Re: [liberationtech] TrueCrypt Alternatives?
Deniability is not inherently better. Of course it has advantages. But a world that only had deniable cryptography would be worse than one which also had systems like TrueCrypt whose presence is not hidden. It makes no sense to argue that an improved version of TrueCrypt is no better if it’s not deniable. Maybe there will be a rubber hose attack, maybe not. Many attackers are not in a position to do that. And deniability has costs which may lower resistance to other types of attack. On October 6, 2014 at 11:54:03 AM, Danny O'Brien (da...@eff.org) wrote: On Mon, Oct 06, 2014 at 05:56:59PM +0100, Eleanor Saitta wrote: On 2014.10.06 01.56, Bill Cox wrote: I will have an impact on the code going forward. Also, I am entirely a pragmatist. I am an engineer, not a cryptographer, and I build stuff that works in the real world. Can you explain a deniable crypto-system that fits the real world? It's unclear that there is one. I'd feel far happier recommending a (new, continued development, audited, etc.) version of Truecrypt with no deniability features at all. Using the features in such a way that you don't leave traces of the container has always been really, really difficult -- if you read the docs page on what's required to evade forensic detection, it should be pretty clear how unsuitable this feature is for regular users. Yes, some of those might be removable with significant developer effort, but I'm not sure why that's worth it, given the larger issues. I think one of the challenges here is that, to the extent that deniable crypto-systems are used and understood in the real world, the switch from we will use our ingenious forensic tools to detect your subterfuge to we will beat you up until you tell us the password is prompted by Truecrypt's presence and notoriety, rather than any feature of the software. By that, I mean that the one data point I have is talking to activists who say that if their laptop or devices are inspected, having Tor and Truecrypt visibly installed is a signal for further interrogation. So we're really in a position where hiding the application from casual inspection is more important than the cryptosystem, because the cryptosystem is going to be bypassed by rubberhose cryptoanalysis once noticed. Security developers hate this, I think, because hiding an application's traces on a standard OS is an endless task with no guarantee that we haven't left some sort of fingerprint which is trivially detectable with the right kind of tool. This is one of the reasons why practical advice seems to be moving more towards the have a secure device which you hide rather than use secure software on your visible everyday device. A hidden, cordoned device allows us to make a much stronger assertion about the safety of its contents, and a much clearer moment to describe when its contents may be breached. Under this design, deniability really isn't something you implement in software. Deniability comes from physically hiding the device. There's no deniability *within* Truecrypt because Truecrypt use itself is already perceived as an indication of guilt. d. I think we who are trying to keep TrueCrypt alive could use your advice. Happy to chat more. E. -- Ideas are my favorite toys. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Mapping out physical surveillance across a city
If anybody comes up with a such a map for the bay area, I'd love to see it. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] self signing certs by default
Let's say web servers auto generated self-signed certificates for any domain that didn't supply its own certificate, likely one from an authority. What that would accomplish is to make the stream unreadable over the wire, unless the attacker was willing and able to do an MITM with their own auto generated self-signed certificate. It would not be hard to do that MITM, but it would be orders of magnitude more expensive than copying unencrypted bytes off the router. It would not be practical to do the MITM against a large portion of traffic. The attacker would have to pick their targets. Thoughts? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] self signing certs by default
The MITM is much more expensive, so would make it unfeasible to maintain current levels of surveillance. The MITM can't be done in secrecy. The client can publish the certificate that it received. This would force the surveillance apparatus to reveal itself. On Fri, Mar 14, 2014 at 2:45 PM, John Adams j...@retina.net wrote: You misunderstand the signing practice if you think this is a good idea. Granted, it provides a low level of encryption for clients but it does not provide Non-repudiability to those users, opening them up to MitM attacks. Sent from my iPhone On Mar 14, 2014, at 16:35, Guido Witmond gu...@witmond.nl wrote: On 03/14/14 19:56, Julian Oliver wrote: ..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote: Let's say web servers auto generated self-signed certificates for any domain that didn't supply its own certificate, likely one from an authority. What that would accomplish is to make the stream unreadable over the wire, unless the attacker was willing and able to do an MITM with their own auto generated self-signed certificate. It would not be hard to do that MITM, but it would be orders of magnitude more expensive than copying unencrypted bytes off the router. It would not be practical to do the MITM against a large portion of traffic. The attacker would have to pick their targets. Thoughts? It would be good if Debian and other popular GNU/Linux LAMP distributions made OpenSSL/TLS key generation (and set up of a VirtualHost template for :443) an encouraged option during an Apache installation (OpenSSL is a dependency anyway). It could be a simple walkthrough with Qs for CN and admin email, abstracting over the classic and ungainly: openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key One could also automatically derive the DNSSEC-DANE TLSA record from that server certificate and mail it to the sysadmin. Include a paragraph that explains that by publishing that record, the site has stronger protections against MitM-attacks than possible with CA-bought certificates. (the downside is that user need to install the Extended-DNSSEC-Validator plug in). Regards, Guido. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] espionage as plain old corruption
