Re: [liberationtech] Mexico's drug cartels love social media
On Mon, Nov 04, 2013 at 10:19:41AM -0500, Rafal Rohozinski wrote: Civil society groups are not the only ones flooding into social media*. liberation technologies can also empower less libertarian groups. it's a popcorn article, but nonetheless useful to reflect upon as a goes to the heart of the debate between defending individual liberties and ensuring collective community security. Rafal http://www.vice.com/en_uk/read/mexicos-drug-cartels-are-using-the-internet-to-get-up-to-mischief But this is just a nice demonstration of failure of the state - Mexican's government, no? If drugs were legal everywhere, there would be no violence, no dangerous cartels, but just serious drug companies (like the alcohol producers in these days). Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
But, this is the Firefox / Tor Browser Bundle exploit. The question is how FBI gained access to Freedom Hosting? What kind of exploits did they use? Pavol On Mon, Aug 05, 2013 at 09:08:49PM -0500, Kyle Maxwell wrote: According to THN[0] and several linked supporting sites from there (particularly notable are analyses from Kenneth Buckler[1] and Vlad Tsyrklevich[2]), the payload delivered the MAC address and Windows hostname to 65.222.202.54[3]. I've read in public sources that that address is assigned to SAIC but I have not seen any hard data on that. [0]: http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html [1]: https://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/TorFreedomHosting/ [2]: http://tsyrklevich.net/tbb_payload.txt On Mon, Aug 5, 2013 at 8:22 PM, liberationt...@lewman.us wrote: On Mon, Aug 05, 2013 at 06:18:02PM -0400, r...@privacymaverick.com wrote 0.6K bytes in 0 lines about: : Does anybody have any indication on how the alleged operator of : Freedom Hosting was identified. Everybody seems to be focusing on : the javascript exploit but from what I've read, it appears that was : placed on the server after the alleged operator was taken down and : the operation compromised, or is my timing off? This is far more interesting to me than anything else. I've been wondering the same thing. -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.
is signed by the server) against the hard coded server public key in the app and proceeds if valid adam derives the shared secret adam encrypts the message using AES 256bit GCM using the derived shared secret as the key and sends it to cherie, the to and from key version used to generate the message are included as part of the message cherie receives the encrypted message cherie downloads and verifies the version of adam's public key needed to derive the shared secret for the message cherie derives the (same) shared secret cherie decrypts the message using the shared secret Data stored on device- surespot ensures that no message data or keys are stored on the device an unencrypted fashion. This means that even if someone has your device they will not be able to get the information without knowing your password. Users will be prompted to create a secure password upon creating an identity. -- Moritz Bartl https://www.torservers.net/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.
Thanks guys for info! Pavol On Mon, Jul 15, 2013 at 05:04:25PM -0400, Nathan of Guardian wrote: On 07/15/2013 05:00 PM, Pavol Luptak wrote: Of course, I can use Jabber+OTR, but I think there is even no opensource alternative of Jabber+OTR client on iOS platform yet. ChatSecure! chatsecure.org https://github.com/ChatSecure https://github.com/chrisballinger/Off-the-Record-iOS Fully interoperable XMPP and OTR. It does have its limitations (i.e. iOS limits background apps capabilities), but it is getting better all the time. +n -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.
