from:"Moritz Bartl"

[liberationtech] Announcing the Digital Whistleblowing Fund

2018-11-15 Thread Moritz Bartl

How do we learn about dangers to our democracies, about corporate crimes
or corruption? Mostly through brave people within these organisations
who take great personal risks to fulfil what they experience as a moral
obligation: letting the world know about crimes and injustices they
witness, and holding the perpretrators accountable. Without such
whistleblowers, we would not know about some of the greatest scandals of
our time.

Yet how can we support whistleblowers and keep them safe? Most would,
with good reason, not feel comfortable contacting people they don’t
know, or reach out to whistleblowing organisations in other countries.
We need local whistleblowing initiatives, because only they know the
specific political context, have personal ties to investigative
journalists, can adequately protect their sources, and know how to make
best use of the information obtained.

Together with Hermes Center for Transparency and Digital Rights the
Renewable Freedom Foundation therefore launched the Digital
Whistleblowing Fund today, a program to support those willing to start
projects that actively engage in the solicitation of citizens and
employees to report corruption and wrongdoings. The Fund specifically
supports grassroots organisations that set up digital whistleblowing
projects, including investigative journalists and groups, human rights
and environmental activists, anti-corruption groups, media and free
speech activists, and many more. The Digital Whistleblowing Fund builds
on our Digital Rights Fund.

We know that whistleblowing projects require a specific and mixed set of
skills in essential areas to successfully run a whistleblowing
initiative: strategic, organisational, legal, IT, and security. The
Digital Whistleblowing Fund thus enables these organisations to apply
for and receive financial, operational and strategic support to start
digital whistleblowing initiatives. We also take care to support
peer-learning and exchange, to foster the whistleblowing community as a
whole.

A selection committee composed of key individuals and organisations from
the whistleblowing, journalism, activism, anti-corruption and hacking
ecosystems will evaluate the received applications.

The Digital Whistleblowing Fund runs periodical thematic calls. Our
initial call is for “Anti-corruption activism”, with a submission period
that starts today and ends on December 31.

https://www.whistleblowingfund.org/
https://www.whistleblowingfund.org/application-guide/
https://digitalrights.fund/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Stanford Liberationtech Needs Your Help

2018-06-15 Thread Moritz Bartl

Hi Yosem,
On 14.06.2018 21:13, Yosem Companys wrote:
> Recently, the decision was made to spin off LT as an independent entity.

Have you considered fiscal sponsorship instead, meaning to partner with
an existing non-profit instead of creating your own?

I can for example see us at Renewable Freedom Foundation hosting this,
both legally and technically. We have our own servers at various data
centers, an endowment to ensure continued operation of the foundation,
and existing legal infrastructure (registration in Germany, charity
status for donations across Europe, readily set up accounting & audits
etc.).

It would save you from a lot of headaches and bureaucracy. There are
other foundations I can connect you to if you're interested in exploring
this route.

Legally, the primary consideration should be wether you expect grants or
donations, and where from. If you're dealing with US funders, it is the
easiest for them to give money to 501c3's in the US; if you're dealing
with donors from Europe, a European entity might be more useful.
"Iceland" and "Switzerland" are mentioned quite often with little actual
benefit (their privacy laws nowadays are similarly good or bad as
elsewhere), and I would rather base the decision on where you have
trusted contacts and someone who speaks the language.

The separation of concerns via fiscal sponsorship can give you more
flexibility, and more independence: I could see you partnering with a
number of different entities, and regardless of their governance
structures decide on your own governance model independently. If all you
plan for the near future is some structure to host the mailing lists
and/or forums, I suggest you reconsider creating yet another legal
entity for this (yet).

In terms of recommendations for hosters, you should base your decision
on where you "place" the legal entity: The best protection you get is
having the infrastructure in the same country as the legal entity, as it
will not create potentially complex legal issues crossing borders. If
you have narrowed down your choices, I can help pick hosting companies.

It sounds like you may be interested in managed services, where you
trust the hosting company to manage not only the connectivity but also
the services itself (mailman and/or discourse). If you're considering
the hosted Discourse at discourse.com, you will need to trust them with
the data. I have not looked at their policies but usually these managed
options do not take good care of reducing IP logging, for example. They
are probably also using cloud storage, so the data sharing is even more
extensive. By picking a US company you basically pin the jurisdiction,
and you do not really want to be a foreign entity using US services like
that, so that makes sense only if you're creating or partnering with a
US entity. You can, however, find other, privacy-aware companies that
offer managed mailman/discourse hosting in other jurisdictions without
the "clouded" bit.

Moritz
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

[liberationtech] Fwd: CPDP2018 Call for Papers

2017-05-29 Thread Moritz Bartl

 Forwarded Message 
Subject:CPDP2018 Call for Papers
Date:   Mon, 29 May 2017 13:19:27 +0200

CPDP2018 Call for Papers
Call for Papers CPDP2018 – The Internet of Bodies. This call is
addressed to all researchers who wish to present their papers at the
next Computers, Privacy and Data Protection conference. 

 CPDP Conferences 10th anniversary

 *CALL FOR PAPERS 2018 – The Internet of Bodies*

CPDP is an annual three-day conference devoted to privacy and data
protection. The 11th edition of CPDP will be held on 24-26 January 2018
in Brussels. Whilst a number of speakers are specifically invited by the
conference, several slots remain open to application through an annual
call for papers. The CPDP2018 Call for Papers is addressed to all
researchers who wish to present their papers at the next Computers,
Privacy and Data Protection conference.

The call is split into two different tracks. The first is dedicated to
experienced researchers (i.e. from postdoctoral researchers on), while
the second welcomes PhD students and other junior researchers.
Contributions are welcome from all disciplines with perspectives on the
themes of the conference. The dual-track structure of the CPDP2018 Call
for Papers aims to meet the increasing interest of researchers – from
all levels and from multiple disciplines – in CPDP and their
expectations in terms of academic feedback and exchange. Please submit
your contribution through the EasyChair conference system through the
following link:
https://easychair.org/account/signin.cgi?key=54227266.Ef8HraNpV6VsWoCE

The overarching theme of the 2018 edition is the “Internet of Bodies”.
Data collection increasingly focuses on the physical body. Bodies are
increasingly connected, digitized and informatized. In turn, the data
extracted is reassembled in ways that give rise to significant questions
– challenging fundamental assumptions about where the corporeal ends and
the informational begins. Biometrics, genetic data processing and the
quantified self are only some of the trends and technologies reaching
into the depths of our bodies. Emerging technologies such as human
enhancement, neural implants and brain wave technology look likely to
soon become a daily reality.

 *RELEVANT FIELDS AND TOPICS*
The CPDP Scientific Committee invites papers in the fields of law,
social sciences, philosophy and computer sciences (as well as other
relevant fields). Multidisciplinary papers are particularly welcome. In
particular, this call aims to reach researchers whose works relate to
new technologies, privacy and data protection. Selected researchers will
have the valuable opportunity to present their papers in the conference
academic sessions. The main theme highlighted this year is “The Internet
of Bodies”, but we welcome any original topics related to the general
themes of the conference and especially encourage technology-focused and
interdisciplinary submissions.

Follow this link
information about the topics presented at previous editions of CPDP.

In case of doubt regarding the suitability of a contribution for the
conference, please contact Lorenzo Dalla Corte
.

 *CPDP2018 KEY DATES*
 *Deadline for submissions: Friday 29 September 2017 (23:59 CET).
Notification to authors: Friday 1 December 2017.*
 Papers accepted for presentation at the conference will go through a
second round of reviews for inclusion in the conference book (see below).
 * *
*SUBMISSION INSTRUCTION*

Authors responding to this Call for Papers are asked to submit a full
paper via a dedicated webpage on the EasyChair system, together with a
short abstract and up to 5 keywords. Authors should select the track for
which they are applying in EasyChair: either CPDP2018 Experienced
Researchers or CPDP2018 Junior Researchers.

Papers should be between 6000 and 8000 words in length, excluding
footnotes and bibliography. Authors must make use of the OSCOLA (4th
ed.) referencing style. The text of the paper should not include the
name of the author(s) and all self-references should be deleted.
Submissions not meeting these criteria risk rejection without
consideration of quality.

Contributions and identifying information should be submitted through
the EasyChair conference system.

Papers will be selected on the basis of their quality. All submitted
papers will be peer reviewed by members of the CPDP2018 Scientific
Committee (and other independent reviewers where necessary) and will be
commented upon by distinguished scholars. Authors of accepted papers
must guarantee that their papers will be presented at the conference: at
least one author of each accepted paper is required to register for the
conference and to present the paper. Accepted papers will be considered
for publication in the conference book published by Springer.

Selected authors will receive free entrance for the duration of the
conference. Funding for travel

[liberationtech] Call for Talks: HotPETs 2017: 10th Workshop on Hot Topics in Privacy Enhancing Technologies (Deadline 8.5.)

2017-04-27 Thread Moritz Bartl

lude those that provoke interesting discussion,
provide unique insight or value to the PETs community, share new and
emerging PETs-related research, and have the potential to expand
engagement between the PETs community and PETs users.

The chairs seek submissions that are complete and concise. They should
provide a full overview of the proposed talk, including (if available)
any conclusions or findings that are to be presented.

HotPETs Best Talk Award:

A goal of HotPETs is to present talks that are informative, engaging,
and even entertaining. To recognize such talks, each year HotPETs
concludes with a vote by the audience for its favorite talk. The talk
with the most votes wins the Best Talk Award!

Deadlines:
Submission Deadline: May 8th
Submission Notification: May 15th

HotPETs chairs:

 *  Sadia Afroz (ICSI /UC Berkeley)
 *  Moritz Bartl (Renewable Freedom Foundation)
 *  Tariq Elahi (KU Leuven)

Send submissions or questions to hotpet...@petsymposium.org.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Tor exit node operator arrested in Russia - a solidarity Tor Relay Challenge launched

2017-04-16 Thread Moritz Bartl

…

If you can, run a relay or an exit node and give it a name that contains
Bogatov or KAction (Bogatov’s handle). By running more relays we
increase anonymity and also show solidarity and demonstrate the power of
shared responsibility.
Tor relays are publicly available for everyone to use

The IP addresses of the Tor relays (middle relays and exit nodes) are
publicly available and can be freely used by the tor users. The fact
that relays are a publicly available resource doesn’t minimize or
threatens the anonymity of a tor user in fact it can be used as a proof
that an IP address of a server was a Tor at a given time.

Currently running Tor relays are enumerated to Atlas, a web application
to learn about currently running Tor relays. In a similarly way the
ExoneraTor service maintains a database of IP addresses that have been
part of the Tor network. It answers the question whether there was a Tor
relay running on a given IP address on a given date. ExoneraTor may
store more than one IP address per relay if relays use a different IP
address for exiting to the Internet than for registering in the Tor
network, and it stores whether a relay permitted transit of Tor traffic
to the open Internet at that time. Exonerator is a web service that can
check if an IP address was a relay at a given time.

A different type of relays; bridges are Tor relays that aren’t listed in
the public Tor directory. That means that ISPs or governments trying to
block access to the Tor network can’t simply block all bridges. Bridges
are useful a) for Tor users in oppressive regimes, and b) for people who
want an extra layer of security because they’re worried somebody will
recognize that it’s a public Tor relay IP address they’re contacting.
Further reading

What is a Tor relay
The Legal FAQ for Tor Relay Operators
How is Tor different from other proxies?
What security protections does Tor provide?
Interactive visualization that explains various Tor/non-Tor scenarios

Short version
-

Run a Tor relay or exit node in solidarity with Dmitry Bogatov!

Tor activists launch a call to run relays and exit nodes in solidarity
with Dmitry Bogatov, a FOSS contributor, GnuPG and privacy advocate and
math teacher arrested and detained in Russia. By now 26 relays have been
set up in different countries.

Bogatov will stay in detention till June 8 at least. He risks up to 7
years in prison as he is accused of having published messages with
incitations to terrorism. A user ‘Airat Bashirov’ was indeed posting a
number of messages inciting to organize mass rallies and protests, using
Bogatov’s home IP adress. However, as a Tor exit node operator, Bogatov
can not have access or be responsible for the content that passes by:
Tor’s technical architecture is in itself a proof of his innocence.

As an active FOSS contributor, he also has a support from the peer
community and has a strong alibi - he was in the sport center and then
in the supermarket at the moment when the messages were published.
Moreover, after Bogatov’s arrest the same user continued posting
incendiary messages.

If you can, run a tor relay or an exit node and give it a name that
contains Bogatov or KAction (Bogatov’s handle). By running more relays
we increase anonymity and also show solidarity and demonstrate the power
of shared responsibility.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] End-user IMSI detectors

2017-04-06 Thread Moritz Bartl

On 06.04.2017 18:28, Bill Ulrich wrote:
> I've been playing with an Android App that may be what you're looking for:
> 
>   https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector

There's also SnoopSnitch:
https://opensource.srlabs.de/projects/snoopsnitch
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch

Android solutions are limited in how much they can detect; there's a
good 2014 paper that discusses and compares various
IMSI-Catcher-Catchers:
https://www.sba-research.org/wp-content/uploads/publications/DabrowskiEtAl-IMSI-Catcher-Catcher-ACSAC2014.pdf

-- 
Moritz Bartl
Renewable Freedom Foundation
https://www.renewablefreedom.org/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Three new FOSS umbrella organizations in Europe [LWN.net]

2017-02-11 Thread Moritz Bartl

or not, the Center for the
Cultivation of Technology is flexible, but at the very beginning it
would primarily offer holding other intangible assets, such as domain
names and trademarks. That being said, at least in the early phase of
its existence, holding and managing copyright is not the top priority.
Therefore the CCT has for now deferred the decision regarding its
position on license enforcement and potential lawsuit strategy.
Accounting, budgeting, and handling administrative tasks, as well as
automation of them all, are clearly where its strengths lie and this is
where it initially wants to pour most effort into.

Upon a dissolution of the company, its assets would fall to Renewable
Freedom Foundation.

Since the founders of CCT have deep roots in anonymity and privacy
solutions such as Tor, I imagine that from those corners the first wave
of projects will join. As for the second wave, it seems to me that CCT
would be a great choice for projects that want to offload as much of
financial overhead as possible, especially if they plan to apply for
grants and would like help with applying and reporting.
Conclusion

2016 may not have been the year of the Linux desktop, but it surely is
the year of FOSS umbrella organizations. It is an odd coincidence that
at the same time three so different organizations have popped up in
Europe — initially oblivious of each other — to provide much-needed
services to FOSS projects.

Not only are FOSS projects spoiled for choice regarding such service
providers in Europe, now, but it is refreshing to see that these
organizations get along so well from the start. For example, Simon
Phipps is also an adviser at CCT and I help with both CCT and TCC.

In fact, I would not be surprised to see, instead of bitter competition,
greater collaboration between them, allowing each to specialize in what
it does best and allowing the projects to mix-and-match services between
them. For example, I can see how a project might want to pick TCC to
handle its intangible assets, and at the same time use CCT to handle its
finances. All three organization have also stated that, should a project
contact them that they feel would be better handled by one of the
others, they would refer it to that organization instead.

Since at least the legal and governance documents for CCT and TCC will
be available online under a free license (CC0-1.0 and CC-By-4.0
respectively), cross-pollination of ideas and even setting up of new
organizations would hereby be made easier. It may be early days for
these three umbrella organizations, but I am quite optimistic about
their usefulness and that they will fill in the gaps left open by the
older US siblings and single-project organizations.

If a project comes to the conclusion that it might need a legal entity,
now is a great time to think about it. At FOSDEM 2017 there will be
another panel with CCT, TCC, PS CIC, and SFC that will be a perfect
opportunity to pose any and all questions and comments you may have in
person.

https://lwn.net/Articles/713073/

-- 
Moritz Bartl
Renewable Freedom Foundation
https://www.renewablefreedom.org/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: Travel Grants for Herrenhausen Conference "Society through the Lens of the Digital", Hanover, 31 May

2017-01-18 Thread Moritz Bartl

Forwarded Message
Subject:Travel Grants, Herrenhausen Conference "Society through the
Lens of the Digital", Hanover, 31 May

https://www.volkswagenstiftung.de/nc/en/events/calendar-of-events/details-of-events/news/detail/artikel/herrenhausen-conference-society-through-the-lens-of-the-digital/marginal/5101.html

The Herrenhausen Conference "Society through the Lens of the
Digital" explores the role of the social sciences and the
humanities in a society saturated with debates on the effects of
digitization.

Travel Grants

Travel grants available for Young *Scientists* and *Developers*!

We offer travel grants

* for PhD students and early Post Docs working on theoretical,
methodological and empirical tools to analyze and conceive of the
digitization of society and interested in the role social sciences
and the humanities play in processes of digitization, and
* for developers, start-ups as well as PhD students and early Post
Docs from the STEM-field.

Applicants can win one of 30 travel grants to take part in the
Herrenhausen Conference "Society through the Lens of the Digital" in
Hanover, Germany. *The deadline for applications is February 5,
2017.* The grants include travel expenses to and from Hanover, visa fees
(if applicable), as well as accommodation in Hanover. Please check the
corresponding calls in the column on the right for more information.

The Herrenhausen Conference "Society through the Lens of the Digital"
explores the role of the social sciences and the humanities in a society
saturated with debates on the effects of digitization: Parties, NGOs and
the public sphere explore ideas of digital democracy. Luminaries of
business try to map and unlock the potential of big data and of platform
capitalism. Data journalists experiment with modes of describing the
world not through linear texts but through algorithms and interactive
visualizations while intelligent systems have to learn to navigate the
often-ambiguous rules and structures of society. We're lacking
scientific approaches to this multiplicity of discourses on
digitization, which allow us to adequately explore its implications for
research, research policy and the public role of the social sciences and
humanities. The Herrenhausen Conference "Society through the Lens of the
Digital" aims to fill this gap.

As a forum for debate between scholars and experts from civil society,
politics, economy and journalism the conference will tackle questions
such as: What role should the social sciences and the humanities play in
the digitization of society? Which kind of answers are they expected to
provide? How can they better fulfil their role as mediators and
translators between the conflicting and sometimes even incommensurable
perspectives on digital change? The discussion of theoretical,
methodological and empirical tools thus is not only aimed at the further
development of concepts and theories within the social sciences and
humanities. Equally important is the question of how they can help the
social sciences and humanities to open up to collaboration with the STEM
fields and to help solve the grand challenges of digitization.

Herrenhausen Conference *"Society through the Lens of the Digital"* May
31 - June 2, 2017
Herrenhausen Palace, Hanover, Germany

--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.

Re: [liberationtech] E-Voting

2016-11-17 Thread Moritz Bartl

Hi Andres,

On 11/17/2016 09:01 AM, Andres wrote:
> Transparency is certainly improved. You can check and change your vote
> after casting it. Estonian government even provides an iOS and Android
> mobile application for this.

Oh ho, within your own world it looks like you gave your vote. That does
not prove a single thing. Even just pointing to that as something that
convinces you shows how dangerous technology is.

Also, the situation in Estonia is quite different than in most other
countries, and most of these differences can be attributed to their
size. Just as a reminder, there are ~500 cities with a population larger
than Estonia.

The bigger the system, the larger the influence, especially in countries
that do have an existing and well-oiled lobbying apparatus. I cannot see
any larger country introducing any system that has similar security
properties, and the ability to reliably set aside the maintenance costs.
Anyone can see too well how broken maintenance of public infrastructure is.

So, on many levels, maybe nobody bothered to mess with the Estonian
platform because it just doesn't matter from a global perspective.

Moritz
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: PoPETs 2017 issue 3 call for papers

2016-11-16 Thread Moritz Bartl


 Forwarded Message 

[Apologies to those who receive multiple copies of this CFP]

CALL FOR PAPERS - PoPeTs 2017, Issue 3 / PETS 2017

The deadline for PoPETs 2017, Issue 3 is two weeks away: December
1, 2016. PoPETs/PETS now has 4 deadlines a year; submit whenever you
feel ready!

Read the CFP below for more details on our hybrid journal/symposium
model, which includes the option to resubmit with major revisions to a
subsequent deadline. See the web site for full information, including
submission guidelines.

Papers must be submitted via the submission server for Issue 3
at: https://submit.petsymposium.org/2017.3/

We look forward to your submissions!

-

Call for Papers
===
17th Privacy Enhancing Technologies Symposium (PETS 2017) Minneapolis,
Minnesota, USA July 2017 General information: https://petsymposium.org/
Submission server: https://submit.petsymposium.org/2017.3/


The annual Privacy Enhancing Technologies Symposium (PETS) brings
together privacy experts from around the world to present and discuss
recent advances and new perspectives on research in privacy
technologies. The 17th PETS event will be organised by the University of
Minnesota and held in Minneapolis, Minnesota, USA, July 18 â 21, 2017.

Papers undergo a journal-style reviewing process and accepted papers are
published in the journal Proceedings on Privacy Enhancing Technologies
(PoPETs). Submitted papers should present novel practical and/or
theoretical research into the design, analysis, experimentation, or
fielding of privacy-enhancing technologies. While PETS/PoPETs has
traditionally been home to research on anonymity systems and
privacy-oriented cryptography, we strongly encourage submissions on a
number of both well-established and emerging privacy-related topics, for
which examples are provided below.

PoPETs, a scholarly, open access journal for timely research papers on
privacy, has been established as a way to improve reviewing and
publication quality while retaining the highly successful PETS community
event. PoPETs is published by De Gruyter Open, the world's second
largest publisher of open access academic content, and part of the De
Gruyter group, which has over 260 years of publishing history. PoPETs
does not have article processing charges (APCs) or article submission
charges.

Authors can submit papers to PoPETs four times a year, every three
months on a predictable schedule. Authors are notified of the decisions
about two months after submission. In addition to âacceptâ and
ârejectâ decisions, papers may receive âmajor revisionâ
decisions, in which case authors are invited to revise and resubmit
their article to one of the following two submission deadlines. We
endeavor to assign the same reviewers to revised versions. Papers
accepted for publication within or before the February deadline round
will be presented at that year's symposium. Note that accepted papers
must be presented at PETS.

PoPETs also solicits submissions for Systematization of Knowledge (SoK)
papers. These are papers that critically review, evaluate, and
contextualize work in areas for which a body of prior literature exists,
and whose contribution lies in systematizing the existing knowledge in
that area. To be suitable for publication, SoK articles must provide an
added value beyond a literature review, such as novel insights,
identification of research gaps, or challenges to commonly held
assumptions. SoK papers will follow the same review process as other
submissions, and will be published in PoPETs and presented at the PETS
2017 event.

Submit papers for PoPETs 2017, Issue 3 at
https://submit.petsymposium.org/2017.3/. Please see the submission
guidelines below, and view our FAQ for more information about the process.

Important Dates for PETS 2017 Issue 3
==
All deadlines are 23:59:59 American Samoa time (UTC-11)
Paper submission deadline: November 30, 2016 (firm)
Rebuttal period: January 9 -- 11, 2017
Author notification: February 1, 2017
Camera-ready deadline for accepted papers and minor revisions (if
accepted by the shepherd): March 1, 2017

Papers which were submitted to a previous PoPETs deadline and invited to
resubmit after major revisions can submit the revised (full) paper up to
two weeks after the stated deadline. Such papers must however be
registered with an abstract by the usual deadline. All other papers than
these revised resubmissions must be submitted by the stated deadline,
including papers submitted and rejected from a previous issue. Major
revisions must be submitted in one of the two rounds following the
decision; otherwise the paper will be treated as a new submission.

Suggested topics include but are not restricted to:
===
Behavioural targeting
Building and deploying privacy-enhancing systems
Crowdsourcing for

[liberationtech] Fwd: Privacy Camp 2017: Call for submissions

2016-11-16 Thread Moritz Bartl

 Forwarded Message 









Dear all,

Join us for the 5th annual Privacy Camp (https://privacycamp.eu/)! Held
every January just before the start of the CPDP conference, the camp
brings together civil society, policy-makers and academia to discuss
existing and looming problems for human rights in the digital
environment. As every year, the event is co-organised by EDRi, Privacy
Salon, USL-B and VUB-LSTS.

*When*: 24 January 2017, 9am – 5.30pm
*Where*: Université Saint-Louis, Boulevard du Jardin Botanique 43, 1000
Brussels, Rooms P60 and P61 /(TBC)/

*Participate!*

Who controls (your) data, who controls the machines? These questions are
at the very center of the debates surrounding the pending adoption of
important EU-wide legislation, such as the review of the ePrivacy
Directive, the smart borders package, the draft Regulation on dual-use
goods and the latest filtering proposals in the draft copyright Directive.

We invite you to propose a panel for one of these two tracks:

*Track 01 controlling data*
Topics: #metadata #onlinetracking #export #surveillance #accountability
#UploadFilters

*Track 02 controlling machines*
Topics: #IoT #InternetOfThings #algorithms #wearables #sharingeconomy #AI

Some things to keep in mind when submitting your proposal:

  * indicate a clear objective for your session: what would be a good
outcome for you?
  * indicate other speakers that could participate in your panel (and
invite them)
  * make it as participative as possible, think about how to include the
audience as much as possible
  * send us a max 500 word description of your session

How to submit:
1. Send your proposal to Imge: imge.ozcan (at) vub.ac.be
 *before 23 November 2016*.
2. After the deadline, we will review your submission and let you know
by 6 December 2016.
3. The draft programme is scheduled to be announced in the first week of
January 2017.

Please note that it is possible that we suggest to merge proposals if
they are very similar.

Best,
Imge

Imge Ozcan
Research Group on Law, Science, Technology & Society
Vrije Universiteit Brussel

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Hacking attacks on activists in Azerbaijan

2016-10-17 Thread Moritz Bartl

On 10/14/2016 07:33 PM, Joseph Lorenzo Hall wrote:
>> What I'm looking for here are people - an organization or otherwise - that
>> can help with retroactive help - help in closing down fake profiles, help in
>> recovering accounts.
> I don't know of an organization like that...

I know of Access Now's Digital Security Helpline, but I've heard mixed
things about it: https://www.accessnow.org/help/ I've come across other
organizations that wanted to provide services like that too, but nothing
else in particular comes to mind.

Moritz
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: Survey: Digital Insecurity of Activists

2016-10-09 Thread Moritz Bartl

Forwarded with permission. Their deadline is soon.

 Forwarded Message 
Subject:Re: Digital Insecurity of Activists
Date:   Sat, 8 Oct 2016 17:23:45 -0700
From:   John Woodside 

I’m a researcher and journalist with the Liu Institute for Global
Issues at the University of British Columbia and am working on a project
forOpenCanada.org , supported by the Centre for
International Governance Innovation and the Munk School of Global
Affairs,that is investigating people’s exposure to conflict and
repression through their use of digital technologies.

We are looking to gather perspectives on one issue we are addressing:
the targeting of civil society organizations and activists for hacking,
surveillance, online threats, and other actions that put people at risk
or stifle their voices.

We are reaching out to individuals in the security, advocacy, policy and
academic communities, to solicit suggestions for improving the digital
security of activists. We are doing so, in part, to contribute to the
public debate around the Canadian federal government’s current
Consultation on Cyber Security.

We are hoping that you might be willing to share your insights or
recommendations. We have created a short questionnaire
that people can fill out.

We will publish an edited version of people’s responses on
OpenCanada.org later this month. Of course, we
are more than happy to share any comments we would attribute to you
before publishing them.

We do ask that you provide an email in the questionnaire so that we are
able to get in touch should we want to ask follow up questions, or to
send me an email directly to let me know you have completed the
questionnaire so that I can follow up as necessary.

Best regards,
John Woodside
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: CPDP2017 Call for Papers - deadline extended until Oct 22nd

2016-10-06 Thread Moritz Bartl

Computers, Privacy and Data Protection 2017 – The Age of Intelligent
Machines

Call for papers 2017
http://www.cpdpconferences.org/callforpapers.html

CPDP is an annual three-day conference devoted to privacy and data
protection. The 10th edition of CPDP will be held on 25-27 January 2017
in Brussels. Whilst a number of speakers are specifically invited by the
conference, several slots remain open to application through an annual
call for papers. The CPDP2017 Call for Papers is addressed to all
researchers who wish to present their papers at the next Computers,
Privacy and Data Protection conference.

The call is split into two different tracks. The first is dedicated to
experienced researchers, while the second welcomes PhD students and
junior researchers. Contributions are welcome from all disciplines with
perspectives on the themes of the conference. The dual-track structure
of the CPDP 2017 Call for Papers aims to meet the increasing interest of
researchers – from all levels and from multiple disciplines – in CPDP
and their expectations in terms of academic feedback and exchange.
Please submit your contribution through the EasyChair conference system
by following this link. https://easychair.org/conferences/?conf=cpdp2017

RELEVANT FIELDS AND TOPICS

The CPDP Scientific Committee invites papers in the fields of law,
social sciences, philosophy and computer sciences (as well as other
relevant fields). Multidisciplinary papers are particularly welcome. In
particular, this call aims to reach researchers whose works relate to
new technologies, privacy and data protection. Selected researchers will
have the valuable opportunity to present their papers in the conference
academic sessions. The main theme highlighted this year is Artificial
Intelligence, but we welcome any original topics related to the general
themes of the conference and especially encourage technology-focused and
interdisciplinary submissions.

Follow this link for more information about the topics presented at
previous editions of CPDP.

In case of doubt regarding the suitability of a contribution for the
conference, please contact Lorenzo Dalla Corte
(lorenzo.dallaco...@cpdpconferences.org).

CPDP2017 KEY DATES

 - Deadline for submissions: extended deadline till Saturday 22 October
2016.
 - Notification to authors: Friday 2 Dec. 2016

Papers accepted for presentation at the conference will go through a
second round of reviews for inclusion in the conference book (see below).

The deadline for submissions to the second round of reviews is:
Monday 6 March 2017.

SUBMISSION INSTRUCTIONS

Authors responding to this Call for Papers are asked to submit a full
paper via a dedicated webpage on the EasyChair system, together with a
short abstract and up to 5 keywords. Authors should select the track for
which they are applying in EasyChair: either CPDP 2017 Experienced
Researchers or CPDP 2017 Junior Researchers.

Papers should be between 6000 and 8000 words in length and follow the
CPDP layout rules based on the Springer template (zip file for download).

The text of the paper should not include the name of the author(s) and
all self-references should be deleted. Submissions not meeting these
criteria risk rejection without consideration of quality.

Contributions and identifying information should be submitted through
the EasyChair conference system following following this link.

Papers will be selected on the basis of their quality. All submitted
papers will be peer reviewed by members of the CPDP 2017 Scientific
Committee (and other independent reviewers where necessary) and will be
commented upon by distinguished scholars. Authors of accepted papers
must guarantee that their papers will be presented at the conference: at
least one author of each accepted paper is required to register for the
conference and to present the paper. Accepted papers will be considered
for publication in the conference book published by Springer.

Selected authors will receive free entrance for the duration of the
conference. Funding for travel expenses may be available for PhD
Candidates who cannot cover their own costs. If you require funding,
please get in touch.

For further details on the conference structure and its main topic
areas, interested researchers are invited to visit the
www.cpdpconferences.org or to contact i...@cpdpconferences.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: Call for Participation for the first FSFE summit

2016-05-22 Thread Moritz Bartl

 Forwarded Message 
Subject: Call for Participation for the first FSFE summit
Date: Fri, 20 May 2016 13:25:41 +0200
From: Erik Albers 
Organization: Free Software Foundation Europe
To: discuss...@fsfeurope.org

Dear list,

Imagine a European Union that builds its IT infrastructure on Free Software.
Imagine European Member States that exchange information in Open
Standards and share their software. Imagine municipalities and city
councils that benefit from decentralized and collaborative software
under free licenses. Imagine no European is any longer forced to use
non-Free Software.

This is what we are seeking. And although this vision feels like a long
road to go, we know that we are taking major steps along it today. If
you like to inspire us on this journey, sent your submission to the
first FSFE European summit until May 29:

https://wiki.fsfe.org/Events/Summit2016/CallForParticipation

For any questions, do not hesitate to directly ask me. Forwarding this
mail to any interested people is encouraged.

Best regards,
   Erik

-- 
FSFE summit - Call for Participation: https://fsfe.org/summit16
Save the date: September 2 - 4, 2016 - BCC Berlin, Germany
Hashtag: #FSFEsummit - Picture: http://polr.me/vfc
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: Digital Citizenship and Surveillance Society - London, 27 June

2016-05-13 Thread Moritz Bartl

 Forwarded Message 
Subject:  Digital Citizenship and Surveillance Society -
London, 27 June
Date: Thu, 12 May 2016 13:54:21 +

Digital Citizenship and Surveillance Society
London, 27 June, 1 pm

For the past 18 months the research project 'Digital Citizenship and
Surveillance Society: UK State-Media-Citizen Relations After the
Snowden Leaks' has investigated the consequences of the Snowden
revelations. We will hold a workshop in London on Monday 27th June to
present findings of our research and discuss their implications.

Digital Citizenship and Surveillance Society
12:30 Arrival and registration
1-2pm - Presentation of project findings
2:30-5:30pm - Workshops to discuss implications and next steps:
- Journalism and news media: What are the challenges for journalist
work and for covering surveillance?
- Civil society activism: How do we advance data justice?
- Policy reform: The Investigatory Powers Bill and beyond - What
should the policy framework be?
- Technology: What are the prospects of tools and standards development?

The event will bring together scholars, activists, technologists,
policymakers, and other experts. It will continue the productive
debates from last year's conference 'Surveillance and Citizenship'
(http://www.dcssproject.net/conference/), and it will serve to discuss
future steps and projects regarding research, policy reform,
technological development, etc.

The workshop will take place at the Institute of Mechanical Engineers,
One Birdcage Walk (http://www.onebirdcagewalk.com/) in London
(Westminster). More information on the venue and how to get to there
can be found here
http://www.onebirdcagewalk.com/contact-us/one-birdcage-walk-directions.
More
information about the day will be published on the website
http://www.dcssproject.net closer to the date.

Participation is free of charge but registration is required. Please
register by 31 May at:
https://www.eventbrite.co.uk/e/digital-citizenship-and-surveillance-society-1-day-workshop-tickets-25259029437.

This workshop is hosted by the School of Journalism, Media and
Cultural Studies at Cardiff University. Organizing group: Dr Arne
Hintz (Cardiff University), Prof Karin Wahl-Jorgensen (Cardiff
University), Dr Lina Dencik (Cardiff University), Prof Ian Brown
(Oxford University), Dr Michael Rogers (Briar Project), Dr Jonathan
Cable (Cardiff University). For information about the project, see:
http://www.dcssproject.net/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Email provider enabling enforced SMTP/TLS for inbound MX-received emails

2016-04-03 Thread Moritz Bartl

On 01/03/2016 02:57 PM, Fabio Pietrosanti (naif) - lists wrote:
> Ideally, i would like an automatic email to be sent back to the sender
> of that email, informing his that his email provider/email server is
> not secure and must be updated to enable sending email securely.

Yes, I would like to see that, but not only as a hosted mail provider
option, but maybe first as a set of scripts for OpenSMTPd and Postfix.

The most promising project is
https://github.com/EFForg/starttls-everywhere , but definitely more
could be done (and this project needs help).

-- 
Moritz Bartl
Renewable Freedom Foundation
https://renewablefreedom.org/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Reboot: a personal book about hacktivism

2016-02-22 Thread Moritz Bartl

Stephan Urbach, known as "tomate", was active in the Telecomix activism
group in the past decade. He wrote a book about his life as an activist,
which was published last year in German. He tried to find a publisher
for an English version, but so far potential publishers didn't want to
pay the cost of translation. Stephan is now trying to raise the
necessary 3600€ from potential readers.

https://www.indiegogo.com/projects/reboot-english-version-of-my-book-neustart/

"'.REBOOT' is an uncontrolledly honest book telling about a life dealing
with nothing and everything but actual dealing with one thing: to
understand this world, change it and not collapsing doing so."
(politik-digital.de)

"His (Urbach's) book is not another netphilosophical sorry effort which
you read and take some nice ideas from and put in the shelf. His book is
unperfected, emotional, lacks from emotional detachment. It deeply
moves. Thanks." (Publikumsbeschimpfung)

"'.REBOOT" is an extraordinary intensive book, deeply moving and
frightening at the same time showing that its worthwhile to commit to
others and that there is no shame to admit your flaws." (Hanauer Bote)

Good luck Stephan!
Mo
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] International Free Software Conference, Havana/Cuba, April 25-27

2015-12-16 Thread Moritz Bartl

http://www.cubaconf.org/

You are an enthusiast of Free Software? Come to Cuba!

The User Group of Free Technologies (GUTL)[1] from Cuba and Best Of Open
Technologies (BOOT e.V.) [2] from Germany, are glad to invite you to
join the International Free Software Conference in Cuba in April 2016.

Why in Cuba?

Unfortunately the majority of large Free Software Conferences take place
in rich countries.

People from poor countries like Cuba normally are prevented to
participate not only by financial reasons but also by denying the entry
visa to countries like USA, Canada or most European countries.

So we decided to turn it upside down and have an International Free
Software Conference in Havana, Cuba. We invite free software enthusiasts
from all over the world to participate, show what they are working on
and educate each other.

The idea is not only to exchange experiences how to apply the newest and
“smartest” Free and Open-Source Software, but also to consider old
hardware and very low bandwidth. Furthermore we want to talk about how
Free Software can help developing countries in general.

For example:

  * Experiences on using Free Software in social projects.
  * Experiences of small companies using Free Software to compete on the
world market.
  * How the use of Free Software in educational institutions is
economically favorable.

It will be perfect if all continents are represented and we want to have
a high representation of women. We do not want to exclude anyone for
economical reasons, so we will try to raise money to support travel
expenses for those who need it.


The conference will take three days:

  * On the first day there will be a fixed program and keynotes.
  * The second day will be held in an unconference* style.
  * On the third day there will also be workshops and sprints.

The event will be bilingual (English and Spanish).

