[liberationtech] Telenor Azerbaijan surveillance documentary link?

[Bernard Tyers - ei8fdb]

Hi,

I have been looking for a link for a Norwegian documentary on the 
Telenor/Azerbaijan surveillance scandal from a few years ago (2-3?), but my 
Google foo is weak today.

I wonder if anyone has a link? From memory it was in Norwegian but with English 
subtitles. I know it was discussed on this list, but I cannot find it in my 
archive.

Any help, much appreciated.

Thanks,
Bernard


--
Bernard / bluboxthief / ei8fdb

If you’d like to get in touch, please do: http://me.ei8fdb.org/




-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Hammond Banned from using Cryptography

[Bernard Tyers - ei8fdb]

On 20 Nov 2013, at 22:17, Shava Nerad  wrote:

> IANAL, but it seems to me that if the judge does not call the lawyers into 
> chambers for consultation, there is no period of commentary on sentencing, or 
> adjustment period.

IAANAL, so you’ll have to explain the significance of what this means? 

> If the plea is innocent, then the sentence can be appealed through a trial at 
> a higher court -- however, Hammond opted due to the rather excessively 
> abusive CFAA law which would have put him away for 35 years for a guilty plea 
> for ten years.  This means he had to live with the judge’s ruling which had 
> this “side car" of court supervised idiocy tagged on -- which actually made 
> me immediately think that the judge had read up on Kevin Mitnick's trial and 
> was trying to sound like he knew something he didn't.

Wait, if he read up on Mitnick’s trial and thought he understood…no let’s not 
go there..

> Couldn’t stick with the ten years, had to piss on it, pardon my crudeness.

Don’t follow.

Bernard

(He who understands follows little)


> On Tue, Nov 19, 2013 at 6:17 AM, Bernard Tyers - ei8fdb  
> wrote:
> It seems a similar stupidly idiotic requirement to the one imposed on Kevin 
> Mitnick when he was released.
> 
> From memory the requirment on him was that he wasn’t allowed to use 
> “computers or telephony” equipment. It might have been possible in the early 
> 2000’s but today?
> 
> IANAL, but would it be worth getting some lawyers to prod this argument 
> further? “You’re honour, what is defined as cryptography?” At least then (in 
> the US) there’d be precedent on what is seen as crypto? Or does that already 
> exist?
> 
> Could be good for an education campaign “Crypto is not the end goal” to spead 
> the already daily use of cryptography as opposed to the unfortunate view that 
> “crypto is for turrists and sex fiends”.
> 
> “The government see [online banking] as using cryptography. Everyone uses it.”
> 
> Just a thought…
> 
> 
> On 16 Nov 2013, at 06:01, Shava Nerad  wrote:
> 
> > It is so common for judges to be complètement sans clue regarding 
> > technology -- I'm sure the judge has no idea how pervasive crypto is, 
> > probably doesn't understand his online banking uses it, and so on.
> >
> > It's tragic.
> >
> > bleh.
> >
> >
> > On Fri, Nov 15, 2013 at 8:36 PM, Yosem Companys  
> > wrote:
> > From: Privarchy Mee 
> >
> > Can any of you, most of whom I do not doubt are far more knowledgeable
> > about cryptography and how it's conceptualised within the legal
> > sphere, offer some insight regarding this?
> >
> > https://twitter.com/CyMadD0x/status/401443518612512769
> >
> > The claim is that Judge Loretta A. Preska, who sentenced Jeremy
> > Hammond today, said that for the three years (post-release) that he
> > was to spend under supervision, he will not be able to use encryption
> > for communication or storage purposes(!) which is practically a legal
> > edict to go and build a cabin by Walden Pond. How can this be
> > considered anything but cruel and unusual?
> > —
> 
> 
> --
> Bernard / bluboxthief / ei8fdb
> 
> IO91XM / Contact me: me.ei8fdb.org
> 
> 
> 
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.
> 
> 
> 
> -- 
> 
> Shava Nerad
> shav...@gmail.com
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / Contact me: me.ei8fdb.org



-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Hammond Banned from using Cryptography

[Bernard Tyers - ei8fdb]

It seems a similar stupidly idiotic requirement to the one imposed on Kevin 
Mitnick when he was released. 

From memory the requirment on him was that he wasn’t allowed to use “computers 
or telephony” equipment. It might have been possible in the early 2000’s but 
today?

IANAL, but would it be worth getting some lawyers to prod this argument 
further? “You’re honour, what is defined as cryptography?” At least then (in 
the US) there’d be precedent on what is seen as crypto? Or does that already 
exist?

Could be good for an education campaign “Crypto is not the end goal” to spead 
the already daily use of cryptography as opposed to the unfortunate view that 
“crypto is for turrists and sex fiends”.

“The government see [online banking] as using cryptography. Everyone uses it.”

Just a thought…


On 16 Nov 2013, at 06:01, Shava Nerad  wrote:

> It is so common for judges to be complètement sans clue regarding technology 
> -- I'm sure the judge has no idea how pervasive crypto is, probably doesn't 
> understand his online banking uses it, and so on.
> 
> It's tragic.
> 
> bleh.
> 
> 
> On Fri, Nov 15, 2013 at 8:36 PM, Yosem Companys  wrote:
> From: Privarchy Mee 
> 
> Can any of you, most of whom I do not doubt are far more knowledgeable
> about cryptography and how it's conceptualised within the legal
> sphere, offer some insight regarding this?
> 
> https://twitter.com/CyMadD0x/status/401443518612512769
> 
> The claim is that Judge Loretta A. Preska, who sentenced Jeremy
> Hammond today, said that for the three years (post-release) that he
> was to spend under supervision, he will not be able to use encryption
> for communication or storage purposes(!) which is practically a legal
> edict to go and build a cabin by Walden Pond. How can this be
> considered anything but cruel and unusual?
> —


--
Bernard / bluboxthief / ei8fdb

IO91XM / Contact me: me.ei8fdb.org



-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] (no subject)

[Bernard Tyers - ei8fdb]

On 19 Sep 2013, at 04:44, aman1971  wrote:

> Plz put me on the list. 
> Regards 

You're on the list! Congratulations!


--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Is Dropbox opening uploaded documents?

[Bernard Tyers - ei8fdb]

>> On Fri, Sep 13, 2013 at 07:58:17AM +0200, Eugen Leitl wrote:
>> > Dropbox is pulling a Skype.
>> 
>> no it's not, it's generating thumbnails. also this is advertising.

Hi,

I don't follow what you mean by advertising.

Thanks,
Bernard

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

[Bernard Tyers - ei8fdb]

On 13 Sep 2013, at 10:04, Eugen Leitl  wrote:

> On Fri, Sep 13, 2013 at 06:39:35PM +1000, Erik de Castro Lopo wrote:
> 
>> Yes, but Firefox OS and Cryanogenmod only control the user facing part
>> of the smartphone. Loading eg Cryanogenmod onto a android phone leaves
>> the software running the radio part of the phone untouched (otherwise
>> the phone would never have passed the regulator auhorities). The second
>> link I posted reported a vulnerability in that software. Secondly
>> these phones connect to the cell phone network and you and I have no
>> tools to examine what happens on that network.
> 
> Baseband processors leave the system wide open to all kind of attacks.
> Countermeasure would be running the 2G/3G/4G stack in an open
> source SDR radio, or using an open source VoIP device that connects
> by WLAN to a MiFi, which is considered part of the untrusted
> Internet.
> 
> The open source WLAN VoIP handset is more difficult than it appears.
> In practice you'll have to use e.g. Jitsi with an USB headset on a
> portable computer. Not exactly painless, and it opens you up to
> system compromises.
> 
> If anyone is aware of suitable dedicated hardware, I'd be thankful
> for pointers.


You've reminded me of an episode of the RiskyBusiness podcast, I was listening 
to a few weeks ago with the grugq. He was talking about the small USB powered 
device the "TPLINK MR11U" or "TPLINK 3040". [1, 2, 3]

He does talk exactly about the same issues - seperating your devices (in his 
case a laptop) from the GSM network using a portal device. He use is however a 
laptop, not a mobile device. But what he talks about is figuring out what you 
need to defend yourself against.

I was listening to this thinking, if its so easy (The Grugq is using it! It 
must be secure!) then why isn't everyone using one? I have one on order from a 
trustworthy Chinese trader on ebay. ;) 

What I also thought was interesting was his *recommended* approach was buying a 
pay-as-you-go phone, presumably closed platform, with closed firmware.

Secondly his choice of mobile device was *an iPad*! 

Seriously though, his advice was interesting. Has anyone else heard it? I'd 
like to hear opsec peoples' opinions.

Hope that helps.

Bernard


[1] http://risky.biz/RB285 or http://media.risky.biz/RB285.mp3 (it starts at ~ 
28:00 mins).
[2] 
http://www.amazon.co.uk/TP-LINK-TL-MR11U-Portable-150Mbps-Wireless/dp/B0098AU7HY
[3] 
http://www.amazon.co.uk/TP-Link-TL-MR3040-Portable-Battery-Wireless/dp/B00842KJOS
--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

[Bernard Tyers - ei8fdb]

On 13 Sep 2013, at 09:39, Erik de Castro Lopo  wrote:

> Bernard Tyers wrote:
> 
>> Firstly: I agree with you in principle but these tools need to be
>> available to all. 
>> 
>> Technology is not used in a sterile, hygienic environment, it is used on
>> the streets, by people who can't write, who use it for their purposes,
>> not necessarily the purpose it was invented for.
> 
> I do agree, but its important to note that smartphones offer a
> significantly higher risk than say laptops.

By design though. Is there any reason why (leaving aside business reasons for 
the moment) why smartphones can't be lower risk?

Is there any technical reason why open source (read verifiable, publically 
auditable) baseband software can't be created for mobile devices? I don't 
expect it to be easy. 

>>> Smartphones are horrendously complex, rely heavily on untrusted
>>> binary blobs, have mutiple CPUs some without direct owner/user
>>> control (eg the CPU doing the baseband processing) [1]. 
>> 
>> I agree with your points about running untrusted binaries and lack of
>> user control. 
>> 
>> Firefox OS (OS level at least) is open source, right?
>> 
>> Cyanogenmod is open source, right?
> 
> Yes, but Firefox OS and Cryanogenmod only control the user facing part
> of the smartphone.

Agreed.

> Loading eg Cryanogenmod onto a android phone leaves
> the software running the radio part of the phone untouched (otherwise
> the phone would never have passed the regulator auhorities). The second
> link I posted reported a vulnerability in that software.

Yep, I'm aware of those baseband attacks. To carry them out you need access to 
a Node-B (telecoms equipment mobile phones connect to), real or simulated, and 
advertise to the device to attach to it.

Granted, not impossible, beyond the realms of an average radio-network engineer 
in a government run telco. Possibly Finfisher have a point-and-click tool for 
it.

However, that threat (ie threat of firmware compromises) can be applied to 
carrier grade IP switch, router firmware also. Making all IP based traffic 
vulnerable. 

But again, in my opinion it's down to the "what is the level of your threat".

> Secondly these phones connect to the cell phone network and you and I have no
> tools to examine what happens on that network.

Heh, I used to, but not any more.

> Compare this with a laptop. If you buy a new laptop and are sufficiently
> paranoid you can use widely available software tools to monitor all
> network connections from that laptop to the wider internet.

Agreed, but shouldn't those tools be available for mobile devices too? The 
trend in technology use is moving (it's already there) towards mobile devices. 
These tools should be available for mobile devices, as this is where people 
are. Otherwise, they will continue to use cleartext SMS, or worse whatspp, 
viber, gmail, and unencrypted phone calls. 

People need these tools to be available. They need to understand how they fit 
into the kinds of threats *they face*, and where they should not be used.

>> My threat is from the local governmental goons and their smarter
>> colleagues in the government controlled telco, who will surveil my
>> calls, SMS, and e-mail.
>> 
>> If I can use any tool to protect myself from them, isn't it worth seeing
>> that tool exist?
> 
> As long as you are aware of the limitations.

I absolutely agree with you on this. This is one area that I see as being an 
issue at the moment. Most users don't know what they (limitations) are. They 
are users of the tools, not experts. "I use Firefox and HTTPS everywhere, so 
I'm secure, right…?"

Developers of these tools need to communicate, in an understandable way, to 
potential users where the limitations are.

Developing a tool and releasing it is wonderful, but you need to communicate 
where it works and doesn't work.


I would argue the HRD and NGO people on this list understand threats and 
threat-modelling better than the technology people, certainly in the offline 
world. The tech people understand threat-modelling in terms of where and how to 
use technology.

Both groups clearly are in need of each other. The issue is they're talking on 
different planes.


thanks,
Bernard

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

[Bernard Tyers - ei8fdb]

Stefan: Why not?

Fabio, this sounds really interesting. Thanks for sending it. Now I need to go 
and sub to another list…

On 12 Sep 2013, at 23:06, Stefan <2...@2904.cc> wrote:

> But... PGP/GPG on a smartphone? Are you sure, that you want that?
> 
> Am 09.09.13 00:56, schrieb Fabio Pietrosanti (naif):
>> I forward this inquiry to Liberation Tech, considering the very good
>> impact it will have in the near future.
>> 
>> Fabio
>>  Messaggio originale 
>> Oggetto: Firefox OS with built in support for OpenPGP encryption
>> Data:Mon, 9 Sep 2013 00:09:39 +0200
>> Mittente:Alex (OpenPGP.js) 
>> A:   OpenPGP.js Mailinglist 
>> CC:  martin.ku...@telekom.de, "k.th...@telekom.de" ,
>> c...@mozilla.com
>> 
>> 
>> 
>> Dear OpenPGP.js community & friends (in BCC),
>> 
>> I recently had a short meeting with Deutsche Telekom and Mozilla in Berlin. 
>> They are currently collaborating in order to enhance the security & privacy 
>> of smartphone users utilizing Firefox OS (FFOS). The initiative is also open 
>> for cooperation or partnering with other organizations and projects.  In 
>> this context, one dedicated very valuable feature is built in support for 
>> OpenPGP encryption (e.g. based on the OpenPGP.js library). Anybody who is 
>> interested in contributing this functionality to FFOS is welcome to get in 
>> contact with the project.
>> 
>> Firefox OS (FFOS) is a new open source operating system for smartphones and 
>> tablets. It is based on Linux and Mozillas Gecko rendering engine and 
>> provides open Web APIs that allow to run full featured web applications 
>> based on HTML5, CSS, and JavaScript.
>> More information on FFOS development can be found under 
>> https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS .
>> 
>> For further information and contacts with Deutsche Telekom, please feel free 
>> to contact the project lead, Dr. Martin Kurze (in CC), Telekom Innovation 
>> Laboratories.
>> 
>> Best regards, Alex
>> 
>> 
>> 
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Cryptogeddon

[Bernard Tyers - ei8fdb]

This sounds a nice idea. 

There was a similar idea (in its early stages) presented at SOUPS 2013 
(Symposium on Usable Privacy and Security) earlier this year. [1] 

It was called "Device Dash: An Educational Computer Security Game" presented by 
Era Vuksani. Unfortunately the Era's thesis is not available just yet (May 
18th). [2]

The game was built around the player being a sysadmin in charge of a network. 
As the sysadmin managed the network, more devices (authorised and unauthorised) 
were added, and the admin had to react. As the user advanced s/he had access to 
better tools (firewalls, switches, IDS devices) to better manage the network.

It looked fun and educational.

All the best, 
Bernard


[1] http://cups.cs.cmu.edu/soups/2013/program.html
[2] http://repository.wellesley.edu/thesiscollection/38/

On 10 Sep 2013, at 10:51, Dan O'Huiginn  wrote:

> 
> I like this concept. I'd particularly love a more basic version of this,
> perhaps using openbadges to reward people who make it through a
> game-cum-course that lets them use security-related tools.
> 
> A perennial problem in security education is getting people enough
> practical experience. That's particularly true of communication tools --
> you need to pair people up to practice communication, which can be hard
> to arrange outside of face-to-face meetings.
> 
> A game would be a great way of dealing with this. I'm thinking of
> something aimed at the fundamentals -- such as:
> 
> - talk with this bot using OTR
> - read a clue that has been GPG encrypted with your public key
> - get some info out of a truecrypt volume
> - access a tor hidden service
> - send some text via a signed, encrypted mail
> 
> [I'll add this to my list of "projects for a rainy weekend", and
> meanwhile wait to see whether Cryptogeddon is anything close to it]
> 
> Dan
> 
> On 10/09/13 02:37, Scott Elcomb wrote:
>> Just stumbled across this post and thought it might be of interest to
>> some on the list.
>> 
>> "In a nutshell, Cryptogeddon is an online cyber security war game. The
>> game consists of various missions, each of which challenges the
>> participant to apply infosec tools to solve technology puzzles – an
>> online scavenger hunt, if you will. Each mission comes with a solution
>> that teaches the participant which tools to use and how to apply the
>> tools to solve the mission."
>> 
>> Further on the article describes the tools one may need to use,
>> including but not limited to:
>> 
>> * TrueCrypt
>> * Metasploit & Kali
>> * Nessus
>> * Amazon Web Services
>> * w3af
>> * Linux, Windows, OS X
>> * Apache, IIS
>> * GitHub
>> * VirtualBox
>> * Sysinternals
>> 
>> 
>> 
> 
> 
> -- 
> Dan O'Huiginn
> Organized Crime and Corruption Reporting Project
> 
> dan...@ohuiginn.net
> http://ohuiginn.net @danohu
> http://reportingproject.net
> skype:danohuiginn
> phone: +387 33 560 066.
> -- 
> Liberationtech is a public list whose archives are searchable on Google. 
> Violations of list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Naive Question

[Bernard Tyers - ei8fdb]

On 9 Sep 2013, at 17:29, Scott Arciszewski  wrote:

> Hello,
> 
> I saw this article on The Guardian[1] and it mentioned a librarian who posted 
> a sign that looked like this: http://www.librarian.net/pics/antipat4.gif and 
> would remove it if visited by the FBI. So a naive question comes to mind: If 
> I operated an internet service, and I posted a thing that says "We have not 
> received a request to spy on our users. Watch closely for the removal of this 
> text," what legal risk would be incurred?
> 
> If the answer is "None" or "Very little", what's stopping people from doing 
> this?

Hi Scott,

There was a discussion on another list (either Cypherpunks, or The Guardian 
Project lists) about a similar idea in terms of Lavabit, in the context of 
putting a header in e-mail messages to warn if an LEA (law enforcement agency) 
had forced the mail operator to give them access . From memory the person who 
mentioned them called them "canary alerts"?

No doubt someone will be faster than me in finding said content, but from 
memory the crux of it was if the operator (in your case the librarian, or more 
likely the library owner) was served with a NSL, or some secretive order, they 
would be breaching the secrecy of said order if they alerted the public in 
anyway. And presumably you'd be "in trouble". :)

Let me find the original mail if possible.

Hope that helps.
Bernard


--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] MEGApwn - recover your "encrypted" MEGA master key

[Bernard Tyers - ei8fdb]

As if there weren't enough reasons to not trust Kim.Com.

What is MEGApwn?
MEGApwn is a bookmarklet that runs in your web browser and displays your 
supposedly secret MEGA master key, showing that it is not actually encrypted 
and can be retrieved by MEGA or anyone else with access to your computer 
without you knowing.

http://nzkoz.github.io/MegaPWN/


--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Request for participants for HCI study into the use of mobile apps

[Bernard Tyers - ei8fdb]

Hi all,

I'd like to ask list members who are based in London, or *who will be in London 
anytime during September*, to participate in my research.

I am exploring the use of mobile apps by investigative journalists, human 
rights and NGO workers.

- Are you an investigative journalist, NGO or a human rights defender?

- Do you need to communicate securely and privately with co-workers and 
contacts?

- Do you use mobile devices regularly?

- Can you give me 1 hour of your time to take part in my university research 
project about mobile apps and trust?

If you can answer YES to these questions, then I would love to talk with you.

As thanks for taking part in my study I will cover tube/bus expenses, make a 
donation to your organisation (or organisation of your choice) or compensate 
you.



Contacting me:

- by unencrypted e-mail bernard.tyer...@city.ac.uk
- by Twitter @bernardtyers
- by encrypted e-mail: If you would prefer to communicate via encrypted e-mail 
please use: ei8...@ei8fdb.org and this key http://bit.ly/BernardTyers-GPG-Key

I have also created this flyer for people who'd like to send it to colleagues, 
or contacts:

http://www.ei8fdb.org/bernard/participant_recruitment_page.pdf

If anyone has questions, then please let me know. I'd be happy to answer them.

best regards,
Bernard

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] SMS questions

[Bernard Tyers - ei8fdb]

Hi Richard,

Depending on the information your colleagues want to collect, and depending on 
how onerous the control of the telco system is, FrontLine SMS might be useful.

http://www.frontlinesms.com/
http://www.frontlinesms.com/technologies/frontlinesms-overview/

Hope it helps,
Bernard

On 27 Aug 2013, at 17:36, Richard Brooks  wrote:

> I have colleagues living in a small country, far, far
> away with a history of rigged elections who want to
> put in place a system for collecting information
> using SMS. The local government keeps shutting
> down the systems that they put in place.
> 
> I think I understand their needs and wants. SMS is
> really not my strong point. If anyone with an understanding
> of SMS, SMS web interfaces, and/or related security issues
> would be willing to point me in the right direction
> (or discuss potential issues) I (and by extension
> they) would be grateful.
> 
> The alternative is for me to dedicate my excess cycles
> to researching those issues from scratch, which sounds
> time consuming. They kind of need help in the near future.
> 
> -Richard
> -- 
> Liberationtech is a public list whose archives are searchable on Google. 
> Violations of list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?

[Bernard Tyers - ei8fdb]

On 15 Aug 2013, at 19:09, Kyle Maxwell  wrote:

> On Wed, Aug 14, 2013 at 5:18 PM, Bernard Tyers - ei8fdb
>  wrote:
>> My issue is with - "Hacking" is bad when people do it. It's ok when the 
>> government do it.
> 
> To play devil's advocate for a moment: isn't that true for a lot of
> things?

I'm not going to bite! ;)

> The State is, in general, very jealous about its monopoly on
> things like violence and taxation, and (modulo anarchists, many of
> whom I love and respect) the majority of people are okay with those
> things.


I don't think most people are necessairly the same - extreme example, but I 
don't think I've ever heard "normal" (sure define "normal"!) people being ok 
with violence when carried out by states.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Lavabit stored user passwords in plaintext?

[Bernard Tyers - ei8fdb]

On 15 Aug 2013, at 00:20, Tom Ritter  wrote:

> On 14 August 2013 19:11, Bernard Tyers - ei8fdb  wrote:
>> Yes, you're right. My mistake. But is my second question not still valid? If 
>> SSL was compromised would the user not then be compromised?
>> 
>> Is:
>> "…we generate public and private keys for the user and then encrypt the 
>> private key using a derivative of the plain text password.
>> 
>> the other side of:
>> 
>> "…we need the plain text password to decrypt a user’s private key…"?
>> 
>> This is where they saw the cleartext password, and held it in memory for 
>> that time period?
>> 
>> Does this give some indication as to what the government agency (whichever 
>> it was) were making Lavabit implement to allow it to surveil Lavabit users?
> 
> IF, (big IF) my understanding of Lavabit's architecture is correct,
> then if you gained access to the user's SSL session, and then also
> access to Lavabit's server where the user's data and (encrypted)
> private key is stored - yes you'd have undermined the whole thing.  *
> 
> There's another thread on LibTech speculating about just what the
> government asked Lavabit to do.  In it, Jospeh Lorenzo Hall theorizes
> that they were asked to sniff on people's passwords (or their private
> keys) in memory so the government would be able to decrypt their mail
> or private key into the future.  

I have *a little* experience (a long time ago) of using RAM Cache for holding 
databases to speed up retrieving results to search queries - similar idea? In 
this case, holding users passwords in volatile memory for security? 

Presumably this would be an easier job to do instead of attacking SSL sessions, 
since you (the operator) have total access to the hardware?

> This makes sense to me and fits with
> everything I have in my head - but to be clear I am speculating based
> off one person's explanation of how something technical worked to the
> media.  I know how individuals will change their statements to explain
> things, and how the media will often reinterpret technical statements
> to make them functionality different from how things actually work.

Don't worry, this is for my own understanding. I won't quote you :)

> * It's worth noting that designing a system where that is not true,
> while not requiring the user to move a key from device to device, and
> not requiring the user to use special software to read their email, is
> both extraordinarily difficult and a massive engineering effort.

Understood.

Thanks.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Lavabit stored user passwords in plaintext?

[Bernard Tyers - ei8fdb]

On 15 Aug 2013, at 00:01, Tom Ritter  wrote:

> On 14 August 2013 18:29, Bernard Tyers  wrote:
>> I came across this article outlining historical operation of Lavabit's 
>> services.
>> 
>> http://highscalability.com/blog/2013/8/13/in-memoriam-lavabit-architecture-creating-a-scalable-email-s.html
>> 
>> It mentions in two separate places that they stored users passwords in 
>> plaintext to allow key generation and encryption to take place.
> 
> No, it said in two places it SAW the plaintext password of the user.
> Not that they stored it.

Hi Tom,

Yes, you're right. My mistake. But is my second question not still valid? If 
SSL was compromised would the user not then be compromised?

Is:

"…we generate public and private keys for the user and then encrypt the private 
key using a derivative of the plain text password. 

the other side of:

"…we need the plain text password to decrypt a user’s private key…"?

