Re: [liberationtech] Stanford Liberationtech Needs Your Help

[Thomas Delrue]

On 06/14/2018 03:13 PM, Yosem Companys wrote:
> Here are LT's major needs:
> 
>- Recruit people to develop a new website, logo, and graphics.

Ping me off line to chat about how I can help.

>- Identify a legal jurisdiction with strong security and privacy laws
>and regulations and a server provider with a stellar reputation at
>protecting user security and privacy to host the site.

Iceland?

>- Determine whether to maintain LT's mailing lists on Mailman
> or to
>transition them to a content management system (e.g., Discourse.org).

If it ain't broken, don't touch the thing. "Stick with mailman" is what
gets my vote. I don't want yet-another-site-to-log-into to read LT
discussions. I want LT right here in my mailbox.
It's low barrier and facilitates interaction, as opposed to some CMS
that now I have to go and log into and then figure out what's
interesting or not, and what I may want to read or reply to... I'm never
going to do that...(*)
E-mail is right there in my inbox: I have my own copy, I can do with it
what I want, I don't have to log into some other place, it fits nicely
in my existing workflows... and mailman is kind enough to give me a
searchable archive. Now, whether we stick with Stanford's mailman or
not, /that/ I don't care too much about, I care that it's not locked up
behind some other system I now have to have an account with... I care
that it stays an e-mail list.

Regardless of whatever CMS we pick, if we were to go that route, there's
always going to be some problem with it where we want to do X or Y and
we can't quite do it. With e-mail, everyone can pick the client they
like: (al)pine, mutt, Thunderbird, outlook (if you're so included) or
gmail (yuk). Everyone gets to pick the tool they like best, instead of
everyone being forced to use system X or Y and being strapped into the
harness of how that tool thinks you ought to interact with its world.

I think that part of the value of the LT mailman service is that is
specifically is NOT an Internet forum and that it specifically is an
e-mail list, which facilitates conversations where the focus is on
content and ideas. If I want a forum, I'll go to reddit or some similar
site. (Speaking of which, https://www.reddit.com/r/liberationtech
apparently has been banned? Is this this same LibTech?)

Remind me what it is that Discourse offers that plain-text e-mail does not?

>- Assess the best legal structure for LT (e.g., digital cooperative).

Outside of my field of expertise...


(*) I don't mean this as a threat, at all (after all, I have nothing to
threaten you with), but if you're putting LT behind some other
wall/gate, I know myself well enough to be able to tell you with high
confidence that you'll lose me from LT... and I think a couple of others
as well...

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Fwd: Now Anyone Can Create Their Own Personalized Alexa Skill in Just Minutes

[Thomas Delrue]

(Dropping mailinglists other than LibTech...)

On 04/19/2018 09:22 AM, Phil Shapiro wrote:
> I do not own an Alexa device and am wary of privacy issues in 
> general.

If /you're/ wary of privacy issues, then why encourage others to use it?

> At the same time, I think there are ways of using this device that do
> not raise privacy concerns.

I think you're wrong; I don't think there is a way to use this device in
a way that does not raise privacy concerns, at all. The same is true for
Google Home.
Just like malware tries to establish persistence on your machines, these
devices exist to establish persistence for their true owners - which
ain't you. The parallels with malware go further than that, but I'll
leave it there...

If you really must do something like this, consider Mycroft
(https://mycroft.ai/; https://en.wikipedia.org/wiki/Mycroft_(software) )
enclosed as a picroft (https://mycroft.ai/documentation/picroft/); it's
not ideal, it still reaches out to someone else's servers, but at least
it's open source, it's a start... and you can modify it to prevent it
from doing that.

There's a repository of skills, written in Python, over here:
https://github.com/MycroftAI/mycroft-skills

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Revealed: Seven years later, how Facebook shuts down free speech in Egypt | Middle East Eye

[Thomas Delrue]

On 01/28/2018 10:53 AM, Cristina wrote:
> On 28/01/18 12:10, Thomas Delrue wrote:
>> On 01/28/2018 08:07 AM, Cristina wrote:
>>> I agree on most people is using FB, Telegram, WA, and Google products
>>> to interact and search for information. I agree on Thomas'
>>> observations, but in the middle we have a problem: the vacuum has to
>>> be filled... with education? with what?
>> We do have a problem but we try the same thing over and over again,
> 
> what on my statement suggested you I m talking about being doing the
> same things?
> I'm really tired of this fight, at the same time I can't abandon it
> definitely. Don't know why.

I wasn't suggesting you are trying the same thing over and over again. I
was suggesting that the collective "we" is doing that. Apologies for not
expressing myself enough.


>> We don't need more implementations or rehashing of the same idea, we
>> need different ideas and along the way to get there, as you rightfully
>> suggest, we need education above all. This requires that we call things
>> by their proper names and not dilly-dally around.
> 
> I agree on call things by their proper names.
> I don't know if the solution is to try to implement on school the
> teaching of PGP (not even on hight school or equivalent): if we are
> talking on large education is the only massive way. Once you are alone
> and have to look for the education by yourself very few people do it,
> and you can't find easily something if you don't even know what you are
> looking for. It remains me to an spiritual exploration...
> Tell me how could it be possible to implement a change on educational
> curricula in favor of freedom of people and I send you a present to any
> place of the world were you were.

The Network Effect worked for FB; can we make it work for us as well? Or
in other words: be the change you wish to see in the world. Start small
and teach those around you; while you're at it, teach them how to teach
others and watch it multiply...
And I know that you (now I /am/ talking to you, individually) are indeed
doing that! I'm not expecting anyone to change hundreds of people's
minds, but it's not unreasonable to expect someone to influence a small
handful of people, even if that means only one, two or three, and have
things grow from there...

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Tool so people might stop doing crazy things with their bitcoins (and stop being robbed)

[Thomas Delrue]

On 01/28/2018 06:22 AM, Aymeric Vitte wrote:
> People don't estimate the effort to do such tool, which is not
> trivial at all given the over complexification of bitcoin stuff, and
> are trying to cheat modifying the code to remove the fees (which is a
> bit crazy for such a module and could just result for them to send
> their coins to some wrong places or have them locked somewhere)

And so your solution is not to prevent the 'cheating' but instead to
hide it, wave your hands and say "these are not the droids you are
looking for, move along"?
If that is the case, I have a hard time understanding what your
value-add is, because your solution has a hard-embedded way to cheat,
that is fundamental to its operation.
Security through obscurity only works for an ever diminishing time.

> I think it's useless to restart an "open source vs not open source" 
> discussion, open source does not mean secure and easy to audit (try
> for example to audit the bitcoin core source code and all
> dependencies), the only thing that matters is that the code is
> provided and can be checked, which is the case

It is most certainly *not* useless to restart this discussion because
people still don't "get it". People need to be told about it over and
over again as demonstrated again right here.