How your group can help with the organisation of the event:

  * Spreading and promoting the conference.
  * Prepare a presentation which describes the role of Free Software in
your country.
  * Prepare a presentation about new technology.
  * With the participation of volunteers.

http://www.cubaconf.org/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: ANN: TCP injection attack detection tool - honeybadger

2015-12-07 Thread Moritz Bartl

 Forwarded Message 
Subject: [tor-relays] ANN: TCP injection attack detection tool - honeybadger
Date: Mon, 7 Dec 2015 19:17:50 +0200
From: David Stainton 

Dear Golang community, Edward Snowden, cypherpunks, Tor-relay operators,
low-level network hackers and TCP abolitionists,

I was inspired by the Snowden documents to write a TCP injection attack
detection tool. Powerful entities world wide are stock piling zero-days.
TCP injection attacks can be used to deliver many of these attacks.

source:
https://github.com/david415/HoneyBadger

docs:
https://honeybadger.readthedocs.org/en/latest/

tasty pcap for "integration testing":
https://github.com/david415/honeybadger-pcap-files

HoneyBadger does bidirectional TCP stream reassembly... temporarily
storing segments in ring buffer for comparison to later received
overlapping stream segments. In other words it doesn't rely on simply
matching duplicate sequence numbers but compares the actual overlapping
stream segment contents. This more thorough approach is needed to
account for TCP's retransmission which can send various segments sizes
that can differ from the original dropped segment length. Furthermore we
also detect the other injection types such as handshake hijack.

The literature (go ahead and scour the Internet) does NOT mention all of
the TCP injection attacks that are possible. I assert that there are 5
possible types of TCP injection attack. I describe them here:

https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-detect-TCP-injection-attacks.rst

https://github.com/david415/HoneyBadger_docs/blob/hackpad1/source/how-to-detect-TCP-injection-attacks.rst#tcp-injection-attack-categories

current honeybadger project status:

- honeybadger seems mostly useable for use in the wild, though we are
pretty sure that bugs exist and probably some false positive bugs at that.

- active development halted several months ago when the implementation
seemed good enough to deploy and sniff packets in the wild.

- if in the future the gopacket dev team releases a new "sufficient" TCP
reassembly API then I could severely reduce HoneyBadger's code size.

- pull requests and github issue comments will inspire me to contribute
feature additions and fixes

It runs on Linux but does honeybadger work on *BSD?

Of course it does... I wrote the gopacket BSD BPF sniffer API ;-p
and tested honeybadger on NetBSD, FreeBSD and OpenBSD.

I'd like to explore the possibility of writing a similar TCP injection
attack detector in rust using libpnet as soon as libpnet is sufficiently
mature to use for TCP analysis:

https://github.com/libpnet/libpnet

So what?

1. So... all TCP analyzers need to be rewritten to account for TCP
injection attacks, otherwise you are doing it wrong.

2. So feel free to use HoneyBadger to analyze your own traffic over the
wire or sketchy pcap files that you acquire; perhaps our data collection
efforts will result in responsible disclosure of 0-days... and publicly
reporting that in fact these TCP injection attacks do happen as targeted
attacks against real people to violate their human rights.

3. So use my design in your software; The description of how to detect
the 5 possible TCP injection attacks can serve as a part of a design
document for other software projects to implement their own TCP
injection attack detection.

cheers from the Internet,

David Stainton

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Dead Tree Lovers coming to #32c3: Call for Books

2015-11-09 Thread Moritz Bartl

Hi!

Like last year, in a collaboration with La Quadrature du Thé, the "Dead
Tree Lovers" will bring a library of now over 700 books for your reading
pleasure.

For the first time last year, it was an experiment to see if people can
actually cool down enough during the busy days of Congress to even
browse through the shelves, let alone sit down and read. It was a full
success. I am still amazed by the looks of up to ten people sitting on
our couches and chairs and the carpet, _reading_!

We have rare early publications of the CCC, an almost complete archive
of the Datenschleuder, multiple copied of the Hackerbibles, and a lot more.

We don't have final confirmation yet, but I assume we will be stationed
again on the fourth floor at the teahouse.

If you have books that should be in the library, bring them along! You
can pick them up again at the end of Congress, or leave them to be in
our permanent installation, and request it back any time. You can also
send books by (postal) mail.

https://wiki.hackerspaces.org/Dead_Tree_Lovers

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Yahoo and Mailinglists (was: Re: Any project missing on the updated map of a "GNU Internet" ?)

2015-10-06 Thread Moritz Bartl

On 10/06/2015 05:28 PM, Ryan Getz wrote:
>> *Why is this message in Spam?* It has a from address in yahoo.com
>>  but has failed yahoo.com 's
>> required tests for authentication.

It's indeed DMARC.

http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html

Yahoo has quite some talent with breaking things, over and over again. I
would advise against using any of their services.

.mo
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Github special discount: $5 Yubikey U2F key

2015-10-03 Thread Moritz Bartl

Github introduced U2F support and is partnering with Yubikey for quite a
discount on their U2F keys ($5 instead of $18 not including shipping).

https://www.yubico.com/github-special-offer/

Limited to 2 keys per order. The simple U2F key does not support OTP or
OpenPGP or the static passphrase mode.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Anyone know of a free payment/donation app for non-profits?

2015-08-04 Thread Moritz Bartl

On 08/04/2015 06:46 PM, Zak Whittington wrote:
 A friend of mine is working for an anti-genocide org in southeast asia,
 and they want to start doing some online fundraising. Their first
 thought was to do a PayPal button, but they'd rather not pay PayPal a
 cut of all their donations.  
 
 Anyone know if there are any free tools out there for small social
 justice orgs to fundraise online without transaction fees or buying a
 costly software package?

https://www.betterplace.org/ covers Paypal and other transaction fees
for projects that are aiming to make the world a better place. They
ask for donations when someone donates to your project, but it's not
required. Unless you are a registered German charity, each campaign is
limited to 2500€ per item and you can only withdraw 2500€ per quarter.

If you plan to use this platform make sure to register and submit your
project proposal early, they need some time to manually verify campaign
goals before you can make it public.

-- 
Moritz Bartl/RFF
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Dead Tree Lovers -- Call for Books

2015-07-05 Thread Moritz Bartl



  DEAD TREE LOVERS -- CALL FOR BOOKS

  _
 ||---||
 ||.--..-._.. ||
 |||==|| |H|___.---.___||_.--.___ ||
 |||  || | |xxx|_  |+++|=-=|_  _|-=+=-|==|---|||
 |||==|| | |   | \ |   |   |_\/_| |  | ^ |||
 |||  || | |   |\ \   .--. |   |=-=|_/\_|-=+=-|  | ^ |||
 |||  || | |   |_\ \_( oo )|   |   || |  | ^ |||
 |||==|| |H|xxx|  \ \ |''| |+++|=-=||-=+=-|==|---|||
 ||`--^'-^-^---'   `-'   '---^---^^-^--^---^||
 ||---||
 ||---||
 ||   ___   .-.__.-. .---.||
 ||  |===| .---.   __   .---| |XX|(*)|_|^^^|||
 || ,  /(|   |_|III|__|''|__|:x:|=|  | |=|   |||
 ||  _a'{ / (|===|+|   |++|  |==|   | |  | | |   |||
 ||  '/\\/ _(|===|-|   |  |''|  |:x:|=|  | | |   |||
 ||_  -\{___(|   |-|   |  |  |  |   | |  | | |   |||
 ||   _()|===|+|[I]|DK|''|==|:x:|=|XX|(*)|=|^^^|||
 ||  `---^-^---^--^--'--^---^-^--^-^-^---^||
 ||---||
 ||___||


   tl;dr: We want your books. Send them to us.

   In December 2014, over 500 books were brought to Chaos
   Communication Congress in Hamburg for an experiment:
   During the busy days of Congress, with over 12.000
   visitors, how will people react to a library of dead
   trees?
   In partnership with La Quadrature Du Thé and the Congress
   team, a cozy reading area was set up on the fourth floor.
   For us Dead Tree Lovers, to see all seats and carpet space
   occupied almost 24/7 by interested readers filled us with
   delight.

   The library lives on! And has considerably grown since. The
   database now contains over 666 titles. As a travelling
   library, we will bring it to places near you, to
   hacker events and hackerspaces, to other public spaces.
   It is currently hosted and accessible around the clock at
   OpenLab Augsburg, Germany, for free borrowing or cheap
   purchase, replacing existing books by other used copies.
   The database is limited in that it does not yet contain
   all of the historical material that we have so far
   collected on the earlier days of hacking, pre-80s. Thanks
   to Werner Pieper, a friend of Wau Holland and publisher,
   we have started to add rare material from the good old
   times when hacking was part of the broader political
   counterculture movement and not yet mainstream. Thanks to
   the CCC, we are now hosting a complete paper archive of
   the Chaos Computer Club publication 'Die Datenschleuder'.
   The Humanistische Union (HU) donated most (all?) of their
   publications.

   WE WANT MORE. The library needs your help. Please send
   us your books and reading suggestions for us to hunt down
   paper copies! Or better yet, send us offers first.
   We're open for anything tech, political, scifi, as long
   as you feel it influenced your life profoundly and is
   worth reading. The focus is hacker culture and its history
   in the broader sense. It is not necessary to give your
   books away forever, we can log the source and return
   it if and when you want it back.

   Dead Tree Lovers c/o OpenLab Augsburg e.V.
   Elisenstrasse 1
   D-86159 Augsburg, Germany

   JOIN! We have started a mailing list to discuss all kinds
   of book matters: book scanning, library software (or lack
   thereof), book recommendations etc.

   the DTL team // July 2015
   -
   irc.hackint.org #deadtreelovers
   https://wiki.hackerspaces.org/Dead_Tree_Lovers
   https://www.librarything.com/catalog/hacklib
   https://lists.hackerspaces.org/mailman/listinfo/deadtreelovers

   rss: https://www.librarything.com/rss/recent/hacklib
   twitter: https://twitter.com/hacklibrary




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: [tor-relays] Let's talk incentives: addressing the social questions

2015-06-25 Thread Moritz Bartl

 Forwarded Message 
Subject:[tor-relays] Let's talk incentives: addressing the social
questions
Date:   Thu, 25 Jun 2015 11:41:42 -0400
From:   Ori Shimony os...@virginia.edu
Reply-To:   tor-rel...@lists.torproject.org
To: tor-rel...@lists.torproject.org

Hi All,

I am an undergraduate researcher at the University of Virginia looking
into the Tor Incentives Problem. I recently started running an
exit-relay and plan on finding effective ways of encouraging others to
do so as well!

As a student of Computer Science and Anthropology, I am prioritizing
both the technical and social angles of Tor's ecosystem in my approach
to this problem. Thus far, many of the unanswered social questions
regarding motivation and Tor have barred progress in efforts to scale
the relay community. It is my objective to move this issue forward by
conducting systematic research on the human-systems underlying Tor while
developing proposals grounded in these socio-technical realities.

One idea Ive had is to discuss these issues and potential approaches
one-on-one with some of the individuals currently operating relays. I
think it would be really helpful to hear your ideas, questions, and
personal insights on relay-volunteering and its future.

If you are interested please email me at os...@virginia.edu
mailto:os...@virginia.edu with dates/times that would be convenient
for a Skype or phone call. For general questions, comments, concerns,
etc. feel free to respond on the mailing list as well.

Thanks,
Ori

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Tor-only wireless access

2014-06-23 Thread Moritz Bartl

On 06/23/2014 04:55 PM, Jonathan Wilkes wrote:
  Is anybody doing router software that allows guest access, but
 _only_ if the client is using Tor to connect?  The Tor network and its
 various relays and exits are known, so it seems like it should be doable.

I know of various people who announce a guest wifi that transparently
proxies all traffic via Tor. I am not a fan of this method, as it does
not take care of application-level privacy leaks and exposes users to
other dangers without their knowledge (like sniffing or traffic-altering
exit nodes). The idea of a captive portal that explains how to
download and verify Tor Browser, on a network that only allows to
connect to Tor relays and torproject.org IPs (and mirrors), exists, but
I've not seen any implementations of it.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Reporters Without Borders and Torservers.net partnership

2014-04-27 Thread Moritz Bartl

Hi Enrique,

Thank you for your kind words. We're definitely interested in more
partnerships, and we still have some funding for that. I posted more
details some months earlier on the Libtech list: For a non-tech NGO, we
can take care of basically everything (coordinating with ISPs, providing
IP space, administration of the servers). If the NGO has some tech
staff, we can teach them to maintain the server themselves, which is
better for diversity since we can remove our own access after the setup.
A tech NGO with enough experience can even do their own installation and
DDP allows us to fund this, within some boundaries.

Moritz

On 04/25/2014 02:21 PM, Enrique Piracés wrote:
Hi Moritz,

This a great step. Congrats to Torservers, Hivos/DDP, and RSF. It may
be useful to post how this will be implemented as to clarify what it
takes for implementation and encourage other organizations to join the
effort.