The shoes left to drop: 1) NSA insiders using privileged information for investments. It's hard to imagine this doesn't happen. 2) How precisely do businesses get the NSA and CIA to create competitive advantages? How do they convince the Trade Representative that they deserve government intervention on behalf of their shareholders, and how does the Trade Representative then pass back information? How does one business get this benefit and not another? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] quid pro quo
Again, the cash payments are a deception. They are in no way enough to compensate these companies. Operational expenses associated with processing data requests are a small part of the overall cost. On Wed, Sep 11, 2013 at 10:36 AM, Joseph Lorenzo Hall j...@cdt.org wrote: On 9/10/13 4:51 PM, Kyle Maxwell wrote: In general, as has been well documented, the telcos and other firms charge the government for data records. While possibly distasteful (they're making money off of giving our data to the gov!), it makes sense from an operational point of view: there are real, concrete costs associated with storing, retrieving, and providing those data to valid requests, not to mention the process of handling sensitive requests in the first place. So I'm not sure the counter approach (provide it to us for free) is a good idea, either. Yes, some of the reporting in the last weeks about the NSA's black budget teased out these compensation relationships a bit, e.g.: NSA paying U.S. companies for access to communications networks http://articles.washingtonpost.com/2013-08-29/world/41712151_1_nsa-national-security-agency-companies -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] quid pro quo
Let's say major corps like ATT and Chase are doing favors for NSA. Why would they if not for a quid pro quo? And if they are getting favors in return, isn't that illegal? I wonder if there is evidence to show what the payback is. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] quid pro quo
My thought is that the reported payments to compensate big corps aren't enough to justify the opportunity cost. For example, Room 641A. No doubt NSA is putting some cash in, but the actual revenue is probably 1/1000th the cost to ATT. Renting rooms and taps to governments is not a business ATT would enter. It's just too small. They need revenues in the tens of millions to even consider a product, and it's unlikely NSA is paying that much. Where ATT can justify the cost is within its lobbying budget. On Tue, Sep 10, 2013 at 12:38 PM, Seth Woodworth s...@sethish.com wrote: It's not legal to pay for preferential treatment from the government, that's bribery. Why would it be illegal for the NSA to pay ATT Chase? On Tue, Sep 10, 2013 at 3:27 PM, Lucas Gonze lucas.go...@gmail.comwrote: Let's say major corps like ATT and Chase are doing favors for NSA. Why would they if not for a quid pro quo? And if they are getting favors in return, isn't that illegal? I wonder if there is evidence to show what the payback is. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] quid pro quo
The other pressure you mention is just what I was thinking of. On the one hand there is a threat. Cooperate with NSA or DOD won't consider your bids. On the other hand there is an offer. Cooperate with NSA and DOD will favor your bids. About the cash payments, operational costs are a small part of business logic. A company on the scale of Google doesn't enter cash businesses like this. If the NSA offers to pay a hundred bucks for a few thousand items a year, it's not meaningful in comparison to costs for lawyering, real estate, management, etc. On Tue, Sep 10, 2013 at 1:51 PM, Kyle Maxwell ky...@xwell.org wrote: In general, as has been well documented, the telcos and other firms charge the government for data records. While possibly distasteful (they're making money off of giving our data to the gov!), it makes sense from an operational point of view: there are real, concrete costs associated with storing, retrieving, and providing those data to valid requests, not to mention the process of handling sensitive requests in the first place. So I'm not sure the counter approach (provide it to us for free) is a good idea, either. That said, you do have all sorts of other pressure. Imagine a company that does a lot of federal work being told that all their contracts would have to be reviewed if they don't cooperate: the loss of a significant (read: material) amount of revenue is a serious motivator for profit-driven entities. It can get nastier from there: investigations, regulatory filings, etc. They have lots of leverage to apply to private organizations, even large powerful ones. (Disclosure: I work for a telco but I don't speak for them and I damn sure don't share their opinions on any of this stuff. And I'm not involved with any sharing of personal data to the gov or anybody else. I can't even access it.) On Tue, Sep 10, 2013 at 2:38 PM, Seth Woodworth s...@sethish.com wrote: It's not legal to pay for preferential treatment from the government, that's bribery. Why would it be illegal for the NSA to pay ATT Chase? On Tue, Sep 10, 2013 at 3:27 PM, Lucas Gonze lucas.go...@gmail.com wrote: Let's say major corps like ATT and Chase are doing favors for NSA. Why would they if not for a quid pro quo? And if they are getting favors in return, isn't that illegal? I wonder if there is evidence to show what the payback is. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- @kylemaxwell -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Designing Fairness for DMCA