The fact that neither you nor I are knowledgeable enough to be auditing
the BitCoin core source code is not important; what is more important is
that someone who /is/ capable, has the ability, means and access to do
so: light works as a disinfectant and your choice to hide from the light
speaks for itself.

Sadly, you also chose to keep something related to crypto (generation of
hashes) in an inaccessible state. If anything, this is the part that
should be made most easy to audit to those with expertise in that area
since it is the thing that will provide 'trust' to your system. Since
you're dealing with money, I'm pretty convinced that it is incredibly
important to you that people trust your implementation.

Keeping a part, crucial to said trust, inaccessible is a big red flag to
me because chances are, you're rolling your own crypto/hashing. And as
we all (should) know: unless you are or have a team cryptographers that
do this for a living, rolling your own encryption will result in enCRAPtion.
If you're not rolling your own and are using a standard, then why not
make that easy to figure out and audit?

Are you or do you employ one or more cryptographers?

> In the first versions we stated something like "Should this project
> be funded we will remove the dev fees and it will become fully open
> source"
Where exactly is this stated? I can't find it if I search your github
spot for the term  "source":
https://github.com/Ayms/bitcoin-transactions/search?q=source

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Revealed: Seven years later, how Facebook shuts down free speech in Egypt | Middle East Eye

[Thomas Delrue]

On 01/28/2018 08:07 AM, Cristina wrote:
> I agree on most people is using FB, Telegram, WA, and Google products
> to interact and search for information. I agree on Thomas'
> observations, but in the middle we have a problem: the vacuum has to
> be filled... with education? with what?

We do have a problem but we try the same thing over and over again,
expecting a different result: something doesn't work, just do another
implementation of the same solution - but this time with 50% more
javascript or whatever the fad of the day is.
I mentioned this before: the problem is not the technology because that
would make a solution easy, the problem is the people.
We don't need more implementations or rehashing of the same idea, we
need different ideas and along the way to get there, as you rightfully
suggest, we need education above all. This requires that we call things
by their proper names and not dilly-dally around.

> I don't know. But to say "people is dumb" is not enough and will not 
> stop them, specially those living under desperate situations.

There's a difference between calling /people/ dumb and calling
/behaviors/ dumb. Although it is very satisfying to call people dumb,
you are correct that this is unproductive. So let's stick to calling the
behavior dumb(*).
But sanity is not statistical: it's not because a lot of people are
doing X that the behavior of doing X is not a dumb behavior nor does it
provide an excuse to not be called out as the dumb thing it is. This is
part of the education that, I think we all agree on, is sorely needed.
I'll refer back to the leper in my original answer...

(*) But you'll pry out of my cold, dead hands my right to call people
dumb /inside my own head/.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Revealed: Seven years later, how Facebook shuts down free speech in Egypt | Middle East Eye

[Thomas Delrue]

On 01/28/2018 06:35 AM, aryt alasti wrote:
> True though all of that is, if tens of thousands of people are relying on
> Facebook for their connectivity to activism and dissident viewpoints, then
> pressure should be put on Facebook to cease with its blatantly suppressive
> practices.

As long as that "putting pressure on" means "cut it out of our lives
entirely", then you and I can agree. Because, as I point out, that's the
only thing that organizations like this understand. In fact, they even
have a term for it: "unrealized profits". Unless you turn in this into
"unrealized profits", nothing will change and any hope you have for
change, is in vain.

My position on FB, and things like it, is not just that they are a
nuisance or that they have /some/ bad sides. My position is that they
are fundamentally, irreparably evil and should be eradicated like we
eradicate diseases or tumors: systematically and with unrelenting zeal.
Any time we relent, we give it time to breath and grow.
We don't need to fight FB on issue X or Y, we need to fight them, full stop.

It saddens me that projects like Diaspora never took off but that
cancers like Facebook continue to exist.
Sure, we need/could use some new technology to help us with this, but
that's not what we truly need, we need education first!

P.S.: Consider bottom-posting instead of top-posting, you'll leave more
friends in your wake that way... :)

> On Jan 28, 2018 4:59 AM, "Thomas Delrue" <tho...@epistulae.net> wrote:
> 
>> On 01/28/2018 01:05 AM, aryt alasti wrote:
>>> I didn't realize to what extent activists in the Middle East are relying
>> on
>>> Facebook.
>>>
>>> http://www.middleeasteye.net/news/how-facebook-bans-free-
>> speech-egypt-activist-social-media-april-6th-mubarak-1685366161
>> There are many parallels to be drawn between the content in the article
>> you link to and some stories that I've heard of people who've been in an
>> abusive relationship. I'm not saying these two are equivalent... I'm
>> just saying that there's many parallels.
>>
>> On the subject of the usage of social networks in social activism, which
>> the linked article is really about: very relevant content was posted
>> years ago on LibTech which, I think, should serve as a lighthouse for
>> anyone wanting to organize in any serious fashion, warning them that
>> there are jagged rocks and danger ahead.
>> For those around back then, I recommend a re-read of, and for those new,
>> an initial read of the thread titled "when you are using Tor, Twitter
>> will blocked your acc[ount]"
>>
>> You will find the initial message of the thread here (do go through the
>> thread in full, the initial message is just the kick-off):
>> https://mailman.stanford.edu/pipermail/liberationtech/2014-
>> June/013791.html
>> And the incredibly germane content I refer to in regards to this
>> particular issue is right here:
>> https://mailman.stanford.edu/pipermail/liberationtech/2014-
>> June/013878.html
>>
>> And now for my usual rant against FB and the like:
>>
>> People need to grow up and realize that things like FB, Twitter and
>> other social networks & centralized services are not working in their
>> favor. They are doing a disservice to themselves, to their goals and to
>> others by using these surveillance & manipulation platforms; by using
>> these platforms, they cause damage to other individuals who they suck
>> into these platforms.
>>
>> Facebook isn't there to 'connect us', Google isn't there to 'help you
>> find things on the Internet'; they (and others) are there to sell you
>> ads, extract revenue from you and to keep you docile so you can be shown
>> more ads and so that more revenue can be extracted from you. If that
>> means that anything that is bad for business is swept under the rug,
>> removed, blocked... if that means cozying up to the current Power of the
>> Day that provides them with access to this "set of eyeballs" but has a
>> tendency to crush dissent... well so be it.
>> Anyone who does not realize this yet continues to use facebook & their
>> ilk is like a dumb leper who has lost his bell, wandering the world,
>> meaning no harm... (if you'll forgive the re-purposing of that quote)
>>
>> I'll leave it at this for the moment...
>>
>>
> 


-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Revealed: Seven years later, how Facebook shuts down free speech in Egypt | Middle East Eye

[Thomas Delrue]

On 01/28/2018 01:05 AM, aryt alasti wrote:
> I didn't realize to what extent activists in the Middle East are relying on
> Facebook.
> 
> http://www.middleeasteye.net/news/how-facebook-bans-free-speech-egypt-activist-social-media-april-6th-mubarak-1685366161
There are many parallels to be drawn between the content in the article
you link to and some stories that I've heard of people who've been in an
abusive relationship. I'm not saying these two are equivalent... I'm
just saying that there's many parallels.

On the subject of the usage of social networks in social activism, which
the linked article is really about: very relevant content was posted
years ago on LibTech which, I think, should serve as a lighthouse for
anyone wanting to organize in any serious fashion, warning them that
there are jagged rocks and danger ahead.
For those around back then, I recommend a re-read of, and for those new,
an initial read of the thread titled "when you are using Tor, Twitter
will blocked your acc[ount]"

You will find the initial message of the thread here (do go through the
thread in full, the initial message is just the kick-off):
https://mailman.stanford.edu/pipermail/liberationtech/2014-June/013791.html
And the incredibly germane content I refer to in regards to this
particular issue is right here:
https://mailman.stanford.edu/pipermail/liberationtech/2014-June/013878.html

And now for my usual rant against FB and the like:

People need to grow up and realize that things like FB, Twitter and
other social networks & centralized services are not working in their
favor. They are doing a disservice to themselves, to their goals and to
others by using these surveillance & manipulation platforms; by using
these platforms, they cause damage to other individuals who they suck
into these platforms.

Facebook isn't there to 'connect us', Google isn't there to 'help you
find things on the Internet'; they (and others) are there to sell you
ads, extract revenue from you and to keep you docile so you can be shown
more ads and so that more revenue can be extracted from you. If that
means that anything that is bad for business is swept under the rug,
removed, blocked... if that means cozying up to the current Power of the
Day that provides them with access to this "set of eyeballs" but has a
tendency to crush dissent... well so be it.
Anyone who does not realize this yet continues to use facebook & their
ilk is like a dumb leper who has lost his bell, wandering the world,
meaning no harm... (if you'll forgive the re-purposing of that quote)

I'll leave it at this for the moment...

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Fwd: [ PFIR ] Idiots on Canadian Supreme Court demand right of GLOBAL Google censorship!

[Thomas Delrue]

Do you wanna know something? They'll get their way as well. All under
the guise of "terrorism" or "protect the children" or whatever the acute
and current threat is. If they don't get their way by themselves, then
they'll band together with some other countries to strong-arm whatever
company into compliance, because "wouldn't it be a shame if you couldn't
do business in a market of ~740 (EU) or ~35 (CAN) million people and
what we ask in return is such a small thing...".

Now I apologize in advance for this (long) alarmist opinion (and a bit
of a hijack), but here goes:

I don't think many people actually understand the seriousness of the
problems we, as users/inhabitants of the Internet, are actually facing
today.
I think it is done! It's over! The Internet was a cool experiment but it
has failed. We lost that game and need wipe it clean & start over again.
The Internet has not turned out to be this great engine of empowerment
and democratization. It has instead turned out to be a most superb
instrument for repression and control.
The more I think about this, the more I become convinced that there is
very little to be salvaged from it.

To many folks, the Internet, in effect, is facebook, Google, Amazon,
Microsoft and a couple of other large players/feudal lords (who they are
is depending on your locality); everything else is something they get to
*through* their feudal lord, that is if they ever leave the feudal lands
(cf. Google AMP).
Nation-states are seeing this as well and they too want their slice of
the cake of control - after all, the only purpose of any government of
the day, is to still be the government of the day, tomorrow. And what a
gorgeous way to see into the future by tapping into the thoughts and
desires of your populace...
They either become the One Pipe everyone talks through and watch for
anything on that pipe, they co-opt (some of) these large players or they
work on a combination of them.

Instead of a tool for freedom, the Internet has become a tool for
oppression: everything you do online is being monitored, monetized,
processed, quantified and then used against you, never in your favor.
Whether this is as mundane as hiking the price for whatever locked-down
widget you're buying the next day from a shopping website that uses
dynamic pricing or as life-altering as to stick charges against you
based on your online habits.

Back in the day, surveillance was creepy because you could see the guy
in the raincoat with the newspaper following you. It was expensive to do
so it was done sparingly. Nowadays, it is cheaper to monitor everything
and anything, 24/7/365[.25] than it is to target the surveillance so why
not put everyone under surveillance. And you don't ever see the vast
armies of faceless machines that do the monitoring, those are hidden
away in far-away data centers. The epitome of a panopticon!
It's also cheaper to keep the data around than it is to put in place
systems that sunset data after a certain age, so why not store
everything forever? After all, we may want to go back to "T minus 20
years" in case we want to /really/ hurt you. /You/ may not remember what
you did then, but /we/ certainly do!

To come back to the subject of censorship: I believe it was Noam Chomsky
who uttered that "...the smart way to keep people passive and obedient
is to strictly limit the spectrum of acceptable opinion, but allow very
lively debate within that spectrum..." I think that this is a very good
description of what the Internet/Panopticon has become and is on the
path of becoming even more.

As to Lauren's point regarding "My view is that Google should
consider cutting off all services to countries that make such demands.
Period.": I think that's a very naive approach and frankly, I find it
very similar to a Stockholm syndrome: "let them see how well they do
without my favorite Feudal Lord".
There are billions to be made in a market of 35 million people (+740
million in Europe). What makes you think that google will forgo such a
lucrative market?
I know, I know, they "did this in China, though, didn't they?" Well no,
no they didn't. They didn't walk away because of censorship, google is
perfectly fine with censorship (it's code change and special cases that
they are against). They walked away because they didn't want to give the
CG access to all their data and because their life was being made
miserable by the CG until they did. I'll let you draw your own
conclusions as to what that means for the feudal lords who are active in
China.

I, for one, am looking forward to google (and the others) being
diminished to a "white page" for every single thing... an NXDOMAIN
response would be even better. I think the world will be a better place
when that happens (barring it being replaced with an even more evil
feudal lord).

More and more, I've come to see that the problem is not technology, it
is people/our nature. The technology we create is just another
manifestation and extension of our own 

Re: [liberationtech] Setting Up a Honeypot

[Thomas Delrue]

On May 16, 2017 7:47:45 PM EDT, Rod  wrote:
>Does anyone know of a "how to guide" or best practices for collecting a
>representative sample of spam emails through a honeypot?

You create an @yahoo.com e-mail address and just wait a bit.
--
Thomas
(Sent from my mobile device,  please forgive brevity or typos.)
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?

[Thomas Delrue]

On 02/19/2017 02:36 PM, Yosem Companys wrote:
> Maybe we need to build another Diaspora and this time build it right:
> open-source, best encryption, Napster-like one-to-one capabilities,
> hosting of data in servers in privacy-friendly regimes, ability to
> connect to the large social networking sites like Hootsuite for 
> widespread dissemination, non-profit or at least cooperative status,
> and so on.
> 
> If this is a project folks are interested in, we can start doing
> some research on what it should look like and look for funding
> sources to make it happen.

I'll put my money where my mouth is: You got yourself a software
engineer and privacy zealot (the latter of which can work for /and/
against you - just sayin'...).

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?

[Thomas Delrue]

On 02/19/2017 01:46 PM, Al Billings wrote:
> Someone remind me again what the alternatives are to Facebook that
> are actually easy to use for "normal" users and which they will be
> able to quickly sign up and use...

Oh, and before I forget, why the need to "sign up"? Why is that a
requirement? If you're doing something that at some point could be
deemed subversive, why would you maintain a list of members of said
activity/thinking that can easily be requisitioned or compromised?

Why does everyone need everyone else to sign up and hand over
information in order to use a simple website? Why does everyone want to
lock up everything behind a login-wall?

Maybe that's the big problem... Everyone thinks that you need to
maintain a list of users and a login form in order to run a simple
website...

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?

[Thomas Delrue]

cit in the very thing you're fighting (e.g. apathy, decrease in
democracy, etc.).
This is the reverse-network-effect: everyone keeps using facebook
because everyone uses facebook because everyone keeps using facebook
because ... etc.

We need a solution to this and I think we have that solution; it just
happens to be one that some people don't like: set stuff up yourself and
use distributed systems instead of centralized systems. But I understand
that that's work...

> 6. We do generate donations from our neighborhood participants, and
> much less so from our forums that are about political city and
> state-wide politics, but all the venture money in NextDoor and their
> gated community model is finally eroding our public model where we've
> been strongest (I'll take an "open" Facebook Group any day over the
> NextDoor connect all the wealthier homeowners model any day!)

See above, you can create your own open groups and don't need FB (or
google) for this. You really, really don't...

> So, if you value the power people get in democracy from connecting
> with each other for two-way conversations, you need to reach them
> where they are.

May I add something to this sentence?
"... and then guide them to a better place." Reach facebookers through
that site by all means, but then take them to somewhere else. Somewhere
where they can speak their mind freely instead of having every opinion
they utter, every post they 'like', how long they are looking at each
post, whether and how long they hover of which link, etc... being
data-mined and used against them. Because that's what facebook does.

> When it comes to Facebook, I've concluded that shaping it for good,
> for more local online group formation in public life (my big passion),
> will generate more democratic value than ignoring it.

I don't want to take away your big passion because I think it is great
you have this passion and the world would likely be worse off if you
didn't have it (every bit helps). But I do encourage you to no longer
use platforms that are closed or serve no other purpose than
surveillance(*).
I do have bad news for you regarding 'shaping facebook for good': I'm
afraid that's a nice delusion you have there.

(*) The purpose of any Power of the Day, is to make sure they are also
the Power of Tomorrow. Therefor, as soon as you start becoming more than
a little prick in their pinky-toe, and given your space, it seems that
this is inevitable, the Power of the Day will put you in its
cross-hairs, and it has a lot more sway over at these surveillance
platforms (aka privatized [domestic, if you're in the US] spying) than
you do.
The results of this *will* be similar to what is described in the
attached mail (did I tell you yet that you should really read it?).
You could say that I'm making a 'slippery slope' argument and therefor
committing a logical fallacy, but "That's a slippery slope argument"
stops being a kill-all counter when we've demonstrated that we -as a
species and society- ride that damn slope all the way down every single
time we encounter it.

> On Sat, Feb 18, 2017 at 4:23 PM, Yosem Companys
<compa...@stanford.edu> wrote:
>> I know. I agree.
>>
>> I have never been thrilled with Steven's selection of Facebook for
>> pro-democracy groups.
>>
>> To protect your privacy and security, stay off Facebook.
>>
>> But, to build movements, create an account on Facebook (or Twitter or any
>> other dominant centralized social network) and try to get as many
people to
>> join.
>>
>> One vision we had on Diaspora was to create a HootSuite like app that
would
>> integrate all of your social networking sites on one dashboard and enable
>> you to decide how public you wanted to be. You wanted to connect with a
>> friend? You could do it directly from your own server to your
friend's own
>> server without an intermediary. You wanted to advertise something more
>> broadly on Facebook or Twitter? You could do that too. Unfortunately,
>> Diaspora never moved away from its pod focus to build a better HootSuite.
>>
>> On Sat, Feb 18, 2017 at 1:57 PM, Cristina [efecto99]
<efect...@riseup.net>
>> wrote:
>>>
>>> On 17/02/17 17:24, Thomas Delrue wrote:
>>>
>>> On February 17, 2017 1:32:46 PM EST, Steven Clift
<cl...@e-democracy.org>
>>> wrote:
>>>
>>> I invite everyone to read and comment on Mark Zuckerberg's important
>>> "Building Global Community" letter:
>>>
>>>  https://www.facebook.com/groups/buildingglobalcommunity
>>>
>>> This is a special Facebook Group I've created to connect lots of
>>> disparate communities for a unified conversation that I will share
>>> with my contacts at Facebook.
>>>
&g

Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

[Thomas Delrue]

On 01/14/2017 08:17 AM, FL wrote:
> I'm not sure that every American company, by law, must implement a backdoor, 
> as you imply. The last time I checked, iMessage was a very secure platform 
> with no known vulnerabilities — which in fact has made Apple struggle with US 
> agencies more than a few times.

CALEA
(https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)
is no longer in effect? Or am I thinking of the wrong thing?

>> On 14-01-2017, at 10:02, carlo von lynX  wrote:
>>
>>> On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote:
>>> https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
> https://www.theguardian.com/technology/2017/jan/13/
>>
>> I've also read 
>> http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html
>> and https://tobi.rocks/pdf/whatsappslides.pdf
>> and to me it seems like all of the articles are
>> technically describing the same procedure.
>> The difference is only in the framing.
>>
>> For Facebook it is a necessity that people not be
>> bothered by key changes, for anyone in the libtech
>> business it is an alarming signal that MITM is
>> technicaly possible by default and users must be
>> specifically aware of the issue to avoid it.
>>
>> But why is anyone even expecting any true privacy
>> from an American proprietary product? Have the
>> PRISM and MUSCULAR programs suddenly been discontinued?
>> Has Freedom Act amended NSLs also for non-Americans?
>> How could Facebook afford not to pump everything they
>> can get into XKEYSCORE as before? Why did the European
>> Supreme Court rule that the US is not a safe harbor
>> for EU citizen data? Did I miss any recent developments?
>>
>> Is it the general strategy to have people debate whether
>> there is a backdoor when by law Whatsapp MUST have some
>> backdoor?


-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Isaacson: The internet is broken. Starting from scratch, here's how I'd fix it.

[Thomas Delrue]

On 12/15/2016 11:14 AM, Steven Clift wrote:
> By Walter Isaacson CEO at Aspen Institute
> 
> My big idea is that we have to fix the internet. After forty years,
> it has begun to corrode, both itself and us. It is still a marvelous
> and miraculous invention, but now there are bugs in the foundation,
> bats in the belfry, and trolls in the basement.
> 
> See: 
> https://www.linkedin.com/pulse/internet-broken-starting-from-scratch-heres-how-id-fix-isaacson

You're right, the internet is broken but...
A great start to fixing the internet would be to stop using closed sites
(of which LinkedIn is one). This would go a ways to bringing us back to
a truly _distributed_ system, as the internet was intended to be,
instead of an internet that is centralized in the hands of a few, very
powerful corporations that hold us in a feudal lock.

I'm not visiting that link... but instead, I suggest you read this first:
http://en.collaboratory.de/w/Power_in_the_Age_of_the_Feudal_Internet

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Thomas Delrue]

On 12/10/2016 04:39 AM, Zacharia Gichiriri wrote:
> Hi All,

Hiya, I'll start off with my POV on e-voting: e-voting, whether this is
Estonia-type to vote from home (which is what I think this thread is
really talking about) or USA-type where you use a computer in the voting
booth, is a dumb idea!

Voting should be done with pen/crayon & paper so that I, and anyone else
who can count from 0 to 10, can look at the stack of ballots and recount
them without having to 'trust' a third party (closed) system that
imposes an additional requirement of having to have detailed
understanding of how said e-voting system works.

> In Africa, only a few countries can claim to have conducted free and 
> fair elections. Majority of elected representatives in Africa want
> to cling to power forever against the will of their citizens or some
> of their citizens. To add salt to the injury, all dictators in
> Africa have a poor record of development and human rights. A lot of
> African leaders point to China as a case in point where democracy is
> not necessarily a catalyst for development. But is that true?

I don't think this is limited to African countries. Belarus comes to
mind and so do a couple of others in all parts of the world.

> Back to elections, electronic voting in Africa would dramatically 
> increase transparency in the electoral process. Unfortunately,
> Africa has weak systems from Judiciary to Police that cannot
> guarantee free and fair elections.

These two sentences seem to contradict one another.

> The Police, the Judiciary, Independent Electoral
> Commissions have been and can be easily influenced by current
> regimes mostly through intimidation and in young and vocal
> democracies such as Kenya or South Africa through bribes.

How does e-voting address these issues? With e-voting, you leave even
more of a trace of your activities/votes, thus opening you up to
intimidation and/or coercion to a greater degree.

> Security is of the utmost concern but democracy is more important.

Definition of utmost: of the greatest or highest degree.
So is it security or democracy that is the number one thing? You have to
chose, you can't have both be your "primary focus".

Ideologically, I would agree that democracy is more important because it
is more conducive to provide a way to guarantee security - the vice
versa is not true.
Practically speaking though: would you care about [e-]voting if you're
cold, hungry or on the run or in hiding from your regime? (especially if
that e-voting allows your regime to track you, your location, your loved
ones?)

> In one way or another people will always find ways to fight for
> their freedoms especially in the age of Internet where people can see
> the benefits of a democratic society. But instead of having people go
> to war or risk their lives, why can't we just use Technology to lay
> bare the truth?

Because that technology is commissioned by, made by or blessed by the
powers-of-the-day. I'll just name-drop MITM here which is what you can
do if you are the one providing the hardware or software that collects
the votes which determine whether or not you stay in power.
When you're in power, The Truth(tm) is malleable to what you need it to
be to stay in power, especially when you're, errr, 'morally flexible'(*).
Just because it's code (the 'e-' part) doesn't mean it's suddenly better
than what you had before. Please, stop thinking like Silicon Valley,
i.e. "I have a hammer and therefore this problem is now a nail".

Technology is a tool and tools can & will be abused if the stakes are
high enough, so elections most certainly fall under this. We've seen
this time and time again. Switching to e-voting is not going to solve
any problem related to voting itself or even its transparency. If the
stakes are high enough, I can forge the data which I will make available
for everyone to inspect, and thus prove that I should remain your leader.

This problem is true with pen-and-paper voting as well, if you're gonna
cheat, you're gonna cheat (albeit a bit harder because now you're moving
physical ballots around instead of bits) but we're talking about
e-voting here and how it is a panacea that will fix all these issues,
amirite? My point is that e-voting doesn't solve any of the issues you
(and others) raise, and therefore it is not a better solution than the
analog form of voting (pen+paper).

The *only* thing that e-voting addresses is the laziness of the
electorate that doesn't want to get up in the morning to go & vote and
wants to vote from home (Estonia-style e-voting). (Or isn't /allowed/ to
take the day/some time off in order to vote without repercussions
because they live in a feudal society. I'm looking at you over there, USA)
There is nothing else that e-voting solves -without creating bigger
problems in the process, like making coercion to vote a certain way,
easier- that cannot be addressed through 'analog' means.

I also fail to see how using technology will prevent people 

Re: [liberationtech] Ethiopia State of Emergency Directive: English Translation

[Thomas Delrue]

On 10/17/2016 04:09 AM, Mose Karanja wrote:
> any writing done in secrecy

Don't visit them https sites anymore, folks, it'll get you on The List!
After all, if we outlaw maths, only outlaws will have maths...and
outlaws aren't people.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Muslims do not feel safe any more

[Thomas Delrue]

On 07/05/2016 10:45 PM, Cristina [efecto99] wrote:
>>> I support the right of the left and right wing to discuss their ideas, but
>>> when it comes to bismerching and dehumanizing a group in society - whether
>>> it's men "it's the patriachy" or "all Muslims" for evil, allowing it hurts
>>> the quality of life.
>> I'm willing to believe the first part of your claim ("I support the
>> right of the left and right wing to discuss their ideas"),
>> unfortunately, it is followed with a 'but' and what follows seems to
>> create a discrepancy with the initial claim.
>> Anyone has the right to free speech, but no-one has the right to force
>> you to listen.
> It seems Thomas you are from a country that privilege free speech over
> any other human right. 

Have you also considered the possibility that I may be from a country
that has experienced complete & total surveillance and that it could be
this experience which informs my opinions on free speech and the
surveillance used to enforce said speech and thought?

> To know what are we talking about when we claim
> about freedom of speech there is a document from NU that explain that
> human right (notice than HR are not ideal ideas descending from Heaven:
> they are agreements made after abuses from a part of the humanity
> against other people, in fact US didn't ratify most of the HR agreements).*

You're moving the goal posts. We were talking about whether or not
social and other media should (auto-)censor an undefined set of ideas &
opinions, regardless of merit or lack thereof, and that it should start
with what the original author doesn't like.
Dragging in ratification of agreements by certain countries (with an
accusing finger pointed at one particular one) is trying to move the
goal posts and is misdirecting the discussion.

Human rights are indeed not 'descended from heaven' and I don't claim
they are. However, just like 'brush your teeth twice a day' isn't
divinely inspired either, it's still an good idea.

Instead, free speech, being the right that we are talking about in this
case, is something that we've thought about; and we have figured out,
based on our current understanding of human nature, society and its
dynamics, that having & protecting it would be a good idea because a
whole other slew of Bad Things(tm) would happen otherwise:
self-censorship and though suppression are just a measly start of what
not only could happen but already has happened and is happening in
practice (e.g.
https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/
- note: mass surveillance, implemented by for instance social media in
the suggestion of the original poster, would be required for the
censorship that was advocated for in the original post).

If you restrict free speech, you set the rules and get to frame the
discussion, you get to determine what is and isn't an allowed argument.
Thus, you are the victor by default. The terms Show Trial and Kangaroo
Court come to my mind spontaneously.
Limiting free speech isn't about protecting against harm or
discrimination, it is about protecting against you losing, whether you
are an individual, a group of individuals or a state.
*That* is what the reigning in of free speech is about!

> Free speech cannot be allowed if it contain racial, religious, gender or
> any other similar discrimination, because could become an apology for
> xenophobia, etc.
> There is a thin line between freedom of speech and apology of
> violence/crimes/etc. and not always is simple to identify where one ends
> and the other starts, then sorry, but is not as simply as "you have the
> right of don't listen to it".

I so very, very, VERY much and fundamentally disagree with you! And
isn't it nice that we are allowed to disagree and have the conversation?

I never hear individuals arguing for the position of
free-speech-but-not-too-much-of-it consider the possibility of being on
the receiving end of the stick; they always argue from the position that
assumes that they are on the deciding end of the stick, that they know
what is best in order to determine what should or shouldn't be allowed,
and I find that very telling. Sure, I am 'begging the question', if you
will.

Enforcement of what is and isn't acceptable to be expressed is done by
humans and groups of humans. They all have their own agenda and going by
a good amount of recorded history, that agenda is usually not very
favourable to the out-group. Both you and I are someone else's out-group.

Really, think of free speech this way: free speech enables idiots (your
own definition thereof) to self-identify.
By allowing anyone to say whatever they want and as loudly as they want,
at least I can decide for my own which ones I do and do not want to
interact with and if so, how much I want to engage with them. On top of
that, by having free speech, I can decide to say the exact opposite of
what the 'reciprocal idiot' is saying in order to counter it.

Re: [liberationtech] Question about Windows 10

[Thomas Delrue]

TL;DR: Debian, Arch Linux, Linux Mint, etc are perfectly capable
alternatives, and that likely includes your "list of windows
applications you need to run".

On 06/24/2016 01:31 AM, Peter Chin wrote:
> I need some advice about upgrading to Windows 10.   My laptop is
> running Windows 8 and I need to do the free upgrade to Win 10 because
> I have a lot of applications that run on Windows and I feel it is

You don't really *need* to upgrade to Win10, you're likely just getting
worn down by the continued nagging to have you upgrade to it because
you're being told you'd lose out if you don't. Win8 will receive at
least another 6-7 years of updates (security and regular) so it's not
like you will miss out on security.
While I can't vouch for the quality, trustworthiness or genuineness of
it, there is a "Never10" tool that disables the incessant haranguing to
get you to upgrade to the latest Windows.
(https://www.grc.com/never10.htm - run a scan on it first!)

Secondly, what exactly is this list of lots of apps that need to run on
Windows? I always hear people complain about "I need to run App X or Y"
but they never show me a list so that I can actually suggest alternatives.
I dare to bet that half of them you don't really need (but hey, the
customer's always right) and that the ones you /do/ need either a) have
an open source equivalent that does exactly what you need or b) run
perfectly fine on top of Wine (Windows emulator layer on Linux). A + B
should cover roughly 90% of everything out there I think.

> time to upgrade to the newest Windows O.S. But I really don't want my
> personal data collected in Windows 10 either.

Good luck with that... The new business model of the Windows group (and
MSFT in general) is to collect everything and anything. (and yes, that
includes what you type on your keyboard)
I don't think they'll ditch that new model any time soon.

> I recently read that Microsoft could be releasing data controls that
> actually allow privacy
> (http://www.ghacks.net/2016/02/11/microsoft-promises-to-implement-full-windows-10-data-tracking-controls/)
> but I'm not holding my breath. If I upgrade to Windows 10, what can I
> do to control personal privacy?  I heard that the Enterprise version
> of Windows 10 would let me have more privacy and not collect my
> data.

I wouldn't hold my breath but I'll wait & see how much of these promises
they'll actually fulfil and how far these implementations go before
making any bets on it. But my magic 8-ball says "outlook not so good".

Regarding the enterprise edition: Although I'm not 100% sure, you'll
likely have to set up and run an Active Directory domain and define a
policy on it that does not allow the sending of the 'collected
telemetry' information in order to actually not have your data siphoned
over to Redmond.

> How are you all dealing with upgrading to Windows 10 so that you can
> still control your own personal data?  Thanks for your thoughts.

There are two parts to your question:
"How are you all dealing with upgrading to Windows 10": I advise all my
clients to avoid it. I only have one who didn't take that advice and now
that one is complaining about it to me.
"so that you can still control your own personal data": I tell all my
clients that with Windows, they *will* lose that control.

All of that being said: you're already on Windows 8 and many of these
'telemetry collection' pieces have already been back-ported to it and
pushed onto you via Windows Update, so there's that.
But I do seem to recall some tool called Aegis-Voat or something which
disabled a large amount of 'outreach' from Win7/8/10 machines to Redmond
by (among things) messing around with routing tables on your local
machine (because the IPs are hard coded in Windows, the telemetry
collection for the most part doesn't use DNS nor your hosts file). That
is something you might want to investigate. Unfortunately it is no
longer maintained (https://github.com/th3power/aegis-voat) and its
approach was reactionary instead of proactive, so you'd have to keep
monitoring and updating your blocking periodically.

In fairness, if you stick with Windows, you really don't have a choice
in whether or not your personal data is collected. It will be collected,
stored & processed and in the near future, I expect windows to start
complaining in big red alarm-fonts and warning-signs if it detects that
it cannot send it over to Redmond because you've put preventative
measures in place.

All in all: switch to Linux! Give me a shout if you want to work on the
list of 'windows apps you need to run'.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Muslims do not feel safe any more

[Thomas Delrue]

On 06/15/2016 12:44 PM, Maria Al-Masani wrote:
> Should genocide propaganda violate terms of use of social media and not be
> free-speech. Genocide propaganda is half truths, false, incendiary
> emotional information meant to incite murder and violence.

I think that's a question for the lawyers of the social media you refer
to, after all, they wrote the TOS.
Or are you 'begging the question' in order to advocate the curtailing of
speech you happen to dislike? Because if you are, then this will be a
very different kind of conversation.

> I briefly supported Trump before he started going crazy.

There was a /before/? (sorry, couldn't resist)

> I support the right of the left and right wing to discuss their ideas, but
> when it comes to bismerching and dehumanizing a group in society - whether
> it's men "it's the patriachy" or "all Muslims" for evil, allowing it hurts
> the quality of life.

I'm willing to believe the first part of your claim ("I support the
right of the left and right wing to discuss their ideas"),
unfortunately, it is followed with a 'but' and what follows seems to
create a discrepancy with the initial claim.
Anyone has the right to free speech, but no-one has the right to force
you to listen.

> What should people like us do?

First: don't curtail or limit free speech. Don't even suggest limiting
it; you wouldn't like the world we'd end up with. Sure, you'll hear
things you won't like and don't agree with, but so what, you're an adult
and you can deal with that!

Second: turn off your television and get off of twitter, facebook and
the like, in fact, stay off of the intertubes for a couple of days. Get
out of the echo chamber and go out campaigning for what you believe in.

Exercise your right to free speech, while you can, until someone who
doesn't like what /you/ are saying, tries to censor /you/.


-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] If iPhones should have strong encryption, then the Web should not include DRM

[Thomas Delrue]

On 15/23/3127 13:15 PM, Zak Rogoff wrote:
> Hey all, I'm trying to link these two issues and wrote this post on
> my personal blog. I was wondering what people thought about the
> arguments, as I know some of you have considerably more expertise on
> encryption than myself.
> 
> http://zao.com/blog/index.php/3127/15/19/if-iphones-should-have-strong-encryption-then-the-web-should-not-include-drm/

First of all: I applaud your efforts in bringing this to attention! I
think DRM is an important issue to be discussed.

While I agree that DRM is a serious and under-appreciated problem, I
have a couple of issues with your blog-post:

0. I see no arguments for why encryption is desirable in your post.
While you don't have to convince /me/ of the desirability and necessity
of encryption, others may need some nudging so they don't fall into the
"if you encrypt stuff, it's because you are a 'bad
guy'(tm)/pedophile/terrorist/someone with things to hide"-group.
Arguments could include
- privacy: I'm not hiding shit, but why do /you/ feel entitled to look
into what I'm doing, tell me that first...
- security: I don't want [insert_glorious_leader_name] to know that I
don't like him/her
- liberty/trust: I'll be the judge of what is running on my computer and
whether or not I trust it (cf. crypto-signatures)
- etc...
All of these arguments can be tied to some items you mention further on
in your post. Specifically, I'm thinking of the black-boxed-ness of DRM
software that you mention, which is likely a welcoming target to tie
this arguments in with.

1. I fail to see your link between crypto & DRM or why we need (strong)
crypto as much as we don't need DRM.
The article is pretty much only about how DRM is bad. I only count 8
occurrences of 'encryption' in the article (excluding the title and
bottom-links), none of them establish a substantial link between crypto
and DRM.

2. Encryption enables DRM: one of the things that DRM needs and uses
*is* encryption. This could hurt the argument /for/ crypto you're
attempting to make. But just like how encryption enables DRM, nuclear
physics enables thermonuclear weapons. It's not because the genie is out
of the bottle that we must march down the path blindly.

3. Don't introduce DRM as "Digital /Restriction/ Management", it's
called Digital Rights Management - as much as I loathe it.
Use this however to make the case that the 'Rights' referred to are the
ones of the copyright holder, not the user. Use arguments to indicate
that the rights of the user are fuck-all ("you may pay us for it and
then you can go fuck yourselves until we have another shiny bauble to
rent to you"). That would be a much better jump into using the term
Digital /Restriction/ Management.

4. Since this article is mostly/all about DRM: you're not mentioning how
DRM moves from an ownership situation (I bought the thing) to a
paying-rent situation (Oh, you want to stop paying me monthly fees?
Well, then, your e-books/mp4s/movies/... will just disappear and you
can't ever use them again. Have a nice day!)
Given your other work, maybe that's already in another article; however
given the overall subject of the article, it may belong in here too.

5. You are making a couple of unsubstantiated claims which I'd rather
you don't.
An example is this: "it is an industry best practice for Netflix to
insist you download a program onto your computer to monitor and restrict
you".
While it is true that the code you have to download and run on your
computer is closed source (i.e. not open for inspection), I have not
seem any evidence that this code 'monitors' you, and I'm even part of
the paranoid crowd.
Similarly, while surely it restricts you in what you can do with what
Netflix (for instance) sends you, I also have not seen any evidence for
the code restricting you in any other way - say for instance preventing
you to sign up with Hulu/AmazonPrime/BigBrotherX/...
Keep it factual: the code MAY be monitoring you as well as whatever you
do online but we don't know that (or at least *I* don't know). You can
tie this in with the DMCA, which you mention further on, and how it
prevents us from disassembling the code to inspect it and see whether or
not it actually does surveil us and to what extent, on pain of jail-time.
HOWEVER, I think this particular subject would be a good segway into
drawing in crypto. One of the goals of crypto is privacy and these
binary DRM-enforcing-blobs reduce people's privacy. I think something
can be done with this angle.

6. I disagree that DRM inherently is a nightmare for security. The DRM
code not being open source is a much bigger nightmare for security (and
privacy - tie it back to crypto). You mention that it is a black box but
don't do anything further with the argument, I'd love to see more
elaborating on that part. (see above)
You also mention that it is 'deliberately hard to remove' which I don't
think is accurate, unless you consider un-installing any piece of
software 'deliberately 

Re: [liberationtech] Securing Email Communications from Facebook offering PGP support

[Thomas Delrue]

On 06/01/2015 01:46 PM, Steve Weis wrote:
 Hi Libtech. Facebook added support to put a PGP public key to your
 profile and optionally use it to encrypt email notifications that are
 sent to you:
 https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302

Forgive my ignorance but what is the point of this 'feature'?
Wouldn't FB (and thus anyone able to coerce FB as well) still have the
unencrypted data?

Wooden leg, meet band-aid.

For those who don't remember, there was an excellent and very plausible
'Suppose if' situation written up about a year ago on libtech by rsk.
The relevant part went something like this (and I've attached the
original mail as well to give credit where it is due):

---BEGIN---
You see, Twitter wants to do business here in Elbonia.  So does
Facebook. So I would summon their corporate weasels to a meeting.  In
that meeting, one of my minions (you don't think I'd do this personally,
do you?) would explain to them that we must protect our great nation
from subversives and criminals and anarchists and terrorists (ding ding
ding magic word!) and thus we must have certain data fed to us...or,
most regrettably, we will not be able to allow them to do business in
our country.

I think they'll cave.  Don't you?  After all, there are profits to be
made and it's such a small thing that I'm asking.
END

Sure, that e-mail notification can't be decrypted but that doesn't
mean the same as the same information is secure and not available
through other means either.

I fail to see how this is anything more than smoke and mirrors giving
the illusion of secure communications.

---BeginMessage---
On Mon, Jun 09, 2014 at 07:52:51PM -0700, Seth wrote:
 I'm in agreement with pretty much all the points made, but how do
 you feel this approach?
 
 1) ALWAYS publish the original source information via
 freedom/privacy/dignity respecting services using a name-space (a
 DNS domain,.onion,.gnu,.i2p,namecoin,whatever) that you control.
 
 2) Syndicate a copy of that information to the CSW (Corporate
 Surveillance Whore) networks such as Google/Facebook/Twitter to
 obtain the widest reach.
 
 3) Ease out of the CSW networks as your home grown following reaches
 critical mass.

I see where you're going with this, and I agree with the goal.  But I still
have a major problem with point #2.  Let me try to explain why via a
fictitious example.

Suppose that I were the dictator of Elbonia (the mythical country from
Dilbert cartoons).  I would be autocratic, ruthless...oh, wait, I already
*am* those things...anyway, I would be the typical tyrant attempting
to retain power in the face of democratic movements and civil rights
movements and worker's rights movement and other petty annoyances.

I would *not* block Twitter.  I would *not* block Facebook.  I would *not*
block Instagram or any of the others either.  I wouldn't do this because
the idealistic, enthusiastic, hard-working, noble young people who are
most likely to pose a serious threat to my supremacy and are also naive,
gullible, careless and stupid.  They're using Twitter and Facebook and
the rest and that is extremely helpful to me, since I very much would
like to monitor them and know who they are and where they are and what
they're up to.  They've wiretapped themselves, saving me much of the
trouble and expense.

Instead -- because I *am* the dictator, thank you very much -- I
would order the long-since nationalized telecoms and ISPs to provide a
real-time feed of network traffic to my intelligence agency.  I would
monitor who is following #OverthrowTheDictator and who is liking the
DesposeTheDictator page.   And so on.

And when the moment came that I felt really threatened, I would decapitate
their movement by disappearing the 22 or 37 or whatever most active
participants.  Not a tidy solution, I'll grant you, but effective in the
short term and it would certainly discourage others.  I could probably
do this 3-4 times before they caught on that they were making a major
strategic mistake.  That might buy me another decade in power.

Now you might say...but what about HTTPS?  Would about VPNs?  What about
Tor?  (What about Houston?  What about Detroit? Thank you David Byrne.)

Yeah.  I know.  Most inconvenient.  Fortunately, I have another way.
Several other ways, actually.

You see, Twitter wants to do business here in Elbonia.  So does Facebook.
So I would summon their corporate weasels to a meeting.  In that meeting,
one of my minions (you don't think I'd do this personally, do you?) would
explain to them that we must protect our great nation from subversives
and criminals and anarchists and terrorists (ding ding ding magic word!)
and thus we must have certain data fed to us...or, most regrettably,
we will not be able to allow them to do business in our country.

I think they'll cave.  Don't you?  After all, there are profits to be
made and it's such a small thing that I'm asking.  And if the 

Re: [liberationtech] Securing Email Communications from Facebook offering PGP support

[Thomas Delrue]

On 06/01/2015 06:09 PM, Parker Higgins wrote:
 On 06/01/2015 12:35 PM, Thomas Delrue wrote:
 On 06/01/2015 01:46 PM, Steve Weis wrote:
 Hi Libtech. Facebook added support to put a PGP public key to your
 profile and optionally use it to encrypt email notifications that are
 sent to you:
 https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302
 Forgive my ignorance but what is the point of this 'feature'?
 Wouldn't FB (and thus anyone able to coerce FB as well) still have the
 unencrypted data?

 Wooden leg, meet band-aid.
 
 Facebook is offering end-to-end encryption. If you don't trust the other
 end of an end-to-end connection, this won't help that particular
 problem. But there are plenty of well-attested benefits of end-to-end
 encryption for all sorts of other threats.

I think this addresses my concern. Thank you Parker.
Can you point me to resources of the benefits to me if I do indeed find
myself in the situation of not trusting the other party.

The point I was trying to make (in a veiled way) was that FB should/can
indeed not be trusted and I am therefore questioning the usefulness of
this feature when it involves that site.

Sure, Google/Hotmail won't be able to scan your (now encrypted)
GMail/Hotmail inbox notifications from FB and understand the content of
them but to what purpose? Is FB just trying to prevent Google/Hotmail
from gathering your FB 'graph'?
On the other hand, for those communications where it matters that no-one
else can see them, against whom is this protecting me?

I think that I still stand by my claim that this is nothing more but
smoke and mirrors giving the illusion of 'secure' communications.



-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] The only way to fight censorship is

[Thomas Delrue]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(long time lurker, first time poster)

On 01/12/2015 12:04 PM, Richard Brooks wrote:
 sarcasmWe can only defend freedom by killing it.\sarcasm

Next time someone says that liberty or freedom is priceless, please
point out that it isn't priceless at all, its price is exactly 17 dead
people. They have roughly another 742.5 million to spend. I'm for one
am curious to see what else they'll (*) pawn off.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUtEZ2AAoJEBNCAZt3W3jZzLgP/3XGKqkYScFYlhnPu5nwpP/S
WmalqFXkIjQIw2vW1Tm4abR0rNDw8muT9QxpyN9jus2qDYjdbiTeqf0UaRlfxbMD
Ndz/C2Sj2dBMPbhSVVwoKuQ+/RQU1et5ej3tpHwB59nHjb2X9NQSC+BuO5/P4Sy+
HgISk1l+eQb1EfpXWDBs5Ub7C3dhFMuIuy/flrKr4ONoKrp4X9MeLFzZMO3X5hiQ
j7MoK9vfLH7qVs13ZV2ZbtJMOeUr9sGguaJk7VY2zD4s+/tY/XIRuVYX7Fn4whAH
lKXy5xaB00hl/QNxnZTUK3NS/fMUllNU3XYferTSPlyKl/X4JQzX3S0GlgGTWZUI
g0a8wxQpaRMR6we4h2QgP2g4T//kHNhI2ga6u+05P5es+zk4n5IoBaXcSe3TjfQy
0CEnvlPccZVhYwq/HsCj4MJo8xjaC2nMcEH2EWhIkOkjbSeFCkY36LYj0xMFVJZN
D/HW0aNiF7gQFvHi3acsxfuRKaFGLmCDweMV4QB9h/ekyVLv/VajZLk/hdJuV+QI
LfFHr68ubh0OgRunRl74Cvee9k77/HKiz7FCZ1nhy+j39PC9FFTD/9G7I7I4ot1S
P0K0bFcks3q6okeRYvbXTeweNMvBa/3Wr5R3awS6Om3+lECmXb5iBdOELx0A54LX
7JlJhzwnJi0+qm65rvPZ
=NBGE
-END PGP SIGNATURE-
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.