Best,
Enrique Piracés
Vice President, Human Rights Program
Benetech

https://www.benetech.org
https://www.martus.org
https://www.twitter.com/epiraces

Moritz Bartl:
Hi!

As many of you know, Hivos/DDP funds us to run a large number of
Tor bridges (and exits!). For diversity, we want to spread this
across as many organizations. Ideally, orgs are not running high
bandwidth exits and bridges at the same time. I'm very proud to
announce that one of our partners for the bridges is Reporters
without Borders.

We're still looking for more partners, so if you're organization
is interested in working with us, let me know!

Here's today's press release:

https://blog.torservers.net/20140425/reporters-without-borders-and-torserversnet-partners-against-online-surveillance-and-censorship.html

( https://en.rsf.org/reporters-without-borders-and-25-04-2014,46196.html )

- Reporters Without Borders and
Torservers.net, partners against online surveillance and
censorship Fri 25 April 2014 by RSF

Reporters Without Borders and Torservers.net have joined forces to
create and maintain 250 additional relays for the Tor network.

“In doing this, our two organizations are thumbing our noses at
the entire world’s censors,” said Grégoire Pouget, the head of the
Reporters Without Borders New Media desk. “Whatever the technical
means deployed to control information, there will always be
circumvention methods that many organizations including ours will
not hesitate to deploy.”

“Anonymity is important for the full expression and realization of
civil liberties. On the Internet, safe and unmonitored
communication can only be established through methods of trusted
decentralized anonymizing services like the Tor network.”, added
Moritz Bartl, the founder of torservers.net.

Tor is free software and an open network that helps to improve
protection of privacy and the security of Internet communications.
Using the Tor network ensures protection against a form of network
surveillance known as “traffic analysis.” This type of surveillance
can be used to discover who is communicating with who and, in some
cases, even to identify who you are and where you are located.

Journalists use Tor to communicate in a safe and anonymous manner
with sources, whistleblowers and dissidents. Tor can also be used
to circumvent website blocking in many countries. Many Internet
users in China, Iran, Pakistan and Turkey use Tor to access
Facebook, YouTube and Twitter.

In some countries that want to monitor and control all Internet
connections, public access points to the Tor network are blocked.
In partnership with the Tor Project and torservers.net, Reporters
Without Borders has therefore created and will maintain 250 new
entry nodes to the Tor network. As these entry nodes will not be
made public, authoritarian governments will not be able to block
them.

To find an entry node if Tor is blocked in your country, you can
contact the Tor Project at h...@rt.torproject.org or Reporters
Without Borders at wefightcensors...@rsf.org.

Reporters Without Borders will also make the details of these
non-public bridges available within its network and during the
seminars on circumventing censorship and protecting communications
that it organizes throughout the world.

Torservers.net is an independent, global network of organizations
that help to protect human rights to freedom of opinion and
expression by running high bandwidth Tor relays.

--
Moritz Bartl
https://www.torservers.net/
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.

[liberationtech] Reporters Without Borders and Torservers.net partnership

2014-04-25 Thread Moritz Bartl

Hi!

As many of you know, Hivos/DDP funds us to run a large number of Tor
bridges (and exits!). For diversity, we want to spread this across as
many organizations. Ideally, orgs are not running high bandwidth exits
and bridges at the same time. I'm very proud to announce that one of our
partners for the bridges is Reporters without Borders.

We're still looking for more partners, so if you're organization is
interested in working with us, let me know!

Here's today's press release:

https://blog.torservers.net/20140425/reporters-without-borders-and-torserversnet-partners-against-online-surveillance-and-censorship.html
( https://en.rsf.org/reporters-without-borders-and-25-04-2014,46196.html )

-
Reporters Without Borders and Torservers.net, partners against online
surveillance and censorship
Fri 25 April 2014 by RSF

Reporters Without Borders and Torservers.net have joined forces to
create and maintain 250 additional relays for the Tor network.

“In doing this, our two organizations are thumbing our noses at the
entire world’s censors,” said Grégoire Pouget, the head of the Reporters
Without Borders New Media desk. “Whatever the technical means deployed
to control information, there will always be circumvention methods that
many organizations including ours will not hesitate to deploy.”

“Anonymity is important for the full expression and realization of civil
liberties. On the Internet, safe and unmonitored communication can only
be established through methods of trusted decentralized anonymizing
services like the Tor network.”, added Moritz Bartl, the founder of
torservers.net.

Tor is free software and an open network that helps to improve
protection of privacy and the security of Internet communications. Using
the Tor network ensures protection against a form of network
surveillance known as “traffic analysis.” This type of surveillance can
be used to discover who is communicating with who and, in some cases,
even to identify who you are and where you are located.

Journalists use Tor to communicate in a safe and anonymous manner with
sources, whistleblowers and dissidents. Tor can also be used to
circumvent website blocking in many countries. Many Internet users in
China, Iran, Pakistan and Turkey use Tor to access Facebook, YouTube and
Twitter.

In some countries that want to monitor and control all Internet
connections, public access points to the Tor network are blocked. In
partnership with the Tor Project and torservers.net, Reporters Without
Borders has therefore created and will maintain 250 new entry nodes to
the Tor network. As these entry nodes will not be made public,
authoritarian governments will not be able to block them.

To find an entry node if Tor is blocked in your country, you can contact
the Tor Project at h...@rt.torproject.org or Reporters Without Borders
at wefightcensors...@rsf.org.

Reporters Without Borders will also make the details of these non-public
bridges available within its network and during the seminars on
circumventing censorship and protecting communications that it organizes
throughout the world.

Torservers.net is an independent, global network of organizations that
help to protect human rights to freedom of opinion and expression by
running high bandwidth Tor relays.

[liberationtech] Nick Cohen: The Crisis at Index on Censorship

2014-04-01 Thread Moritz Bartl

http://blogs.spectator.co.uk/coffeehouse/2014/03/the-crisis-at-index-on-censorship/

Index on Censorship, once home to the most important defenders of free
speech in Britain, is falling apart. Seventeen full-time staff members
in place when Kirsty Hughes, a former European Commission bureaucrat,
took over as chief executive in 2012 have been fired or resigned.

Among the recipients of redundancy notices are Padraig Reidy who was
Index’s public face and its most thoughtful writer, and Michael Harris,
who organised the lobbying to reform England’s repressive libel laws,
the most successful free speech campaign since the fight to overturn the
ban on Lady Chatterley’s Lover in the 1960s.  The board, headed by David
Aaronovitch of the Times and filled with Matthew Parris and other
worthies – most of whom I should say I know and admire – has neither
stopped the purge nor reversed Index’s new aversion to tough fights for
human rights.

They fear that what once seemed almost an honorary post, may ruin them.
Under its old CEO, John Kampfner, Index overextended its budget, not
hugely but by enough. Charity law holds that trustees can be ‘personally
liable for any debts or losses’ if their organisation goes bust. The
Charity Commission says that ‘personal liability of this kind is very
rare’. But in theory board members could lose their homes. Index’s
failure to take out insurance to indemnify trustees against losses has
only heightened the nervousness.

Fair enough, outsiders might say. You must make cuts to save an
institution from bankruptcy. But Index’s staff volunteered to cover all
the losses by taking a pay cut and working a four-day week. The Board
rejected their self-sacrificing offer for fear of undermining their
manager. (In Index, as in so many failed British institutions, the cult
of the supreme manager, who must be protected and obeyed, stopped
sensible compromises.)

Nor can financial constraints explain why the new managers have turned
Index from a fearless campaign group into an organisation that emits
windy platitudes and little else. ‘We’ve become a wonkish think tank
rather than an organisation that fights for freedom,’ one staffer told
me. ‘We never stick our neck out on the big issues now.’

Others criticised Hughes’s micro-management. I don’t know how seriously
to take this, you can always get people to bitch about the boss. What is
undeniable, however, is Index’s disgraceful treatment of writers
suffering under dictatorial regimes abroad. Stephen Spender founded
Index in 1972, in response to an appeal from writers in the old Soviet
empire. Index is now abandoning their successors. Earlier this year,
Hughes cut all funding for underground journalists in Belarus – Europe’s
last dictatorship. Andrei Aliaksandrau, a Belarusian journalist based in
London, who organised a programme to help opposition writers expose the
dictatorship on the Web, is one of the many people walking away. Index’s
behaviour appears particularly mean-spirited, as it did not even help
Belarusian journalists from its own funds. It just managed an aid
scheme. Now it has abandoned reporters, who relied on the programme
Index organised. They can’t get jobs in the state media, because the
secret police have blacklisted them, and the opposition press is too
harried and impoverished to hire them.

The situation is as bad at home. My sources say Index could ‘never
again’ repeat its campaign against the Azerbaijani dictatorship, or
successes in stopping RBS selling Belarusian government bonds. ‘We have
no capacity to take on 2014′s classic liberal issues: mass surveillance
by the security services or the threat of state interference in the
press after Leveson.’

I know from long and painful conversations that the world of free speech
campaigning has become a little fraught of late. The Index board had to
announce that Hughes had ‘resigned to write books’ after Ian Hislop, a
patron of Index, said he would resign unless there were changes.

Aaronovitch tells me he’s spending every spare minute trying to sort out
the mess. I hope he succeeds. Because, if he does not, British culture
will suffer. If you watch the television news, you will and see that
every time there’s a threat to free speech, a spokesman or woman from
Index pops up to put the case for liberty. You may assume they are an
efficient and well-financed lobby group. In reality, there are a tiny
number of people in ramshackle offices desperately trying to cope with
all the threats from the state, religious fanatics, the politically
correct, business and Hacked Off. If they go, there’s no one to replace
them.

And go they may. You cannot preside over a shambles like the Index
fiasco and expect that no one will notice. Fritford, a Norwegian free
speech foundation, has already cut its grants to Index.  Other funders
are noticing too that Index is an insipid imitation of its former self.
To put it another way, David Aaronovitch and Matthew Parris may be
reduced to selling the

Re: [liberationtech] Venezuelan Open Source Software Communities Condemn Media Manipulation

2014-03-08 Thread Moritz Bartl

Thank you for the link.

The interesting part of the document for me is not the usual
condemnation of media manipulation, but the clear argument *for*
censorship. This makes it an important read, (apparently/hopefully)
coming from open source communities on the ground.


As Venezuelans, we are naturally against censorship of social
networking applications as a matter of principle. However, we believe
that the right to live trumps the right to free information.
[...]
We are defenders of freedom of expression and free information, but we
insist: above that right is the right to live. If the company Zello, or
any other national or foreign company, will not help to preserve this
right, we will support the Venezuelan government actions to prevent that
company from operating in Venezuela.


On 03/04/2014 01:11 AM, Damian Fossi wrote:
 Original text in spanish: http://www.aporrea.org/tecno/n246101.html
 
 Text in english: http://venezuelanalysis.com/analysis/10437
 
 Best Regards,
 

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Examples of JavaScript attacks?

2014-01-27 Thread Moritz Bartl

On 01/28/2014 05:26 AM, John Sullivan wrote:
 For a presentation I'm working on, I'm collecting examples of JavaScript
 being used to abuse, either on its own, or as part of a larger attack.

An attack that exploits a Firefox vulnerability in JavaScript has been
observed in the wild.

https://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://resources.infosecinstitute.com/fbi-tor-exploit/

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Torservers awarded $250, 000 by Digital Defenders

2013-12-16 Thread Moritz Bartl

On 12/13/2013 01:57 AM, Christian wrote:
 Call for organizations
 To strengthen the Tor network and prevent attackers, it is crucial to
 spread operation across as many groups as possible. Thanks to the
 Digital Defenders, Torservers.net can now extend its work and help less
 technical organizations with the setup and maintenance of Tor services.
 The Institute for War  Peace Reporting (IWPR) is the first civil
 society organization to join the Torservers program with its Cyber Arabs
 group. This collaboration allows Cyber Arabs to give stable and working
 Tor access to activists and journalists in the Arab world. If you are
 part of an organization interested in supporting Tor, please contact
 Torservers.net. They have various options available, and are happy to
 teach tech staff and journalists.

I want to stress this part of the announcement: We really want to avoid
having organizations run both high bandwidth exit relays and a larger
number of Tor bridges: An operator should not see both traffic entering
the Tor network and traffic leaving the Tor network.

For this, we need more organizations. Organizations are expected to rent
servers, either with their favorite ISP or with an ISP that we
recommend. Thanks to Digital Defenders, we can cover the costs and help
with the setup and ongoing maintenance. This is for bridge relays, so
organizations will help people behind strong censorship that cannot use
Tor directly, and there will be zero abuse.

Please forward this to any organization that you think would be
interested in a partnership.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2013-11-24 Thread Moritz Bartl

On 11/24/2013 05:39 PM, Jacob Appelbaum wrote:
 When a user uses TorBirdy with Enigmail and Thunderbird, we disable
 those information leaks. We also have a mode (disabled by default due to
 user complaints) to remove the keyid of the recipient from the PGP
 encrypted message itself.

Important to note here is that by default, Enigmail adds the sender to
the recipient list -- which is useful if you want to reread sent mail,
but it also means that any encrypted mail contains not only the
recipient key ID (which at least some users know), but also the sender
key ID.

Adding to the pain, if you receive a PGP message without keyID and have
multiple private keys, GPG/Enigmail will dumbly rotate through the keys,
without taking the actual email addresses (sender/recipient pair) from
the mail header into account. This can only be solved on Enigmail-level,
since only Enigmail knows about email headers.

Thank you Fabio for filing the tickets! Maybe some good will come out of
that.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] NSA collects millions of e-mail address books globally

2013-10-15 Thread Moritz Bartl

On 10/15/2013 10:59 AM, M. Fioretti wrote:
 to prove that quick  dirty solutions like the percloud is needed
 NOW http://www.indiegogo.com/projects/personal-cloud-free-software
 (to know more about the percloud, and why it **is** needed in spite of
 FreedomBox etc...  pls check the slideshow at http://per-cloud.com and
 my posts on the same topic at http://stop.zona-m.net/tag/percloud )

Can you *please* stop spamming lists with advertisements of your project
in every other thread? It is okay to introduce it once, in a separate
thread, with non-buzzword real technical explanations on what you are
actually aiming to do, but do you think anyone will take you serious if
you spam around?

A self-hosted mail provider will obviously *not* help much against NSAs
mass collection of emails and email addresses. Don't sell it as a
solution in this context.

And, about your project: I am not impressed, and it is not going to
happen this way. I wish you a good experience. You can learn from it.

Moritz
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] nettime Milton Mueller: Core Internet institutions abandon the US Government

2013-10-14 Thread Moritz Bartl

On 10/13/2013 05:55 PM, Doc Searls wrote:
 There is much more to the Brazilian picture, I am sure.
 
 For example, as I understand it, Brazil has high import tarriffs on gear, 
 [...]

Ha, ha. You might want to add the last 50+ years of USAs Humanitarian
activities in Latin America to the equation. tl;dr:
https://en.wikipedia.org/wiki/Latin_america#U.S._Relations

Followup intro more specifically about Brazil:
https://en.wikipedia.org/wiki/CIA_activities_in_Brazil

--Mo
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Torservers.net Starts Reimbursing Exit Operators

2013-09-17 Thread Moritz Bartl

Hi,

I am proud to announce that we are finally set to reimburse exit
operators, for now based on a one-time grant by BBG (known for
www.voanews.com). The full story and details are at
https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html

We hope that we can attract more donations and more grants, and most
importantly a more diverse set of relay operators in the future.

-- 
Moritz Bartl
https://www.torservers.net/


-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Current state of RSA/Public Key javascript implementations

2013-09-16 Thread Moritz Bartl

On 09/16/2013 07:45 PM, Charles Paul wrote:
 Hello,
 
 Hope everyone is doing great.  I was wondering if anyone on this list is
 aware of the current state of different javascript implementations of
 RSA or other asymmetric ciphers, and are willing to share a report.  Of
 primary interest are free-software  patent unencumbered implementations
 which have been audited by external parties.

A popular one seems to be SJCL: https://crypto.stanford.edu/sjcl/

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] quid pro quo

2013-09-10 Thread Moritz Bartl

On 09/10/2013 09:27 PM, Lucas Gonze wrote:
 Let's say major corps like ATT and Chase are doing favors for NSA. Why
 would they if not for a quid pro quo?
 
 And if they are getting favors in return, isn't that illegal?
 
 I wonder if there is evidence to show what the payback is.

http://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] The status of SMTP security in email communication infrastructures

2013-08-26 Thread Moritz Bartl

   - which of them offer SMTP/TLS when sending email?
   - which of them accept SMTP/TLS when receiving email?

One of the problems with the current configuration of mail servers
(STARTTLS) is that any active attacker can modify the STARTTLS command
and turn the session into plaintext without anyone noticing.

We should also analyze what ciphers are used for TLS sessions. For
example, Fabios mail, sent via Google, did not use a perfect forward
secret cipher:

Received: from mail-ee0-f52.google.com (mail-ee0-f52.google.com
[74.125.83.52])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by mailman.stanford.edu (Postfix) with ESMTPS id C360820074D

Whereas the connection from the stanford list mailserver to my
mailserver used a modern TLS connection and a perfect forward secret cipher:

Received: from smtp.stanford.edu (smtp1.Stanford.EDU [171.67.219.81])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.headstrong.de (Postfix) with ESMTPS id 5107C1C0013B

Does anyone have contacts at Gmail, Fastmail, or any other large mail
provider that would be interested in conducting a study? At least
Postfix logs TLS information to mail.log by default, and can be
configured to add the above TLS information to mail headers.

To advance mail server security, I think the following would be
beneficial: Configure your mail server to accept old ciphers and non-TLS
sessions (from a cursory analysis of my inbox, this is sadly necessary;
not even Facebook or Twitter use TLS), but, at least for non-TLS
sessions, email both the sender and postmaster@senderdomain and inform
them about their deprecated setup (and point them to relevant guides).
Maybe even for non-PFS ciphers.

Technically, my idea was to set recipient_bcc_maps in Postfix and
deliver a copy of every incoming mail to a local script. The script then
parses Received-headers for TLS information, keeps a hashed database of
sender domains and senders around to not spam senders too much, and
sends out notifications.

Anyone interested in contributing such a script?

Also, we could use someone to simply parse mail.log and generate some
statistics from that. We're not aware of any such statistics.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] The status of SMTP security in email communication infrastructures

2013-08-26 Thread Moritz Bartl

   - which of them offer SMTP/TLS when sending email?
   - which of them accept SMTP/TLS when receiving email?

One of the problems with the current configuration of mail servers
(STARTTLS) is that any active attacker can modify the STARTTLS command
and turn the session into plaintext without anyone noticing.

We should also analyze what ciphers are used for TLS sessions. For
example, Fabios mail, sent via Google, did not use a perfect forward
secret cipher:

Received: from mail-ee0-f52.google.com (mail-ee0-f52.google.com
[74.125.83.52])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by mailman.stanford.edu (Postfix) with ESMTPS id C360820074D

Whereas the connection from the stanford list mailserver to my
mailserver used a modern TLS connection and a perfect forward secret cipher:

Received: from smtp.stanford.edu (smtp1.Stanford.EDU [171.67.219.81])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.headstrong.de (Postfix) with ESMTPS id 5107C1C0013B

Does anyone have contacts at Gmail, Fastmail, or any other large mail
provider that would be interested in conducting a study? At least
Postfix logs TLS information to mail.log by default, and can be
configured to add the above TLS information to mail headers.

To advance mail server security, I think the following would be
beneficial: Configure your mail server to accept old ciphers and non-TLS
sessions (from a cursory analysis of my inbox, this is sadly necessary;
not even Facebook or Twitter use TLS), but, at least for non-TLS
sessions, email both the sender and postmaster@senderdomain and inform
them about their deprecated setup (and point them to relevant guides).
Maybe even for non-PFS ciphers.

Technically, my idea was to set recipient_bcc_maps in Postfix and
deliver a copy of every incoming mail to a local script. The script then
parses Received-headers for TLS information, keeps a hashed database of
sender domains and senders around to not spam senders too much, and
sends out notifications.

Anyone interested in contributing such a script?

Also, we could use someone to simply parse mail.log and generate some
statistics from that. We're not aware of any such statistics.

--Mo
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Fwd: Avaaz in grave danger due to GMail spam filters

2013-08-18 Thread Moritz Bartl

 Original Message 
Subject: Avaaz in grave danger due to GMail spam filters
Date: Sun, 18 Aug 2013 23:48:58 +0200
From: rysiek rys...@hackerspace.pl
Organization: Warsaw Hackerspace
To: cypherpu...@cpunks.org

OHAI,

I happen to be on Avaaz's info distribution list, and I got an e-mail
lately
that Avaaz is in grave danger as GMail will now filter mailings like that
out to a separate folder for similar spam-ish (yet not spam per se)
mailings.

So what they're asking people to do is to reply directly to that e-mail, so
that GMail will note that Avaaz's mailings are not to be messed around with.

Instead of telling people, you know, to decentralise and use other, smaller
providers.

I facepalmed so hard I could cry. It's Stockholm Syndrome if I ever saw
one.
GMail fucks us in the arse, so let's ask them politely to use some
lubricant.

My question is: does *anybody* on this list have some kind of contact
within
Avaaz? I'd *love* to talk to them about it. It's simply disingenuous to do
such a campaign and *not* at least signal oh and by the way, had we all
been
still using different, dispersed, decentralised e-mail services we wouldn't
get even close to having this problem.

-- 
Pozdr
rysiek

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Swiss VPNs (was: Re: Lavabit, Silent Circle both shut down)

2013-08-13 Thread Moritz Bartl

On 13.08.2013 10:51, Ralph Holz wrote:
 SwissVPN provides some nice VPN services but it is not the only
 VPN provider I use.
 They log for 6 months and say they will respond to requests under
 Swiss law.
 I would be surprised if other Swiss providers wouldn't do the same,
 but I am very happy to hear otherwise?

Switzerland has data retention laws. While it might be good for
oligarchs to hide their money, it is not good for online privacy.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Swiss VPNs

2013-08-13 Thread Moritz Bartl

On 13.08.2013 14:20, taxakis wrote:
 Oligarchs and privacy advocates have something in common.  
 If you got a better place, please name it.  

I don't. I still believe we should stop being naive and promote Iceland
or Switzerland, just because we think they offer better privacy. In
general, just because you read something in the news, don't just believe it.

I never said Germany was a better place.

Yes, I should have quotable sources at hand, but at the moment I don't.
A good address for a more detailed answer would be the Chaos Computer
Club Switzerland, http://www.ccc-ch.ch/ , and, for Iceland, try the
people behind IMMI, https://immi.is/ .

The interesting part about Iceland is that there is a slight chance of
*making it* a privacy-friendly jurisdiction. It is not, yet. If media
always convey the picture of a privacy-friendly country, its own
politicians will start believing it and fight for it, hopefully.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Zwiebelfreunde take over popular onion.to Tor gateway

2013-08-13 Thread Moritz Bartl

Hi Libtechies,

I hope you don't mind me putting this press release here. Please spread
if you like it.

--

# Zwiebelfreunde take over popular onion.to Tor gateway

(Dresden, 13.8.2013) The non-profit organization Zwiebelfreunde e.V. is
known for the “Torservers” project, which over the past years has grown
into a global network of organizations that maintain server
infrastructure for the open anonymization network Tor. Today,
Zwiebelfreunde has taken over a very popular web gateway for Tor hidden
services, onion.to.

Tor hidden services provide anonymity for website owners, mail
providers, chat systems and other Internet services. Hidden services are
designed to be accessed using Tor Browser, which additionally provides
anonymity for users of the service. Web gateways such as onion.to
provide a convenient way to reach hidden services using a regular
browser without having to install Tor. A side effect is that the broad
world of hidden services are exposed to search engines and can thus be
indexed and found. The trade-off is that users lose anonymity: Both the
gateway and the hidden service can track users across visits, and
determine the user's IP address. That is why Zwiebelfreunde strongly
encourages people to download Tor Browser instead.

“By exposing hidden services to the public, we hope to attract even more
users and widen the spectrum of available services within the Tor
network.”, says Zwiebelfreunde founder and president Moritz Bartl. “I
can imagine privacy-friendly email services to be based fully on hidden
services in the future, for example.”

The current gateway server is located in Iceland, and another one will
be added in the near future.

https://www.onion.to/

An example hidden service can be found at https://duskgytldkxiuqc6.onion.to/

# Zwiebelfreunde e.V.

The German non-profit association Zwiebelfreunde e.V. serves as a
platform for projects in the area of safe and anonymous communication.
The organization facilitates and participates in educational events
about technological advances in the area of privacy, and connects
professionals to spread knowledge and experience on these fields.

“Zwiebelfreunde” is German for “Friends of the Onion”, as a reference to
Onion Routing, the name of the concept behind Tor for anonymizing
communication: Messages are passed through relays that each removes one
layer of encryption, like peeling the skin of an onion.
Contact

# Contact

Moritz Bartl
Zwiebelfreunde e.V.
c/o DID Dresdner Institut für Datenschutz
Palaisplatz 3
D-01097 Dresden
Germany

pr...@torservers.net
Tel.: +49-(0)351 / 212 960 18
Fax.: +49-(0)911 / 308 4466 748
http://www.torservers.net/
http://www.twitter.com/torservers/

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Speculation as to what the US government ordered Lavabit to do?