On Tue, Jul 16, 2013 at 1:00 PM, John Adams j...@retina.net wrote: We call this The trust and safety departments at most major companies. It already exists. You're getting wrapped up in a technical implementation which would normally be handled by large teams. The level of integration you describe is more than just a simplistic database table. I spent much of last year working on a project similar to @RiptideTempora's. What I found is that organizations which get enough takedown requests to need administration tools are pretty big. For them, Zendesk already does a good job. There is an abuse department within the organization, which is part of customer support and which implements policy set by an attorney. For an organization smaller than this, executives typically handle DMCA takedown requests manually. They usually comply with all requests, because that is the essence of the safe harbor. To help users, I believe the best approach is legal assistance. Users need to know what their options are, how to file a counter notice, why the shouldn't file counter notices when they really are infringing, what infringement means, and so on. Additionally, your order of operations doesn't match the DMCA workflow that is required by law. Have a look at this helpful infographic and rethink the flow.. http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png This infographic is to help third parties understand the notice and takedown process. It is not a workflow for online service providers. -Lucas Gonze -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Terry Winograd and Evgeny Morozov
of the reasons why we at Stanford Liberationtech conduct interdisciplinary research and engage the world at large through our various activities, online and off. And it is also why we are supportive of the efforts of people like Evgeny Morozov and others in journalism who seek to improve public discourse. On Tue, Jul 2, 2013 at 9:34 AM, Lucas Gonze lucas.go...@gmail.com wrote: I find Morozov's critique of silicon valley intellectual fads worthwhile. The thinking coming from famous bloggers and tech industry conferences is for the most part hype for the sake of commerce. Morozov's writing is to puncture that hype bubble. This is a valuable goal and he does it well. On Mon, Jul 1, 2013 at 11:51 PM, Soenke Zehle s.ze...@xmlab.org wrote: maybe EM's style is more like a 'firstism' (make it sound like you're the first to make a particular point, obscuring other more or less readily available forms of critique) EM: Let's get the Nazis out of the way first. There's a considerable body of serious scholarship looking at the technological thought of the Nazis. They had plenty of engineers and scientists and some had rather ambitious theoretical ambitions. (Not to mention that Carl Schmidt and Heidegger, whatever their relationship to Nazism, wrote about technology). Yes Heidegger wrote about technology. But that's one of the places where firstism just won't do - to read Heidegger and his philosophy of technology in 'solutionist' terms ends up discrediting the anti-solutionist project imo. Funny Foucault quote: 'For me, Heidegger has always been the essential philosopher. My whole philosophical development was determined by my reading of Heidegger.' Soenke 2013/7/2 Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com: On Mon, Jul 1, 2013 at 6:26 PM, x z xhzh...@gmail.com wrote: Morozov Well, to Morozov's credit, that's why philosophers prefer German, French, Spanish, etcetera, to English! :D Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Lina Srivastava -- linasrivastava.com | twitter | linkedin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Internet is designed for surveillance
Bob, can you give examples alternatives to pipes owned by service providers? On Wed, Jun 26, 2013 at 12:39 PM, Bob Frankston bob19-0...@bobf.frankston.com wrote: I realize it's very hard to give up on the idea of networks but they are no more necessary for communicating than railroads are for travels. Nice options but not the only ones. As you note the idea of rent-seeking is at the heart of the matter. Being around when the fathers and mothers of the Internet were putting it together gives me useful perspective -- I know that Ethernets are not really networks and that we have connections between islands of connectivity. This means that connectivity is not a service -- just something we do with what we find lying around. The hierarchies, DNS, backbone were expedient engineering hacks that are not at all fundamental. We stay with them because we are stuck with the idea that we communicate within pipes like we did with telegraph wires but the Internet gives as an alternative (as I wrote in http://rmf.vc/NotSuper and go into far more detail in http://rmf.vc/RefactoringCE). In http://rmf.vc/CISustainable I provide an alternative funding model which doesn't require today's constructs merely to make bits billable. Once we aren't confined to pipes we can then do very decentralized protocols and view mechanisms like the DNS as applications rather than plumbing. Intercepts and all that may be legal -- but we aren't obliged to talk into their microphones. Bob Frankston http://frankston.com -Original Message- From: Bernard Tyers - ei8fdb [mailto:ei8...