But there is a strong disadvantage of Jabber+OTR compared to Threema (and probably Heml.is): Jabber+OTR needs a running client on both sides (two-way interactive communication) - offline messages are not supported by Jabber+OTR ( offline messages are supported by XMPP, but not with OTR ). But Jabber+PGP works for offline messages (I use it in my mcabber), but PGP is probably not supported by these smartphone jabber clients :( Any idea how to have offline secure messaging (when Jabber+OTR is not possible to use)? (this is probably the reason why Heml.is would use XMPP + PGP instead of OTR). Pavol On Mon, Jul 15, 2013 at 02:04:34PM -0700, Parker Higgins wrote: On 7/15/13 2:00 PM, Pavol Luptak wrote: Of course, I can use Jabber+OTR, but I think there is even no opensource alternative of Jabber+OTR client on iOS platform yet. There is ChatSecure: http://chrisballinger.info/apps/chatsecure/ Thanks, Parker On Mon, Jul 15, 2013 at 12:41:45PM +0200, Moritz Bartl wrote: Surespot looks like an open source alternative: https://www.surespot.me/ https://www.surespot.me/documents/how_surespot_works.html technical overview User creation- When a user is created in surespot two ECC (secp521) key pairs are generated, one for key derivation, and one for signing. The username plus keypairs create a 'surespot identity'. This identity is stored on the device symmetrically encrypted using 256 bit AES-GCM with a PKCS5S2 key derived from the user's password (plus salt and other data). The public keys are uploaded to the server where they are signed by the server using the server's private key. A user may create multiple identities and switch between them at will. User authentication- To login the client generates a signature using the identity's private signing key against the username, password, and randomly generated data. The server validates the client provided username, password, and aforementioned signature against its stored public signing key for the identity in question. If successfully verified the client is issued a session cookie which authenticates them for future requests until the session expires or they logout. As the exchange occurs over SSL, session cookies are thought to be a secure enough mechanism to facilitate authentication, but in the future every request could be validated against the signature. The fact that messages could not be decrypted by a session hijacker given the end to end encryption nature of the system also factors into this decision. Identity backup/restore- As the private key stored on the device is the, uh key, to unlocking all of the data, it is of utmost importance. In the case of a lost or stolen device, if the key is lost along with it, so is all of the data. Identity backup/restore and key versioning help to mitigate this problem. A user may backup their (encrypted) identities (username and key pair history) to device storage, or the cloud and restore them upon demand. Obviously the security is only as strong as the password used to store the identity in whatever cloud service and the surespot password, so make them strong! Never shall a private key be stored on a surespot server. Man in the middle- MITM is currently thwarted by the following: standard SSL implementation. When a user is created and its public keys uploaded to the server, the server signs the public keys. Clients that download the public key then validate the signature of the key against the hardcoded server public key in the client. This ensures a MITM attack trying to use a rogue key pair to impersonate a user will be prevented. Key versioning/revoking- A user may generate a new pair of key pairs at any time. This process is as follows: the user requests a ?key token? from the server the user generates a new pair of key pairs and uploads them to the server along with an authentication signature (username, password, random) and a token signature (the received key token, password) generated by the identity's existing signing private key. the server validates the password and both signatures and if valid increments the ?key version? and signs and stores the public keys in the database. the server notifies other users involved in conversations with the revoker that the key has been revoked. clients will receive this revoke notification and act accordingly. the old keys are now considered revoked and any message sent using them will be rejected by the server. Use case: lost/stolen phone- adam lost his phone, luckily he has his identities backed up on Google drive adam buys a new phone and installs surespot adam restores his identities from the backup adam generates a new pair of key pairs successfully attacker with old phone receives revoke message old phone knows revoke message is from the same user and promptly logs out
Re: [liberationtech] safermobile.org / mobileactive.org manuals
And my updated Android Privacy Guide: http://prezi.com/y9xwygcxmv0u/android-privacy-guide/ On Tue, Jun 25, 2013 at 03:14:26PM +, Kody Leonard wrote: Here's the Mobile Security Survival Guide for Journalists that I looked up awhile ago: https://www.aswat.com/files/Mobile%20Journalist%20Survival%20Guide.pdf On Tue, Jun 25, 2013 at 3:00 PM, Laurent Giacobino lgiacob...@gmail.com wrote: Hi list Does anyone know where to find a repository of the safermobile / mobileactive manuals? Both safermobile.org and mobileactive.org are now down but I supposed 'someone' has archived the numerous manuals that used to sit there and would be ok to share them. Thanks for your help. Yours Laurent -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Stability in truly Democratic decision systems