2013-08-13 Thread Moritz Bartl

On 13.08.2013 23:54, Joseph Lorenzo Hall wrote:
 This is all to say that I suspect the government's order requested
 ongoing access to the private key(s) in memory for some subset of
 Lavabit users, such that they could ask in the future for the encrypted
 contents of those users' accounts and easily look up these private keys
 to get the message cleartext.

Yes, that is my also my thinking.

 It's unclear to me if this would require an order that ordered Lavabit
 to write software to do this (e.g., a backdoor), but it sounds like
 that's the case. And it seems clear that by shutting down the service
 last week, no one can log-in again such that their ciphertext is safe.

Sounds very similar to what happened with Hushmail around 2007. I do
believe they had a secure client, but were forced to put in a backdoor.
Java Anon Proxy (JAP) developed at my university in Germany was
convinced to put in a backdoor by extra-legal pressure in 2003.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] rsync.net Warrant Canary

2013-08-12 Thread Moritz Bartl

Nice idea. I would use a trusted timestamp instead of a headline, but
anyway. What do you think, should I do this for torservers.net/onion.to?

http://www.rsync.net/resources/notices/canary.txt

rsync.net will also make available, weekly, a warrant canary in the
form of a cryptographically signed message containing the following:

- a declaration that, up to that point, no warrants have been served,
nor have any searches or seizures taken place

- a cut and paste headline from a major news source, establishing date

Special note should be taken if these messages ever cease being updated,
or are removed from this page.
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Petition Google over banning Servers on Google Fiber?

2013-08-12 Thread Moritz Bartl

Hi,

Thank you EFF for the well-written reminder:
https://www.eff.org/deeplinks/2013/08/google-fiber-continues-awful-isp-tradition-banning-servers

[...] No ISP will come forward with a tighter definition of “server”
because they want to give themselves leeway to ban users and
technologies that they deem to be troublemakers. This strategy of making
incredibly broad, vague, and one-sided contracts is deeply problematic
and unfair towards users, and it's disheartening to see Google follow
this well-trodden path.
[...] Servers can be used in all sorts of clever ways. If the ban on
running servers were lifted, ordinary Internet users would be able to do
a multitude of interesting things with fewer barriers, spurring innovation.

We should petition Google to get rid of this. Does anyone know if EFF
planning such an action, or do you have contacts to organizational
networks to get it going properly?

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] From Snowden's email provider. NSL???

2013-08-09 Thread Moritz Bartl

On 09.08.2013 13:15, Nadim Kobeissi wrote:
 Yup, Cryptocat has had build assurance for quite some time.
 Sorry, not possible to backdoor without people noticing
 is still a valid line of defence and has been one for a while.

You should think about splitting Cryptocat software development and
service operation into two separate legal entities. Service operation
could legally be based in whatever country, say, Antigua.

There was at least one wiki meant to collect information regarding the
legal requirements per country, but I don't remember where.

-- 
Moritz Bartl
https://www.torservers.net/
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Lavabit, Silent Circle both shut down

2013-08-09 Thread Moritz Bartl

On 09.08.2013 18:34, fr...@journalistsecurity.net wrote:
 This suggests that we need a firm based perhaps in Iceland to offer
 encryption services to have any chance of being secure.

Please, I don't want to read this myth at least on libtech any more.
Repeat after me: Iceland is *not* a data haven.

If a service depends on you having to trust the operator, it cannot be
secure in any meaningful sense.

-- 
Moritz Bartl
https://www.torservers.net/
--
Liberationtech is a public list whose archives are searchable on Google. 
Persistent violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] An email service that requires GPG/PGP?

2013-08-09 Thread Moritz Bartl

Hi,

On 09.08.2013 20:07, Griffin Boyce wrote:
   So here's my idea: Barring the honor system, it would require a filter
 to look at message content to check for PGP headers.  And if said
 headers didn't exist, the message doesn't get sent.[1]

I wrote a milter for sendmail/postfix to reject non-PGP mail that scans
the first lines of incoming mail: https://github.com/moba/pgpmilter

My idea of a mail provider: The MX records of domains contain a list of
different entities around the globe that accept incoming mails. The MX
servers rejects non-PGP mail (or, alternatively, encrypts mails towards
a user key for some addresses), and stores incoming mail in a
distributed file system again maintained by separate entities.

It becomes a bit hairy in the details, but can be done. How do we get
this funded? :-)

-- 
Moritz Bartl
https://www.torservers.net/
--
Liberationtech is a public list whose archives are searchable on Google. 
Persistent violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] An email service that requires GPG/PGP?

2013-08-09 Thread Moritz Bartl

On 09.08.2013 21:54, Griffin Boyce wrote:
 It can definitely be done. At the risk of getting in over my head
 cost-wise, this is something I can pay for myself.

If you can, fun. :-) First, this needs a proper design. Then, one needs
to develop the required pieces of software in a way that it is not a
major pain to maintain all involved servers. Finally, you have to
convince enough organizations to participate and contribute a
substantial amount of storage.

   The only point I really disagree on is the filesystem being maintained
 by multiple entities. It's not a bad idea, but there would have to be
 major trust on both sides

How so?

One happy example is Tahoe-LAFS. It lacks some properties that I would
like to have for mail storage, especially when the mails are written to
the filesystem by an untrusted party, but I don't see a reason why that
functionality cannot be added.

https://tahoe-lafs.org/trac/tahoe-lafs

[...] Even if some of the servers fail or are taken over by an
attacker, the entire filesystem continues to function correctly,
preserving your privacy and security.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Persistent violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing Fairness for DMCA

2013-07-16 Thread Moritz Bartl

On 16.07.2013 21:47, riptidetemp...@tormail.org wrote:
 Hello, I'm @RiptideTempora on Twitter. My background is in web
 development. The other day I postulated a system for handling DMCA
 takedown notices on an individual website level that would tip the
 scales in favor of the users (whom are, as far as I can tell,
 currently shafted by the current iterations of U.S. legislation).

You might like this project by Wendy Seltzer:

https://www.chillingeffects.org/about
https://www.chillingeffects.org/input.cgi

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.

2013-07-15 Thread Moritz Bartl

 on the device an unencrypted fashion. This means that even if
someone has your device they will not be able to get the information
without knowing your password. Users will be prompted to create a secure
password upon creating an identity.


-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] secure download tool - doesn't exist?!?

2013-07-01 Thread Moritz Bartl

A security engineered downloader design is Thandy.

https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Thandy
http://google-opensource.blogspot.de/2009/03/thandy-secure-update-for-tor.html

Still, I agree that a less 'perfect' installer might be easier to put
together and actually get into use, if you combine the product with a
larger SECURE DOWNLOADS NOW campaign that teaches people about
signatures and the possible attacks, with a nice video, and a nice comic
strip.

Thinking about it, a nicely crafted comic strip could feature different
aspects of secure communication, and be reused for multiple
issues/stories/campaigns (HTTPS, Tor, PGP, OTR, ...).

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Crowdfunding for Tor exit relays and bridges

2013-06-27 Thread Moritz Bartl

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi!

I've just started a crowdfunding campaign for Tor exit relays and
bridges.

tl;dr: We collect donations, and simply distribute them equally among
all Torservers.net partner organizations.

http://www.indiegogo.com/projects/tor-anti-censorship-and-anonymity-infrastructure/

Please spread :) Thanks!

- -- 
Moritz Bartl
https://www.torservers.net/
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJRzLGkAAoJEOGPxWJITcUAYZQH/i+XFNulJ/OirMF23WGe0nkA
ic9pM3U1mioHnZQM6wpE1Ap5fp2hkNJplwGRem50D+VU5ltRnnXYO1JYXEfISL7a
WlmWrZezZD3aLL3ggcpI7NFNzMCFr/jXJEQxDNbMssxnnQknXqylgicC9JU9a/qK
qKU6IUflWfnd38xHTMLcV2uiO7AEWizD0TfDhRLjcEWq1aQh1+EzkwnhW1mA2DC8
/ytRPWcrvcQqwWfKYCqWMXzjMEEdIcThitslO7Ee7UBBWCPwZe+x9ckqi9NFlxKv
VwP3WdljIBdmOMB3tb8/g6IqMGJC6pBSz1luj7hyENcjSv1/S74KuPoGO3519Zc=
=/nOa
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004

2013-06-21 Thread Moritz Bartl

http://www.huffingtonpost.com/2013/06/20/russ-tice-nsa-obama_n_3473538.html

Russ Tice, Bush-Era Whistleblower, Claims NSA Ordered Wiretap Of Barack
Obama In 2004
The Huffington Post  |  By Nick Wing
Posted: 06/20/2013 2:11 pm EDT  |  Updated: 06/20/2013 7:04 pm EDT

Russ Tice, a former intelligence analyst who in 2005 blew the whistle on
what he alleged was massive unconstitutional domestic spying across
multiple agencies, claimed Wednesday that the NSA had ordered wiretaps
on phones connected to then-Senate candidate Barack Obama in 2004.

Speaking on The Boiling Frogs Show, Tice claimed the intelligence
community had ordered surveillance on a wide range of groups and
individuals, including high-ranking military officials, lawmakers and
diplomats.

Here's the big one ... this was in summer of 2004, one of the papers
that I held in my hand was to wiretap a bunch of numbers associated with
a 40-something-year-old wannabe senator for Illinois, he said. You
wouldn't happen to know where that guy lives right now would you? It's a
big white house in Washington, D.C. That's who they went after, and
that's the president of the United States now.

Host Sibel Edmonds and Tice both raised concerns that such alleged
monitoring of subjects, unbeknownst to them, could provide the
intelligence agencies with huge power to blackmail their targets.

I was worried that the intelligence community now has sway over what is
going on, Tice said.

After going public with his allegations in 2005, Tice later admitted
that he had been a key source in a bombshell New York Times report that
blew the lid off the Bush administration's use of warrantless
wiretapping of international communications in the U.S. The article
forced Bush to admit that the practice was indeed used on a small number
of Americans, but Tice maintained that the NSA practice was likely being
used the gather records for millions of Americans. The NSA denied Tice's
allegations.

In the wake of recent reports detailing the extent of the NSA's data
surveillance programs, Tice has again come out as a skeptic of the
administration's response. While defenders of the program have insisted
that there is nothing to suggest the government has the authority -- or
desire -- to listen in on people's phone calls without a warrant, Tice
told The Guardian that he believes the NSA has developed the capability
to collect all digital communications word for word.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help Testing Compare the new vs old Tor Browser Bundle Project

2013-06-18 Thread Moritz Bartl

Hi,

On 18.06.2013 17:50, Randolph D. wrote: old Version:
 https://sourceforge.net/projects/torbrowser/

This is not an old version. It was never official, and the author has
no interest in talking to the Tor developer team, or writing a detailed
spec such as https://www.torproject.org/projects/torbrowser/design/ that
exists for the official Tor Browser.

All in all, it is up to the (hopefully educated) user to choose between
the one that is built by a group of people with known background and
experience, or something released by a single person under pseudonym,
violating the Tor trademark and confusing users like you.

 I think the new one looks great, I just searched for the Start and
 Stop button.

There is no safe way to combine a non-Tor browser with a Tor browser
just yet. For quite some time now, Tor Browser decided to thus get rid
of the option to Start or Stop. Especially now that Tor is integrated
in the Tor Browser, and starts when you start the browser and stops
when you stop the browser, why should there be separate buttons?!

 It gives less control to the user, if not already familiar with it.

The user expects an application to start when they run it, and stop when
they close it, no?

 Furthermore Firefox was sponsored from Google, who knows, if they are
 not as well in the Project of Prism? Why not using an open source
 security browser?

Firefox is open source. Chrome is a potential choice, but there's a
number of issues that would need to be fixed in the Chrome source before
it can be used for a safe browser. There's not enough developers to
support multiple browsers, or dedicate time to implement missing
features in Chrome.

 The Vidalia Plugin allows for Qt a smooth process with all GUI details
 the user knows already.

Usability studies show, quite expectedly, that many users are confused
by separate applications. Most users just don't need all the extra
features that are present in Vidalia. On MacOS, for example, the GUI
adds *both* Vidalia and the browser component to a launch area: many
users then start just the browser, which fails because Tor is not running.

 Any comments in the regard of how trustful Mozilla is today?

Look for the real conspiracies and economical dependencies, rather than
implying that Google, one of the *victims* of PRISM et al, sponsors a
piece of software (just) to force it to add some sort of backdoor.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Quick Guide to Alternatives

2013-06-17 Thread Moritz Bartl

On 17.06.2013 21:06, micah wrote:
 Do you have any suggestions for what Riseup can do to resolve that
 concern for you? I don't disagree with you, I'm just curious about
 solutions here.

I am happy to repeat myself, since the issues I have with Riseup have
not been addressed so far.