This is where they saw the cleartext password, and held it in memory for that 
time period?

Does this give some indication as to what the government agency (whichever it 
was) were making Lavabit implement to allow it to surveil Lavabit users? 

thanks,
Bernard


--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?

[Bernard Tyers - ei8fdb]

On 14 Aug 2013, at 20:42, The Doctor  wrote:

> Signed PGP part
> On 08/13/2013 05:37 PM, Bernard Tyers - ei8fdb wrote:
> > Haven't "hackers" always been portrayed in a way to scare people? *
> > If it's not dDoSing script kiddies, its zombie network owning
> > Latvian mafias..
> 
> Or SysOPs using their BBSes to move satellites around.  I still have
> that bit of comedy gold tacked to the wall in my office.

Heh. Yes, realigning the geostationery birds in..5, 4, 3, 2…

> > If this *is* the case, how can General Alexander go to Blackhat
> > 2013 and say (paraphrasing) "we (CIA) use the same tools as you do.
> > Help us
> protect America
> > by teaching us rad haxoring skills."?
> 
> Statistically speaking, a small number of people in the audience at
> Blackhat watching him are likely to throw their hats and CVs into the
> ring for a chance at a job.  It probably wouldn't have the greatest
> success rate, but anymore any help one can get is welcome.

Sure there is there will always be those lost people "who want to play with the 
coolest toys". 

My issue is with - "Hacking" is bad when people do it. It's ok when the 
government do it.

Bernard

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Secure alternatives to Dropbox?

[Bernard Tyers - ei8fdb]

On 14 Aug 2013, at 22:47, mark burdett  wrote:

> I finally tried Bittorrent Sync this week and it seems to work quite nicely 
> for serverless file-sharing (mostly, as there is a server fallback to get 
> around firewalls). Too bad it's not FLOSS so I can't actually recommend it :/

Hi Mark,

Can you explain the path the data takes from DEVICE A to DEVICE B? I don't 
understand it, or am looking at the wrong thing. Can I limit the peers my data 
goes through?

Thanks,
Bernard

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Secure alternatives to Dropbox?

[Bernard Tyers - ei8fdb]

On 14 Aug 2013, at 22:09, Nathan of Guardian  
wrote:

> On 08/14/2013 05:01 PM, Web Admin wrote:
>> Are there oher services to consider?
> 
> We (the Guardian Project) are happily using SparkleShare. Credit to the
> Commotion/OTI team for introducing us to it, and for Hans-Christoph on
> our team for getting it running.

Damn, another thing to look at.. :)

> We still have some internal culture and workflow issues to solve (i.e.
> Dropbox is still ingrained in the brain), but technically and
> product-wise it is all there.


This is the issue. Dropboxs work really well. And now that *everyone* knows how 
it works, people have an expectation that all services should work in the same 
way.

I have tried to use Spideroak, but it doesn't work in the same way as Dropbox.

Bernard
--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Secure alternatives to Dropbox?

[Bernard Tyers - ei8fdb]

Hah, we all must have read the same article.. ;)

On 14 Aug 2013, at 22:42, elijah  wrote:

> On 08/14/2013 02:01 PM, Web Admin wrote:
> 
>> It would be good to be able to advise folks on more secure alternatives, if 
>> they exist.
> 
> free software:
> 
> * http://seafile.com
> * http://sparkleshare.org
> 
> proprietary:
> 
> * https://wuala.com
> * https://spideroak.com
> * http://labs.bittorrent.com/experiments/sync.html (BitTorrent Sync)
> 
> As mentioned previously, sparkleshare requires you find a git host. Of
> the bunch, Wuala is by far the most powerful and friendly. The spideroak
> UI is odd, and there is also the mysterious change in how spideroak says
> they handle passwords. Seafile seems very promising. The other free
> software contender, Syncany, appears long defunct. BitTorrent Sync is
> server-less.
> 
> -elijah
> -- 
> Liberationtech is a public list whose archives are searchable on Google. 
> Violations of list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Secure alternatives to Dropbox?

[Bernard Tyers - ei8fdb]

On 14 Aug 2013, at 22:01, Web Admin  wrote:

> Are either of these servics a more secure alternative to 3rd party
> services like DropBox? My reasonng is that a hacker would first need to
> know you host your own cloud in a articular way to attack it. Is my
> thinking too simplistic?

This is something I have been thinking about for a while myself - do I keep my 
web hosting, mail, filesharing "in the cloud" or do I do it myself? I have the 
experience and knowledge to do mail, web and file share hosting, but do I want 
the extra hassle?

No, I don't think your thinking is too simplistic, I think you've got to figure 
out "who's out to get you?" 

Each has it's pros and cons - hosting your file sharing on Dropbox is probably 
going to keep you reasonably safe from "nasty hax0r5" but it's certainly not 
going to keep you safe from government surveillance/interception. It's also 
essentially zero-systems admin.


> Are there oher services to consider? Activists
> and journalists are the typical groups who use dropbox, not considering
> the risks they are taking. It would be good to be able to advise folks on
> more secure alternatives, if they exist.

I found a nice link listing a number of alternatives to Dropbox/Google Drive 
etc. A lot were based on Bittorrent, which may or may not work if your ISP is 
acting the a$$. Others were based on Git.  [1]

https://aerofs.com/
http://ajaxplorer.info/

Bittorrent:
http://labs.bittorrent.com/experiments/sync.html (os x, windows, linux, android)
http://cryptosphere.org/ (Maybe not exactly bit torrent but definitely p2p)

Git:
http://git-annex.branchable.com/ (os x, linux, android)
https://github.com/axkibe/lsyncd

I am not recommending any of these, as I am still trying to figure out which is 
the best *for my use*. Ultimately I want to end up doing my own file sharing, 
and e-mail for myself and 3-4 other people.

> I'm looking for options that are
> easy to use; many journalists/activists won't use something complicated
> (which is of course an issue).

There in lies the issue; define "easy to use" and "complicated". These tools 
still need a certain amount of knowledge, self-sysadmin, hosting knowledge, and 
a bunch of other work you are now trading for your "zero-admin" tools. Nothing 
a person couldn't learn, but - you'r trading one set of issues for another.

If there is *anything* good that came out of the Edward Snowden bombshell is 
that security, privacy and encryption is now on the discussion of a way more 
mainstream group of people. I was thrilled to see 2-3 days after the news broke 
technology people on this list saying (admitting?) encryption is hard, it's not 
usable. (This is not a jibe at technology people, but you have to admit we're 
are own worst enemies sometimes.)

These tools have a long way to go, but they've certainly gotten better. It's 
becoming the norm to have a GUI nowadays, fancy that!

For the moment, I think activists and journalists still need input from your 
friendly technology person. Thats not to say they can't be self hosted. The 
more people involved in making them the better.

For what its worth, I am playing with arkos.io and BitTorrent Sync. I still 
haven't found how Bittorrent Sync fully works, it seems your data needs to go 
through a BT node, which is not a good idea.

I hope that's helped in some way.

Bernard

[1] https://news.ycombinator.com/item?id=6071604

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More Rights?

[Bernard Tyers - ei8fdb]

Haven't "hackers" always been portrayed in a way to scare people? * If it's not 
dDoSing script kiddies, its zombie network owning Latvian mafias..

If this *is* the case, how can General Alexander go to Blackhat 2013 and say 
(paraphrasing) "we (CIA) use the same tools as you do. Help us protect America 
by teaching us rad haxoring skills."?


*: I still have a problem with the incorrect use of the word hacker here..but 
it's already passed into common usage.



On 12 Aug 2013, at 22:55, michael gurstein  wrote:

> -Original Message-
> From: dewayne-...@warpspeed.com [mailto:dewayne-...@warpspeed.com] On Behalf
> Of Dewayne Hendricks
> Sent: Tuesday, August 13, 2013 4:32 AM
> To: Multiple recipients of Dewayne-Net
> Subject: [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare Americans
> Into Giving Up More Rights?
> 
> Are Hackers the Next Bogeyman Used to Scare Americans Into Giving Up More
> Rights?
> Has "terrorism" grown a little stale as an all purpose boogeyman?
> By Digby
> Aug 12 2013
>  ng-more-rights>
> 
> Marcy Wheeler has been speculating for a very long time that the real
> purpose of all this NSA collection isn't terrorism, it's hacking. These
> comments last week from Michael Hayden lend a lot of credence to that theory
> in my eyes:
> 
> "If and when our government grabs Edward Snowden, and brings him back here
> to the United States for trial, what does this group do?" said retired air
> force general Michael Hayden, who from 1999 to 2009 ran the NSA and then the
> CIA, referring to "nihilists, anarchists, activists, Lulzsec, Anonymous,
> twentysomethings who haven't talked to the opposite sex in five or six
> years".
> "They may want to come after the US government, but frankly, you know, the
> dot-mil stuff is about the hardest target in the United States," Hayden
> said, using a shorthand for US military networks. "So if they can't create
> great harm to dot-mil, who are they going after? Who for them are the World
> Trade Centers? The World Trade Centers, as they were for al-Qaida."
> 
> That's just a tiny bit overwrought for an allegedly serious expert, don't
> you think? In fact, it sounds like the kind of thing we heard from various
> members of the Bush administration during the early days after 9/11. And it
> certainly indicates, as Wheeler has been speculating, that the government is
> stretching the terrorism laws to include hacking. They certainly are using
> the same histrionic language to describe it.
> 
> Under Hayden, the NSA began to collect, among other things, the phone
> records and internet data of Americans without warrants after 9/11, a
> drastic departure from its traditional mission of collecting foreign
> intelligence. A variety of technically sophisticated collection and analysis
> programs, codenamed Stellar Wind, were the genesis of several of the NSA
> efforts that Snowden disclosed to the Guardian and the Washington Post.
> 
> [snip]
> 
> Dewayne-Net RSS Feed: 
> 
> 
> 
> -- 
> Liberationtech is a public list whose archives are searchable on Google. 
> Violations of list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 5 Aug 2013, at 21:08, Al Billings wrote:

> You realize Tor didn't know this vuln was an issue until two days ago?

I presume thats directed at Griffin. 

> The Tor Browser Bundle is based off of Firefox ESR releases. All the high 
> profile security issues fixed are listed on the Firefox ESR known 
> vulnerabilities web page. You want them to copy that page for you?

How many TBB users will go to the Firefox ESR vulns. page to research the 
potential and found vulns in a piece of software they don't know they use?

Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSAAiCAAoJENsz1IO7MIrrzu8H/iXWJoVySQgfF3j6lPfiYqH1
qYQUuBhz1qOThuwWpZZOgbLfUICY0uSBU5cxD1AP3efzLrXXF3cUg3d6oUWjZg8G
tS7DRM4Yay5NBI9YgHWolkSaOpK/0qvL1/LOcjGzbrIswbVNVvXQQUDCHL/0Le/1
Kv+1ErF0TC/WVUfSPwk87H2XBOoA0CPDVn4afXLXWHVgIenbVCat/MROG7UpicTc
k+2fGoRc9nWjo5MEEmPmeTEA2NCztpKN+A8qZOsemc4Pa7EJX4naJlbc5sj9vbZV
RLIIfocaTTWGW1M0VIeQTaSx9ZHcUHuY3THiyRa9Q1zu2WhD+bkWFX7Mq+kDjMM=
=h6KP
-END PGP SIGNATURE-
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Freedom House / Tor Hidden Service compromise traced to SAIC/NSA

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Is this true?

http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/

Initial investigations traced the address to defense contractor SAIC, which 
provides a wide range of information technology and C4ISR (Command, Control, 
Communications, Computers, Intelligence, Surveillance, and Reconnaissance) 
support to the Department of Defense. The geolocation of the IP address 
corresponds to an SAIC facility in Arlington, Virginia.

Further analysis using a DNS record tool from Robotex found that the address 
was actually part of several blocks of IP addresses allocated by  SAIC to the 
NSA. This immediately spooked the researchers.


[1] http://www.domaintools.com/research/ip-explorer/?ip=65.222.202.53
[2] http://www.saic.com/
[3] http://pop.robtex.com/nsa.gov.html#records

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR//4kAAoJENsz1IO7MIrrgOYH/0eT8ma9d16jvrYNfxiuBUUb
oymDo3f1GTngBHMYSK0NAY797rYmy2QHlIuYhEJKKYurs2yHjDvpL2uu99e2i/4k
vQ+hJWncju9lXRQRQ3gV5qXhDRk6pkPMs1/XRdEUalc1ltwws/TE6Y3iJ0Mm9FVX
21P8qPmQtCzPiwaUTheysrpPqSqJdhFQZp0cMrWUScbjm2n6niksQpOc14f5te0R
08jx9ja9z8hbp8oxj2i7opkjHutTme/rIj/FVraGVprBbR5Jc6SsUYCeGm5+Mje4
oIK8BItHzQcYEI9Qo5+BacNus3dWR/n++RyEMO961x7/R/BqcBy4QbsNaJWqnYw=
=pX4u
-END PGP SIGNATURE-
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Firstly: this is not a anti-Tor/pro-anything/anti-developer comment. If 
anything it's "pro-have_some_understanding_for_people" point-of-view. I 
contribute to Tor as I believe it can do a lot of good.

As I understand it, the issue was: a compromise affected older TB Bundles, 
based on a previous version of Firefox. TBB prompted users to update to newer 
versions of within $X days of release.

It wasn't the Tor network that was compromised, it was *some* software running 
to provide a Tor Hidden Service. Which we still don't know exactly what that 
was? (It would be nice to know)

Neither do I think you can expect the Tor Project to follow every commit to 
Firefox. (Although using any software, based on trust, in this world is not the 
best idea.)

If anyone should get blamed, it's the operators of the THS (currently it seems 
it was Freedom Hosting and Eric Eoin Marques?) that were the cause of this 
compromise. They are the douches in this shitstorm.

All good so far.

On 5 Aug 2013, at 18:45, h0ost wrote:

>> Mozilla posted the advisory on June 25th.
>> https://www.mozilla.org/security/announce/2013/mfsa2013-53.html and a
>> TBB update was provided 5 days later:
>> https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released
>> - and uses a version of FF that the advisory says fixes the issue.
>> 
> 
> So what's the problem that Nadim Kobeissi is pointing to? The
> vulnerability was patched by Mozilla, then subsequently incorporated in
> the TBB.
> If TBB is updated, and a user doesn't upgrade their TBB bundle, that's
> the user's fault, not Tor.
> 
> No?
> Yes, I think.

If you want to find fault with some party, then sure it's the users fault. But 
that's not very helpful in a case like this. If it was MS Word, or Mail.app, 
blame the user.

Tor and TBB is not the easiest of privacy protection tools to understand, even 
for some trained technology people. 

It would be nice to know the percentage of "technical experts" using TBB. You 
*cannot* expect someone who is not an expert in cryptography, comp.sci, or 
"computer technology in general" to fully understand the consequences of using 
software tools. If you have a problem with that, then go and design software 
for developers. 

I know your comment was off the cuff, but this is one of the reasons why this 
shit is so bad. It needs to be designed with _real_ people (not cryptographers, 
or comp.sci or telecoms) in mind. Real people who use these tools to 
communicate. Everybody in some case, is "just a user". 

It wasn't essentially The Tor Project's fault, but they are dealing with it 
now. Shitty I know.

>> The take home message of the day: keep your shit up to date.
> 
> Exactly.  Nothing more, nothing less.  It's like brushing one's teeth,
> you learn that you have to do it for your own good, and then you just do it.
> 

I don't think you can compare tooth decay with your security getting 
compromised. Really.

>> The only question I have is -- is there anything more that can be
>> done to warn users their stuff is out of date? We're already visited
>> with a warning that our browser or other tor-related software is out
>> of date upon launching it. Do we need scrolling text? blinky lights?
>> Should it be disabled once it is out of date? Maybe that can be an
>> option set by default.  Thoughts?
> 
> 
> I don't think so.  TBB already warns when there is an updated version of
> the TBB, so I really think it's a culture change on part of people who
> don't upgrade immediately.  Hard thing to fight against, but maybe such
> events will make people more cautious in this way.



By what Roger Dingledine from Tor has stated in a previous mail, The Tor 
Project provided the "you need to upgrade message" promptly. I don't know if 
that is enough. (But it is certainly a lot more that other providers of 
software would do.) 

Maybe disabling out of date software would not be a bad thing? (Personally I 
don't know if thats a good approach, as users may use less secure methods to 
carry out their tasks)

My point is, there should be some research into finding an answer as opposed to 
apportioning blame.

Flame-retardent suit on.

Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR//l0AAoJENsz1IO7MIrrZs4H/j1b4vZj17cgFdMb5LcGcZz3
YcNKktzRhcD92mmFQo+XyIY1Mp0gas592y5Ah/Q+yXTWQpjZkNgMS/uZXWOgXnf5
tBVHYL9pIOc5BoTMIXukuYhevnVXb+KORZiUpYgL7wncIqjC7N5oor4np53tp3pk
KxQRDHZ4eYpDveLPs4vntECRiR2gfQygKNAuTDxUQgef8OjKG0NyOJGqMj31snee
R4pqkcszyLyqTlc+q2FVaB4VtsU6LTStG/dt57ts9ZiMxIiuhOAtfc53j6t1cguh
1pgs6NxWzcOdUTPOhySxLjRguiO/oT2iNq2UB69YhEp3SDkecrW/Yu2/KjDTmjY=
=Mr+D
-END PGP SIGNATURE-
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by e

[liberationtech] Advice: recruiting participants for usability tests

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I'd like to ask advice of people working in human rights, civil rights, 
investigative journalism communities.

I am doing my MSc in human-computer interaction, focusing on mobile Privacy 
Enhancing Technology tools, a lot of which are discussed here.

I am focusing on users from the investigative journalism, human rights workers 
circles. I want to recruit "non-technical/security experts", people who use 
these tools, but have limited understanding of how they work. 

To recruit participants, in the "commercial world", I would put out a call to 
recruit users, offering financial compensation ("£20 per hour / "£15 Amazon 
voucher...etc") to entice people to take part.

My understanding (possibly incorrect) is the people I am focusing on are not 
driven (solely) by financial gain. Therefore I have a question:

"What is the best approach to use to recruit participants for my usability 
testing sessions?"

So far, I have come up with the following approaches:

1. Offer to make a donation to the organisation they work for.
2. Offer a financial compensation as detailed above.
3. Offer to cover travel, and lunch expenses.
4. Offer nothing.

I'd like to hear people's feedback on these approaches. Are all/any valid? Are 
all/any acceptable? Any other suggestions?

On or off-list feedback greatly appreciated.

thanks,
Bernard


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR/3qmAAoJENsz1IO7MIrrJ8sH/15Mcr+YHYsEAtjAGZlTlQ3w
kz9aWDc6+CTCywfdFUXlrdu92tcFKw4h+yP5EFulKXYtwEq9oAU+lhr5fw7kcbYF
d5l/SK6GBpsDjahYWqW2naeDBEkHeo8IPR0py6Cyt6GTbX0piNPoXzIJe/4xRDhN
+Lw3EX5z/ni8AHdDaQyOXQo4J5XLUUdUAXdZaemSuekWsadcvy2a1RSOrZeVD2qQ
5y7LLvhWNc4rLdBSEjQRdL8vJIAXyEMe9zYU2Ag2t/UiiHRXD6I/YCHWCP6iH5MV
QT6E1bxXOcigkKuFoahunCWTRxBIOZl92wahYPV50S8Lv1ItEKnOswlnGljBuCU=
=0nbj
-END PGP SIGNATURE-
--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Rumours of Zimbabwean telcos blocking signals & sending pro-govt messages?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zimbabwean telcos are battling rumours that they have been both blocking 
signals to obscure election transparency and sending pro-ZANU PF messages. 
Interested to hear anything to this effect from others in Zimbabwe.

https://plus.google.com/100542281475595424607/posts/49Ftsd7iSvh
http://www.techzim.co.zw/2013/07/no-whatsapps-failure-to-connect-has-nothing-to-do-with-elections/
 

“We had an issue after upgrading a node last night but as of 10:30 [this 
morning] it was resolved,”  said Leon de Fleuriot, Econet General Manager: 
Products and Services. de Fleuriot also said that they are contacting all 
subscribers via a bulk message to let them know there was an issue and it’s 
been fixed."

- -- Upgrading a node is unspecific enough to be suspect.


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR96TwAAoJENsz1IO7MIrrducH/iSD+J1NagcRc8qAo3pWh3Jz
2dqBrKkPki1wSbXbF2Qk6ec2pLEnzCTYAPnIjFvamHEXcNk4JBPQ1eYlEBGjftNk
+C5FberHOc1khhofNbC8/0nqmwTQu0Bucf8eJnG5Fy5KtGsHfyMlWED7Rmb+c6Hc
HNjUJkJDCHs+hPh2cbbSPhTJX3vEDIXHafXTiz9vNm+KazAFymzy1d0Qdsn4wM4W
PUlgx/E+yXaZzIESQ1Rrxu8tbrPqT5O68RmsRPWSh/vqK4FalEFK10+ClQLW3khy
MqeRinEDe7P2UmMWtkVy+w0tG4lLAgb7eGOaw6UaaSHf661PfX+KX7UiI7MDWJ4=
=XUVr
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Internet misuse in Gambia

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29 Jul 2013, at 15:26, Richard Brooks wrote:

> New law in Gambia makes using the Internet to "incite
> dissatisfaction" with the government punishable by
> up to 15 years in jail and $100,00 fine:
> 
> http://frontpageinternational.wordpress.com/2013/07/28/internet-is-being-used-as-platform-for-nefarious-and-satanic-activities/
> 
> Looks like other governments are following David Cameron's
> lead. He could also add satanism to porn in his new firewall.


Wow, incite "dissatisfaction"? I don't suppose they've been helpful by defining 
what "dissatisfaction" is?

Is complaining about government bureaucracy on Facebook incitement of 
dissatisfaction?

Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR9piNAAoJENsz1IO7MIrr8FcIAIS3hUqGr54XSasZHEec7gyt
lPfKwSbyYKIBjCzNuZqRrtjpRd9OuKfTmguuVRE8Nb0MJzpdmHQx8o1YqYjQD0Jc
9aAfk+L8MzkvjyjdieHdWV6JBu0OWGxYvrUF8Qnqk3i4IE70lCVOfpVY/9Vt7t5M
5Wc8EwLgMuby1kRmEfyQVjiISvBaY4cBwbjtN/T0javFo+KaK5tAWPh7uwz3aIC7
NZE7Munclc14kI1/bIT1++uRdL79esfVpt1Pn7SZpNVMbxahrBlWhOsIwQaBCmI7
+qRy4uqM/2X51mcxEJLPF7Fk+0p2T1QD+FogZS7lkVY9c4XV4N0ZHm9xibbZOU0=
=IgoW
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Fwd: [jitsi-users] New XMPP Server

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 28 Jul 2013, at 13:21, John Perry wrote:

> On 7/28/2013 6:44 AM, Bernard Tyers - ei8fdb wrote:
>> For those interested, these two forwarded mails mention two
>> separate "secure" Jabber servers with "no-logging". I cannot vouch
>> for the validity of them.
>> 
>> IMO, any alternative to running the now closed (as in no non-GTalk
>> users can talk directly) Google Talk service.
>> 
>> regards, Bernard
>> 
>> Begin forwarded message:
>> 
>>> From: John Perry  Date: 28 July 2013 09:21:23
>>> GMT+01:00 To: Jitsi Users  Subject: Re:
>>> [jitsi-users] New XMPP Server Reply-To: Jitsi Users
>>> 
>> 
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>>> On 7/27/2013 5:44 PM, Anthony Papillion wrote:
>>>> I know that Emil has stated that the jit.si server is an 
>>>> experimental one and, with the developed focused on making the 
>>>> Jisti software even more kick butt, it's probably a bit hard
>>>> for them to constantly troubleshoot server and config problems
>>>> with the service.
>>>> 
>>>> So I've set up a similar service at http://patts.us and invite 
>>>> anyone interested to use it. We support voice, video, and IM
>>>> and run a Jingle node. We are also completely unlogged (even
>>>> the web server).
>>>> 
>>>> Just putting it out there to anyone who's interested. Not
>>>> trying to poach users from the jit.si service. Hopefully, this
>>>> will give Emil and the team a little breathing room.
>>>> 
>>>> Best Regards, Anthony Papilloon
>> 
>>> I don't want to steal any of Anthony's thunder but I also have a 
>>> server located at xmpp://chat.jpunix.net that has no logging and 
>>> pretty much does what Anthony's does and is open to anyone that
>>> want's to use it.
>> 
>>> - -- John Perry
> 
> 
> I want to clarify the "secure" part of my server. It is "secure" in
> the regard that it is my own server that I have physical access to
> (it's in my house). It doesn't have any logging turned on and I have
> no intention of turning it on. Anyone is welcome to use it that cares
> to. As far as my trustworthiness goes you are welcome to Google
> jpunix.net and jpunix.com to see the history of my domain and my
> participation in privacy and security issues.

Hi John,

Apologies if my comment sound insulting. It was not meant to be, more just 
matter-of-fact - I had no knowledge of how secure/insecure your service was, 
and therefore didn't want to sound like I had any assurances.

I was going for healthy skepticism as opposed to disbelief. Not sure if I 
succeeded.

IMO everyone should run their own Jabber server at home. It'd not that 
difficult.

regards,
Bernard






- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR9RDIAAoJENsz1IO7MIrrm3wIAMhU1HwHte3CPbQ8JqLOMWhX
4DuZ0HD7yv5SW+6MwHrPEc/9B3GuIrnWPQs+8aQpAtkRx36b1p7QXIi49HfzSsaY
Mu35h0L5fZdYVjhxy4WuC/g/+Dlyu+QmSsZTJbBvPWuLevttKrD7vVhTrzkKHMre
eYSMkoxuiaiNq9guUaSTQDQW/cCDCk5/UEZptYQSOKXtdZpz8AE6zMS4nvcvA0+0
l4kgtkpuPwd68xQ42ZFeyBFKZ+XcCLB9Ng8KlIiCDWOGdSACO6avar+zf3phu0+P
8M0OxNHpWJQLnemknW1yGULpb9VtwnzJHDnL5xE7TLYyiWQSEWnmZxf7KDR3FY8=
=crVL
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Fwd: [jitsi-users] New XMPP Server

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

For those interested, these two forwarded mails mention two separate "secure" 
Jabber servers with "no-logging". I cannot vouch for the validity of them.

IMO, any alternative to running the now closed (as in no non-GTalk users can 
talk directly) Google Talk service.

regards,
Bernard

Begin forwarded message:

> From: John Perry 
> Date: 28 July 2013 09:21:23 GMT+01:00
> To: Jitsi Users 
> Subject: Re: [jitsi-users] New XMPP Server
> Reply-To: Jitsi Users 
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 7/27/2013 5:44 PM, Anthony Papillion wrote:
>> I know that Emil has stated that the jit.si server is an
>> experimental one and, with the developed focused on making the
>> Jisti software even more kick butt, it's probably a bit hard for
>> them to constantly troubleshoot server and config problems with the
>> service.
>> 
>> So I've set up a similar service at http://patts.us and invite
>> anyone interested to use it. We support voice, video, and IM and
>> run a Jingle node. We are also completely unlogged (even the web
>> server).
>> 
>> Just putting it out there to anyone who's interested. Not trying
>> to poach users from the jit.si service. Hopefully, this will give
>> Emil and the team a little breathing room.
>> 
>> Best Regards, Anthony Papilloon
> 
> I don't want to steal any of Anthony's thunder but I also have a
> server located at xmpp://chat.jpunix.net that has no logging and
> pretty much does what Anthony's does and is open to anyone that want's
> to use it.
> 
> - -- 
> John Perry
> 
> 

==

Begin forwarded message:

> From: Anthony Papillion 
> Date: 27 July 2013 23:44:36 GMT+01:00
> To: Jitsi Users 
> Subject: [jitsi-users] New XMPP Server
> Reply-To: Jitsi Users 
> 
> I know that Emil has stated that the jit.si server is an experimental one 
> and, with the developed focused on making the Jisti software even more kick 
> butt, it's probably a bit hard for them to constantly troubleshoot server and 
> config problems with the service.
> 
> So I've set up a similar service at http://patts.us and invite anyone 
> interested to use it. We support voice, video, and IM and run a Jingle node. 
> We are also completely unlogged (even the web server).
> 
> Just putting it out there to anyone who's interested. Not trying to poach 
> users from the jit.si service. Hopefully, this will give Emil and the team a 
> little breathing room.
> 
> Best Regards,
> Anthony Papilloon
> 
> --


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR9QQmAAoJENsz1IO7MIrr6ZcIAKxL8vUD8/BuCzQckcJQDUOw
draNqwLOu+RIzm2IASVSeqw5SiXl0XRxUEi4MiBdRJuYOXumhrM2SScsAWyYLPJx
bvoogbPRaN3jaAvH8opGUoL/GUnlyO9lSxEuQKlxb8cLV+b9Ub4HwBJbyCtMWc7T
aOjzgGW3AnpXhWMftaYGkLeBH+zDgWW1VwL6fRKcYNWwcpHF6+RALVdwgtTeVSwX
aH5HH7Pnowl8wIYAefycXktx5swhpYlbwuJZ392odcJUaxMgTzgd4wF/4vovXjtn
uJR8ChFSGw05oZq8deVR/J3DTSivfzL4lCkfOxZ8y0HRX/XCrv/uOFAt7hUysAE=
=oWr4
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Anyone at SOUPS 2013 ?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi there,

Is there any Lib Tech bods at SOUPS 2013 this year?

If so if you want to say hello, let me know on/off-list. Don't forget you're 
fan and bottle of water!

regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJR75lcAAoJENsz1IO7MIrrrM8H/iNTRD0K9QuFyGR+Khw9/yH9
YijxnrVBk51IYpuF1ericrlrOIztD+HgUAfzvF/34V/swWG1hFxNd06WwweJquI8
sRL6oFMlNrloDH99hluuCcOdxBsLQdBPwe33NHj/ufrXpmdxAfFz5r/SK+8AFYiN
WRq5hWh7gux0qDTBjA1iTDzaUE8umEJhCwHEVGdbmFItJEW3RNc4MQ1ym+TkWMv6
/rUChIFIOG31vM0ZZZ+hkIuSdIEHRIBUaXT4NlhVxuo/X77kT+3xpul8PV36kBT6
CVwLJ6trm8YzX5po0sheDPiO9nkSpcaW2a/ufpkaOcee/vP9C73qEDqjq4v/2VQ=
=35Uz
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Internet is designed for surveillance

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Bob,

I agree with you on the whole but I'm going to argue some of your points.

On 26 Jun 2013, at 17:03, Yosem Companys wrote:

> From: "Bob Frankston" 
> 
> The current implementation of the Internet is hierarchical in that we get IP 
> addresses from provides and then use a DNS that is rooted.

Well, its "decentralised hierarchical" I guess. To be fair, there is nothing 
from stopping you or I from running our own DNS servers. However, at some 
point, I guess it will have to get its answers from root servers.


> We go even further in requiring that we conform to conditions on our intent 
> (AKA our use) of connectivity in order to get a temporary lease on something 
> so fundamental as our identity in the guise of a DNS name. We go further by 
> accepting the idea that we communicate within pipes owned by service 
> providers who can dictate terms in order to extract a rent.

Someone has to build, maintain and expand the backbone infrastructure. I'm not 
for one minute saying the Verizon's, AT&T, Vodafone's of the world are the best 
to do this. But it is expensive. Nowadays telecoms operators are more 
interested in sponsoring sports stadia, or film events than paying for the 
hardware needed. Thankfully this is causing their destruction.

David Burgess from Open BTS said this about telecoms last year:

"will be served by companies that look and work a lot more like Red Hat 
than like Nokia-Siemens. I see that vision too, and I see products (not 
projects, products) like OpenBTS and OpenBSC.having places in that world. 
If we are correct about this vision of the future, then that small gathering of 
hackers.may have held the seeds of a revolution that will fundamentally 
change a multi-trillion dollar industry." [1]

These are the kinds of projects are the way of the future, but they still rely 
on infrastructure companies to carry packets to reach maximum range.


> Once you accept such an architecture and such rules it seems disingenuous to 
> act surprised when those whom we’ve put in charge take advantage of this 
> control for whatever purpose whether for advertising or for our safety (real 
> or imagined).

Why so?

We pay them for a service to provide us connectivity. We do not pay them to 
facilitate worldwide surveillance with no basis.

Governments and LEA enforce "legal interception protocols" and build in 
requirements for any nation who wants to build a 3GPP standard mobile phone 
network to install legal interception equipment. By this I don't mean Finfisher 
or other sickening weapons of mass surveillance.

Advances in communications technologies like LTE/SAE ("4G") have built into 
their core Deep Packet Inspection. This is there for network management 
purposes, but lets be honest, it can (and is) used for other reasons.

I would be amazed if any private individual asked ETSI (European telecoms 
Standards Institute) or ITU (International Telecoms Union) to require telecoms 
providers to install surveillance equipment. This is a legal battle.


> We may ask for restraint on the part of those who enforce the rules but every 
> time there is an outrage (often called terrorist attack) we (perhaps not the 
> same “we”) demand more surveillance.

We demand more surveillance because we have been blinded by the "more 
surveillance protects us". I have been happily surprised by the number of 
conversations I have had since this Prism story was released. 

The number of times I have been banging on to people about these topics. People 
are starting to consciously realise and importantly *becoming angry* about 
these events.


>  The ideas behind the Internet – the use of raw packets that have no 
> intrinsic meaning in transit – should enable us to communicate without having 
> to agree to all of these conditions and without subjecting ourselves to prior 
> restraint.

For me the issue with privacy on the Internet s not that it *is* designed for 
surveillance. It's that it *was* designed for open, transparent communications 
within a restricted self-controlling group, who all-in-all had no intention of 
doing anything "bad".

I read an article about, I can't remember exactly who, (Vint Cerf, Bob 
Metcalfe, Bob Kahn) and they were asked what were they thinking about when they 
worked on early Internet protocols. There answer was (paraphrasing terribly): 
"I wasn't thinking about the military generals thats for sure."

While I have the utmost respect for the mothers and fathers of the Internet, 
they failed future generations by not building privacy and security into the 
founding protocols.

For me, as a result, we are now in the place where we are today - trying to fix 
the sticking plaster onto the big open cut.


> Even if we didn’t fully appreciate the idea of raw packets we still have to 
> wonder why we accept a rent-seeking approach for something so vital as our 
> ability to communicate.

I agree, but while it's not the *e

[liberationtech] USA Today panel with 3 American Whistleblowers

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This might be of interest to people..

http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/

A round-table discussion with Thomas Drake, William Binney and J. Kirk Wiebe.

I thought these videos were terribly interesting, and powerful.

I also thought Willliam Binney's view that Edward Snowden was potentially 
crossing a line from whistleblower to traitor with the release of information 
about the USA's alleged hacking of foreign computer systems is interesting. Is 
he right? Does it matter?

- --
Q: There's a question being debated whether Snowden is a hero or a traitor.

Binney: Certainly he performed a really great public service to begin with by 
exposing these programs and making the government in a sense publicly 
accountable for what they're doing. At least now they are going to have some 
kind of open discussion like that.

But now he is starting to talk about things like the government hacking into 
China and all this kind of thing. He is going a little bit too far. I don't 
think he had access to that program. But somebody talked to him about it, and 
so he said, from what I have read, anyway, he said that somebody, a reliable 
source, told him that the U.S. government is hacking into all these countries. 
But that's not a public service, and now he is going a little beyond public 
service.

So he is transitioning from whistle-blower to a traitor.
- --

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRwD30AAoJENsz1IO7MIrre1cH/0eltLgt8VjbnXK9a4lLAAlz
gg9zZMyn0oq+VdFGCdxN0kSYfc+Y0fmRr/XuTOdvsRpCR3fw5X8yJr7w/psYthW/
DAqdjo4o5PNqeP0eEuA2DEGvjoTAo78hgr5mlqWmAdzkuClu2z8r9w3Y3zgVsbmg
R7gO2YgcGxzsfaHuvlmkTxMZBnMCGw5uZY042kwU1DTPfPqkA2vuCU9w1dLFZ0Rn
ymrwIS15rY8p2OUxF8X1Xx19DeseOpag/AJDDzGHP2+4mw01wyF7DPzVmNON6vZy
MJp6O/7k5cvWIbXwEhmP4fmQmJr+m0BqxB1jnUhcMAJcMKrYUmrBfemQhW6xaNU=
=etuN
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

liberationtech@lists.stanford.edu

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 17 Jun 2013, at 22:23, Richard Brooks wrote:

> From Guardian Q&A with Snowden
> 
> http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower
> 
> Is encrypting my email any good at defeating the NSA survelielance? Id
> my data protected by standard encryption?
> 
> Answer:
> 
>Encryption works. Properly implemented strong crypto systems are one
> of the few things that you can rely on. Unfortunately, endpoint security
> is so terrifically weak that NSA can frequently find ways around it.

Encryption does work but it needs to be something that everyone can install 
configure and use.

I wonder what encryption software would look like if Apple made it as friendly 
as their products


What was also interesting was the following:

Question: 1) Define in as much detail as you can what "direct access" means.
(Anthony De Rosa 17 June 2013 2:18pm)

Answer:

1) More detail on how direct NSA's accesses are is coming, but in general, the 
reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw 
SIGINT databases, they can enter and get results for anything they want. Phone 
number, email, user id, cell phone handset id (IMEI), and so on - it's all the 
same. The restrictions against this are policy based, not technically based, 
and can change at any time. Additionally, audits are cursory, incomplete, and 
easily fooled by fake justifications. For at least GCHQ, the number of audited 
queries is only 5% of those performed.

Bernard
- ---
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRv4g6AAoJENsz1IO7MIrrOpoIALrbBA6OthlKhPs8sY/xk6JU
W8nTnPE6fLH0vCgTwsg/EnF71Ac5isJRfhOWozV82RtMvbZtbZtiSm2z8bqP+/1p
41Yxk5KaZ08vIFOdEsPZ5e4W2CzSePagicNKCmC8d2amFQ3wMzSEJSweqZ/WxMQu
raRSmtuI+U5sGYkiwwwmEEM7/OIn8/Ob6V6KuhmJMcxHe1KD3OLTDE0AASdIGDWr
/BKLDLgi3Tr8Bdb9BkyfiOTfHnAuskMqjK8yqid4dkUJ4MQnIk7sKgBBDgewd5Sz
Sh1BEtIB0R0DAlZyHFH0kn57t/2YWt/uQKF2sdvR1qusmnuO1mb592lCoBAk8+4=
=HRib
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Help test the new Tor Browser!

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Congratulations Tor Project. Well done to Mike Perry and all the contributors.

I've tested it on Mac OS X 10.6.8 and Debian 6.0 Squeeze and I had no technical 
issues on either.

First launch (using clear Internet connection) took approx 40-50 seconds on 
each. (Debian was running as a VM on a Macbook Pro)

The biggest usability hurdle for Tor (IMO) was having the browser launching 
separately to the Tor application. I've tested with users and this was a huge 
confusion for them. It wasn't a browser as *they* understand one. Now it is.

First prong of the attack: this is how privacy enhancing software should behave 
- the exact same as all other software. Now Tor is even better.

Second prong of the attack. Run more exit nodes.

- From the quick run through I did, here are some(possibly minor) suggestions:

1. The installed application icon is as follows 
http://diymobileusabilitytesting.net/bernard/skitches/tbb-3.0alpha1-icon1-20130617-221217.jpg

However when the application is opened, the application icon is this 
http://diymobileusabilitytesting.net/bernard/skitches/tbb-3.0alpha1-icon2-20130617-221432.jpg

It may be confusing for someone who was not familiar with the different icons 
used by the TP.


2. The copy displayed during the initial install ("Before the Tor Browser 
Bundle tries to connect to the Tor network, you need to provide information 
about this computer's Internet connection) could possibly be reworded to give 
some context as to *why* it is being asked for. (Possibly reposition the copy 
to above the connection steps)

Alternatively, is it possible for the install to run these two tests and 
determine to correct outcome? Ie. 1. Run some "tests" to determine if the 
Internet connection is clear of obstacles, then 2. Run some "tests" to check if 
the Internet connection is censored/filtered. Based on the outcome of these 
tests, Tor could then configure the connection as necessary. 

I could see this step being confusing for users not familiar with their 
Internet connection.

3. It would be interesting to see the numbers of users who actually follow the 
"Test Tor Network Settings" link. 

Once the TBB has installed and displays the "Congratulations! This browser is 
configured to use Tor." page, are users guaranteed to be connected to the Tor 
network? 

If so is there any need for the Test Tor Network..." link? Is it possible to 
display that information on the startpage?


It is also very nice that the user preferences have been altered to be more 
privacy enhancing (History, etc).

Congratulations to all involved. It is great work.


Bernard


On 17 Jun 2013, at 17:02, Michael Carbone wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Congratulations Tor devs! Serious kudos -- this is exactly the
> direction TBB needs to go.
> 
> A couple minor things: the order of the addons in the toolbar seems
> arbitrary (particularly the location of the Tor button, NoScript, and
> HTTPS Everywhere). I'm sure it's not, but at minimum it might be good
> in the about:tor splash page to have an arrow pointing to the location
> of the TorButton in the toolbar if folks need to change settings.
> Also, the search button image in about:tor is pixelated.
> 
> This is a huge step forward in UX, very exciting!
> 
> Michael
> 
> On 06/17/2013 09:45 AM, Jacob Appelbaum wrote:
>> Hi,
>> 
>> I'm really excited to say that Tor Browser has had some really
>> important changes. Mike Perry has really outdone himself - from
>> deterministic builds that allow us to verify that he is honest to
>> actually having serious usability improvements. I really mean it -
>> the new TBB is actually awesome. It is blazing fast, it no longer
>> has the sometimes confusing Vidalia UI, it is now fast to start, it
>> now has a really nice splash screen, it has a setup wizard - you
>> name it - nearly everything that people found difficult has been
>> removed, replaced or improved. Hooray for Mike Perry and all that
>> helped him!
>> 
>> Here is Mike's email:
>> 
>> https://lists.torproject.org/pipermail/tor-talk/2013-June/028440.html
>> 
>> Here is the place to download it:
>> 
>> https://people.torproject.org/~mikeperry/tbb-3.0alpha1-builds/official/
>> 
>> Please test it and please please tell us how we might improve it!



- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRv4OOAAoJENsz1IO7MIrrCcQH/iic0Jy+xpAfFTXs29cxuQV2
Lcw/Im2uxxxwapQGK3+7hGWkfynwG+O/CvyN/RaFbCx6a2GywS8D++SAhSEpCVyL
GMA6Vx8ZqiJ5KoqQkQ2Y2ENCMLkGIxgD374+bfSkHS5wkSmBesV2/DMva96PxO9e
KZT9qZve/OwlXgsCKA0Z1CuHxPpxrbC9htNpRSJ31GUjNv+jZc6OIhDdAEbayx2W
IBlgtsrb+glRe5gl1cRaBej3fnn6/zFoVoOMTQhwQEQr6xo8bvQUEcyNsHjMS6gW
J6c3hSGcMmUnesvYCOv/x5BXGvC0FQBHHpk4+jh3zNeU3VAik59BLiVQ7e1PCL0=
=ad2Q
-END PGP SIGNATURE-
--
Too many emails? Unsu

Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12 Jun 2013, at 11:15, Sheila Parks wrote:

> Why not use "her" instead of "his"?
> 
> Using "his" in 2013 is, indeed,  misogyny

Why would you derail a useful and (IMHO) really important thread? Clearly you 
made the comment for the jibe..

The *only* positive outcome from this whole Prism/NSA scandal is people, 
security, technical, developers, along with "non-technical experts" are 
discussing the difficulty in using sec tools. This thread is case in point.

Please lets leave the unproductive trolling to the pub. Or wherever you troll 
people in your area.

Back to productive, and positive discussion.

Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRuIn+AAoJENsz1IO7MIrrOWcH/09/1jbmG7bVLgGB8GN7LIL+
oU89dcDTxJDNtwFyS7EVyAULIPI2A9q0fMyzH2akBQfxsks4Z+5enorW2/nBtnv8
bGw0iLw4aCzws+umAbpzu3cw2/2Q1FksdClRUEUEC68BKsP4G497lkFlpTaqyQSC
saBQUWqXbWOsZ3eFtuH0Re5+NGKzP0TG/qfmNqXlEB+PtNGwsM1z0mItZhaMU1c2
SAX7VIprkisGgp3K6XoC+mh1HPGjmLbQ/2W079MfLwF+l7UZRj/UXFC0VNa2hQBE
FS7q89zlSL4oW/I8Q3de+WgHyeMQ/HMsDvxX6ijda94NI9d9VEt7wJA9V3JQkt0=
=Vd0q
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Fwd: Persona and Prism

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

While not as big a player in the identity area as others, below is Mozilla's 
Identity group response to a question about legal (or otherwise) requests.


Begin forwarded message:

> From: Melvin Carvalho 
> Date: 8 June 2013 15:11:44 GMT+01:00
> To: Ben Adida 
> Cc: "dev-ident...@lists.mozilla.org" 
> Subject: Re: Persona and Prism
> 
> On 7 June 2013 19:43, Ben Adida  wrote:
> 
>> 
>> Melvin,
>> 
>> Would it be correct to say that Persona would have no option but to comply
>>> with operations such as  "Prism"?
>>> 
>> 
>> I will speak very precisely to what I know: Mozilla Persona has not been
>> the target of these kinds of inquiries to date. If we did receive
>> inquiries, we would put them through the same rigorous process we always do
>> to determine whether there is a legal requirement for us to comply.
>> 
> 
> Thanks for getting back.  It's good to know Mozilla was not part of this.
> To be fair I'm sure most people at the other firms did not want to
> sacrifice user data, but probably felt they had no choice.  It's worse that
> this happened in secret.
> 
> e.g. facebook's comment was a little scary:
> 
> *They said: “We will protect you and your information better than any other
> company in the world.”
> 
> They say: “When Facebook is asked for data or information about specific
> individuals, we carefully scrutinize any such request for compliance with
> all applicable laws, and provide information only to the extent required by
> law.”
> *
> What's concerning is that if Persona gains in popularity, it may become
> more of a target.
> 
> 
>> 
>> It helps that we've designed the protocol to limit the data we collect
>> (without compromising our use cases, a sweet spot.)
>> 
> 
> I think this is the way to go.  I'd still like to see a "zero knowledge"
> option, but perhaps that's something for the future.
> 
> 
>> 
>> -Ben
>> 
>> 
> ___
> dev-identity mailing list
> dev-ident...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRs+AEAAoJENsz1IO7MIrrjTYH+gIR/bxG4r7tU1mCPZF/YBLm
mUO91zBMZHMBynwjRYRwRY8K/u37pvNafA8eAYttAnB7EzxDi8GbDO51fQmnov2l
tF8NqBzx38Y8+G1OQRj6CacLSCRe7Wad37lDq9Gs6UnkZ7VnckxxvHmBwYBwySc4
0/pK0Kitdi/ifTth2S89EzyoZvcK3j8XQfHugvvO1zJCFq0WXOBeREgj3Y9Ma/ps
xxjZ621rLh8nPNNhEGcvxDQObpYuJ+rcn77U1Sw4vvh322wBZeWy+1hVKs/wzsir
Y0MdlYNAgTNM81D8AADx/LSUQzAi9uki1xAUfhRG8pQ78IIpEnmoIMggAhyGuOo=
=kMbG
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Who Runs Prism...

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

That is interesting. Presumably by sheer coincidence, the docs.palantir.com 
sub-domain is not available, but thanks to Google cache, you can see the two 
URLs posted in that article here:

https://webcache.googleusercontent.com/search?q=cache:VTVVOpHBrTIJ:https://docs.palantir.com/metropolisdev/prism-overview.html+&cd=1&hl=en&ct=clnk&gl=uk&client=firefox-a

https://webcache.googleusercontent.com/search?q=cache:I1elqy0m2_sJ:https://docs.palantir.com/metropolisdev/prism-examples.html+&cd=1&hl=en&ct=clnk&gl=uk&client=firefox-a




On 7 Jun 2013, at 23:40, Peter Lindener wrote:

> It might be good to elevate this to it's own thread...
> so I forward it here..
> 
> -- Forwarded message --
> From: Raven Jiang CX 
> Date: Fri, Jun 7, 2013 at 10:30 AM
> Subject: Re: [liberationtech] NSA has direct access to tech giants' systems 
> for user data, secret ppt reveals
> 
> This is just circumstantial speculation but read 
> http://talkingpointsmemo.com/archives/2013/06/is_this_who_runs_prism.php
> 
> Given Palantir's rapid expansion and aggressive recruitment, I think this guy 
> might be onto something.
> 
> 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRsuM1AAoJENsz1IO7MIrrW/gH/jl8Vq6R2jeoVyJfBAFbZOvZ
GKRwZ7JM4z6/iFZjBBB1wtbDHTkx0qAnJyU7yi+AZZszafQmIHZMeeQ1IKUz4W1B
m6vB/iEa2f0eamS0VsEceJsMukDbvOl4/Zsupq7yHONm2JbeP6JxBopOdMRxbHrw
DjkpdKPn5IQWxY0YECPxOC3fJFV17Ha1oCgrJ5WkbK8rwgTlZTOphHHej8VhlNVc
F5elk3Pigjs9Lg7/3wNBFWNPlooOGKJYOqJMQh144u+ejiRTUvwZhTa7/G/LqWB7
YmycNW5zdln9Lvoy0jnM6shFNTievHt/s0w1pS0Y84r901BV7noPeokIYSiHKjM=
=0jE+
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NSA has direct access to tech giants' systems for user data, secret ppt reveals

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Still that figures seems awfully small. For whats involved. I've seen telco 
projects of a fraction the size of something like this costing £10M.

Unless they've managed to get the companies to foot the majority of the bill?

In that case, why would the companies accept the majority of the costs?

Too many questions and too many possibilities for conspiracy theories..

On 7 Jun 2013, at 01:14, Tom Ritter wrote:

> On Jun 6, 2013 7:28 PM, "Eduardo Robles Elvira"  wrote:
> >
> > Hello
> >
> > NSA just $20M of budget? The same NSA that is building a data center
> > (for processing what? =) for 869 million USD$ in Maryland?
> >
> > http://hardware.slashdot.org/story/13/06/06/2129249/nsa-building-860-million-data-center-in-maryland
> 
> The $20 million figure refers to the budget for the Prism program, not the 
> whole NSA.
> 
> -tom
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRsSbLAAoJENsz1IO7MIrrOHgIALc4QgXsSOiUlJeB1YTHDAdI
IH1dITgo8Oo2WzWpTg6ky3zG+G0TykJyFvhWRVJdLH7rBEZocL1/tRHX+p3FuiA5
vTWHiDqy1dgUgXuew7OvTpNVaYtWM8aLOkSLGhPVbtVx2N/hGFQbWY+E5NNoYkm6
VIZHjK03ZTcviUQkiXiQxWfWjr/u8MJdMjgNyd8/Sz3pSMdEztQP986G99WGJQ/u
9Pcl6jqWC5rD7XDOull/erknUglq1IVmz7VH/l1GsC/9Xmi1WdQHvKvPgJqebUWv
0jw3wM+eVe17MZuLmtKf6v9NnMid8WkOXybL7C3HgXhbJmPAMWamr3FgC2Zx9N4=
=BMwp
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Why Metadata Matters

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I'm glad someone brought up the NSA datacentre. I was thinking is there any 
connection to this? How far is it to being finished? Is that public 
knowledge/possible to find out?

It wouldn't warrant this amount of data, which I would expect is pretty small 
in comparison to the capabilities of this NSA datacentre?

Probably too far fetched an idea...

On 6 Jun 2013, at 22:27, Bruce Potter at IRF wrote:

> The other point worth keeping in mind is that NSA can keep this data forever 
> (hence the humoungous cyber farm NSA is building in Utah) --
> 
> So a decade from now they can check the metadata to see if it fits some 
> theory a paranoid analyst thinks might have happened half a lifetime ago.
> 
> bp
> 
> 
> On Jun 6, 2013, at 1:44 PM, Griffin Boyce  wrote:
> 
>>  I see a lot of people wondering why metadata matters.  "But they
>> don't know *what* you're doing there!"  So I'll give a short example
>> to illustrate how metadata can be used to not only determine who
>> someone is talking to, but also to invade their privacy and uncover
>> the most intimate details of their life.
>> 
>>  Jane is at 16th & L Street for an hour.
>>  Carla is at 16th & L Street for four hours. She's had a short visit
>> previously.
>>  James is at 16th & L Street for twenty minutes. He comes back at the
>> same time every week.
>>  Kris is at 16th & L Street for ten hours.
>>  Rick is at 16th & L Street for eight hours every night.
>>  Samantha has been there for three days and four hours.
>> 
>> 16th & L Street is the address of a Planned Parenthood in Washington, DC.
>> 
>>  Jane is having a physical.
>>  Carla is having an abortion.
>>  James receives his medication there. By visit time, location, and
>> frequency, he is likely a trans guy. If his appointments were every
>> two weeks, the metadata would indicate that James is a trans woman.
>>  Kris is protesting there.
>>  Rick works in an office in the same building.
>>  Samantha dropped her phone in the Farragut West Metro Station and
>> has been looking for it ever since.
>> 
>> And that's just location data. If one calls a physician every day,
>> perhaps they have a major medical problem. If a crime happens on the
>> other side of town, and you suddenly start calling attorneys... did
>> you do it?  There are numerous explanations for either of those
>> scenarios, but this kind of metadata in isolation can be used to tell
>> almost any story you want.
>> 
>> Stay safe out there.
>> 
>> best,
>> Griffin Boyce
>> 
>> -- 
>> Technical Program Associate, Open Technology Institute
>> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by 
>> emailing moderator atcompa...@stanford.edu or changing your settings 
>> athttps://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRsQByAAoJENsz1IO7MIrrtAoIAM1H67FVvGHcrlw4PyLXf98z
gYr67C3tvIsN1N8knasQjwdeJ7zLtGaoLUYjgQ7JdhdZfaJwWL4ashgBO+KCMbyZ
o239wW/m61A3DkhOdq0GLTEGKTBL70EKwX0mAHWrbYkI1hhRfGsGj7QiNqNl1G6f
9IPj8av0IHSMp5VuCKNX4zPuBBgpx/gs+Kiw4Na4JhFcdYIcko2BFa8NgxLYVHiZ
FXesc14gWtmbY8tLgjy6k0QzHg6LXmqbpNlKJ5d5rvQYvx6ZoL055lIaLAEI+8JT
0xkuaClw37dUW/63tNjD1LxgsCJQFj0Otuuj+k4CWuB5dssHwN1VMvp07N7txb4=
=ojaX
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Network surveillance

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 5 Jun 2013, at 23:38, Eric S Johnson wrote:

> I've heard that a lot (especially "it's the Chinese") but found very little
> evidence to support such allegations. 

There is OONI (https://ooni.torproject.org/) Open Observatory of Network 
Interference which is a Tor Project which is looking at proving network 
surveillance and fingerprinting it. (Along with a lot more). I would suspect 
this could/can help identifying the interference (surveillance, censorship) but 
I do not know yet if it can/will identify vendor. Since Jacob Appelbaum is on 
the list, I would not wish to comment incorrectly. Maybe he could correct me.
 

> In Addis last fall, was told by a source with some inside information that
> the Ethiopian state's cybersurveillance software came from Israel.
> 
> The pictures which rebels shot of the Libyan cybersurveillance center's
> equipment (after the Gaddafi government fell) identified it as having been
> delivered as part of a (Chinese) ZTE contract.

There were other vendors involved also (I've seen pictures Huawei user devices 
for their WiMax service being sold and used) but certainly ZTE was providing 
monitoring centre equipment.


> It does seem reasonable to suppose almost any cybersurveillance system is
> based on high-speed routers, which almost by definition came from one of a
> very small number of suppliers (Cisco, ZTE, Huawei?).

To carry out large scale surveillance certain level of hardware/software is 
needed, carrier-grade equipment, and there are a certain number of these types 
of companies - certainly Cisco, ZTE, Huawei, ///, NSN, Alcatel-Lucent, Juniper 
and a few others. 

Then there are the "network management" hardware vendors - the Bluecoats, F5, 
Redback, etc. 
These are not carrier network infrastructure, but certainly are carrier grade. 

By carrier grade I mean "hardware and software that meets certain level of 
quality, reliability telco operators are willing to put into their networks.

The point is (for me at least): this is no longer an industry of "the big" 
guys. Anyone can now become a surveillance manufacturer. A beefy Linux blade 
server running open source network management tools (essentially what Bluecoat 
is).

Hope that helps.

Bernard


>> -Original Message-
>> From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
>> boun...@lists.stanford.edu] On Behalf Of Richard Brooks
>> Sent: 06 June 2013 5.07
>> To: liberationtech@lists.stanford.edu
>> Subject: [liberationtech] Network surveillance
>> 
>> Just talked with a lot of people who think network surveillance
>> equipment in their countries are being bought from either
>> Israelis or Chinese. It seems that they are competing for
>> market share. Was not aware of Israeli companies working in this
>> space.
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRsLP7AAoJENsz1IO7MIrrH58IAK36W96/ebZbd4qKfULIyYeT
TrZ7hRlAiyddw4jY0vdrroOfwcQt3sU0srRXKhHcZLqyqKr5/MhoT8Cl52Prgq5E
U8uOk5UDAZ+q3AU+By3593MJkpGCmCO01Fmsaku5UdB3FLG/jdRBW4UusIcN0Abf
fZhLgXl0rYjqqa/9V6ZbtmW3qGozBAyObAm2po7vdQdOdISnzjxgr00/lhsekhTb
i11sYZ3DfHIvoJgz4Q7ZhdqBOMT/Fk7pxl6eKvikKAF9sGwb2IPix7QcBWSeBFtV
Rsi9/snSKs4pkXDMbkT1ic3g0ZCDPwzNTah+qKnjUR3QZ3xuPdn5FLGTbwKRcfM=
=fMG9
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Airline Shutdown Because of Loss of Internet Service?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Not knowing the detail of the situation, I am making an educated guess based on 
experience and prior-knowledge of dealing with similar situations in the past.. 

The technical reason of "The Internet is down" can span from a) the computer 
used by the company dispatcher is broken, through to b) the network switching 
equipment that connects that part of the airport to the wide area network is 
down to c) the airport Internet fibre-optic connection serving the whole 
airport has been cut by roadworks outside the perimeter.

In short, it means nothing. It reminds me of the excuse used by the city 
transport system where I used to live "there are leaves on the track". It's an 
chestnut that serves a purpose of giving some, but not enough, information for 
the cause of the issue.

To maybe expand Richard's description: the "Internet" is not just consumer 
grade broadband Internet service provision, or consumer websites like Google, 
Yahoo, Facebook.

It is also tier 1 infrastructure services: carriers who carry other businesses 
traffic. While not exactly the same, think local delivery companies who use 
Fed-Ex or DHL as an inter-city delivery backbone.

"The Internet" in this case could have been a) the logistics system used by the 
airline to dispatch the plane (maybe they should have kept their paper-based 
load sheet system?), b) the Internet connection they used to access the 
logistics system was down (maybe they should have paid for a better service 
level agreement), c) anything else.

It shouldn't surprise you (it certainly doesn't surprise me) that the Internet 
has become such a fundamental service that so many of use rely on. It's a great 
utility while it works. The problem like all other utilities is when it goes 
away. 

I know this doesn't help your specific situation, but it'd be very difficult 
with no actual information :)

I hope that helps a little,

Bernard 


On 6 Jun 2013, at 15:50, michael gurstein wrote:

> Thanks Richard and this runs on the open Internet?
> 
> M
> 
> -Original Message-
> From: liberationtech-boun...@lists.stanford.edu
> [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Richard
> Brooks
> Sent: Thursday, June 06, 2013 10:00 AM
> To: liberationtech
> Subject: Re: [liberationtech] Airline Shutdown Because of Loss of Internet
> Service?
> 
> 
> On 06/06/2013 03:45 AM, michael gurstein wrote:
>> This is probably not a Liberation issue directly but I'm not sure 
>> where else to address it...
>> 
> 
>> Sunday I was flying (Porter Airlines--small short hop Canadian 
>> carrier) from NYC to Ottawa, ON with a plane change in Toronto. When 
>> we arrived in Toronto we were informed that "because the Internet was 
>> down" planes were not able to land or depart.  The company's service 
>> was completely shut down for roughly 4 hours until the "Internet 
>> service" was restored (presumably by their ISP).
>> 
>> I understand that other airlines have had similar experiences recently.  
>> 
>> My question... how exactly is Internet service so intertwined with 
>> flight operations that service can function only if the Internet is
> operational?
>> (And I guess the Liberation angle... if this is now pervasive for all 
>> airlines what is the hackable element of all this and where are the 
>> points of vulnerability etc.etc.?
>> 
> 
> This one is easy. Logistics. Airlines have enormous optimization routines
> mapping planes, crews and passengers to flights. This allows them to shave
> off overhead and make a profit. If the network is down, they won't know who
> should fly where.
> 
>> M
>> 
>> 
>> 
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by 
>> emailing moderator at compa...@stanford.edu or changing your settings 
>> at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRsKitAAoJENsz1IO7MIrrVGUH/iGro3nh3tJMjBrb21Gw7Cuo
LgwWAlgfewM7RN9on+twe3Bd9UtFGidqjkLsDdDjgnXbq3StI+THAtYyLZgY/iOp
3YB+hnlKSH62kBATMFzQUpL1gfkCN3Y3xUAT8k3vog67xP5zmEuGzkvMXpBfGpL1
QEPIs9o2329RCx/AF8lR95KtcQ+5FEZznwIj78hwsU3A1sWpJeeHa4w/TNo6iyyw
ygX1wM6yWRiH3tZgvOkeuT9k2tQ6lS6KbvmrAUf4LxRp4QOHmEQm0ucewSeCIixi
4f28Jfhb67G90cUnQ8mWlLR/90G8gPx2ILHvypmLaGpEQ46wO9kdzPyDYdJRayg=
=4Hd0
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to 

Re: [liberationtech] Network surveillance

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Richard,

Without going into too much details can you explain why they "think" its 
Chinese or Israeli? Or what country they are talking about? Also why they think 
there is network surveillance equipment there at all?

What type of data re you looking for? Specific to the country or general sales 
of this horrible technology?

A good starting point which is accessible (in terms on not being overly 
technical) would be Privacy International's Big Brother Inc website. [1]

Also useful is the Spyfiles cache of brochures from surveillance companies 
which contains a lot of information gathered by someone who gained access to an 
ISS world ("Intelligence Support Systems" conference. [2]

Also useful for background information on these companies and the countries 
they sell to is BuggedPlanet. [3]

With regards network surveillance equipment being Israeli or Chinese, you can 
add to that list UK, French, German, American, Italian, to name a few countries.

I hope that helps.

Bernard


[1] https://www.privacyinternational.org/projects/big-brother-inc
[2] http://wikileaks.org/the-spyfiles.html
[3] http://buggedplanet.info/index.php?title=Main_Page

On 5 Jun 2013, at 22:07, Richard Brooks wrote:

> Just talked with a lot of people who think network surveillance
> equipment in their countries are being bought from either
> Israelis or Chinese. It seems that they are competing for
> market share. Was not aware of Israeli companies working in this
> space.
> 
> Would be interested if anyone had more data.
> 
> Thanks,
> 
> -Richard
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRr60VAAoJENsz1IO7MIrrHe8IAKS6kvuPWlMXyEpgEVDEM8mh
HtqH1lqgcAIe86VWX4ELQBaeVwcMB+oCrz+SRHtsai9iVbIqiQfZc6LfV32Y77pR
O6D9T/u5BqInZmT8P/GCW8OyGrzgEDTopMNunejRY0gTUN3hxMOH1kMLQdrbpDt9
moRznvJ4yYtAc78da3H+MjCqbylJmNzEJjl8X0Zcm3kELgtV1h8yo8DbyZzFvmLF
GsBPrQf/DQRY5lJVYUYE3bKvUxL4V+GMNLXSRemdCWpVOJoftsKiv9q0xFuYQqD+
5Kha951cbqVwYS6vpQWCPaXkkyzBPqJvnt0MRDFVfE+5rzi60pgS7eGPqPyC1WE=
=A1jJ
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Twitter Underground Market Research - pdf

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks Andrea for answering my questions. 

So regarding the cost its due to the extra PVA bypass, which the "follower 
merchants" charge for..I wonder if there is any connection between these  
merchants and botnets? Botnet owners or spammers would seem like a great source 
of "valid" IDs.

I wonder if "limit" in tracing fake followers is useful for something else 
other than zombie accounts...

thanks again.


On 3 Jun 2013, at 21:11, Andrea St wrote:

> Hi all,
> and thank for the questions.
> 
> On twitter you need to bypass captcha, buy a "black software"
> (botnets), buy premium proxy address.
> 
> On facebook you need to bypass captcha, buy a "black software", buy
> premium proxy address , pva bypasser (phone verification code) and
> verified email.
> 
> --
> 
> About Mercedes Benz and others brand i don't know what people think
> about but this is a good question and if there are any sociologists
> here, please ping us!
> 
> 
> --
> 
> Impossible to prove if X bought fake followers and this is the main
> reason because people do it.
> 
> 2013/6/3 Bernard Tyers :
>> Hello Andrea,
>> 
>> Thanks for sending the presentation. Very interesting.
>> 
>> I have a few questions:
>> 
>> - how did you calculate the "variable cost" for creating a Twitter account
>> and a Facebook account?
>> - why the difference in cost of creation of each? (Maybe I am missing
>> something obvious...)
>> - is it possible to quantify the negative effect of a popular twitter
>> account (ending Mercedes Benz, or some celebrity) being exposed as buying
>> followers? (i.e.: does anyone care?)
>> - what do you think it the affect is on the reputation of the account owner?
>> Is it possible to prove a user did not buy followers? As in, is it possible
>> to prove someone else bought the followers for another account?
>> 
>> Thanks very much!
>> 
>> Bernard
>> 
>> 
>> 
>> Andrea St  wrote:
>>> 
>>> Dear friends,
>>> 
>>> Two weeks ago we presented at Nexa For Internet & Society our Research
>>> about Twitter and underground market.
>>> Now you can download here:
>>> http://nexa.polito.it/nexacenterfiles/lunch-11-de_micheli-stroppa.pdf
>>> 
>>> 
>>> Our research on Nyt part1:
>>> 
>>> http://bits.blogs.nytimes.com/2013/04/05/fake-twitter-followers-becomes-multimillion-dollar-business/
>>> Our research on Nyt part2 :
>>> 
>>> http://bits.blogs.nytimes.com/2013/04/25/researchers-call-out-twitter-celebrities-with-suspicious-followings/
>>> 
>>> Now we're working on Facebook. If you have any idea or you would like
>>> to get in touch my
>>> email is: and...@gmail.com
>>> 
>>> Best,
>>> A
>> 
>> 
>> Sent from my tiny electronic gadget. Please excuse my brevity and (probable)
>> spelling mistakes.
>> 
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at compa...@stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> Andrea Stroppa
> http://huffingtonpost.com/andrea-stroppa
> @andst7
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRrieGAAoJENsz1IO7MIrreV0IAJjamQcxspvyGoaw0ZeR48gi
FkucjdJAuoIKjs2l/TRtuaPnNonrsEk+jEipCQcn7zIzv+rYge4o3pBCgp+k06o0
V69gtB9pN3zbj74vqc964XW5W96So+kkk+pCYVwSM/uuY2QyBO/oaKYUBs/BUIs9
NDMdSkKKDAhpaoMWxSN1+aIKRHY2qWOIdzB9uHlIIyZsArwtUG9igbIOvjBDYGJl
WZ8orR/B2XfKh4pG9eV36aBzr2rsx7JDbXVgFh/tY8mDpx3GryHsOGpdtOAiQWIw
8FpTlgkQHm3ed7+4cw3Jbald9UGdn8/ffQL1ySREinokiJh7dKA9++YrtoW0Hic=
=FBU3
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Cell phone tracking

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Dan,

(NB: This information is specific to GSM networks, it is probably 90% valid for 
CDMA networks, but not WiFi.)

The short story is you cannot stop cell phone tracking.

Cellular mobile phone networks require location and identity information of 
device to operate. This location data is not derived from GPS data, it is 
intrinsic to cellular phone technologies.

I have seen stories of people removing device location information from the 
networks and maintaining connectivity, but I have yet to see actual proof. It 
is probably possible, but my opinion would be it would require co-operation 
from mobile networks to modify home location register records (The HLR is 
database which tracks device and user identity and location)

Without location data the cellular device will not interact with the network 
correctly and as a result phone calls and IP traffic (web, e-mail, Angry Birds, 
Facebook) will not function correctly. Period.
 
Since you've mentioned companies and governments I'll answer both briefly:

Companies -
- - To stop 99% of companies from tracking your location, do not use IP network 
services. 
- - The 1% who will be able to track you is the network carrier and what ever 
companies they share your location data with.

- - If you must use IP services (web, mail) use Orweb or Firefox browser with 
privacy plugins (I'd like to hear other opinions), TextSecure for SMS, RedPhone 
for voicecalls.

Governments:
- - Do not use a mobile cellular phone.

Notice above I mentioned location and identity information of the device. 

The network does not need to know the user - so a better approach is to use 
prepaid SIM cards and use Tor / Orbot/Orweb (for Web) and end-to-end encryption 
services like TextSecure (SMS), RedPhone (voice calls), PGP encrypted e-mail.

Regarding the location information, you might be interested in a short 
presentation I gave on the subject of location and identity. [1] I'd be 
interested in feedback.

regards,
Bernard

[1] http://www.ei8fdb.org/doku.php?id=mobseccij


On 24 May 2013, at 20:56, Yosem Companys wrote:

> From: Dan Gillmor 
> 
> Given the vanishingly small likelihood that companies or governments
> will do anything about cell phone tracking, I'm interested in what
> countermeasures we can take individually. The obvious one is to turn
> off GPS except on rare occasions.
> 
> I'll be discussing all this in an upcoming book, and in my Guardian
> column soon. So I'd welcome ideas.
> 
> Dan
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRo7UHAAoJENsz1IO7MIrr/zMIAK1wmbMmLDUo0CYj/eH/Cro+
SqEVD5uMqc/FZFrIYNqHuWmPJKfiSxbr41nNbNyVV82jN2knOEb6KO46qYkJjfRm
AMR5bLtj8FsN9CIxsU3IvUbpkbFfmzizwF35kVgP7SUjRxmH2eROZaEX+beP/FkJ
YlwJ2KQRgt2miE5uRS5SldcI0da7+WOdqq7181hWKqjTrAXZPTEoScznHg1kVtxW
mnkJ8FQiVQswp+zyEl7HsfejEmZQwKnGnaAH1bjvX7/vxRSDUS2LR/91bUQH8I0C
Qkrf7vPSqTncQqC26GedMSvfAhcKjzWrJ1nbTbXM7f5OypqtghZ9hMgHoAdxmbU=
=wmnl
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Free Speech in Practice: A Usability Evaluation of the Tor Browser Bundle (Tomorrow, May 9)

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Yosem (and Greg),

Greg: I have read your eval of the TBB from last year. Will this talk be 
different, or include other content?

Either way, I would appreciate it very very much if it were possible to record 
this talk, audio, video. I am about to start my thesis in the usability of PETs 
tools (specifically mobile tools), and I'd like to hear what you have to say.

Thanks in advance,
Bernard


On 8 May 2013, at 16:03, Yosem Companys wrote:

> http://cyberlaw.stanford.edu/emails/20130509-gregnorcie.html
> 
> When: Thursday, May 9 ∙ 12:50pm-2:00pm
> Where: Room 285 - Stanford Law School
> Free and open to the public with RSVP
> 
> 
> Anonymity is a key part of privacy. Many activists choose to use Tor, an
> open source anonymity tool run via the non-profit Tor Foundation. In this
> talk, Greg Norcie will discuss the usability of Tor, a commonly used
> anonymity tool. While Tor may be effective from a computational standpoint,
> it's adoption has been hampered by a lack of usability. In this talk, Mr.
> Norcie will discuss how Tor works, why it is important to increase adoption
> of Tor, the legal implications of running Tor exit nodes/bridges, and the
> findings of a laboratory study examining the usability of Tor's current
> interface.
> 
> Greg Norcie is a 2nd year PhD student in the security informatics program at
> Indiana University, studying under Jean Camp. Greg's research focus is
> usable security - the application of principles from human computer
> interaction to the design of privacy enhancing technologies. He has
> published extensively in the field of usable security, and is currently
> spending the summer interning in Palo Alto Research Center's Computer
> Science Laboratory (CSL). Prior to graduate school, Greg worked as a
> research assistant at the Carnegie Mellon Usable Privacy and Security Lab
> (CUPS). Later, Greg went on to design security training materials for
> various companies and government agencies as a consultant to Wombat Security
> Technologies, a Pittsburgh based anti-phishing startup.--
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRkUhnAAoJENsz1IO7MIrrrWsIAL6wpL8DRn5nqJR6ZRVOnSKv
Nodk2dZrCUYgieLiF/Zs76voCIScgh5Ie7mzB7ODRUZ631WM3I5ePBMpfBuZHneV
n9libnqzvL6fbSidBLkh/+WHyPsowE1O2/2i6cqKWP4WKB5ZfAHj3broSFZBJFXf
MwwGEjlQwVpE03xHm5Kgd506m82cC6TFa3H2W1cWoOHmgmF2zguF8ZaDbas4gV5+
rlpc1zpSzYYDtKb1zFpTmGa4gBv6RsLbImshUNeKE47tmKfhvwPrRISeYwwrnO3p
uRysgK/dY0Bg4tumxGas/wKFUxS25EEzvV3q1pinacFNU7FGPq7fAGNRbkrBGhA=
=Kfit
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Encrypted smartphone addressbook/contact list?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hello Andreas,

I'm sorry - I should have added a requirement would be the solution should be 
open source and preferably free.

Also useful would be if it is available for multiple platforms - Blackberry, 
Android, iOS, etc.

thanks in advance,
Bernard

On 6 May 2013, at 20:15, andreas.ba...@nachtpult.de wrote:

> How about AIO Solutions like Blackberry?
> Diese Nachricht wurde Ihnen von meinem BlackBerry® von 1&1 gesendet. 
> Bestellen Sie diesen Service unter www.1und1.de.
> 
> -Original Message-----
> From: Bernard Tyers - ei8fdb 
> Sender: liberationtech-boun...@lists.stanford.edu
> Date: Mon, 6 May 2013 20:03:49 
> To: liberationtech Liberation Tech Mailing 
> List
> Reply-To: liberationtech 
> Subject: [liberationtech] Encrypted smartphone addressbook/contact list?
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hello all,
> 
> Has anyone come across an encrypted address book / contact list application 
> for smartphone devices?
> 
> Thanks in advance,
> Bernard
> 
> 
> - --
> Bernard / bluboxthief / ei8fdb
> 
> IO91XM / www.ei8fdb.org
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBAgAGBQJRh/6VAAoJENsz1IO7MIrrJ2gIALoQw++tXReu4Ej4m9wEJX2o
> Q9O+SG3xdShBYDBadGc+dCY7lluLTRaGXbTAY4Bx+jSZrr17JB2AZwaBNFnDYdjb
> FyrnYurmtqGspFOg4pDx4ocm2br+cNaJQ4a+OvzFWkfzIIzq8TCg+5QXJndK/t48
> PjZzPjgFrPc91Yeurj0bhunpCUM0FOB1rntrPCNYRDEybfioa9tVE/M9Cdvr1D4N
> Gpyq1N147JNVtWzUEx5Zx5Y4USrcgJ6fmMCBD1YMxtZ//brK7KU7yJFlNIcgf5aJ
> An/q94FQTYOU/+E6rXYZkjd2JV/pA9LBsmelTGmIIayUlmEEhlJ1eWrxHjzvAmo=
> =7EGU
> -END PGP SIGNATURE-
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRiBw1AAoJENsz1IO7MIrrsl0H/3Pr5O95+6lDCyQ670HNvxLq
301MvkFQMoAUlRvTyE8ZiQQtf4giwQoa5rAaOg+h0NwE0n3DdYcR6iIqBtAnmGpw
jETQC4OEWirT8UEIT8I9BkbK37Sr5ecLapTBF0ibHRPrUYUVKoLtOEuzhP47CdGe
creWJxRTqpBzz9GU9ZzbR7d4Qg2f9CsDkgvg5P9/V2kXXxIwmkTbFerftPQSPFZn
I2y3ynULCYfUu7IuObQ1fR1hHkQLMfKKhcBhuR+X3fivvSo1yzIspqbEr7HOENPm
5NSUB9/WYotmwQyYBuVu1Luvtb8M6RkBOIv+HmvG3dLJYa/mbJaXtiWYYsMYfU4=
=Pzwa
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Encrypted smartphone addressbook/contact list?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello all,

Has anyone come across an encrypted address book / contact list application for 
smartphone devices?

Thanks in advance,
Bernard


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRh/6VAAoJENsz1IO7MIrrJ2gIALoQw++tXReu4Ej4m9wEJX2o
Q9O+SG3xdShBYDBadGc+dCY7lluLTRaGXbTAY4Bx+jSZrr17JB2AZwaBNFnDYdjb
FyrnYurmtqGspFOg4pDx4ocm2br+cNaJQ4a+OvzFWkfzIIzq8TCg+5QXJndK/t48
PjZzPjgFrPc91Yeurj0bhunpCUM0FOB1rntrPCNYRDEybfioa9tVE/M9Cdvr1D4N
Gpyq1N147JNVtWzUEx5Zx5Y4USrcgJ6fmMCBD1YMxtZ//brK7KU7yJFlNIcgf5aJ
An/q94FQTYOU/+E6rXYZkjd2JV/pA9LBsmelTGmIIayUlmEEhlJ1eWrxHjzvAmo=
=7EGU
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Why Bluecoat?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I left the other wonderful people out:  ZTE and their monitoring centre (shown 
in pictures from Libya), and of course Huawei.

Just to give a good global representation.


On 6 Apr 2013, at 15:41, Jillian C. York wrote:

> Honestly?  Because there is ample evidence to support it at the moment.  I 
> would also suggest that it's only "singled out" in the US - in Europe, the 
> focus right now is on Gamma (FinFisher) and Amesys, largely.  
> 
> Activists have been accused in the past of "singling out" Cisco as well.  
> Attention has now turned to Bluecoat.  When there is evidence of another 
> company's misdeeds, attention will surely turn there.
> 
> Is that sufficient logic for you?
> 
> On Sat, Apr 6, 2013 at 11:50 AM, Bernard Tyers - ei8fdb  
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Hi,
> 
> I've been thinking about this for a while, and can't find a logical reason. 
> Possibly I'm not thinking about it hard enough.
> 
> I'm curious as to why Bluecoat seem to be singled out for all this attention 
> regarding use in countries where the governments are "not nice"? Is it 
> because they are a public, well known company? A lot the same stories repeat 
> the same stories of Bluecoat equipment being used in the same oppressive 
> regimes.
> 
> As someone who worked in ISP level infrastructure for a while (thankfully no 
> longer), I've seen the equipment used "for neutral uses" - network 
> management, etc.
> 
> However, there are a lot more sinister and disgusting companies who's 
> products *sole-purpose* is surveillance and censorship, and sole market is 
> those oppressive countries we talk about on this list.
> 
> My point of view is not to defend Bluecoat, quite the opposite, but there are 
> nastier and uglier fish out there.
> 
> Can anyone set me right, or give an opinion? On or off list is fine.
> 
> thanks,
> Bernard
> 
> - --
> Bernard / bluboxthief / ei8fdb
> 
> IO91XM / www.ei8fdb.org
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t
> SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g
> B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH
> dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu
> y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+
> kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY=
> =PYRZ
> -END PGP SIGNATURE-
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRYGNVAAoJENsz1IO7MIrrsT8H/2ZcRr+vWXVYpbFjGVBxiGh1
Ywpmpd9h0Fnhp0lXqIRav8Op3EGFNkz8iT6Iaf0R/gjIYZnw+SWfw2E9BMbljyN3
1At+X6PllrUkbkomwJvJnaIri+xC3F7C2IZfeQlbefAm3h5LUwClpCzI6UFuJkLV
wZKPvb74VOkrddhxsUsPkqFq7B1J0x43FYpPlF3OaRJ6beWHlDuBrc+350zFMw28
EajxjtTE1GApETOkzsQePT1R9nsAlpeM/4MEjErcQcct289U7owdf+WDHKO0koj0
1wqtq6M64jX8k1aw1Buw1i4ukhz9DrTtc9IK44xdcLsrkPFSym7H3CCjrmiIwng=
=jhqN
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Why Bluecoat?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

It was an honest question Jillian. No ulterior motive. 

I would argue there is ample evidence to support it for Cisco, Redback, 
Ericsson, Siemens, NSN, F5, Apache Squidthe list goes on.

I have read stories from European media (I can't give you a list right now, but 
if you'd like I can find) which use the Bluecoat example. 

Maybe thats actually a good project - to track the media coverage of network 
hardware vendors in connection with surveillance and censorship stories through 
out the world.

If this has brought up a previous thorny conversation that was not my 
intention. It was a question I had been thinking about.

Is it sufficient logic? Personally, not really but I understand the point of 
view now.

thanks,
Bernard

On 6 Apr 2013, at 15:41, Jillian C. York wrote:

> Honestly?  Because there is ample evidence to support it at the moment.  I 
> would also suggest that it's only "singled out" in the US - in Europe, the 
> focus right now is on Gamma (FinFisher) and Amesys, largely.  
> 
> Activists have been accused in the past of "singling out" Cisco as well.  
> Attention has now turned to Bluecoat.  When there is evidence of another 
> company's misdeeds, attention will surely turn there.
> 
> Is that sufficient logic for you?
> 
> On Sat, Apr 6, 2013 at 11:50 AM, Bernard Tyers - ei8fdb  
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Hi,
> 
> I've been thinking about this for a while, and can't find a logical reason. 
> Possibly I'm not thinking about it hard enough.
> 
> I'm curious as to why Bluecoat seem to be singled out for all this attention 
> regarding use in countries where the governments are "not nice"? Is it 
> because they are a public, well known company? A lot the same stories repeat 
> the same stories of Bluecoat equipment being used in the same oppressive 
> regimes.
> 
> As someone who worked in ISP level infrastructure for a while (thankfully no 
> longer), I've seen the equipment used "for neutral uses" - network 
> management, etc.
> 
> However, there are a lot more sinister and disgusting companies who's 
> products *sole-purpose* is surveillance and censorship, and sole market is 
> those oppressive countries we talk about on this list.
> 
> My point of view is not to defend Bluecoat, quite the opposite, but there are 
> nastier and uglier fish out there.
> 
> Can anyone set me right, or give an opinion? On or off list is fine.
> 
> thanks,
> Bernard
> 
> - --
> Bernard / bluboxthief / ei8fdb
> 
> IO91XM / www.ei8fdb.org
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t
> SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g
> B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH
> dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu
> y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+
> kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY=
> =PYRZ
> -END PGP SIGNATURE-
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRYGJ/AAoJENsz1IO7MIrrubUIAJWszruj++/XowwiifJujEE7
P+Mcu2FSFatmyQFngrDcGtuThtdPxuer6lhsx3tZQgI7kz07yuYzDjrrESuDs3DR
CLTA6SENfuc7SljBpFK6FN2h/28rWBxE9Cf74ydVV68Mzzj4r11w4PskT9bI7/5O
Be+3IqGjqKzEKd6hCt6sVYr/eVyzJGMLc4QgnCpPCu1jM3B7aFyaSOdJxQXlNttV
N0FWB6CIRM9UmrUEllUuYShxGSyGlBgVjR+Ia5iF2vcHKgTwqMzM1ao1ZiknTSdS
1PkaTokX8MNfuTx94OhmFPelpeLrr7qzpDQUDWpAHHgcMndsMwt5anI95WigMlM=
=auxl
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Why Bluecoat?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hi,

I've been thinking about this for a while, and can't find a logical reason. 
Possibly I'm not thinking about it hard enough.

I'm curious as to why Bluecoat seem to be singled out for all this attention 
regarding use in countries where the governments are "not nice"? Is it because 
they are a public, well known company? A lot the same stories repeat the same 
stories of Bluecoat equipment being used in the same oppressive regimes. 

As someone who worked in ISP level infrastructure for a while (thankfully no 
longer), I've seen the equipment used "for neutral uses" - network management, 
etc.

However, there are a lot more sinister and disgusting companies who's products 
*sole-purpose* is surveillance and censorship, and sole market is those 
oppressive countries we talk about on this list.

My point of view is not to defend Bluecoat, quite the opposite, but there are 
nastier and uglier fish out there.

Can anyone set me right, or give an opinion? On or off list is fine.

thanks,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRX+/0AAoJENsz1IO7MIrrMQcH/1vOMQvty80EZkCGcqbXiT9t
SI0o9OOU+wn3Am5ERwDfXlcXy+V/28vbXxPvbhRtjIukF1X94fgJ95+ODn2dOY6g
B4wnOmLzvDT8HovPhf1zH4Dkot3N50Rkt4V4k29163EYVPgLkkuRrPgU6HGwB9IH
dVW54KNXnZX3sXFsYle0j8rayI1tgPWpesPpWCe/J5pI+ljLTFbLEJ+Ytz6rPbqu
y4c/Irjknh8NCVr1LLaGnTkeZQstv5oWZErRrv0bl9Qkm737PAkUCmhTjvBoJw7+
kJ9b7lFjJ2h9TRdw54RwTomRrhe4yYmPYlWnSyy4k6d6PK1B7bjKdUT89xjn4jY=
=PYRZ
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] suggestions for a remote wipe software for Windows?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(Apologies if I am making an assumption on people's knowledge) 

Entropy in disk encryption is the "random information"  collected by an 
computers OS or encryption application for use in encrypting a hard disk.

Those with more knowledge in encryption: could you please give an explanation 
of how "a large amount" of entropy can be generated during disk encryption? 

I've only ever used/seen keyboard/mouse input as a way to generate it in 
encryption tools. I would guess for the "average smart thief" (What is an 
average smart thief?) that is sufficient? 

Something I've also looked for an answer for is: Using those mouse/keyboard 
inputs as entropy generators, whats the best approach to use? Is there one?

thanks,
Bernard


On 4 Apr 2013, at 07:58, Eugen Leitl wrote:

> You didn't mention your operating system, but in terms of least
> pain I would go with http://www.truecrypt.org/downloads and
> encrypt the whole drive. Make sure your password has enough
> length and entropy so that it can't be brute-forced.

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRXSx4AAoJENsz1IO7MIrrT2AH+wVA0ItLXrWRHZRDNm8DQkO9
OCZKcx7422SHrWqY1U9fA+fXlAOcOK94F1zxcS6/zM5KZy8i7zYLuVJQb5LJ7MMe
4OmEz5Y6Jq4kCAye7DSZsjiOWBSOV8TaLWXBaNFFw8xKogRQk51zwB3IfvoHji5F
pqvS8G18gfJwLvennKUEVWOtkIxz8VFs/O2IQ/S0nazcWgtvZ6Si+auKtXF8oQok
XJ4q7LVkv+K4KkLoiK6N2y3WPS7y1SGzWn1Msx9GH1bl6EljtIlUlg3F/kLyvXVV
5wijtmPZe0rIzDs49kz2CTZWaWyr2dHWJVat5MjRse4LFd8JLSMYqo/kSlcOB2I=
=6jBg
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] suggestions for a remote wipe software for Windows?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

So the objective Kathy has mentioned is to:

"log into and delete the contents of the laptop's hard drive"

It would seem the contents of the hard disk is "more important" than the actual 
hardware.

In that case I would go for the encryption option. Yes it is some 
configuration, and time to wait until the disk is fully encrypted, but last 
time I did this for a work computer it took all of 4-5 hours to encrypt and was 
very reliable - the machine was dropped, put to sleep, woken up multiple times, 
and used very heavily. I would prefer relying on that rather than some OS level 
tool.

You have no guarantee any of these "track your device" tools will be 
successful, especially if they rely on the machine being powered up and 
connected to a network. 

Griffin, thanks for the link to Prey, it looks interesting. 

Bernard

On 3 Apr 2013, at 20:08, Scott Elcomb wrote:

> On Wed, Apr 3, 2013 at 2:51 PM, Katy P  wrote:
> What is easier for a lay person and least susceptible to a "smart" thief?
> 
> Despite what it says in my signature, I'm no thief.  That said, were I to 
> steal laptop, the first action I'd take is to remove the drive before 
> powering it up and connecting it to any network - especially the internet:
> 
> If I'm after the data, I'd want the drive sandboxed to prevent the original 
> owner from doing exactly what you're looking to do.
> 
> If I'm after the hardware, I don't care about the data and would format the 
> drive on another machine to avoid the hassles of trying to crack my way in to 
> do the same thing (format the drive).
> 
> +1 for encryption from me.
> 
> -- 
>   Scott Elcomb
>   @psema4 on Twitter / Identi.ca / Github & more
> 
>   Atomic OS: Self Contained Microsystems
>   http://code.google.com/p/atomos/
> 
>   Member of the Pirate Party of Canada
>   http://www.pirateparty.ca/
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRXKnbAAoJENsz1IO7MIrrus4H/AzT4Pue4r+XHBNj/LeJMAsz
yWpdqHqKfuBXADaAW5Wyjhif3IpbxH6GzU1YG9vP9M6zDwucqBArJcOJ2xBmHZV7
yl/tdJs3ODw9ftHNums4CI8KOKnNl8Uqs53SpXWAhr7CNIOeJGgpLiKTwDu6tAZi
ADH50yLHMY94KT0BV549Yo+yo+MIcwxomj7fI8TTS8VQA9kzkR4WcpiMGU7sRqOL
FQtYL2Ap1vjJoI1+Ap/3I06fIqb3IubEelxO1gO3ix+R9fFhp2M5oIYouQXfUKnd
6mUVP3miAq4Yi7Gk3E3F0tSjlbALlSC52Otr9FRr0L2RPuif+BM55VKJB3938AA=
=ujXj
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] suggestions for a remote wipe software for Windows?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Would you like to give some more context on what it is you are trying to do?

"remote wipe software for windows".


On 3 Apr 2013, at 18:08, Katy P wrote:

> Thanks!
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRXGQaAAoJENsz1IO7MIrrLBIH/2bsK9wu0gH5Qu7RtOQJO4P+
++VE+zAlgI7e62I3Dtypp2MI7P+m+CrHkKU6JJEvXNC2QTPGcEZjpQeLc89ulZ6B
ud8IfMPCnL2gOk65K/VFNv86c9F1K2F1JyGuMUt4iCpC6FaRqMT492uEzg/J5PyO
oI+fiLQonQMaHgJccXltxz9+xMWnaMMjFOXMQR0blhknzBBOzgzmZqHhkE1OFZ/2
sq9oj6YbTwZ+fsBfx9TIi7FruRT8Qy1vj1RlmTr8EKkFkijTF9D3344gZFvmOSXS
Nuu6QESNDBC3IFfAR78A41gwAHm6xd0oyAe+BATvD4tarkPK0Bb/sjZ5XsKoXSM=
=b7AH
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] SUBSCRIPTION

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Suggestion 1: Can we trial putting the UNSUBSCRIBE footer (that part of the 
e-mail that no-one reads) at the top of the e-mail so everyone sees it?

Suggestion 2: change the wording of the unsubscribe footer to something 
shorter: 

"Too many e-mails? Want to receive the digest? Want to unsubscribe? Change your 
preferences: https://mailman.stanford.edu/mailman/listinfo/liberationtech

I would then put the e-mail address "compa...@stanford.edu" there if people 
*still* can't modify their subscription. 

Mark sorry to focus on your mail, but the link to unsubscribe *is* at the 
bottom of *every* e-mail sent via the list. Scroll down to the bottom of this 
e-mail and lo and behold there it is!



On 2 Apr 2013, at 18:30, Mark Gleicher wrote:

> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings 
> athttps://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRWxlCAAoJENsz1IO7MIrrV6UH/A7sYUb6/yAdG9Y2PGBUOPCT
SpPzpKra5GuRZQCBmWzqUPYqxXnnW6wNodGXq0XiRk0aNNCkCZ2sUPEgnhtfBcKR
nr+3ilcYkmCaX0bwfCKkgJLz4FihCooPGHhijbhx7cZAUrHjbaw3PKMnG/kQTUz3
bmfuaOrDuYSAJ1V5cMcCtr2Jqa9dg01EtlwI2J5aSw2oZy1/2n16VW6JvnM+OJF4
i7AKMjUbqldmOZHLIp0pKsvZmGy6Zm70QrPjq9JK2OTQk4dEZpIecRjnDI4QLW3S
panA3Yko9ss5LhtnXXDcCHRh4ucR+X2IdflEp1K9kNFdZcBZfbICgZY/tyYX704=
=rxKE
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Eugen,


On 7 Mar 2013, at 08:02, Eugen Leitl wrote:

> On Wed, Mar 06, 2013 at 09:36:41PM +0000, Bernard Tyers - ei8fdb wrote:
> 
>> I have one answer: Amateur radio. Forget mobile phone networks.  Amateur 
>> radio is cheap, very durable and will provide you with the functions you 
>> need, and if you can get access to amateur radio operators in your country, 
>> you may have free support for the life of your project!
> 
> Hams need to be registered

Correct. One barrier to entry. But if the help workers are certified this is a 
non-issue.

> , may only communicate with other hams

"By the law" true, but in circumstance where is makes sense they can (and often 
do) communicate with other parties. I have in the past communicated with 
coastguard stations (very briefly) and mountain rescue teams (see below). 

> (i.e. may not give access to third parties, and especially
> pass traffic of third parites) and

Not fully true. 

I have been involved in a number of activations when living in Ireland where an 
amateur radio was used to pass safety messages for mountain rescue teams that 
were providing safety cover for cross mountain outdoor challenges. In this case 
we communicated with 2 groups which provided a national service for safety in 
mountainous areas.

Messages can and regularly passed for 3rd parties as long as they are not of 
commercial nature. Amateur radio operators in Ireland (and I am sure other 
countries

I would point to this audio interview outlining the work amateur radio ops did 
during the September 11 attacks in New York
https://www.youtube.com/watch?v=UpRSQsE9VfA

I would also point to this audio recording of amateur radio operators passing 
3rd party messages during the Loma Prieta earthquake in 1989.

http://www.kernsanalysis.com/loma/loma2.mp3

And I would not say this is specific to Ireland/Europe. Amateur radio is 
licensed and administered by the ITU. I'm not saying their control is all 
correct, but there is a framework, legislation and policy.

> may not pass encrypted traffic.

Again yes by law. And I would agree with that.


> You might get away with end to end encryption at application layer, 
> but this would be only tolerated at best. 
> 


> The whole ham culture and liberation technologies do not really
> mix.

Again, like I said in my previous mail, I don't fully understand what you mean 
by that.

My point is not that amateur radio is the answer to everything, it was merely 
that if there is a decision of mobile phone networks doing something that will 
not directly make them profits, that it is a good alternative to investigate.


regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJROOgGAAoJENsz1IO7MIrrVf4H/iCoLP36B6b1gtL6QucCcuLt
hxLRYRG/KDPTpVYSWPAW/2xfkn5EiDoEtrhZfF4mrUBlyKyfV/5ln71VbLTs6tsQ
Mz5TyvgsI4eFSFG5A5WxLtW0WBTpd07L1VVvFBt+PlnFoGHmec89uLSNNLpx5vTy
1HI7NxAXsl39PJZLUGGHz4JyV/m0UdSd7/PpSVM7Nj7uizOrJgz3dyuP/DoP5p/v
VJVHPbJ4VMU2CewsPtJ7y4eYNKWPzaT97X3zfohnEyfi5YSJu87OV+cEsXV88UCz
qWiSSmzeRe+g+BKPCy7O3Z71VQ8v3HUCkAFnd4QRerUzvoGHPYHH1EzdBiiRY10=
=kvt9
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hea Doctor,


On 7 Mar 2013, at 16:38, The Doctor wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 03/07/2013 03:02 AM, Eugen Leitl wrote:
> 
>> The whole ham culture and liberation technologies do not really 
>> mix.
> 
> Unfortunately, this has been my experience as well.


Can you give me some examples of what you mean?

I would argue thats the ham culture that you have seen in your 
country/city/area. Like any "technology oriented" area there are people who 
focus on the technology instead of its use.

I would not say we amateur radio people are all human rights activists, but 
most people I have worked with have been involved in using amateur radio for 
public good. 

I would point to the whole ARES/AREN/RACE area (amateur radio emergency 
services) networks, the use of amateur radio in natural diasters, the use of 
amateur radio during the Kuwait invasion, in passing welfare messages in and 
out of countries with opressive regimes.

These are areas where people will *give up their own time, money, resources* to 
*help other people out*. Sometimes in countries they have never heard of. Often 
they will even look for ways to work around laws, because it makes sense in the 
situation.

Like I said, I am obviously biased, but I have not encountered the "ham 
culture" you mention, but I don't doubt it exists.

thanks,
Bernard
- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJROONOAAoJENsz1IO7MIrr6+8IALFXjgUMvK1/byim1ICMn9+p
WAj3aV18CPywf4TQcz2LkQFSXBp9DQnYVzxIqUU3LbS5DF/v50FVKuQYiUgl5fJX
FfhflfJIRrVF+4iJnUAEP42xLJq9NkdS1DeezBzf9suYg5o4MKVQbsFwdrBGAuSa
YQUJHldxvi96HLat6r2JYyahR/4zyNK33ovZnPjCbOhVkZBhQTO69DEwDTB4imil
+Uz6//VRaLNMNxgC6wDMQA5sh5E4uSRvykvcqltNj5cvdT/1DC/n2zp4iPMOjgCt
yG98vQ2duZqCuFRUe1ob47CVtApN51dHZF73ArI9aJVd/vBPDpDXn1mtNhwKGFE=
=oIxd
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Howdy AA6AX,

Nice to meet you.

On 6 Mar 2013, at 21:09, Sky (Jim Schuyler) wrote:

> Your APRS idea is interesting and I only know it from the "positioning" side, 
> not from passing any text, so you may want to continue looking into it. I do 
> not know that APRS is currently passing any traffic other than positions, at 
> least as used in the US. I also do not know whether it's used outside the US. 
> Please do remember that APRS and most other amateur digital service are not 
> designed to be "reliable" which means they may not "try again" to pass a 
> message and the message may become garbled in transmission. Some do attempt 
> to error-correct, but not most.

Not strictly true. APRS clients can be configured to send messages and retry 
for X attempts. Then it will give up.

Seeing as SMS transmission isn't even guaranteed, I think its a pretty good 
attempt for a system that has been developed totally for free! :)


> Even most amateur radio digital protocols do not have very robust 
> error-correction, so they're a bit iffy.

That is true.

> Easiest to expand: maybe and maybe not. You have to have a stable of radio 
> operators available both locally and remotely. (Presuming you want 
> information to go from somewhere to somewhere.)

If as Dr. Dey requested both sides of the communications were between health 
workers and their HQ, you could train up all the health workers and possibly 
even employ a "net controller" (amateur radio lingo for person who sits in HQ 
and is in contact with all the field posts) to co-ordinate communications.


> Without licensing: Although I encourage folks to become amateur radio 
> operators, they do need to be licensed. The government that giveth it can 
> taketh it away at the stroke of a pen. I will skip saying more right now.

I agree. I'd go a bit further even and say a restricted licence now-adays is 
trivial to receive.


> Also I note in your original statement that you are talking about "tribal 
> areas" with poor connectivity. Your challenge is going to be getting your 
> signal from the tribal area to a reliable amateur radio operator. That's 
> unless the radio operator is already in the tribal area. If the cell phone 
> can's connect, then amateur VHF and UHF probably wouldn't work either, so 
> you'd have to rely upon HF with longer range but much greater variability in 
> terms of signal propagation.

How much can you build a self-sustaining 2M VHF repeater for now-a-days? :)


> Keep in mind that amateur radio is a point-to-point service subject to the 
> vagaries of radio propagation. In other words, there is no reliable path 24/7 
> from one point to another unless you're using prearranged VHF or UHF 
> frequencies and line of sight propagation. Commonly for emergency ops we 
> arrange all of this in advance and have emergency power and operators 
> trained, and frequencies and modes chosen. For HF propagation there is no 
> guarantee your message will get through because "the bands may be dead."

Which is kinda similar when it comes to mobile networks. If it was possible to 
get a telco to carry out some "corporate social responsability" work and 
install even just 2G voice that would be something.

I would argue, you can get a lot more communications bang for buck with some 
trained amateur radio engineers, and some amateur radio equipment, than spotty 
3G coverage.

Mobile operators work on the premise: when we will make enough money from 
people, we will install equipment. I'd honestly hope they have a different 
business model outside of Europe, but I don't think so.

73's

/Bernard



> 
> On Mar 6, 2013, at 12:08 PM, Ali-Reza Anghaie  wrote:
> 
>> I'm assuming privacy issues are of minimal concern given the other problems 
>> at play here - I could be wrong but bear with me.
>> 
>> Trying to think of lowest-cost, reliable, easiest to expand and re-deploy 
>> without a telco or other licensing.
>> 
>> I wonder is a low-bandwidth text HF APRS 
>> (http://www.aprs.org/aprs-messaging.html) option with a laminated deck of 
>> shorthand medical terms would be a reasonable remote field option? About as 
>> rudimentary as you get but considering a worst case scenario - it might just 
>> work. -Ali
>> 
>> 
>> 
>> On Tue, Mar 5, 2013 at 9:15 PM, Sky (Jim Schuyler)  wrote:
>> Since "HAM" (amateur radio) is real radio, not phone, an Android app 
>> wouldn't use it directly. The app might -control- an amateur radio remotely, 
>> and there is software available to do this. However, I'm not sure what 
>> benefit it would bring to this project.
>> 
>> In the US, amateur radio operators must send all information in "clear 
>> text," and encryption is illegal, thus you would not want to try to exchange 
>> medical info because you'd need to encrypt it. In other countries it 
>> -should- be illegal to transmit medical info in the clear, so I'd suggest 
>> avoiding this.
>> 
>> Also, "high frequency" amateur radi

Re: [liberationtech] Can HAM radio be used for communication between health workers in rural areas with no cell connectivity?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear Dr. Dey:

Disclosure: I am a licensed amateur radio operator. I am slightly biased. :)

I have one answer: Amateur radio. Forget mobile phone networks.  Amateur radio 
is cheap, very durable and will provide you with the functions you need, and if 
you can get access to amateur radio operators in your country, you may have 
free support for the life of your project!

If you can tell us the country you wish to set this project up we can possibly 
help with finding out more about the amateur radio community in the country.

To answer your questions:

>>> I am proposing to set up a ICT based health project in tribal areas with 
>>> poor infrastructural facilities with poor cell phone connectivity due to 
>>> unstable signal strengths. i have learnt that HAM radio software from 
>>> HamSphere is downloadable on android phones.

Yes it is downloadable, but as far as I understand (it was the case when I 
wanted to install and use the software), it requires the person wishing to 
operate it to send the administrators of the system a copy of their amateur 
radio licence. 

NB: This could have changed.

>>> I would like to know whether these android phones with HAM radio software 
>>> installed can be used for communication used for voice communication 
>>> between health workers themselves and with head quarter staff.

Yes, it would be possible but it would require a) the telecommunications 
infrastructure for an "IP connection" (either mobile phone network, or WiFi).

>>> Will it be legally permissible and what technical requirements will be 
>>> needed to set up such system.

I understand it is still a "requirement" to produce a valid amateur radio 
license to get access to the Hamsphere (and similar systems). 

The technical requirements are an Internet connection capable of carrying your 
amateur radio software messages. Without either a) a mobile phone network, or 
b) a WiFi (or similar system), c) satellite Internet service this is not 
possible.

>>> The other alternative of setting up of mobile signal boosters or long 
>>> distance WiFi hubs are currently not affordable to our limited resource 
>>> organisation


And honestly, would not be a good use of your funds.

- ---

The APRS discussion:

APRS is still clear text - the only "protection" is that it is a digital mode 
(it is transported over AX.25, a transmission protocol). Anyone with an APRS 
modem and amateur radio *could* decode and read the APRS messages.

End result again is no privacy. Maybe privacy through obscurity.

APRS is used (in UK and Ireland) regularly for passing short messages, and 
information objects (weather conditions/temperature in geographical areas, 
traffic information, movement of rescue teams). I can give you more information 
if you think it's of interest.

There is a system called Winlink (in the States I think its called Sailmail?) 
which can be used to send and receive e-mail, which I think is more what you 
are thinking about.

Winlink operates with a similar objective as e-mail - it sends electronic 
messages to and from stations equipped with Winlink systems. It can be used 
over HF (frequencies with long distance capabilities). But the requirement for 
equipment is greater than 2-way voice communications.


However, in this case, I would ask: is there really a need for privacy? Or at 
least is there a need to identify the patient by name, etc?

Idea:
=

By European Conference of Postal and Telecommunications (CEPT) regulations and 
the mirroring bodies in other parts of the world, a non-licensed individual is 
allowed to operate a licensed amateur radio station in the presence of a 
license holder. The patient could speak direct to the medical staff to explain 
their conditions, etc.


Scenario:

(I don't know if this scenario is feasible or reflects real-life circumstances. 
If not, please give some more details for discussion)


* A patient goes to the health worker, based with the village/nearest health 
station, with a health complaint.

* The health worker needs assistance in helping diagnosis/treatment from 
his/her headquarters. The health worker has been trained and received an 
amateur radio licence.

* They then call the headquarters for more details on the particular patients 
condition.

* The health worker does not name the individual, but gives his/her medical 
background. As the health worker is present, the patient can talk directly to 
the headquarters and give their information first hand. 

* If necessary the patient can be given a pseudonym for use over the radio 
system. The patient's real name could be sent via normal means to the 
headquarters if necessary. 

* The headquarters responds with information for the persons case.

* The information exchanged is not personally identifiable (I guess you could 
argue their voice could be used to identify them...).


They are just some ideas as I thought. I would argue the licencing

Re: [liberationtech] Hispanohablantes / Spanish-Speaking LibTech Community

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would like to be added also if possible.


On 5 Mar 2013, at 18:15, gaby david wrote:

> Hello all, 
> 
> why not? I mean,  it is a very nice idea and me sumo a la lista !
>  
> gaby david
> PhD candidate
> Lhivic - EHESS
> Paris
> 
> twitter, facebook, instagram => gabydavid
> http://culturevisuelle.org/corazonada/
> 
> 
> De : Yosem Companys 
> À : liberationtech  
> Cc : sandraordo...@openitp.org 
> Envoyé le : Mardi 5 mars 2013 18h38
> Objet : Re: [liberationtech] Hispanohablantes / Spanish-Speaking LibTech 
> Community
> 
> If there is enough interest, we could create a Spanish-speaking list.
> I would like that, as a native Spanish speaker myself, with an
> interest in Liberationtech issues in Spain and Latin America.
> 
> On Tue, Mar 5, 2013 at 8:59 AM, Eduardo Robles Elvira  
> wrote:
> > Hello there!
> >
> > I don't know how many others spanish-speaking people are there, but
> > I'm a spaniard living in Madrid, we can get in touch =) I'm the lead
> > developer of agoravoting.com, an e-democracy voting tool with support
> > for vote delegation.
> >
> > Regards,
> > --
> > Eduardo Robles Elvira+34 668 824 393skype: edulix2
> > http://www.wadobo.comit's not magic, it's wadobo!
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by 
> > emailing moderator at compa...@stanford.edu or changing your settings at 
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRNjqEAAoJENsz1IO7MIrrhWAH/1whsTRsv2UT8HnF9OB5xhqB
37Sa/hkVg8tks5MTvvfyuyopAp1QAetouXUfw9qkPKkZlB32bhHyPEk/U0HQPmOc
6TW+lDOKW8RBd1ndQttDmHx5nJlVyuMq/gWvNsfmElViBOu5N59Ox+GKCQ7vwx8B
t7YM1M/eyZc1EopRqdxnfS7C+g/FjIIFOYQdrIp7HTim3NPCJjRWkkAIFuu5ZKpW
2sQTrHTlUkH4p+1cUj03Tai1LdlBg07+a0EKkJX84AN/J7E+d8a7eUangjgXTUFG
10AKCWZvHyND70HiM4vb+gZ1qqtkFc1vNO333nL8GpzKvpDZ/gsRL9eTeazzJFM=
=GB72
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] [SPAM:####] Re: [SPAM:####] CfP: Society, Informatics and Cybernetics (March 19)

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Wow, who'd have guessed that spammers and scammers operate in the world of 
academia too!

http://fakeconference.blogspot.co.uk/


On 5 Mar 2013, at 12:24, Rich Kulawiec wrote:

> On Tue, Mar 05, 2013 at 06:13:42AM +, scarp wrote:
>> I'm kind of shocked that the advertisements posted by
>> compa...@stanford.edu aren't somewhat verified.
> 
> I wouldn't be too critical: the people behind these fake conferences have
> been at it for a long time and they're quite good at blending in.  These
> conference announcements have shown up on all kinds of mailing lists --
> that is, they've gotten by a lot of clueful eyeballs.

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRNewLAAoJENsz1IO7MIrrgGwIAJyuVV3fCMchGxGhFQSBNISv
5rkyrZhAwRceQWYnUCCajmiRNciPyv2xVr5MrSp+IJlQzMXoznsLLD7lv/gw96jd
dXEy/suhmrVuqGA2dNFgS/MNN2DLLTRvVd1LNEcdasg1qDPEzF1y/IiGsnAZRX1W
d/Sa0//DyV6xrjWOw9vPMMfmKSFeJRQu+ZLeRwVSbXmUm00cvSZboDd1sG30HwFy
ypZbiYafhuCX2yYuE1EQAK+abJc+g3aiJl0KLkWR+YJqF90ZJk2er6bbX+LJwJ6j
k8Z+QvncqIB/UlL4LJhRezdcZqUqNQ5ERf8Z+z2AZYQvgzQN9Uf4vZQ63HSQVW8=
=xA0T
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Please help out a student!

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Andrew and Louis,

Thanks both for your replies. I will be compiling a timeline with your sources, 
and also the following timeline from Wikipedia: 
http://en.wikipedia.org/wiki/Timeline_of_the_Syrian_civil_war

Thank you for your help.

Bernard

On 4 Mar 2013, at 01:59, Andrew Lewis wrote:

> Broadcast.telecomix.org should have a decent listing
> 
> Sent from my iPhone
> 
> On Mar 4, 2013, at 1:44 PM, "Louis Suárez-Potts"  wrote:
> 
>> Bernard,
>> No doubt you have a much better timeline already, but the authors of this 
>> one, from Al Jazeera, might be able to supply more details if asked.
>> 
>> See: http://aje.me/Yld95a
>> 
>> -louis
>> 
>> 
>> On 13-03-03, at 19:10 , Bernard Tyers - ei8fdb  wrote:
>> 
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>> 
>>> Hi Andrew,
>>> 
>>> No I mean more: actions by the Syrian government as in shelling of cities, 
>>> crackdowns on demonstrations, and the retaliation by civilians and the 
>>> opposition forces.
>>> 
>>> I did find a overview from the NYT a few days ago, but have misplaced the 
>>> link.
>>> 
>>> Any help appreciated!
>>> 
>>> thanks,
>>> Bernard
>>> 
>>> On 3 Mar 2013, at 23:55, Andrew Lewis wrote:
>>> 
>>>> Telecomix? Anon? SEA?
>>>> 
>>>> Of which I can provide some insight, at least on TCX.


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRNQqdAAoJENsz1IO7MIrrK5cH/iE2MPceDGmlY5z6Qq8xKUeF
OnAPPJNOEiMp0z6tdHi3EUTFkrObqqFGUjYv249Ru+xULdkVyewyMb61x4XCBoAU
sUbe+lbGLiiGcdUvxtPCmaX+Yho0LbKyY2eOabJXiAxLqgT9CGRKkyVeygKkFK/i
kTQutoZNg3udMIzxCeO/5bzGgN+FWraPnP+nUnB0bCNFYMIbzeGgzQ+g0GoIFarE
CJ6NW4brPN96shEeYeahrE1M7/7M1g7yv3VryWEPFK9mZPBm7nPO29ysvU2kksJh
ydPwyaM06dj6kVzV/WcyC0JPPnJSS9GHEb0Lk6SLPPj3T2BbrlnLrTgj5SXttuI=
=B0jc
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Please help out a student!

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Andrew,

No I mean more: actions by the Syrian government as in shelling of cities, 
crackdowns on demonstrations, and the retaliation by civilians and the 
opposition forces.

I did find a overview from the NYT a few days ago, but have misplaced the link.

Any help appreciated!

thanks,
Bernard

On 3 Mar 2013, at 23:55, Andrew Lewis wrote:

> Telecomix? Anon? SEA?
> 
> Of which I can provide some insight, at least on TCX.
> 
> On Mar 4, 2013, at 12:28 PM, Bernard Tyers - ei8fdb  wrote:
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> Hi there,
>> 
>> I am doing a data visualisation project as part of an MSc programme. Part of 
>> it is a timeline of events surrounding the civil war in Syria since the 
>> start of 2011.
>> 
>> The goal of the project is understand the influence of events ("actions" by 
>> the Syrian government, "actions" by the groups opposing the Syrian 
>> government, public demonstrations and others) on censorship of Syrian 
>> Internet access.
>> 
>> Would anyone be able to point me towards a "timeline" of events in Syria 
>> over the past 27 months? I don't know if this exists. Or possibly give some 
>> pointers on where to find useful data and how to create one?
>> 
>> The best I have been able to find is what Google reports as being worldwide 
>> searches since January 2011.
>> 
>> I would appreciate any assistance from anyone with knowledge in the events.
>> 
>> Knowing the make-up of the list, please accept my apologies if I have made 
>> incorrect assumptions, or portrayed things in a simplistic way. It is not my 
>> intention to offend.
>> 
>> thanks in advance,
>> Bernard
>> 
>> - --
>> Bernard / bluboxthief / ei8fdb
>> 
>> IO91XM / www.ei8fdb.org
>> 
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>> Comment: GPGTools - http://gpgtools.org
>> 
>> iQEcBAEBAgAGBQJRM9xpAAoJENsz1IO7MIrr/n8H/j/d3P618OxRxfJo8HjSI+9F
>> CLxE9UDPl1onHvsBc0khu78g0giRYgTnmSPTvXJRu++VNFHcuKVjgSpCFBWKcLzf
>> ynCaGGCF8Dy/Sq4YDGBKKubjeecK3YH2UVKdYnQ0QuiS9RQ3RM8/wpZ2h0TT01vL
>> yuxeqO7decPLdFXtYalCetwKPjN1sJdVga9v2buP6qIiQjYzqxtGGC0BUjw7Hsv+
>> GMJ8Z/9S2rrjgS3Y047gxUNdgci2+AZoiqyixGRp1wx7/FOI31GADUKcOI9aARfj
>> YUFutRoTOnUVV8cvr1OduXQ9jzp0GufgvZynTTdlxsHq/YkCwGCyLjeAkGNP9f4=
>> =/AtG
>> -END PGP SIGNATURE-
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by 
>> emailing moderator at compa...@stanford.edu or changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRM+ZuAAoJENsz1IO7MIrreksH/26bY6LyPjUhTZXvzw8Vt6es
twMujqeP2Qv4a8y0B63GlkzjzrnQCVjhT+h+nNwQCZRMsdCvjYNbfKismi1Vr4WX
MMYnul8wmCP7xYV8flUXFI166Hsv1LKmzHPrvjZuIgRnCoDe0p6ICHy6sP4MRxMA
MtdQPzMm1CkGTWTJ9ZN7KDBi7SDP9ny4ClXPKuCoVK1uwKxFGdn2g1/V+9Ljmpah
VdUwJdNccNtsZAYMULO7hSHM8qWM7buqQDPYOBR5Q1/bdni/9PHPJeCbxH6cZL6g
YXMF784c0crJsfePD8gYRcDDBDEaw18ISdcHsJpbwHPME1Uaf0OwE4j4Advr2jc=
=fpn+
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Please help out a student!

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi there,

I am doing a data visualisation project as part of an MSc programme. Part of it 
is a timeline of events surrounding the civil war in Syria since the start of 
2011. 

The goal of the project is understand the influence of events ("actions" by the 
Syrian government, "actions" by the groups opposing the Syrian government, 
public demonstrations and others) on censorship of Syrian Internet access.

Would anyone be able to point me towards a "timeline" of events in Syria over 
the past 27 months? I don't know if this exists. Or possibly give some pointers 
on where to find useful data and how to create one?

The best I have been able to find is what Google reports as being worldwide 
searches since January 2011.

I would appreciate any assistance from anyone with knowledge in the events.

Knowing the make-up of the list, please accept my apologies if I have made 
incorrect assumptions, or portrayed things in a simplistic way. It is not my 
intention to offend.

thanks in advance,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRM9xpAAoJENsz1IO7MIrr/n8H/j/d3P618OxRxfJo8HjSI+9F
CLxE9UDPl1onHvsBc0khu78g0giRYgTnmSPTvXJRu++VNFHcuKVjgSpCFBWKcLzf
ynCaGGCF8Dy/Sq4YDGBKKubjeecK3YH2UVKdYnQ0QuiS9RQ3RM8/wpZ2h0TT01vL
yuxeqO7decPLdFXtYalCetwKPjN1sJdVga9v2buP6qIiQjYzqxtGGC0BUjw7Hsv+
GMJ8Z/9S2rrjgS3Y047gxUNdgci2+AZoiqyixGRp1wx7/FOI31GADUKcOI9aARfj
YUFutRoTOnUVV8cvr1OduXQ9jzp0GufgvZynTTdlxsHq/YkCwGCyLjeAkGNP9f4=
=/AtG
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Internships available at leading Palo Alto tech startup

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

While I support the idea of exposing the internal workings of these pointless 
companies, I would expect the poor "intern" who was "successful" would be bound 
by umpteen NDA's requiring various body parts if they were ever breached!

Is it worth martyrdom?! :)


On 23 Feb 2013, at 22:17, Jurre andmore wrote:

> That's a rather excellent suggestion to infiltrate and spill their secrets!
> 
> Op 23 feb. 2013 19:19 schreef "Don Marti"  het volgende:
> begin Jacob Appelbaum quotation of Fri, Feb 22, 2013 at 10:06:38PM +:
> 
> > This seems like a great job for understanding the current state and
> > future trajectory of a specific component networked authoritarianism!
> 
> Or for taking notes for an article, "I was an
> exploited intern for a creepy privacy-violating
> marketing company."  I bet the Atlantic would
> buy that.


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRKUJ1AAoJENsz1IO7MIrrVn0H/0wmQAayFDWaxjEo5JfkNcnl
klsDygHRsgKXLyq6o6bHXoWkskeY5auKpN9q5+00xi+Be6uZ+ZyeMrlFz/taoWWF
d+DXn6oLALgIhKqSfOKniTPyPQcQ7ZhUef0t52VKa+hqPsFzLv2kiX4QKaErxkT2
Z9Lbx15fE6clTlCfbY4TnlhG+JfiB00hsRyNjYswAktQkWVCaIVt2A+aQKPwszoP
uz86RrxigqzIS0u4Jyp353JEcBSt2kW4nUDJ+eLAoAn5bV6gr1RYijURpkUSeWBL
wEaevWcxmMZBW1GnTwIy/LJwn5shLsePgoRTfAOT+5f5kP6cFcsrUXDJKWF0pog=
=c/qA
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Internships available at leading Palo Alto tech startup

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 23 Feb 2013, at 04:40, Griffin Boyce wrote:

> 
>   The unpaid internship "bubble" for Fortune 500 companies should have burst 
> five years ago.  Not only is it bad business practice, it's unfair to the 
> interns who are put in that position.

Well written Griffin. And this approach is not just Fortune 500 companies, and 
not just US either.

As someone who has recently changed profession (and a few years older than 
28!), I have turned down and ignored a number "opportunities" (their words, not 
mine) as the positions were "interships". I refuse to work for free, for a 
profit making company.

The least companies can do is pay minimum wage, and even then...

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRKJddAAoJENsz1IO7MIrr/JAH/AqwfstwsxwT6asPRl7ljpZW
R++cInwop+krcZ1NDdL2PJRRDmItHvh9XX5MQimDP1uPFPNhA4PUBWEakDd6sKcm
+N6LGNIncKXv0j/fRNaV2EZkBsR5sbvfo/W2IzbVvUyUbg1ymmjPah/on8EHnxNK
lmYc9CqQhyHBKYJkRep8MIqIeakHuXVfiaY181soqQ9ejOIIIs34URhWpM+K4A58
wy86cSF44PTCbz4HAcROuwlLsUctA6rab+0Wx7KQ8PMsGQ68ByXDWS+cH3NDkx0C
AmM+aSKLBkUy+RW2zaTDrbJ6lcqXRj/Xcdtj/boHv/DR7ksYCeFJj/bTTTvGOHs=
=l6J/
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] digital to analog: Syria radio help needed

[Bernard Tyers - ei8fdb]

The approach taken would be: self contained IP->FM transmitter box that can be 
detected without any danger to people setting it up. 

If there was access to technology I would suggest a multiple of low cost 
computing devices (raspberry pi/etc) receiving IP audio stream, connected to a 
reasonably low powered FM transmitter. These nodes can be found and destroyed 
but cost is low and safety is maintained (as much as possible).

Caveat: These are quick ideas off the top of my head. There are probably better 
ways, but technically these would be possible. Security may be compromised. 
Some [BIG] assumptions are made.

Not knowing the availability of radio transmitter hardware within the area, my 
suggestions would be:

Option 1: 

* The IP based streaming input will be available within Syria? If some 
censorship is being carried out, have the audio stream available on a 
"standard" IP port, 80 (web server) for example. If so use the IP streaming 
audio as input for the FM transmitter. I would not think encryption of the IP 
stream would make sense (and would possibly raise flags/get it blocked)

* Coupling (connecting electrically) the actual radio transmitter via a 
point-to-point (possibly multiple points) microwave link to the antenna 
installation. This will give some basic protection -instead of coupling the 
antenna installation via co-ax cable to the radio transmitter which give away 
the location of the radio straight-away.

* Allow the system to be controlled remotely, if necessary: although that would 
give the possibility of   some surveillance. A more secure way would be to 
leave it as a self contained system that dies when/if its discovered.

Ultimately the audio will need to be available to broadcast FM transmitters on 
the 85Mhz - 108MHz range.

Ultimately the transmitter would be found, if any signal interception is being 
carried out.


Option 2:

* The IP stream is sourced from outside the country,and is coupled to an FM 
transmitter outside the country. The FM signal is broadcast with a directional 
antenna, over the border into Syria.
* Again, depending on the availability of FM radio hardware, a repeater/relay 
installation receives this -> original radio station broadcasts on 88.5MHz for 
example, the repeater  receives it and retransmits it on 101.0MHz

This could be chained a number of times hiding, for a short time, the each FM 
retransmission point. Eventually it would be found as "somewhere across the 
Syrian border", and whatever happens happens.

Ultimately the audio will need to be available to broadcast FM transmitters on 
the 85Mhz - 108MHz range.

Ultimately the transmitter would be found, if any signal interception is being 
carried out.


I hope these ideas can give some help. Please verify the assumptions made, at 
least discuss with a broadcast engineer if possible.

Bernard


On 4 Feb 2013, at 15:17, Stefan Geens wrote:

> A Syrian whom I trust and who I've helped with security-related issues before 
> needs some help that I am not qualified to answer, so perhaps somebody on 
> this list knows what to do or where to turn for expert help. I don't want to 
> suggest anything to him that gets (even more) people killed...
> 
> He writes: 
> 
> I am working now on a radio for Syria that needs to cover Homs governorate, 
> since people there don't have internet or electricity, the only way to reach 
> them is by radio.
> We are working to establish a FM radio station that covers Homs governorate 
> and all Syria later on, it will be based on an online radio that is streaming 
> from outside Syria and we are looking for the best solution to stream on the 
> ground in Homs. We are looking for the best solution to transmit the digital 
> signal into analogue one.
> The point is if we want to use a normal transmitter on the ground it will be 
> known for the regime warplanes and it will be destroyed after few minutes.
> So, what are our options and the details of the best solutions (using inside 
> or outside Syria base)?
> ==
> 
> Thanks for any help you may have. I'll forward it to him.
> 
> Stefan
> 
> --
> stefan.ge...@gmail.com
> @stefangeens @ogleearth @dliberation
> +46 73 504 5261
> Skype: stefan.geens
> PGP: 0x54ABD155F7CE9B68
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Manuel Castells talk at RSA London, 20 March

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

For those interested, Manuel Castells (University Professor and Wallis 
Annenberg Chair of Communication Technology and Society at the University of 
Southern California) is talking at The RSA Wednesday 20 March. Tickets are free.

Talk description:

In our time, multimodal, digital networks of horizontal communication are the 
fastest and most autonomous, interactive and self-expanding means of 
communications in history. From the Arab uprisings, to the indignadas movement 
in Spain, to Occupy in the US, the networked social movements of the digital 
age represent a new species of social movement.

Leading scholar of our contemporary networked society, Manuel Castells, visits 
the RSA to shed light on these movements, and to examine their formation, their 
dynamics, their values and their prospects for social transformation.

http://www.thersa.org/events/our-events/networks-of-outrage-and-hope

regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJRAGACAAoJENsz1IO7MIrrP6AIAJC+M+uZ1FTj0LuGYhTkiegt
oLW4R6LTvIaRtgF8wN2YlI++u/VQjd5ccQ2S3ttiFlLnJODvCKQPFFKwQPj8RW0I
lBZA/oIfwQ28qSUuWaFEwBrt9ZZdXfoGLmf3neXb3N9iHs+kRkY6nYUufHf0aI42
0oEuKmnXIvHxU0KBUCWKIplDN+N0a8NnTfUsAki1TcvXOgYGA4ZENHr4T3pjpOjZ
UlAK5HXjCwmzEPKD6RW9hK7BPOZIZeT27aD1hrkLjBlPYUZGWiqd3VizOfWnV1ho
rPda7iaN+JtKJxg49ilKxh9cL9t5w+xKiIXmmmh7wicrGAZOuY0RqhjjaCaSkwA=
=dEEM
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Mega

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23 Jan 2013, at 12:45, Eugen Leitl wrote:

> On Wed, Jan 23, 2013 at 07:40:13AM -0500, bbrewer wrote:
>> 
>> 
>> "All the money in the world", and still, so many listed problems on this new 
>> service. Malicious intent, or just complete rush to give the finger to the 
>> authorities?
> 
> You don't seem to know Kim "dotcom" Schmitz well.

You bet me to it. IMO, this is a two fingers from Kim Dotcom to the US 
government, and a PR stunt to garner support from his new host country of New 
Zealand. 

He feels hard done-by (and he has a point). It's a PirateBay.org style campaign 
and will probably be resonably successful.

The best outcome possible is to point out the issues with it (as is being 
done), explain why they are important, and hammer those messages through in the 
media. Those messages will miss some people (as they will only see "free and 
secure"), but that's always the way.

bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQ/+MOAAoJENsz1IO7MIrrAa8IAJDPY7eDe2Dz1iw1FJo3Zr08
c8uRiyjJHPmqZt1194A7hOCax+eP+LwkFoa7DDp4NoXw8O4Frc8DogTXD+soxjDh
4doC2y8AV9y6AC2HUMUrkyEu9M7bra9o9Cbos+sdxLptnL8qnvXE0pWTeOrPiBgZ
uu+Dq4vGyni0nZoXv7XTNox5lE/Rp0bC+9mSNZy1JmB1o7h1RyotU6OtA0ydLK94
XvaGIyaG/PcBqz/zXjDNmRw4oI84UaYsy23gIOS+yW4D4vtwRs0lqMiZjvyJskgU
JYg6Oh+fwsVIJ1H7iJ9JhqMMuaWwQZxPU/w5qirZQlVD8x1mFE2I9G4HMfHqcMo=
=XOUN
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Any TSF people subscribed?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi there,

Is anyone from TSF, Télécoms sans frontières, subscribed to the list?

thanks,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQ98YjAAoJENsz1IO7MIrr4X0H/2Din6TvweRms7GBoA2jHvNz
qTx0njpzjTf3vVgg9KIZifgdKjphGRjtJJ5yWsYgyvzYYPBiiNMfYy61Q1iHQICL
8EV6XJGeqUf++hQ4nlFXVb0tvbSFaWf8AXryoZIazmTZpYtWEOWFEB6j0uAWXhyh
ov8+9NTnRetaRQAY0tGewP12V9NozqRgCStC+N49ySwngF41uZFuIBiebWJ+ga0h
gn5SiWET0XdDgLlbjyzkCwCtvuI5qwrSIsaNw4nDMPZlQNZ1Fb/qlJt+LtWK3M3x
qIaChc+s0YwymYDwNEhf3l8XRkTfVU7fQeje/KqSKVCj/ef9UzHiNX3W9dBSE0E=
=eniH
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Skype Open Letter: CALL FOR SIGNATORIES

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 16 Jan 2013, at 17:27, Nadim Kobeissi wrote:

> On Wed, Jan 16, 2013 at 12:22 PM, Bernard Tyers - ei8fdb  
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Do all signatories need to be affiliated/part of an organisation?
> 
> Nope!
>  

Thanks.


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQ9u3HAAoJENsz1IO7MIrrwrsH/RwSwPMo8qzKlCFGUHCq/ffO
Fkfli+Ga3VAo8gF1yjsS7TJ+/+1TxzJgK/lowqIx9hL+QEPKaae3OOFsnaVQ/Lhm
vgof610Yea6PESzn4NuK2d5j5+S0Ez7NqvHVz24ZWQxhpqONcF+cLoIJADQbCV4P
yh6gDfcYO1kpT7B0AspebEM27Zsae2Bg+NjUS8KENgVGPUwZbbPtCZVFqtyylaGM
tXEoysuDHzsUmB5p8e0PJXtWcFHV8gGjeo/TkfSKRGCYfpvl+HH1NHsq4t7l+UwK
IgmKbPrIzxAQrtAX5LpLh4ib6IOZ8QLO6rLFszdvosZq38k5l0bd7WhylLNpMDg=
=Qs7D
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Skype Open Letter: CALL FOR SIGNATORIES

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Do all signatories need to be affiliated/part of an organisation?


On 16 Jan 2013, at 16:58, Nadim Kobeissi wrote:

> Dear Privacy Advocates and Internet Freedom Activists,
> 
> I call on you to review the following draft for our Open Letter to Skype and 
> present your name or the name of your organization as signatories:
> 
> http://www.skypeopenletter.com/draft/
> 
> The letter will be released soon. Feedback is also welcome.
> 
> Thank you,
> NK
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQ9uHXAAoJENsz1IO7MIrrbKEIAMYUBZsvcdaGihSRAxI30tPn
CYKEv9O7FQxo1zSSfjbqi16nJ6ZCdt8R4meELwTmk0KnGIJyd+zPOWqd6fb4GhoH
uw/csLwT1kaPc0WI3/44e13TW/HdjfsmjRnzHF73GJltr7WEtFlhNluDCWxqcTjY
sGBX8x6wgPTbBwqr8KaOUbL53m5cf0EC7syZ4lil73aadLgIDbePZgD78s3uyjaY
iij7hhezV/vb5U4nAEpPl5Djs3uoAbycIYZifZmFEqA6E73heZ28j4qzhZmYrVHR
Doi9h3EUCWkVg9FzUxF8h2T8ad79PoxnQAjTwNXJJGregng5i+Ku74itlhr9M1Q=
=4FPl
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] French ISP blocks all web based advertisement, by default.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Salut Julien,

Thanks for correcting me: the one English article I read (mentioned in my mail) 
was light on details, and my French is, well non-existent, so I was reliant on 
Google translate, which I never trust!

For the point of core infrastructure, the fact that the user can turn it off 
(as opposed to on!) from the CPE makes sense then. But also quite a "sloppy" 
solution.

Regarding the ad IP blacklist: is there any information on it? Who creates 
it/manages it? Is there any way to get on/off this list? Presumably Google ad 
IPs are on there.

I did not know about the connection with the Free owners and the ad-business.

I wonder what the purpose is, indeed. Just trolling like you say...it being a 
sloppy solution would lead me to believe its something like you suggest.

thanks,
Bernard


On 3 Jan 2013, at 18:42, Julien Rabier wrote:

> Of course, for my first post on this awesome mailing list, I had to do such a
> silly mistake to invert opt-in and opt-out.
> 
> To sum up :
> Acceptable with opt-out : No.
> Acceptable with passive opt-in : No.
> Acceptable with active opt-in : Yes.
> 
> By the way, I take a moment to introduce myself :
> I'm participating in a non-profit and local DIY ISP [1] and we are several
> organizations in France doing the same thing, some of them grouped in a
> federation called FFDN [2]. Promoting Net neutrality, citizen's control over
> the Internet infrastructure and so on.
> 
> Julien
> 
> [1] http://www.ilico.org/ (only in french)
> [2] http://www.ffdn.org/en
> 
> Le 03 janv. à 19:30, Julien Rabier a écrit :
>> Hello everybody,
>> 
>> Just want to add some precisions :
>> 
>> - Not all web based advertisements are blocked. Blocking is done with a
>>  blacklist of IP addresses.
>> - It is done on the CPE level, not in the core network of Free.
>> 
>> This story is quite shaking the french interwebs and i was like Bernard at
>> first and the more I think about it, the more my position is confused.
>> 
>> My current state of mind is :
>> - Is it an acceptable net neutrality violation if it's done on an opt-out
>>  basis ? Yes.
>> - Is it acceptable in the current, opt-in, case ? No.
>> 
>> One funny thing is that the ad-company of lemonde.fr (biggest online
>> journal in France) owned by X. Niel who also owns Free, is still accessible.
>> It's not in Free's blacklist.
>> 
>> There is a fight between Free and Google about Youtube for some months now.
>> So, is it a google trolling move ? 
>> 
>> At least, it's a good way to show how ad-dependent the commercial web is
>> currently is.
>> 
>> Julien
>> 
>> Le 03 janv. à 17:41, Bernard Tyers - ei8fdb a écrit :
>>> Free ISP a French ISP with approx. 5M subs has blocked, by default, all web
>>> based advertisements being served to their fixed-line Internet subscribers.
>>> [1, 2]
>>> 
>>> As a consumer, I would be very happy about it. As a "Internet neutrality"
>>> (whatever you want to call it) supporter I disagree with what they are
>>> doing.
>>> 
>>> If they want to offer this as a service, then it should be opt-in, as
>>> opposed to opt-out (subscribers can turn it off via their Internet router).
>>> 
>>> While it's not life-threatening Internet censorship, in my opinion it is
>>> still censorship. From a network infrastructure POV, it would be a
>>> reasonably large job to carry this out successfully, without issues, but
>>> nothing a modern ISP with a budget could not build.
>>> 
>>> On the Twitters there are various reasons being discussed (the ISP is
>>> blocking companies, who are not paying them anything, from making money).
>>> 
>>> Will we see some websites blocking access for Free ISP subs? Will they
>>> offer a second-class service?
>>> 
>>> An interesting, but slightly disturbing development.
>>> 
>>> 
>>> [1]
>>> http://www.rudebaguette.com/2013/01/03/new-update-to-freebox-censors-internet-ads-by-default-for-5-5m-users/
>>> 
>>> [2] (Google translated)
>>> http://translate.google.com/translate?sl=fr&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.numerama.com%2Fmagazine%2F24665-blocage-des-pubs-free-pete-un-cable.html&act=url
>>> 
>>> regards, Bernard
> 
> 
>> --
>> Unsubscribe, change to digest, or change password at: 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Unsubscribe, change to digest

[liberationtech] French ISP blocks all web based advertisement, by default.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Free ISP a French ISP with approx. 5M subs has blocked, by default, all web 
based advertisements being served to their fixed-line Internet subscribers. [1, 
2]

As a consumer, I would be very happy about it. As a "Internet neutrality" 
(whatever you want to call it) supporter I disagree with what they are doing.

If they want to offer this as a service, then it should be opt-in, as opposed 
to opt-out (subscribers can turn it off via their Internet router).

While it's not life-threatening Internet censorship, in my opinion it is still 
censorship. From a network infrastructure POV, it would be a reasonably large 
job to carry this out successfully, without issues, but nothing a modern ISP 
with a budget could not build.

On the Twitters there are various reasons being discussed (the ISP is blocking 
companies, who are not paying them anything, from making money).

Will we see some websites blocking access for Free ISP subs? Will they offer a 
second-class service?

An interesting, but slightly disturbing development.


[1] 
http://www.rudebaguette.com/2013/01/03/new-update-to-freebox-censors-internet-ads-by-default-for-5-5m-users/

[2] (Google translated) 
http://translate.google.com/translate?sl=fr&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.numerama.com%2Fmagazine%2F24665-blocage-des-pubs-free-pete-un-cable.html&act=url

regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQ5cLdAAoJENsz1IO7MIrrZoAH/0S2COYdAVVHZaYpClJ24INS
PiMhLBO20JzGTVEdQ6IXBzOOYI5zBET1h764SWHkn07ZIwxpzjw9FQDnedF3XH6a
a1ZD/QfuLVdhbqbP8NEntgfJgooIbc61MkeUeD0Z1+NZVU4m4l8ChRy1k7O67vY0
HRyma7Duhmxy/uRpuh3esQkVCXc77c/hpEqehVUvtS+48BTnGVxVT+UR138mSw4M
i0eh/dxoMvUFlgaojwsqOtRTQwMqud+FWUV4CvQiLWE0FUrVBrgbVnSB34OQmvEC
ypHk761JO03w14GLdueLb58zwoN13GJIwtLXMYBJ8Q6Kweb+D9XRYzRTDvz66xw=
=cWRl
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Listserve removal

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

It's self-service!

Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


On 11 Dec 2012, at 17:20, Michael Zlatarich wrote:

> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQx2u9AAoJENsz1IO7MIrrXcoIAMHey8s9A57DWy5qPMPiflxa
u3Rxtpiabq8qQ6mr/ahhQFj+/fBzOY50SHWJq6RIZEyEhnFYC0JIxVIWiWu/JOyi
J/UvmEHCQLcdoDq3oEmbkYqMTlK0FAUdco11RS/d2tWO06lbv+oTboiadSjfihKr
+KAcOfRWOwYI+ozWf41ygmvJ9v8BfVPpr8rE5H09RjV8q1nhmCNkqJeBDtLpEqhn
30Ae/YKNkE+ArpbJKX4Xd2lgI/IRJAXTpgRwn84HkIxSCHj/JQbvnnWOvXieZjxQ
riqusktlOGq/0FjrRrwxnpoBFiuzlMyfRCwk2/6BBdosMyTRaBri2WZL3Sxc48k=
=HIJV
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Censorship hardware - BLUECOAT IN SYIA

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

It looks like there is squat in the EXIF data (nothing that I could find 
anyway).

I remember from depths of memory that Twitter, or possibly some Twitter 
clients, strips EXIF data from photos when they are uploaded.

$ exiftool A9C2RWPCcAAbpvQ.jpg_large.jpg 
ExifTool Version Number : 8.99
File Name   : A9C2RWPCcAAbpvQ.jpg_large.jpg
Directory   : .
File Size   : 44 kB
File Modification Date/Time : 2012:12:01 20:37:20+00:00  [ <- The date and 
time I downloaded the image]
File Permissions: rw-r--r--
File Type   : JPEG
MIME Type   : image/jpeg
JFIF Version: 1.01
Resolution Unit : inches
X Resolution: 72
Y Resolution: 72
Image Width : 530
Image Height: 720
Encoding Process: Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components: 3
Y Cb Cr Sub Sampling: YCbCr4:2:0 (2 2)
Image Size  : 530x720



Bernard

On 1 Dec 2012, at 20:34, Jillian C. York wrote:

> Can anyone pull the exif data from the photo?  I'm not having any luck, but 
> I'm an amateur.
> 
> On Sat, Dec 1, 2012 at 12:06 PM, Douglas Lucas  wrote:
> If anyone can get the name of the office or location, or specific names
> of Syrian authorities involved, I might be able to do something with that.
> 
> Douglas
> Email/PGP: d...@riseup.net 880B7171.
> 
> On 12/01/2012 01:36 PM, Bernard Tyers wrote:
> > About the photo: is there any idea where that photo was taken, and what
> > date? Is it possible to get photos of the back of the rack?
> >
> > To me the location for that kit looks strange. The surrounding look like
> > an office, however that equipment would not be suitable for general
> > office surroundings.
> >
> > That is indeed an SG9000.
> >
> > This is purely personal opinion and I could be mistaken but the
> > equipment in the rack beside the 9000 has some physical features of some
> > ZTE kit.
> >
> > Based on searches ZTE have in the past hired for telecoms engineers and
> > account managers for clients in Damascus.
> >
> >
> > Regards,
> > Bernard
> >
> >
> > Rafal Rohozinski  wrote:
> >
> > This pic has just been posted on twitter.  It was picked up by the
> > Secdev Syria Operation Group. It is allegeldy a picture of internet
> > censorship hardware taken inside a telecom hub (exchange) in
> > Damascus, http://twitter.com/AmaraaBaghdad/status/274919986399703040/photo/1
> >
> > It looks like the ProxySG 9000 ( http://www.bluecoat.com/products/proxysg)
> >
> > Rafal
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at: 
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQumwNAAoJENsz1IO7MIrrwxoH/iidvpKCWJow0YfVemiGKLsz
i8lDiUCmonbU8h1xzGChGYP3alFfd/jVUxQTmf0cSLoqP1kU137Igc7x93hUsFun
GvnEC8Xbq5P1xaVVDZXv8wy9NA/6GBgN1nX+lZmNbaLOhEpziPSCC7BVZ7WzTS0a
/FBJ45/+wK33p+nTLeO8K0jMp7HZ/RdS8sUC0wafro/j2mINAQ7JxVg6n5qh6ty1
JG4jQtWgQwTegMx9J/1XEH595ZEPzET6yheAf2b1snPjamT2Pwqsk2sy4pK8/jKw
BSks926nn8l4tUYYmi0C26r8wqu1FSQxpiwLV7Cdcx4ZOn6iRgeR9cAEvIrGZQA=
=lv/t
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Censorship hardware - BLUECOAT IN SYIA

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

True - it would be useful for a journalist to make some enquiries as to the 
outcome of that investigation. My guess would be nothing.

It's also interesting that the article says 14 SG9000s made their way to Syria 
- and there are 8 being used in that single rack.

That means 3/4 chassis are either a) being held as spares, which would be 
possible but slightly strange in normal circumstances, but I guess these are 
not normal circumstances, b) lost/faulty/out-of-service, or c) being used in 
some other location.

Bernard

On 1 Dec 2012, at 20:11, Jillian C. York wrote:

> Oh, I'm with you - I just wanted to send it along in case there were folks 
> who hadn't heard about it.
> 
> On Sat, Dec 1, 2012 at 11:44 AM, Bernard Tyers  wrote:
> And reading that article now, I wonder what ever happened to that "internal 
> investigation" Blue coat were running.
> 
> I also wonder what happened with that Dubai distributor?
> 
> Something tells me they're still doing business.
> 
> Restrictions make no difference in these cases when you have one company who 
> will provide a  "partner" service provider who will then provide a service to 
> the persona non grata, possibly or possibly not with the knowledge of the 
> original company.
> 
> Bernard
> 
> 
> Connected by Motorola
> 
> 
> "Jillian C. York"  wrote:
> 
> http://online.wsj.com/article/SB10001424052970203687504577001911398596328.html
> 
> Blue Coat Systems Inc. of Sunnyvale, Calif., says it shipped the Internet 
> "filtering" devices to Dubai late last year, believing they were destined for 
> a department of the Iraqi government. However, the devices—which can block 
> websites or record when people visit them—made their way to Syria, a country 
> subject to strict U.S. trade embargoes.
> 
> On Sat, Dec 1, 2012 at 10:39 AM, Rafal Rohozinski  
> wrote:
> This pic has just been posted on twitter.  It was picked up by the Secdev 
> Syria Operation Group. It is allegeldy a picture of internet censorship 
> hardware taken inside a telecom hub (exchange) in Damascus, 
> http://twitter.com/AmaraaBaghdad/status/274919986399703040/photo/1
> 
> It looks like the ProxySG 9000 ( http://www.bluecoat.com/products/proxysg)
> 
> Rafal
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> 
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> US: +1-857-891-4244 | NL: +31-657086088
> site:  jilliancyork.com | twitter: @jilliancyork 
> 
> "We must not be afraid of dreaming the seemingly impossible if we want the 
> seemingly impossible to become a reality" - Vaclav Havel
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQumWEAAoJENsz1IO7MIrrgPIH/3VgSfjRYIUCf6jTV5cjOw2c
bxo5e0fQS4P7CcNI7ria2go8FcOEeO2ok551sKhI9HRzPXk72MrTxqQPo5TP6o3f
o4yT7AP2RuiKem9Ms0ge+bHysm3BEcSq0RYWK0CV5ukGreNmYpjmd4n9BYibrep4
4Rwmug9YxGXj+/OOwQnd1BncqghEoGIS+xApuKrIjWPCI/dMgV5duBux7YE9wSJc
LD0OFW0u0TYwzLg2Vw8B0UkFvQhohHla5PjZv9SJRUTsBU/IaUPmDUtBAXdqLUaO
KndaRcyOujWQ9hqvCcGVbDlrJgSYqxg1aDNhPtyJMJBqx925tn1IyE2ADCKGWk8=
=AIPd
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] CryptoParty in Tunis tomorrow (Saturday, 1st December)

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- From memory (anyone knowing the please correct me if I am wrong) but the 
London Cryptoparty which was held in the Google Campus also required real names 
for "health and safety" reasons. This didn't stop people from signing-up with 
fake e-mail addresses and names. (Of course not something I would suggest!)


On 1 Dec 2012, at 14:01, Julian Oliver wrote:

> ..on Sat, Dec 01, 2012 at 10:31:25AM +, dan jones wrote:
>> 
 You may be aware that a previous event called CryptoParty was
 organized during the OpenITP Tech Summit on 27th November.
 However, the organizers required people to give their real ID in
 order to participate, requirement that was considered as not
 acceptable by a number of people, including people from the Tunis
 hackerspace.
>>> 
>>> It sucks that it turned out this way. I didn't want to at all, and
>>> I was looking forward to meeting Hackerspace TN folks, but I
>>> totally get why you were turned off by the name policy. I probably
>>> would be too in the same situation.
>> 
>> Could someone explain why there was a name policy? I am having trouble
>> imagining why?
> 
> Well it's quite absurd really, given one of the primary concerns addressed at
> Crypto Parties is protecting the right to anonymity.
> 
> -- 
> Julian Oliver
> http://julianoliver.com
> http://criticalengineering.org
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQumG0AAoJENsz1IO7MIrrPDIIAINxi+RXdkRAiTqZRwmnfiGE
ygHQsvHT0PawIZwMp6m3fw6AzYkUIYUgjz5EzCV6q1dzuciyUrnwMfxDnQAqhkYd
Y/ltOBK7zLEytFPsBHf2jxdSj+0XwT3bEf2FDgjeZMUK7tr3CnVIIaJcd9KEMADV
30u5OtDY4HQamBtvZfmQqr2K6NXjNajRPvG3KVsQ4q8agSGfBrjLr51VTvhoma4E
oKSLnC0QeZugcU4wXsJdjKPjP9I3x7eGSv6LnDNnDpVTV/EJvrdIEPLl3y51yvyj
mbC7uOTKQkrfr8Ms3BsjPacy2eMSJsG3n4IQHKkbu6h4vSeyfy/OaSq63Ohu8n0=
=UHXJ
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] MJM as Personified Evil Says Spyware Saves Lives Not Kills Them

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

It saddens me that someone who is clearly talented is so delusional, or puts a 
price on his personal life. 15% of the company, and hefty salary.

Either way, he seems to be the company fall-guy.

"Muench has put himself forward as Gamma’s point man on the issue, as Gamma’s 
controlling shareholders, the Nelsons, remain in the background. He says they 
act only as investors, providing money and customer contacts for FinFisher."

If I was an investigative journalist, I'd be doing a story on the "Nelson 
family". What kind of investors has links or contacts with oppressive regimes?

In fact, I don't want to know.


On 11 Nov 2012, at 22:19, Jacob Appelbaum wrote:

> ilf:
>> On 11-09 15:53, Eugen Leitl wrote:
>>> Muench says he’s given up on a social life for now. “If I meet a girl
>>> and she Googles my name, she’ll never call back,” he says.
>> 
>> Our work is paying off.
> 
> Didn't you see his OKCupid profile?
> 
> It's hear that it is a good way to find others who are interested in the
> same kinds of morality! :)
> 
> All the best,
> Jake
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQoWDBAAoJENsz1IO7MIrr18sIAMyufQPGPb0JTJBh4+qYqXHH
nMKV6r2UNMlkpXDl6Pn7RZvh8Qvn8WEkCZa0PVVvQfx5h459tDU5IfED4HFWKQdP
HEc1nGMNbR+G+R/tkAAPJaatbZLdnNMjLEoCcDqJwrKSBdFS5T9VR9NlM3Q5BblO
aZjRRwPj6yTJMWWvesr53JAhc5ozDSGFlFWjah3Tp3PZNJoI92dbZ3bq6Em1NrzI
aDmWyCADDH/9uhXthV18VBMTIGjRvLlj7VGla1kI6ftjR6jgvZ/KeyULBjCApcfE
pAACvRjPQLHc1oyoqnm37RPTJy7InDhLOIVA4UWfXmdcey7pBHbMPc/YiXpe8FM=
=ee/t
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] A technologically progressive approach for oppressive regimes to operate.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I attended a talk recently in London titled "(Mobile) Money Makes the World Go 
Around". [1] 

It was attended by people involved in mobile money (M-Pesa, mobile operators, 
finance companies, and billing backend people). The conversation was about how 
wonderful M-Pesa and such services (they are, in certain ways), and the 
different business factors that are at play in the mobile money industry.

I asked a question about privacy and anonymity in the use of mobile money 
services. I was a little shocked (I expected the answer, but not so bluntly) 
when a representative from M-Pesa said "You can forget it frankly. If you are 
making an electronic payment, somebody somewhere wants to know you are not 
money laundering. Arguably we don't have any privacy anyway." [2]

And then I thought: what a wonderful way to keep control of a group of people - 
state run mobile operator who implements a compulsory mobile money service for 
the population. You have an electronic device in everyones pocket, which can be 
located to (depending on cell density) down to 50m approx, with an MSISDN 
(telephone number) tied to bank account details.

To the "outside world" you look forward thinking, progressive and technological 
progressive. 

Is it necessary to go to that length? Too much money? Is the front needed?