In the past I had quite similar thoughts and was trying to analyse the most effective / fair models of democracy (and I really spent a lot of time by this). And I ended up like anarchocapitalist / voluntaryist, everything else was logically/ethically inconsistent for me, so I perceive a democracy like a dead-end - especially in these days when most Americans are OK with PRISM / surveillance and democracy apparently fails. And people still believe in the illusion of democracy (regardless the fact that democracy permanently fails - Lukashenko, Hugo Chavez, Morsi, Bush - all these people were democratically elected). Pavol On Sun, Jul 07, 2013 at 12:47:52PM -0700, Peter Lindener wrote: Watching Egypt iteratively attempt to find something that resembles a democratic form government feels quite uncomfortable for me. Not only that in the senseless confusion many lives will be lost, but also, closer to home, here at Stanford, deeper reflections of the human condition seem still to be leaving our institution's interest in promoting forms of democracy that are more likely to function in a state of disarray.. I find it encouraging that Stanford has the kind of vision, value system and intellect that prompt it to support both a program on Liberation Techonolgy, as well as the Center for Democracy and the rule of Law... Then I have to ask why it seems maintenance of the existing Socio-Political power schema some how seems to trump moving ahead with the stated intentions of each of these promising programs..? While not all seem ready for the rigor of formal methods in information and Game theory towards building our society's better understanding of what it truly means to achieve a more genuine sense of democracy (i.e. a government for the people, by the people)... It would see that to just sit by and watch, as we preach to others that democracy is good, and then fail in any truly meaningful way to show how to achieve it, feels discouraging, at least for me. In a nut shell, the truly democratic group decision process, can best be understood as an information process that under some circumstances must endure varying amounts of game stress. as varying interests within a group attempt to maximize there influence on the group's decision outcome. The good news here is that: Significant insights can be gained, as one looks at the truly democratic group decision, as an information process.. These include: 1. Profoundly improved, individually selected, issue specialized, expertise leveraged, representation can be achieved by way of individualized Social Network based key word triggered proxy directives.. 2. Wide open alternative Cardinal ranked group choice systems, that are essentially free of the spoiler effect, will empower the implementation of crowd sourced idea percolators, that will tend to leverage the best thinking and problem solvers within our society. Now I know that some (perhaps from there ivory tower) may be wanting to dismiss what it is I'm saying hereeven as we sit watching the situation in Egypt potentially melt down Some might point to Arrow's Impossibility Theorem, and then declare that there is nothing more to discuss... Then a few (including a few very bright Stanford students) might be taking note of Von Neumann*Morgenstern utility theorem, and realize that there would seem to be more to understand... Working towards the dream of government, for the people, by the people, I will continue to make my self available as a resource for discussion surround the concept of Information Theoretic Democracy. Sincerely your's -Peter Lindener -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Physical Hacks to Protect Privacy/Freedom
Any hacks to make a privacy modification of cellphone where a microphone can be physically disconnected? Something like this http://www.stahlke.org/dan/phonemute/, but for recent phones. Pavol On Mon, Jul 01, 2013 at 11:30:24AM -0400, Nathan of Guardian wrote: On 07/01/2013 11:21 AM, Lorenzo Franceschi Bicchierai wrote: Any other cool examples you can think of? I'd like to get as many examples as possible, so I thought I'd ask here since you guys must know many more. -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptopolitics] [cryptography] skype backdoor confirmation
On Tue, Jun 11, 2013 at 07:31:59PM +0200, Eugen Leitl wrote: democracies downfall. The most dangerous aspect is the secerecy - not only do they want to collect the biggest dossier on everyone ever, they want to do it in secret, with secret courts, secret legal interpretations, and gag orders on those in industry forced to participate. Secret laws are not hallmarks of a democratic process. https://fbcdn-sphotos-a-a.akamaihd.net/hphotos-ak-prn1/943487_324377737694270_933715187_n.jpg :) -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cell phone tracking
Some information yoy may consider to be interesting: 1. It is possible to buy completely anonymous SIM cards (with data roaming that works everywhere in Europe including the UK) in Czech Republic. For 1.2 GB roaming data it costs about 800 Kc (31 €) monthly. I've already activated it for some of my friends who travelled around Europe and wanted to access to the Internet anonymously. 2. It should be possible to change IMEI on the fly (regardless the fact that this is illegal in most countries), I found this STEALTH-PHONE that should be able to do it: http://www.endoacustica.com/details_stealth_phone_en.htm The Stealth Phone is able to change IMEI code in different ways: systematically or manually, using simple procedures. Do you have any experiences with that? 3. There are many ways how to pay for mobile/Internet connection anonymously (e.g. https://en.bitcoin.it/wiki/Contracts#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party) There is an evil plan that is probably viable: 1. Come to your 'favourite' parliament with IMSI/IMEI catcher and make a nice list of IMEIs of your 'favourite' politicians. 2. Buy multiple anonymous SIM cards (multiple IMSI). 3. Buy STEALTH-PHONE capable to change IMEI on-the-fly 4. In your STEALTH-PHONE enumerate IMEI frequently of each politician's phone + change frequently your anonymous SIM cards 5. Be free stealthy :-) Regarding two (or more) same IMEI of enabled phones - in one network this can caused a collision - one of them can be blacklisted (the question is if it was your clone or the original:) In the worst case, this can be a nice phone DoS against the system :) But according to this: http://forum.gsmhosting.com/vbb/f131/what-will-happen-if-two-phones-same-imei-run-same-network-3965/ it should work: I test it on two T10 in the same network same room . We can speak with one fone with the other fine. but probably these checks depends on the mobile provider. BTW, if you are attending OHM2013 in Netherlands this year, Karsten Nohl will have there a presentation: SIM card exploitation – by [2]Karsten Nohl The protection pretense of SIM cards is based on the understanding that they have never been exploited. This talk ends this myth of unbreakable SIM cards and illustrates that the cards –like any other computing system– are plagued by implementation and configuration bugs. Pavol On Mon, Jun 03, 2013 at 09:16:54AM -0400, Rich Kulawiec wrote: On Sun, Jun 02, 2013 at 10:16:20PM -0400, Nathan of Guardian wrote: In summary, if the focused threat you need to address is location tracking by carriers/operators, and you live in an area with a decent saturation of open wifi hotspots, I feel there is something you can do about it. Now your adversaries have to work a bit harder (tracking IPs to hotspots, physical surveillance, etc) to build a geo map of your comings and goings. In re this topic, please see this paper: Unique in the Crowd: The privacy bounds of human mobility http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html Abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals. And remember Schneier's maxim: attacks always get better. So the work which these researchers have done (and it appears to me to be fine work) will be extended, refined, improved. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Question about otr.js
On Fri, Jun 07, 2013 at 07:44:35PM +0200, Jurre andmore wrote: Pidgin is a terrible client. It has quite a bit of issues. Their SSL handling is terrible and possible to mitm, I audited the Windows build last August and found known vulnerabilities since 2006 in 2012.. only recently in february that the Pidgin team released a security update.. Avoid using Pidgin at all costs. BTW, I use mcabber with OTR/PGP support http://mcabber.com/ Any security opinion? -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA, FBI, Verizon caught red handed spying on US citizens in the US
On Thu, Jun 06, 2013 at 12:56:33PM -0500, Andrés Leopoldo Pacheco Sanfuentes wrote: If the US government starts a war, it doesn't matter if 49.99% opposed it. It's still going on and people get killed. For those people, and their circles, the US government is MONOLITHIC. https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-ash3/942400_478286445573487_2110837671_n.jpg -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Android Privacy Guide
Some of you may be interested in my short presentation: Prezi online: http://prezi.com/y9xwygcxmv0u/android-privacy-guide/ PDF version: http://www.nethemba.com/AndroidPrivacyGuide.pdf -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Mexico's most vulnerable reporters lack digital security skills
and does not transmit anything in the clear. Get Cryptocat here: https://crypto.cat Make sure to read the warnings on the site to get familiar with the app's limitations. NK On Mon, Feb 25, 2013 at 10:13 PM, Brian Conley bri...@smallworldnews.tvwrote: Hi Kyle, I've been developing a tool called StoryMaker for journalists and citizen journalists. It's private/secure by design, so ideal for this use case. A There is a 10 lesson curriculum in mobile digital safety, and the app itself that could all be translated into Spanish. Then perhaps the app and/or curriculum might be used to educate and assist them in their work? https://www.transifex.com/projects/p/storymaker/language/es/ Resources 20-29 + 210 are the digital safety lessons. cheers brian On Mon, Feb 25, 2013 at 1:04 PM, Kyle Maxwell krmaxw...@gmail.com wrote: I'm curious how the infosec community, particularly those of us who speak and write Spanish, can assist in helping Mexican activists and journalists. I understand that a large portion of that community actively exchanges data on Twitter; any pointers would be appreciated. Feel free to contact me off-list if desired. On Mon, Feb 25, 2013 at 1:02 PM, G.W. Schulz gwschul...@gmail.com wrote: Most Mexican journalists and bloggers reporting on highly sensitive topics (such as crime, corruption, violence and human rights issues) do not fully understand the risks and threats they face when they use digital and mobile technology, even though the topics they cover make them even more vulnerable, a new survey by Freedom House and the International Center for Journalists finds. http://ijnet.org/stories/mexicos-most-vulnerable-reporters-lack-digital-security-skills -- Kyle Maxwell [krmaxw...@gmail.com] http://www.xwell.org Twitter: @kylemaxwell -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Namecoin: secure, anti-censorship naming system based on bitcoin
See http://dianna-project.org/wiki/Design_Overview Pavol On Fri, Dec 21, 2012 at 01:19:42PM +0100, Laurens Vets wrote: Hello Fabio, Namecoin has been dead for over a year (no updates etc...). NMC merged mining is also slowly disappearing. On 2012-12-21 11:57, Fabio Pietrosanti (naif) wrote: Hi all, i encountered such a project called Namecoin: http://dot-bit.org/Main_Page [1] Namecoin [2] is a peer-to-peer GENERIC name/value datastore system based on Bitcoin [3] technology (a decentralized cryptocurrency). It allows you to: * Securely register and transfer arbitrary names, NO POSSIBLE CENSORSHIP! * Attach values to the names (up to 1023 bytes) * Trade and transact namecoins, the digital currency NMC. There's also a proposal to use NameCoin for naming system for Tor http://dot-bit.org/Namespace:Tor [4] . I am wondering if this system has been already seriously considered as a resilient human readable crypto naming system for other crypto and anti censorship projects, as it seems quite promising but i didn't get deeper technically. Any opinion? Fabio Links: -- [1] http://dot-bit.org/Main_Page [2] http://dot-bit.org/Namecoin [3] http://www.bitcoin.org/ [4] http://dot-bit.org/Namespace:Tor -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Hi, On Thu, Dec 06, 2012 at 01:19:47PM +0100, KheOps wrote: DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. This is completely fine if customers decide for this kind of marketing / ads Internet connection for free (and accept all related advertisements). I am more than sure there will be also an economical demand for non-ads, non-filtered and fast Internet and many people will be willing to pay for it. So market will work. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Thu, Dec 06, 2012 at 01:25:46PM +0100, Julian Oliver wrote: Great examples. I've often experienced what appears to be severe throttling of an Alice DSL connection (Germany) after using bittorrent, whether that be to download a Linux ISO or otherwise. It persists for an hour or so after the bittorrent application is stopped. Telling locals about it one night it appears it's quite common. If there are enough people willing to pay for fast bittorrent downloads, I am sure that for someone it will make sense to build a new ISP especially for needs of these people. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: If this approval by the ITU is true - then it is no surprise at all, but what one would expect. What else has the ITU in the past ever been than an instrument that supports capitalist interests and commodification of the ICT and telecommunications industries? DPI can advance large-scale monitoring of citizens by the state-capital complex that is connected by a right-wing state ideology of fighting crime and terror by massive use of surveillance technologies and a neoliberal ideology of capitalist organisations that want to make a profit out of surveillance and want to hinder the undermining of intellectual property rights. DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Going Open Source
On Mon, Nov 12, 2012 at 10:55:49AM +0100, Julian Oliver wrote: ..on Sun, Nov 11, 2012 at 08:15:12PM -0500, Nadim Kobeissi wrote: A huge thanks to Silent Circle for doing the right thing! https://github.com/SilentCircle Great start. It remains to be seen if they'll open up the server side code. If not then it can't be considered a great win - more akin to an API model such that developers create custom clients for their closed and centralised service (a la Google, Twitter, Facebook et al). Do they plan to release also source code for other parts of their products? At https://github.com/SilentCircle, there is just a source for silent-text (nothing else). Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Bitcoin and The Public Function of Money
much we tax is a public policy choice, and the right-wing dogma that the appropriate choice is for the budget to be balanced, for taxes to be equal to spending, is universally understood to be false, even among the most celebrated right-wing economists. In his 1948 article A Monetary and Fiscal Framework for Economic Stability, Chicago Boys patriarch Milton Friedman proposed a counter-cyclical policy, where government spending would be increased beyond taxation during economic downturns, similar to Abba Lerner's Functional Finance which is often referred to as Keynesian economic policy. Whatever their ideological stripes, there is little disagreement among economists that to the degree that public budgets need to be balanced, they must be balanced relative to economic cycles and sectoral balances and not merely between annual public spending and taxation. The balance between spending and taxes is simply the balance of the public Heads side of the coin, always in counter-balance with the private Tails side of the coin, as expressed by the activity of private interests in the global market. It is no secret that the national State form is unsatisfactory. Not only is it burdened by its aristocratic roots, and not only is it corrupted by the fact that its modern form is largely captured by the international corporate elite, but the State is clearly unsatisfactory for modern publics as a result of the fact that static territorial forms are increasingly ineffective and inappropriate structures to serve global, distributed communities. The public form has to evolve from the state form to the networked form, but for that to happen, new, networked public forms will need to emerge that are able to take over the socially necessary public functions. Including the management of forms of public money. The critical feature required of public money is that we can socially determine how much of it there is, and how much of we want to apply to public purpose. We need ways to create and destroy public money so that we can can have a counter-balance to private activity, to manage cycles, to counter-balance economic sectors, and to socially pursue public objectives, such as health, education, and justice. Thus, Bitcoin's innovation in terms of creating a networked form of commodity money is not useful in creating networked forms of public money, and as a result it does not create a way for networked public forms to replace the current State forms. I'll be at Stammtisch this evening at 9pm, please come if you're in Berlin, if not, R15N continues at Mal au Pixel in Paris, you can join the network by calling +33 181 97 97 11 online version is here: http://www.dmytri.info/bitcoin-and-public-money/ -- Dmytri Kleiner Venture Communist -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- __ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
Hi, On Wed, Oct 03, 2012 at 04:25:39PM +0700, Sam de Silva wrote: Can someone help me out - Is http://www.piratepad.net secure? I thought it was, but I can't seem to access it via SSL. Download the source code of etherpad ( http://code.google.com/p/etherpad/ ), perform its security audit and run it on your own hardened server. No reason to trust to http://www.piratepad.net. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] secure text collaboration platforms
On Wed, Oct 03, 2012 at 01:10:28PM +0100, Michael Rogers wrote: As far as I know, the pad software used by PiratePad and similar services doesn't support SSL. It might be possible to combine the This is not true - etherpad supports SSL natively (directives sslKeyStore and sslStorePassword ). I run it without problems. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] FinFisher is now controlled by UK export controls
On Mon, Sep 10, 2012 at 08:17:37PM +0100, Ryan Gallagher wrote: Export controls on cryptographic items is not a new development in the UK or anywhere else - https://www.gov.uk/specialist/export-of-cryptographic-items The question in the case of FinSpy was whether it was to be classed as a Dual Use item. The UK government appears to now be recognising that FinSpy is indeed a Dual Use item and falls under Annex I of EC export regulations. Annex I is designed to control exports of goods (cryptographic or otherwise) designed or modified for military use. So what the UK government is implicitly recognising here is that FinSpy can be used as a military tool -- a bit like a weapon -- and should be subject to the same controls. If they implement this, it will mean Gamma will have to make an application for every sale it wants to make outside of the EU, and this will have to be assessed with the Dual Use criteria in mind. So any export will have to be considered in terms of the respect of human rights and fundamental freedoms in the country of final destination. If the UK government suspects it could be used for internal repression in the country of final destination, for example, they will (theoretically at least) refuse the export. Any reason why should Gamma International (UK) Ltd. stay in the UK and respect this funny regulation? There so many countries in the world where they can do a business with no such regulations and really low taxes... :-) And of course - all economical regulations will just support these countries (including offshores..) Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Finfisher Spy Kit Revealed in Bahrain
On Fri, Jul 27, 2012 at 11:54:33PM +0200, Andre Rebentisch wrote: Am 27.07.2012 12:58, schrieb Erich M.: Here is my take [German alas] on that matter including the reaction of the Social Democrat fraction in Europarl. MEP Leichtfried from .AT has been the rapporteur and the guy who managed to introduce surveillance software into the catalogue of dual use goods. Software is a service, not a good. Without discouraging the efforts: While it may undermine the commercial base it won't help to stop the spread of these tools. The Service aspect frames it more into commercial assistence of foreign espionage, here foreign domestic espionage. Services imply that the export nations do not develop the capabilities themselves and allows for all kind of trojan horses (export versions) and contacts, from which you could assess the current capabilities of the regime. Ironic: During the 90ths we voiced strong opinions against crypto export regulations, now virtually the same community seeks export controls for surveillance technology. I am a bit skeptical about it. From the technical point of view to prohibit a business between EU/US companies and dictatorship countries is almost impossible (because they can use dozens of subcontractors in many 'grey' countries and they do it if they want). Therefore, it is hard to say if this should be regulated by a law, I would prefer market - personally I would never buy anything from the company that supports a dictator regime. The most companies cannot afford to do it, because otherwise their reputation can be endangered. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] signature.asc Description: Digital signature ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Finfisher Spy Kit Revealed in Bahrain
On Sat, Jul 28, 2012 at 08:40:33PM +, Jacob Appelbaum wrote: Likewise, the free market has yet to deal with Cisco, EMC, and the myrid of companies like Nokia Siemens, Huawei and others who directly sell surveillance, censorship and outright tracking systems. The market has rewarded Cisco for their efforts with the Golden Shield project. This is even after Cisco was caught red handed advertising it for use in hunting down unwanted (religious) groups of people. Of course I really don't like this situation. But I am not sure if any draconian government's laws against these corporations would work. I don't believe that export controls or total absolute sanctions are the right path forward. Rather, we should hold these companies to account for their actions _in the US and Europe_ where they would not be reasonable, legal or ethical. Specifically when they do this for a profit and disregard the impact on society as a whole - something most of these companies are doing without even a slight regard for human life. Definitely. And propagation of all information about these bad companies (e.g. I really like http://werebuild.telecomix.org/wiki/Blue_cabinet). I try to choose my network vendor according to the information in this document and also recommend this list to many my friends/customers. Maybe I am completely out of reality, but still think that the pressure against these bad corporations should be made primarily by people (human activists/organizations, potential/real customers of these corporations, etc.), not governments. Because it's a primary ethical problem, then the legal one. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] signature.asc Description: Digital signature ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Commercialization makes your online rights irrelevant, more thoughts from my talk with @ioerror at #rp12
On Sun, May 20, 2012 at 09:31:56PM -0400, J. Gaboriault wrote: On 5/20/12 5:54 PM, StealthMonger wrote: Speak for yourself. Others simply go their own way in peace, perhaps occasionally temporarily detouring to cooperate with others in some mutually beneficial endeavor. I will allow that Dymitri speaks for me, too, although I don't know him, owe him, or agree 100% with everything he's ever written. Consider that representation without taxation. When you have government's monopolies for printing money (the case of US/EU) taxation is done through inflation (which is also stealing), you don't need to pay any taxes. -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] signature.asc Description: Digital signature ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Commercialization makes your online rights irrelevant, more thoughts from my talk with @ioerror at #rp12
On Mon, May 21, 2012 at 10:18:01AM +0200, Dmytri Kleiner wrote: Nothing I have read from anthropology nor psychology bears this out, both portray us as a deeply social species and suggest that our primary motivations are social ones, not individual utility maximization. We don't temporary detour to co-operation, co-operation is our natural state, and the reason for of our success as a species. It's quite the opposite, those that go there own way are either on a temporary detour, or simply outliers. There are 7 billion of us, and by large we work together, share and compromise with each other, and our survival depends on this. Don't forget that almost every individual profit can be reached thanks to social interactions and socialization (and this is almost inevitable). And I am not talking about financial profit only. People do a lot of things (helping to other people) just because of good feelings and secondary this is also their individual profit. Democracy does not respect freedom (the secret ballot has no shame) and becomes tyranny of the majority -- the most robust kind of tyranny. So how do you propose we make collective decisions? Might makes right? demand + market. If there is a demand, someone will always do it. Including building highways, streets and all other services that are provided by the state at this moment. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] signature.asc Description: Digital signature ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Commercialization makes your online rights irrelevant, more thoughts from my talk with @ioerror at #rp12
On Mon, May 21, 2012 at 05:02:35PM +0200, Dmytri Kleiner wrote: We have a world to share, and to do so, we need to respect each other. Not to mention that the distribution of wealth and power is currently extremely unequal, so even if some magic system of mutual utility maximization could work in an already-fair world (not that I believe this), it doesn't explain how we can overcome the unpleasant reality that the present extreme inequality allows the powerful to maximize their utility at the expense of the rest of us, and we can not change this without a moral prerogative to prevent them form maximizing their utility in this way. Therefore we clearly have a right to determine social outcomes collectively. Even when certain individuals, i.e. the rich, may not agree with such outcomes, i.e., more social and economic equality. But this intervention is simply not fair (and I also admit that the current corporativism system where the big corporations corrupt our governments and poor people are exploited, is also not fair). But people are different, have different skills, genetic predispositions, some of them are smart, some or them are stupid and lazy. It is absolutely natural that some of them would be rich and some of them would be poor (it's just a reflection of their skills and abilities). You can say - it is not fair, most people can not influence that they were born stupid or have some genetic disabilities. And that's why we need to involuntarily take money from the rich and smart people and support these poor people. I think it's immoral, because this should be done on voluntary basis only. But imagine the another example: If you are born to be sexy, you will likely also have many beautiful girls around you and have sex everyday. If you are born to be very ugly, it's likely that you have no sex in your whole life. And this also not fair, most people can not influence that they were born ugly and without sexual attractiveness. But in our fair society, we can solve it easily - just take (involuntarily) beautiful girls from all sexy people and give them to all these ugly people (of course, they will deserve it!) I know this is a crazy comparison (you cannot force these beautiful girls to do anything like this), but as well as people are born to be ugly or sexy, they are born to be smart and rich or stupid and poor. Of course not all smart people are rich and not all stupid people are poor. All I want to say is that if you are born to be poor or ugly or with some mental/physical disabilities, it's really unfair. But you cannot force all other people to help you. They have to do it voluntarily. And if you are smart and rich and you don't like this situation, don't hesitate to create a great charity for all poor and ugly people for improving their sex life. I will be your supporter :) Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] signature.asc Description: Digital signature ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Privacy, Moglen, @ioerror, #rp12
On Thu, May 10, 2012 at 06:03:51PM +0200, Andre Rebentisch wrote: Am 10.05.2012 17:07, schrieb Pavol Luptak: This may be work in Norway where are highly ethical/moral politicians, but it does not work at all in my country (Slovakia) or other Central/Eastern European countries where are massively corrupted governments. Who corrupts government? Commercial interests. What do dominant Of course. But this is not a problem of commercial companies, but the government which is a single-point-of-failure because its monopoly for regulations/laws. The government is corrupted because from the economical point of view it is just cheap and effective for corporations to lobby the laws that protect their businesses. In a pure freemarket it would be much more expensive and difficult to corrupt all your competitors (or someone) because of its decentralized character. Without the government (or very limited government) the corruption would become much more expensive because there would be no single centralized institution to corrupt. commercial interests want? Government to not get in their way, lower taxes and/or state aid/contracts. In other words you advocate for suicide in fear of death. Lowering/increasing taxes is just a game for sheep-citizens, because FED can print arbitrary lot of money without your consent and using the inflation regulates your real tax burden (and of course all without touching your official taxes). And the same applies to ECB that can easily steal money from all EU citizens by printing new euros. That's a reason why it is a good idea not to have state monopolies to currencies and stop using these fiat moneys. In Slovakia open standards are mainly violated by our government :-) (and it is because strong lobby of Microsoft and other corporations). Indeed, because there is no sufficient expectation of your government officials to act on principled grounds and set regulation. But even when they your government officals sell out they get paid. Corruption usually trickles down. Probably two reasons why the situation is so bad in Slovakia: 1. No politician in Slovakia has been ever criminalized or sentenced because of his corruption scandals. 2. Systematic fail of democracy system that motivates politicians to maximizes their profit during 4-year election term (because after this period, there will be new politicians and their interests, so why not to steal just now? ) Generally speaking you believe that without market intervention cartels get winded up by market forces. That is often true. The ordoliberal view is that we know that in a perfect market no cartels exist, so we intervene and then let the silent hand do the rest to approximate that market allocation. I just do not believe in the central authority that is moral and fair. I have many logical reasons why fair and honest people do not tend to work for these autorities and why these authorities attract greedy and dominant people (at least in our government, maybe you have the honest government). I just think that we cannot afford to have centralized governments just because people are too bad and too greedy (and all these people are attracted by the governments because of their nature). Authoritatian systems (I include also democracy system here - because if you choose democratically your slaver, it will be still just your slaver) maximize the power of these bad/greedy people because of guaranted money of tax payers (without feedback) and exploitation of many advantages of state monopolies. And you are IT geeks and know that p2p decentralized systems are usually more stable and offer more freedom than centralized systems, so why do you think that we need strictly centralized governments instead of decentralized society? Government procurement is a powerful leverage on the demand side. I would also like to suggest that certain companies are more powerful than your small state, and your state is defined by what it could do for citizens. If it doesn't do that, then that is an indication of the powers of the high seas. That's true. But these big companies still do not have the privileges and monopolies that my small state has. And still there is a voluntarily relationship betweeen customers and these big companies and anybody can decide to accept or reject the company rules (and find another company). I admit that in the past central/authoritatian governments made sense and provided a lot of advantages for our society, but in these days our society is so complex, so interconnected between individuals, that is extremely difficult to control it by single central governments. Hayek's explanation is here https://www.youtube.com/watch?v=CNbYdbf3EEc Of course this won't change for another many years, because all governments do everything to show their citizens that they are extremely important and that they really need them. Pavol