@ei8fdb.org] Sent: Wednesday, June 26, 2013 15:15 To: liberationtech Cc: Bob Frankston Subject: Re: [liberationtech] Internet is designed for surveillance -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Bob, I agree with you on the whole but I'm going to argue some of your points. On 26 Jun 2013, at 17:03, Yosem Companys wrote: From: Bob Frankston bob19-0...@bobf.frankston.com The current implementation of the Internet is hierarchical in that we get IP addresses from provides and then use a DNS that is rooted. Well, its decentralised hierarchical I guess. To be fair, there is nothing from stopping you or I from running our own DNS servers. However, at some point, I guess it will have to get its answers from root servers. We go even further in requiring that we conform to conditions on our intent (AKA our use) of connectivity in order to get a temporary lease on something so fundamental as our identity in the guise of a DNS name. We go further by accepting the idea that we communicate within pipes owned by service providers who can dictate terms in order to extract a rent. Someone has to build, maintain and expand the backbone infrastructure. I'm not for one minute saying the Verizon's, ATT, Vodafone's of the world are the best to do this. But it is expensive. Nowadays telecoms operators are more interested in sponsoring sports stadia, or film events than paying for the hardware needed. Thankfully this is causing their destruction. David Burgess from Open BTS said this about telecoms last year: will be served by companies that look and work a lot more like Red Hat than like Nokia-Siemens. I see that vision too, and I see products (not projects, products) like OpenBTS and OpenBSC.having places in that world. If we are correct about this vision of the future, then that small gathering of hackers.may have held the seeds of a revolution that will fundamentally change a multi-trillion dollar industry. [1] These are the kinds of projects are the way of the future, but they still rely on infrastructure companies to carry packets to reach maximum range. Once you accept such an architecture and such rules it seems disingenuous to act surprised when those whom we've put in charge take advantage of this control for whatever purpose whether for advertising or for our safety (real or imagined). Why so? We pay them for a service to provide us connectivity. We do not pay them to facilitate worldwide surveillance with no basis. Governments and LEA enforce legal interception protocols and build in requirements for any nation who wants to build a 3GPP standard mobile phone network to install legal interception equipment. By this I don't mean Finfisher or other sickening weapons of mass surveillance. Advances in communications technologies like LTE/SAE (4G) have built into their core Deep Packet Inspection. This is there for network management purposes, but lets be honest, it can (and is) used for other reasons. I would be amazed if any private individual asked ETSI (European telecoms Standards Institute) or ITU (International Telecoms Union) to require telecoms providers to install surveillance equipment. This is a legal battle. We may ask for restraint on the part of those who enforce the rules but every time there is an outrage (often called terrorist
[liberationtech] diseconomies of scale
It occurs to me that Prism exclusively targets large providers. This suggests that it relies on economies of scale. Which suggests a defense against Prism: use small providers, because there are diseconomies of scale. Thoughts? -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] New Anonymity Network for Short Messages
the ideal would be to hit a high enough rate that it makes real-time analysis of content (by a human) impossible. By the time the service hit that rate of chats, it will be nigh-unusable by people. Every client could broadcast a message on a timer. Sometimes the message would be wheat and sometimes chaff. Then the downsides would be: 1) Additional latency between composing the message and the next timer pulse. In terms of UX, slower sends. 2) A bigger buffer, flushing more often. Problem #2 could be ameliorated with something like sharding. If there were S shards and M messages total, a peer would buffer M/S messages. On Tue, Jun 11, 2013 at 11:42 AM, Griffin Boyce griffinbo...@gmail.comwrote: Sean Cassidy sean.a.cass...@gmail.com wrote: First is that if the load on the network is high enough, conversations can hide in the noise. This is helped by dummy message generation either by clients or servers (preferably clients to protect against attackers that can monitor every node). Unless I'm missing something (entirely possible): From your standpoint, the ideal would be to hit a high enough rate that it makes real-time analysis of content (by a human) impossible. By the time the service hit that rate of chats, it will be nigh-unusable by people. This is more or less why chat channels (eg, IRC) were created in the first place. And that doesn't preclude outside observers from storing and correlating the chats. ~Griffin -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech