the PRC thinks Taiwan's a
province, Taiwan doesn't think that.)

 

Best,

Eric

 

 -Original Message-

 From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-

 boun...@lists.stanford.edu] On Behalf Of Philipp Winter

 Sent: Monday, 13 August 2012 16:15

 To: Stanford tech list

 Subject: Re: [liberationtech] Images of Blocking in Different Countries?

 

 On Sun, Aug 12, 2012 at 09:14:48PM -0700, Adam Fisk wrote:

  My understanding is that China just shows a blank page. Is that correct?

 

 That depends on the type of filtering. The keyword filtering
infrastructure

 forcefully terminates connections and depending on the browser you will
get an

 error message saying something like The connection was reset.

 

 You can actually test it yourself by going to baidu.com
http://baidu.com/  and searching for

 falun.

 

 Philipp

 ___

 liberationtech mailing list

  mailto:liberationtech@lists.stanford.edu
liberationtech@lists.stanford.edu

 

 Should you need to change your subscription options, please go to:

 

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 If you would like to receive a daily digest, click yes (once you click
above) next

 to would you like to receive list mail batched in a daily digest?

 

 You will need the user name and password you receive from the list
moderator

 in monthly reminders. You may ask for a reminder here:

  https://mailman.stanford.edu/mailman/listinfo/liberationtech
https://mailman.stanford.edu/mailman/listinfo/liberationtech

 

 Should you need immediate assistance, please contact the list moderator.

 

 Please don't forget to follow us on
http://twitter.com/#!/Liberationtech http://twitter.com/#!/Liberationtech

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

Hi Phillipp,

 

 Eric, that's interesting, could you elaborate on that?

 According to my own experience, deep packet inspection in China is still used

 

I'm not saying China doesn't do DPI.  I'm just saying that, from my own 
experience living in China for the past three years, DPI doesn’t appear to be 
used to inspect the contents of web pages and dynamically block undesirable 
content.

 

I.e. it's easy to register a new domain (call it TestChinaCyberFiltering.org) 
and put up onto it a handful of pages which include every possible word and 
phrase which we know are problematic to the Chinese censors. Start with the 
list of words which trigger censorship and surveillance in TOM Skype (the 
wordlist's been repeatedly cracked by researchers at, I think, Arizona). Add 
all the content which the good folks at UC-Berkeley’s China Digital Times have 
detected cause immediate censorship on Weibo (China’s Twitter-like service). 
This should be a total of about 400 words and phrases (almost all only in 
Chinese).

   Then access those pages from within China.

   As far as I can tell, access will be unimpeded.

   It appears to me such content won't ever get blocked 
unless/until it's indexed in Google. It appears that the Great Firewall is 
constantly doing Google searches for undesirable content, then augmenting the 
blacklist. It seems to me the actual augmentation happens only after the bad 
content's been reviewed by a human. And although most of what we read about 
involves what's blocked, there do seem to be regular reductions in what's 
blocked--perhaps about once a quarter.

   But my own tests have been unscientific, i.e. not conducted over 
a variety of ISPs, times, and content. It would be interesting (and not 
difficult) to do this more rigorously.

 

Best,

Eric

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

 Hrm. You did actually say:
 Yes-they stopped doin packet inspection in about 2008, near as I can
tell.
 
 That's a bit confusing as we've seen direct evidence of DPI that results
 in real time *probing* of Tor bridges. We know they do DPI to do this
 and we know they trigger specific kinds of censorship depending on
protocol.
 
 That you are not seeing content being *blocked* is not the same as the
 absence of DPI that is performing surveillance, protocol classification,
 logging 

Agreed.

Best,
Eric

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

2012-08-15 Thread Eric S Johnson

  I.e. it's easy to register a new domain (call it

  TestChinaCyberFiltering.org) and put up onto it a handful of pages

 

 The first is that DPI could be occurring at border routers, so that

 traffic within China is not undergoing DPI scanning by default. If your

 hypothetical TestChinaCyberFiltering.org is hosted in China you might

 see different behaviour to if it were hosted in, say, the US.

 

I'm talking about hosting it outside CN.

 

Some research has shown that the filtering is not only on the borders, but I 
don't think that's of great consequence. By far, the major ways China controls 
what its netizens see online is

1)  requiring companies which host content domestically (sites such as 
those serving media; SNSs; and (micro)blogging platforms) to maintain a high 
level of vigilance to take down disapproved content when it’s created, and

2)  the Great Firewall, which prevents access to disapproved content from 
abroad.

 

 the UK with BT's Cleanfeed. In that case, certain domains are added to a

 watch list, and only those domains are subjected to more sophisticated

 forms of filtering.  This means that the filter doesn't have to expend

 the resources on DPI for all web traffic, only those that have been

 marked up on the list of problematic domains.

 

That’s interesting. Haven’t seen that in CN, but it might be hard to detect—it 
might require someone to “stumble” upon it.

 

Best,

Eric

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] What I've learned from Cryptocat

2012-08-07 Thread Eric S Johnson

The donor-funded Information Security Coalition is the largest
digital-security-for-activists project, so its mentors / cybersecurity
officers are among the best repositories of activists  journos'
experiential information that is key to outlining an online-freedom threat
model for each target country. But it would be hard to get consensus among
all the possible actors in this field; the techsec training I recently held
for Zim activists might lead me to different conclusions than those of the
(at least two, just counting folks on LibTech) others who were there,
independently of each other and me, doing similar work just in the last
couple months. And that's just one country. (Or maybe we'd agree. There's a
surprising lack of cooperation/communication among the main players, even
though their absolute number is rather small.)

   It's my impression that the biggest disagreement is over
whether we should be trying to teach everyone the maximum (on the assumption
that the bad guys are practically omnipotent, or could be), or whether we
should come to terms with the fact that if the solutions we provide are too
hard, no one will use them, which leads us to settling for some version of
good enough. (A classic example might be IM: some insist we teach
Pidgin+OTR (or Psi+OpenPGP, or whatever), which is the nuclear option but
which trainees, practically speaking, don't end up using; others settle for
Skype, for which we can describe theoretical attacks but which, in practice,
has so far proved secure from inline interception, and which trainees do use
because its UI's great one's interlocutors are probably also on it
(Metcalfe's law).)

 

I know of about two dozen guides for activists to stay safe online (by
RSF, CPJ, EFF, RSF, etc.; they're enumerated in my own 8p 30-point
cheat-sheet aggregation of data on this topic (aka the SIDA PDF), which
I'm happy to share with anyone who requests it-many of you have seen /
contributed to it), but the leading one is probably Security in a Box (aka
SiaB, by TTC+FLD) (currently (constantly?) being updated). Most of these
guides are informed by a lot of field experience (e.g. I've worked in/on
almost all the hostile countries-I even live in one of them).

 

Best,

Eric

 http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2
PGP

 

From: liberationtech-boun...@lists.stanford.edu
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Ali-Reza
Anghaie
Sent: Tuesday, 07 August 2012 04:40
To: Luke Allnutt
Cc: liberationtech-boun...@lists.stanford.edu;
liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] What I've learned from Cryptocat

 

On Tue, Aug 7, 2012 at 4:25 AM, Luke Allnutt allnu...@rferl.org wrote:


With Frank's message in mind, do list members have thoughts about the best
dumbed-down guide for activists to stay safer online? 

I know EFF, MobileActive, and Movements.org have done some good work in this
field, but wondered whether there is a consensus on a good short,
easy-to-understand document for activists? 

 

If there is an existing consensus - it's bound to be part of the problem..

 

Snark aside, I'm serious.

 

The biggest problem I've seen w/ any of these is the total lack of
understanding how all of these same target users dealt with Government
surveillance ~before~ us and what carryover behaviors still work for them
now.

 

Set aside the Cryptocat project, where do the list managers or various
Faculty and Staff suggest we can gather the requirements from all of our
personal experiences. At least we have them to then start categorizing and
consolidating into a message for those trying to help the activists under
fire. -Ali

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

39 matches

Mail list logo