Tactical Tech should not be recommending Riseup, and Riseup only,
without stressing that you *always* have to trust the operators and the
systems behind them, and at least mention some alternatives to Riseup. A
longer article should also discuss that Gmail is probably better
security-wise than some random open source installation. In the end it
depends on your threat model, right?

Anyway:

#1 There was a point in time when Riseup purposely decided to stop
pushing decentralization. A lot of work was and is put into features
that are *not* documented properly and not easily available to replicate.

#2 As an example, the website states minimal logging. What the hell is
minimum logging other than marketing speech? Why don't you tell you're
users what you are logging, up to the last byte? Especially when you
provide a sensitive service like email, extra care should be put in the
documentation and specification of logging policies. And by that I mean
down to the config files of the syslog daemon.

#3 How hard is it to be transparent about money and sponsors? There's
some big money behind Riseup now, and you guys should be very open about
the sources.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] [tt] NSA Prism is motivated in part by fears that environmentally-linked disasters could spur anti-government activism

2013-06-14 Thread Moritz Bartl

On 15.06.2013 02:18, Guido Witmond wrote:
 The original analysis read to me:
 We face severe problems that might lead to civil unrest. We need more
 population control, whatever the price. Now we also have civil unrest
 due to the population control. We need even more funds.

How does population control come into this, and what do you mean by it?

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Cryptocat: Translation Volunteers Needed

2013-06-10 Thread Moritz Bartl

On 11.06.2013 02:21, Catherine Roy wrote:
 We have a ticket open for Opera compatibility in our code base. If
 you'd like to, you can contribute to Cryptocat for Opera development
 here:
 I am not a developer. Must we all be developers to have a significant
 influence on these types of issues ?

In capitalism, you can also pay someone to do it for you.

Given that Opera has roughly 1-2% market share, only introduced plugins
(too) late, and now decided to switch to Webkit in the future, why would
there be much incentive for anyone to support a more-or-less legacy
browser? It involves a lot of work.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Torservers.net: Professional Global Tor infrastructure

2013-06-07 Thread Moritz Bartl

Hi,

I think the timing is right to inform libtech about the development of
Torservers.net. What started as a German non-profit has now grown into a
network of non-profit organizations in several countries. All member
organizations benefit from tight collaboration and knowledge exchange
about running crucial Tor infrastructure (mostly Tor exits and Tor
bridges), whereas the diversity of operators helps the stability and
anonymity of the whole network. The current members are listed at
https://www.torservers.net/partners.html .

My goal is to acquire funding from various sources, and oversee the
distribution and intelligent use of it.  If you hear about potential
grants we can apply to, for example to ramp up additional hundreds of
bridges and Tor relay bandwidth, I am more than happy to hear about it.

You are also invited as an individual to donate to the Torservers.net
umbrella, or to one of our member organizations directly:

https://www.torservers.net/donate.html

Within Europe, your donations to Torservers.net are tax deductible. In
the USA, you can donate to our partner NoiseTor, a registered 501c3, for
these purposes.

If your organization wants to join Torservers as a partner, or become an
official sponsor of one of our relays, contact me.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Julian Assange reviews Google's The New Digital Age

2013-06-03 Thread Moritz Bartl

http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=1_r=0

By JULIAN ASSANGE
Published: June 1, 2013

[...]
The authors met in occupied Baghdad in 2009, when the book was
conceived. Strolling among the ruins, the two became excited that
consumer technology was transforming a society flattened by United
States military occupation. They decided the tech industry could be a
powerful agent of American foreign policy.
[...]
The prose is terse, the argument confident and the wisdom — banal. But
this isn’t a book designed to be read. It is a major declaration
designed to foster alliances.

“The New Digital Age” is, beyond anything else, an attempt by Google to
position itself as America’s geopolitical visionary — the one company
that can answer the question “Where should America go?” It is not
surprising that a respectable cast of the world’s most famous warmongers
has been trotted out to give its stamp of approval to this enticement to
Western soft power. The acknowledgments give pride of place to Henry
Kissinger, who along with Tony Blair and the former C.I.A. director
Michael Hayden provided advance praise for the book.
[...]

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Major Security Flaws in Tor Components

2013-05-24 Thread Moritz Bartl

Hi,

Why did you pick a sensational subject like that? You know that is
hardly the case. Most of the stuff described in the paper is already
known and described in various other papers at
http://freehaven.net/anonbib/ .

For a discussion about this paper and the already introduced
improvements and ongoing discussions see
https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html ,
especially the answers by Mike Perry and Nick Mathewson.

For am more general call to action about Hidden Services see
https://blog.torproject.org/blog/hidden-services-need-some-love from
April 22nd.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Cryptocat: Translation Volunteers Needed

2013-05-24 Thread Moritz Bartl

On 24.05.2013 11:09, Sjoerd de Vries wrote:
 About how much is needed to translate. Are you talking about 1.000 words
 or more about 1.000.000 words. If it isn't to much I'm willing to help
 you translate to Dutch

Nadim should have made this more clear: All translations and texts are
readily available. Anyone can add or refine translations of sentences.
There's no need to send anything else, everything is at the following link:

https://www.transifex.com/projects/p/Cryptocat/resource/cryptocat/

To work on a translation, just create a Transifex account and add
yourself to the translation team.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Internet Historiography

2013-05-16 Thread Moritz Bartl

On 16.05.2013 18:30, Yosem Companys wrote:
 From: *Adam Fish* rawb...@gmail.com mailto:rawb...@gmail.com
 
 Anybody know of articles or books analysing 1) the political historiography
 of the internet. Who has criticized the historiography of the internet as
 being written for political gain?

Maybe What the Dormouse Said by John Markoff?
https://www.amazon.com/dp/0143036769/

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Hackers for Charity: Uganda Documentary Crowdfunding

2013-04-28 Thread Moritz Bartl

http://www.kickstarter.com/projects/1456247168/hackers-in-uganda-a-documentary

This documentary will tell a story about a developing African community,
its people, and one technologically-minded charitable organization’s
attempts to provide humanitarian services in the most unlikely of
places: Uganda, one of Africa’s most disadvantaged nations.

In 2009, a group of computer hackers and benevolent technologists known
as Hackers For Charity (HFC) set up a tuition-free computer school and
internet café in Jinja, Uganda. In a country where thousands live with
HIV and only 67% have access to clean drinking water, HFC offers classes
and internet-enabled computer access, teaching local Ugandans the
computer skills that allow them to find work and apply for medical and
social benefits on the web that they otherwise may never have known
existed. HFC embodies the spirit an Information Age Robin Hood, using
technology to bring education and services to those most in need.

HFC's work extends beyond their computer education; they also act as an
organizational champion for other local charities who need technological
assistance, providing equipment, software, training, and maintenance
free of charge. In an exceedingly complex global technological system
that is sometimes staggered by governmental interference, slow-moving
bureaucracy, and corruption, HFC helps humanitarian organizations find
ways to provide aid and services.

This documentary will raise implicit questions about the role and
implications of international humanitarian aid in the non-Western world.
HFC seems to afford real, tangible benefits to those who are willing to
take advantage of the charity's computer training classes. We are
interested in how HFC works together with the Jinja community. This
documentary will articulate an intriguing facet of twenty-first century
humanitarian aid, juxtaposing the charity's Western technological
sensibilities and the day-to-day struggles of a region in need.

The film will feature a cross section of the Jinja community, including
HFC staff members, students in the computer classes, and local residents
living and working around the area. We will focus on one or two
students, following them both in and outside the classroom, enriching
our story with aspects of their home and social life. We will also focus
on one HFC staff member or teacher who works closely with the African
students. Concentrating on both students and teachers will help us
closely examine the complexities of the relationship between Western
charity and its intended beneficiaries. Additionally, we intend to
include the perspectives of other working Jinja locals who are not
necessarily associated with HFC or its operations to add further depth
and diversity to our story. This ethnographic consideration will provide
an essential cultural context for the documentary.

While HFC is highly respected by their peers in the hacker community,
the organization and their humanitarian activities are not widely known.
To date, there has not been a documentary featuring HFC or their
operations in Uganda. This documentary will call attention to a
seldom-explored part of the world and the people who call it home. It is
our goal not only to examine a unique operation of humanitarianism, but
also to generate discussion about the scope and implications of global
technological charity. This documentary will examine the role of
technology in contemporary Western humanitarianism and Hackers For
Charity’s contributions in the 21st century.

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Learning

2013-04-16 Thread Moritz Bartl

On 16.04.2013 17:50, R. Jason Cronk wrote:
 All,
 
 I had an acquaintance contact me wanting to learn about the various
 encryption technologies available to her for email encryption, document
 encryption, etc.  I could point her to various technologies that I'm
 aware of (PGP, truecrypt, etc) but was just wondering if anybody knew of
 a definitive (or at least fairly comprehensive) resource I could direct
 her to where she could go read about the advantages and disadvantages of
 various vendor's and open source products.

Security in-a-box is available in multiple languages and pretty good:
https://securityinabox.org/

There is also the CryptoParty Handbook:
https://cryptoparty.org/wiki/CryptoPartyHandbook

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Torservers.net on the way to more diversity

2013-04-03 Thread Moritz Bartl

Hi,

I have started to make changes to the Torservers.net website to reflect
that we have grown from professional Tor Exit hosting to a state where
growth of a single organization is not very useful any more. We have
refrained from ramping up more exit capacity for quite some time because
of that: We need more diversity.

The next step is to also professionalize Tor bridges hosting. It is
quite a shame that we only have a few hundred bridges in total. The
situation got worse now that regular bridges are blocked in several
countries, and in China only obfs3 bridges work -- of which we only have
a few. We are actively on the lookout for sponsors interested in funding
bridges.

With the help of TorProject Inc., and by being an example for others to
follow, we can now refer to multiple organizations, and become an
umbrella organization that distributes funds across these organizations.

Legally, we might also be able to offer abuse handling services for
exit operators. I will discuss this with our lawyer, and keep you updated.

With the German charitable Wau Holland Foundation, we have found a first
great partner for the new Torservers.net. Instead of donating directly
to us, you can now donate to the project account at Wau Holland
Foundation. Hopefully, we can find more partners for this in the future.

All partner organizations have been chosen carefully. We will iron out
details on how we distribute funds so we get a more diverse Tor network.
Please talk to us if you want to set up a similar organization.

https://www.torservers.net/partners.html
https://www.torservers.net/donate.html

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Safe app like Dropbox?

2013-01-06 Thread Moritz Bartl

On 06.01.2013 09:49, Jerzy Łogiewa wrote:
 What other app exist? Anything truly open and support own remote storage

Apart from OwnCloud, there is also http://sparkleshare.org/ (Git backed)

-- 
Moritz Bartl
https://www.torservers.net/
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] EU Parliament: Bloggers For Democracy Conference

2012-12-06 Thread Moritz Bartl

Video stream and download available
http://www.greenmediabox.eu/archive/2012/12/05/blog4dem/

Bloggers For Democracy: Conference
Wednesday 05 December 2012, 15:00 - 18:30

15:00 -15:15

Opening remarks: Barbara Lochbihler , MEP, Chairwomen of the Human
Rights subcommittee

15:15 - 17:00
I. TECHNICAL INFRASTRUCTURE - BUILDING A FREE INTERNET

moderation by Amelia Andersdotter MEP

Speakers

-   Marietje Schaake MEP, rapporteur on Digital freedom in EU Foreign Policy
-   Amnesty international - overview on the use of censorship on the
internet around the world
-   Martin Löwdin, Telecomix - keeping Egypt and Syria online
-   Linus Nordberg, DFRI, Tor - anonymity, security and censorship
circumvention
-   James Losey, fellow with the Open Technology Institute at the New
America Foundation

17:00-18:30
II. POLITICAL/SOCIAL CHANGE THROUGH BLOGGING - THE BLOG AS A POLITICAL
WEAPON

moderation by: Indrek Tarand MEP

-   Sarrah Abdelrahman, Egypt
-   Oleg Kaschin, Russia
-   Michael Anti, China
-   Arzu Geybullayeva, Azerbaijan

conclusion remarks Amelia Andersdotter MEP

-- 
Moritz Bartl
https://www.torservers.net/
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] fossjobs - first job platform exclusively for FOSS jobs

2012-11-17 Thread Moritz Bartl

Hi,

I hope you don't mind that I announce my latest project here (one time
mail): The first jobs board that exclusively lists jobs that directly
involve and improve Open Source projects. The website is open source
itself and will stay non-profit.

http://www.fossjobs.net/

I know it is still lacking content as of now, but it has received some
attention already since I opened it for the public on Friday (over 4000
unique visitors in 24 hours).

It would be great to see some coverage. Spread the word if you like it!
Thanks!

https://twitter.com/fossjobs_net
https://www.facebook.com/fossjobs.net

-- 
Moritz Bartl
https://www.torservers.net/
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

72 matches

Mail list logo