Bernard

[1] http://mobileheroes.net/
[2] http://soundcloud.com/heroes-of-mobile/mobile-money-makes-the-world

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQka7QAAoJENsz1IO7MIrrl18H/jBAuQx8fEGscJLK1L0coNb+
8z/kCh62PdaNxGuRadudojYDE2sqpUL16DAHBqinQisJITCsY32OAmcwORS48YJF
aWcWTP0sAhBKBeXImWseLzfuH2iHpB25t3/Ele8h6TR/4mWaUJrhvCnAz2Bw+IIM
7UtsQjD8KXybuni5QLbBtLA3naSvmixd0TbvEwD5ty8Dec9P8jVcchfpWeWh4xwU
mC3pRHee9p248n+aRbY8tF3GHRfw3S85ApJQICUv+bUFbPOP8bV2q+sF4sVnMq+I
TW3OGzIkkAimkmOdLVwlqUWfGB5ZCmcTPkaxc+euqu0lBKRzGXeFUlwo9jQp9gQ=
=hTKA
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Large amounts of spam

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At a risk of receiving the mentioned spam myself (thankfully my mail provider 
also seems to be killing the spam before it gets to me), and at risk of 
offering another evidence-less possible scenario - 

There was recently a "valid" e-mail account that was somehow used to send spam 
to the list. It's quite conceivable that account is some way connected/has 
provided the beginning point.

Or like the person from Stanford mentioned maybe the spam is targeting a number 
of Stanford lists

On 31 Oct 2012, at 22:41, Yosem Companys wrote:

> Maybe. But the site was already mirrored for a while prior to the
> archives being made public.  So I think that's unlikely.
> 
> On Wed, Oct 31, 2012 at 3:39 PM, Andrew Lewis  wrote:
>> Maybe someone is simply scrapping the archives for the sender address?
>> 
>> 
>> On Oct 31, 2012, at 6:36 PM, Sarah Watts wrote:
>> 
>>> I am one of the...people it got; my email address was suddenly
>>> subscribed to more than thirty lists (Twenty maybe) none of which I
>>> subscribed to.
>>> 
>>> I contacted someone...and have yet to do the second thing they suggested.
>>> 
>>> -S
>>> 
>>> On 10/31/12, S Vivek  wrote:
 Greg: This seems to be happening in other lists at Stanford, and so I won't
 be worried of a concerted effort against the libtech listserv.  We are
 working on it, and I hope that we'll be able to handle it soon.
 
 Vivek
 
 
 =
 Program on Liberation Technology,
 Stanford University
 http://liberationtechnology.stanford.edu
 
 C 149 Encina Hall
 616 Serra St.
 Stanford, CA 94305
 
 Phone: 1-801-784-8357, that is 1-801-S Vivek's!
 
 Blog: http://viveks.info
 
 
 
 On Wed, Oct 31, 2012 at 1:34 PM, Andy Isaacson  wrote:
 
> On Tue, Oct 30, 2012 at 07:32:18PM -0400, Nadim Kobeissi wrote:
>> This mailing list has a spam problem (I'm receiving nude photo
> attachments
>> now.) Admins: Please address!
> 
> Hmmm, I'm not seeing this problem; I'm subscribed to liberationtech on a
> bog-standard linux + postfix installation and I save every message
> delivered before I run spam filtering, and I don't see anything
> porn-spam-related in my all-mail archive.
> 
> Care to share one of the spam messages (headers + body text only, I
> don't need any more nude photos thnx)?  Offlist is bettter I suppose.
> 
> -andy
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
 
>>> --
>>> Unsubscribe, change to digest, or change password at: 
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> --
>> Unsubscribe, change to digest, or change password at: 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQkatQAAoJENsz1IO7MIrrGmIIALgjzfbnvsd4bqRyx98UbSkc
L2t1nny6L2gMjPdsfxL/ywNr90411i87RuVXBI2Y83wBAi37M6zpgbFw3UR23tmT
u4skCXNFuW+A3exQVzEZ9IVIEawaqWFu5iDrb9qobLprelOGhf5IsDV23JbNEnsn
OO9PFJXzRpdbSOKrnu/JzAnv6yMehRpHqNlL8o3bzrdGS+hC7ghpNbGWoFKtEM6G
nIVQ5UWM/VVxZDwvw9WfTfYAgNySydub4hI8xFNx4RXVIbP7ktNZqeyWc2ZM+Yax
HoI/tZX7YXrWeYEXNuXgtYVSIJXIm7OwvUtYh9b+W1O4TdpP6RU+I9EoLABELAA=
=S7z4
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Silent Circle to publish source code?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Is this a case of people (lib tech/security community) trusting people  of 
"up-to-now good security community reputation" (Phil Zimmerman and Jon Callas) 
combined with public statements (to the affect of "we will be releasing the 
source code") combined with briefings with selected groups?

Just curious. It goes back to the discussion about trusting open source 
software, or trusting people who we believe to have good intentions.

Bernard


PS: To try and keep the mood light: I wonder if the founders are fans of 
mid-80s German Euro-disco bands?


On 12 Oct 2012, at 00:09, Christopher Soghoian wrote:

> Hi Nadim,
> 
> You didn't directly respond to Ryan's question. Have you actually spoken to 
> anyone at Silent Circle?
> 
> The Silent Circle App isn't available for download to the general public yet. 
> As such, I think the company can be forgiven for not having source code 
> available just yet. Why not wait until the product is actually available for 
> download before you jump the gun and state that the company is "damaging the 
> state of the cryptography community"?
> 
> I've met with the CEO a couple times in person and I've spoken with Phil and 
> Jon. Although I'm by no means ready to bless the product -- not only do I 
> want to see it open sourced, but I also want to see a published, thorough 
> audit by a respected security consulting firm -- I am at least excited to see 
> folks building a business around encrypted communications (where the crypto 
> is the selling point, rather than an unadvertised feature, like Skype).
> 
> Jon and Phil is are not strangers to the security community and their email 
> addresses can be found with about 2 seconds of Googling. If you have 
> questions, why not contact them?
> 
> Chris
> 
> [Full disclosure: They've loaned me an ipod touch with a beta copy of the app 
> so that I can try it out. As soon as the Android version is ready to go, I'll 
> promptly give the iPod back to them. I'm not a Silent Circle investor, 
> consultant, etc]
> 
> 
> On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi  wrote:
> On 10/11/2012 5:51 PM, Ryan Gallagher wrote:
> > To Nadim: I'm interested to know, did you contact anyone at SC before
> > writing your blog post? Seems to me you arrived at your rather scathing
> > conclusion largely on the basis of an assumption. A sort of shoot first,
> > ask questions later approach. It actually says on the SC website that SC
> > will use "Open Source Peer-Reviewed Encryption." It also says,
> > unambiguously, "/We believe in open source/."
> 
> It's almost impossible to develop the software Silent Circle is
> attempting to develop without using at least one open source library -
> this is in fact accentuated in my blog post.
> I sincerely apologize if my post is jumping the gun a bit, but aside
> from reassurances in private press conferences, Silent Circle hasn't
> made any statement that supports their releasing their code as open
> source. In fact, they have been very ambiguous on this issue prior to
> their alleged private statements yesterday and today.
> 
> I will update my blog post the moment they announce that Silent Circle
> will be open source. I don't mean to "shoot first, ask questions later,"
> but rather highlight serious potential dangers.
> 
> 
> >
> > 
> >> From: compa...@stanford.edu
> >> Date: Thu, 11 Oct 2012 12:48:03 -0700
> >> To: liberationtech@lists.stanford.edu
> >> Subject: Re: [liberationtech] Silent Circle to publish source code?
> >>
> >> We both received the same messages from Ryan Gallagher and Dan Gillmor:
> >>
> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm
> >> doing + he told me they'll be making everything open source.
> >>
> >> That's why I added the question mark, in case someone on the list knew
> >> anymore (for example, when -- what date? -- do they plan to publish
> >> the code).
> >>
> >> I've contacted @Silent_Circle via Twitter and invited them on to
> >> Liberationtech. If anyone knows how to reach someone on the team
> >> directly, please let me know.
> >>
> >> It'd be nice to send them a personal invitation, so we can talk to the
> >> team directly rather than have a secondhand conversation.
> >>
> >> Best,
> >> Yosem
> >>
> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi  wrote:
> >> > It would have been much nicer to create this thread based on real source
> >> > code, instead of a tweet based on word of mouth. We'll see.
> >> >
> >> > NK
> >> >
> >> > On 10/11/2012 3:27 PM, Yosem Companys wrote:
> >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday
> >> >> that Silent Circle (contrary to what you say in your post) will
> >> >> publish source code.
> >> >> --
> >> >> Unsubscribe, change to digest, or change password at:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> >>
> >> > --
> >> > Unsubscribe, c

Re: [liberationtech] CryptoParty Handbook

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 8 Oct 2012, at 23:46, Jacob Appelbaum wrote:

> Asher Wolf:
>> The argument everyone is politely avoiding - while pondering the
>> numerous ways CryptoParty will expose already compromised individuals -
>> is whether the masses SHOULD use crypto.
>> 
> 
> I'm not ignoring it and most of the world has been using crypto for
> online stuff since SSLv2 was released to the world.
> 
>> Rain-check: it's happening - or at least, the users are are trying -
>> regardless of whether they're are doing it right, or regardless of
>> whether more experienced ppl are willing to offer their advice or not,
>> and completely separate to the philosophical, technical and security
>> related-discussions that are currently swirling.
>> 
>> Basically: hello crypto, the users are here.
>> 
> 
> I'm sorry to say it but a lot of the users have been here for a while -
> most people that use crypto just don't know they're doing it.
> Ironically, if users don't get good advice, they'll just be in the same
> spot - thinking they're safe when they're not - all over again!

Yes, the users have been here for a long time. They are hanging around in the 
corner trying to talk to the guy who just seems like such a dick, but in fact 
is just unable to talk to people who don't speak his lingo, and he is not 
interested in talking to them.

Ultimately some people will want to talk to him, and other won't, but at least 
get over the awkward introductions.


> 
>>> From experience, most of the non-tech ppl who attended Melbourne's
>> Cryptoparty had previously attempted to install various tools by
>> themselves and had either (a) failed (b) installed them incorrectly (c)
>> couldn't figure out how to configure them (d) given up 'til now.
>> 
>> CryptoParty is essentially the user saying: We are working together to
>> trying to figure out how to do it better. We need these tools.
>> 
>> Whatever the best-practice model actually is, it'll be crowdsourced,
>> because people are unwilling to wait for easy 'crypto manna from
>> heaven', offered up on a plate.
>> 
>> And frankly, the users have much to learn from the crypto experts and
>> it'd be a damn shame if knowledgeable people refused to teach or share
>> their expertise because ppl are "doing it wrong."
> 
> I think that the real changes belong in the platforms - anything that
> requires configuration is probably already doomed to fail and screw a
> user. That's generally the approach that I've seen work - everything
> that requires 0) user education and 1) realistic honesty about threats
> or risks results in 2) denial or mistakes or a bork'ed tool shooting the
> user in the foot.

While you've probably got a really good reason for saying 0) and 1) above, I'd 
like to hear them, just because I used to think similar things as 0) and 1).

The more I have been reading about [NORMAL USERS] the more I think we (the 
people who know about the complicated shit) are not going to save them all. It 
may sound disingenuous to say but, there is no point trying. Humans are humans. 
Getting people to think themselves about these topics it a lot more successful 
than giving them tools and hoping they use them.

I'm surprised to hear you say everything that requires user education fails. I 
(think) I know your reasoning.


>> 
>> We've known we've been doing it wrong for a long time now and going back
>> to Facebook to organise is no longer an option.
>> 
>> The creation of CryptoParty was a spontaneous, viral storm. It was NOT a
>> concerted, centrally-organised campaign, with funding or even a
>> best-practice model. My hope is that experts contribute to eventually
>> provide a best-practice model, and that users give the necessary
>> feedback allowing for tweaks in tools and creation of more accessible
>> crypto.
>> 
> 
> Since clearly a few loud people were bent out of shape by my comments -
> they have no idea that I encouraged you or tried to help out; so let me
> set the record straight: go you!
> 
> I think it is *great* to make the book and I think it is great to do it
> with a set of unifying principles - it will help to ensure that good
> stuff gets into the book and crappy stuff stays out of the book or is so
> noted as crappy or contentious. I think that means that peer review is
> essential before rushing to publish.

(This may sound insulting, but its not meant to.)

Absolutely 100% completely agree. It should have been peer-reviewded from the 
start.

It was (IMO) wrong, and slightly misguided to write a handbook which is 
ultimately about a complex and technical set of topics, without having some 
expert advice or input. That is not to insult the work the people did. I just 
think it was executed incorrectly.

To continue my previous self-bashing thread, technical people need to be more 
easier to deal with. We need to be more intelligent in how we explain what are 
complicated subjects. 

Saying "data confidentiality, authentication, threat-m

Re: [liberationtech] CryptoParty Handbook

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 7 Oct 2012, at 22:35, Brian Conley wrote:

> Greg its called orbot and it runs on Android. Secondly I used to agree with 
> you, but I'm increasingly coming to the conclusion that user education, not 
> simplification, is the more important piece of the user security and privacy 
> problem.

I am glad someone else is saying this.

While it's wonderful to say "sure security is easy, alls you gots to do is 
[LOTS OF SHIT THAT PEOPLE DON'T UNDERSTAND] and voilà you're secure, people 
want tools they can use.

As a geek/technical person/engineer/whatever you call me, I will say technical 
people are our own worst enemies. We overly complicate things, which is fine if 
you want to make people discover/learn through doing - but they have to be 
presented to the right people in the right way.

Most people, in fact even some technical people (shock!), want tools that just 
work.  Yes, they want them to be secure, but not at the expense of being easy 
to use.

Yes, as a technical person I love delving into the guts of something technical 
and just "geeking out" (as much as I hate that phrase), but I want to do that 
when I want.

I use the computer operating system I use, not because it's beautiful and shiny 
and whatever - I use it because a) on the user interface level it is reasonably 
easy to use, coherent, and consistent and b) because if I want to hack 
something deep down, I (mostly) can.


Technology is a tool. It is a tool to help you carry out a task and to get to 
an end goal.

If the technology gets in the way of carrying out that task, then (in my view) 
it has failed. Particularly if the user does not know how to fix it.

Security should be integrated into the tool. It should not be a bolt on. It 
should be integrated. The complexity of it should be secondary, not hidden, to 
the ultimate goal. If the user wants to get at the complexity, then they should 
be able.

Sending a PGP encrypted e-mail to you mom, should be as easy as sending an 
un-encrypted e-mail to your mom. But the education of why you should be sending 
an e-mail encrypted should also be given. Granted, a valid threat-model should 
be explained, as a given. 


> That said, the tools do need to get more accessible, but we are getting 
> there. I don't believe there has been as sizable a change in public health 
> and user information campaign efforts.

Technical people are our own worst enemies. We make things look more 
complicated than they need to be. Sometimes its laziness (naughty!), and 
sometimes I think its a job security thing (bad, but understandable...to a 
point).

What came out of the London Cryptoparty for me was, the amount of thought some 
people have put into the decision to not use a security tool.

A clearly intelligent person said (paraphrasing): "we spent time looking at the 
tool but we couldn't understand how it worked. Not the technical operation, but 
what we needed to do. Was it a desktop application. Did we have to run it on a 
server. Was it a mobile application." 

The guy had obviously spent time looking at it, but could not understand what 
he needed to do. He wasn't an idiot. 
He was someone who should be using the tool, *but decided against it because he 
didn't know its function*.

That to me was a (pardon the language) fucking eye opener. 

(NB: I am not having a go at the developers of this tool. Their work is 
excellent. But it just hows me how complicated (leaving aside the 
cryptographic/technical complexity) this is.)

It might be easy to say, but this almost as important as the security of the 
tool. Maybe as important.

Yes, the tool needs to be secure, but it needs to be easy to use. Otherwise, 
doesn't matter. 

That's not to say that I agree with giving people simplified, basic or plain 
wrong information. (more on that in a later e-mail)

Security is complicated stuff. Cryptography is complicated stuff. But it 
doesn't have to be presented as complicated to use it. I know bugger all about 
how a car works in detail, but I can operate a car, and when necessary do 
simple troubleshooting.

Any other approach and people are being treated like children. GIve them the 
information, but ultimately they'll decide if they want to use it.

Bernard (getting the flame-retardent suit ready)

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQdAk/AAoJENsz1IO7MIrr9XkH/12a+XSf/sX6dvtYxHv7QhNA
ZzrfmLcdV/zek5AGUrVxJrxIgPzdiGyQHqi+be9VMXCPgo1sZ7iLSTwm7ic/20J/
w4oenKbXUnjotbF0/ZdEYNp0LsFxrjpP/b74XN4F4Rx78Ax6hPlD8P4k2lW4ep/0
FjwPk1UK495mQJm6fXt3f2WEoB1uAA0clxjpXoUy8vZMjKeXtWu4is2qPbmc1o8W
FmDZH8A2izCLsrcqxW8kTwXoOc93hRAbWh+/fSvRV7lOPYXJPB2/6NNiL9AtKSq9
3EqP9ZzO8vQZ12CtRMn98ZbnnvIZRW48TremzqOFuG3mds+9PzFR/IjKVclJoVg=
=I2MK
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or chan

Re: [liberationtech] secure text collaboration platforms

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 3 Oct 2012, at 10:25, Sam de Silva wrote:

> Hi there,
> 
> Can someone help me out - Is http://www.piratepad.net secure? I thought it 
> was, but I can't seem to access it via SSL.
> 
> It'll also be really useful to know of 'piratepad' type platforms that are 
> secure, and there's controls over deleting the collaborative pads/docs. 
> 
> Thanks, Sam.


Hi there,

While it doesn't answer the question "is Piratepad.net secure?", the 
functionality on Piratenpad.de seems to be exactly the same - ie a hosted 
Etherpad software website. 

Piratenpad.de is however accessible via HTTPS. [1]

Make of that what you wish :) 

hth,
Bernard

[1] https://osterholz.piratenpad.de/test


- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQbDMQAAoJENsz1IO7MIrrEFsIAIAVfpmkN3cCGht03/VlzLiq
L50rLBa0+L8uQL2HMQbW/nZZ1qZs2K5+YleuaOea6JEujHaIhRWv8UciYtMzq9It
NXsdydfgi+yyIx8goD8xu4oVdJldovLTaukWSx4ThOj8rxKBqddxdoStMMfQFR7j
Q6ZK4eZMR/4YHoLVJnDdT6dtRP1G+0AK/Q6oUkn95u0FZsPlkLIANzl8NQgpkgRv
cpcCVWAqMjVZiv1Z19K7QdBA2Se30EjFt5ilqy3H0ozRXsR7s/8ZdI/GmUIiHn2x
lXZjb2UuOx86U9E951mC3kjLZwOoOk0dQ0xhB4fyXjgJydyOPm7hgv0KzWkVP1g=
=/JiR
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Baghdad Hackerspace

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

I thought this might be interesting to some people:

http://www.kickstarter.com/projects/bilal/baghdad-community-hackerspace-workshops
 

See also gemsi.org

Baghdad was a hub of art, science & ideas. Inspire that attitude again by 
sharing hackerspaces with Iraq.

We've been getting questions about why it's important to run a popup 
hackerspace and why we're asking for 27,500 dollars. GEMSI works to create a 
cascade of hackerspaces across the Middle East and North Africa. We do this by 
supporting the development of short term and long term spaces. Our efforts 
start with temporary spaces and workshops to do community discovery and 
connections then leads to supporting the development of a year round space. 
This Kickstarter supports all this work but is focusing on our work this fall 
for Iraq. By our efforts in Beirut we are working to discover the translation 
of hackerspaces to the Middle Eastern cultural context which we hope to share 
with Baghdad. Beirut is also where we are running a comic hackathon at the 
hackerspace to illustrate the Iraqi stories. Lastly part of our funds have been 
allocated to a micro loan that  Middle Eastern hackerspaces can apply to to 
help with the hackerspace build out.

regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQX2LjAAoJENsz1IO7MIrrng4H/0iotG8sLEUlv8LrR65ZKb+a
s3SBzT1J8O7SHYBzsxQK2eKdigMp/4pzowr2sWjkHvVzoi15GlPOpy3gl4tWzLJI
2F59XDMikADD8IZAMjI+Yz+EH223inAnX4LMGyfdPd7iC/X62Wl1JSezuVzyUH2m
i7qUgLuwWbFywzCua3BnNhznZ6qLW3MjQluVKG8o9rT3tcNZSvuHOYWP5i/yNWJ7
33z/EPhYzx6MUTyUGSRjN7F1kA4kebDeBrsrLhIj6H937MLoXl0dr3sOxBDtq9vs
BXnWETmQ1M6ypKkc5q63GpTUZZzlsKgP54a5LLB2kMkoW9bnu7sx5Z5BNRSxgV4=
=M+jP
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Ideas for MSc research into HCI, security tools, and privacy.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Michael,

Thank you for replying.

On 22 Sep 2012, at 16:41, Michael Rogers wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi Bernard,
> 
> There are two areas where I'd love to see some research. The first is
> the effect of provenance on perceptions of security: when deciding how
> secure they believe a tool to be, how strongly are people influenced
> by their knowledge of who created the tool, versus their knowledge of
> how the tool works, or other factors?

Yes, an excellent question. 

I have the feeling (backed up by observation) there is a similar approach by 
some people open source software, where the argument of 
"the developer is good so s/he wouldn't do anything bad".

> The second area is how people reason about security boundaries - or to
> put it another way, how people reason about the security properties of
> data as it moves between devices, between locations and between
> applications.

Again, an excellent question.

> For example, if someone believes that Skype is in some sense "more
> secure" than AIM, will that person treat files received over Skype
> differently from files received over AIM? What concepts will they
> refer to when explaining why they do or don't treat those files
> differently?
> 
> Knowing more about how people reason about these issues would help
> developers to design tools that actually have the properties people
> think they have.

Do you have any information or resources on this?

thanks,

Bernard


> Cheers,
> Michael
> 
> On 22/09/12 16:06, Bernard Tyers - ei8fdb wrote:
>> Hi All,
>> 
>> I am currently researching ideas for my masters in human computer
>> systems thesis. I am a mobile telecoms engineer by profession, but
>> am interested in HCI, tools that help maintain your security,
>> secure communications, and privacy concerns.
>> 
>> There have been some interesting threads here that have brought up
>> some interesting questions for me: ∙ The thread discussing the
>> usability of tools, such as cryptocat. How it was (originally) easy
>> to use but may not have been as secure as possible. (NB: This is
>> not a jab/poke at anybodies work, or an excuse to bring up any of
>> the previous discussions about Cryptocat) ∙ The perception of tools
>> which are easy to use but may not be secure, eg. Viber, whereas
>> other tools are seen as secure, ∙ There are no shortcuts to being
>> secure.
>> 
>> I am developing some ideas at the moment, which are mainly around
>> mobile, privacy, security, encryption tools, people's use of these
>> tools (and why some people don't use them), how to present
>> information such as  possible interference with Internet users
>> traffic.
>> 
>> I would be very interested to hear from anyone (on or off-list) who
>> has any suggestions, "I'd love to know XYZ" questions, or projects
>> that are currently on-going that may benefit from a MSc level
>> research project into the intersecting topics mentioned above. I am
>> open to discussing any ideas, so please let me know if you have an
>> idea.
>> 
>> thanks in advance, Bernard
>> 
>> -- Bernard / bluboxthief /
>> ei8fdb
>> 
>> IO91XM / www.ei8fdb.org
>> 
>> -- Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJQXdw2AAoJEBEET9GfxSfM6OYIALdFW4DhU70nWb0OrqxkvqKa
> WBbHtAFooKKYVwn1l7K72KyxHDvcq7bpvL8yZQuv3InF0fs0CDqf90op6eIpgFZp
> ViqsP4rtSDWjFdn+S2NZvscyPCs6uEU8et0kPo3Q4gYUBD8orbsa6M+6Plu+tso8
> QPI16gm6e2AHeAzXvyUZGcpdDpgOgdBbWP6SJHk21Bv6/wsqilMIRh4WXEZeo/Oh
> e1Lx7SAOqqT3Dp4/V2Qwy1AntecDcKHFFUK87zNPnIvDZMQ7YNWUG0kaPSga3ux5
> BVf6y4tlrweqvR7sGi9vi+tY0VNPYYEtqjRDnVNQrJ3FI6pcfm9goKPkcMBTGwU=
> =xh9r
> -END PGP SIGNATURE-

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQXd/DAAoJENsz1IO7MIrrx4kH/RQ0T+Xy5i/ULPY02jkC2EcD
WjPJP0FAjiv+Wgne/uPcrbJ+Iu+mWhiYzasrS/HUybBbD1zs3So9TCB0ncMxUBox
+KMrowLXwg6FTCFfXethE9VGneZfWTs5eNDBlpHapq9PP4KuePBgMu7YGvfFr7LF
4M6Nlks7yXaDEatMz0Mo1o25b7yBzw/TgYaB1S86M+hZ0zI+hOy2r6Bf4aKyxqrY
H7AYrJmFewMJneFAAlqohBb79D0A955A2VqGKlV9kpghzEFaJZuP8lJe1KAefNtf
SLT9BS3+G2bfOYNrYqsolFrctFn+0+ZbbHz9CkfQvTjuIYeG3RcljYgTYbC0eC4=
=1JjU
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Ideas for MSc research into HCI, security tools, and privacy.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

I am currently researching ideas for my masters in human computer systems 
thesis. I am a mobile telecoms engineer by profession, but am interested in 
HCI, tools that help maintain your security, secure communications, and privacy 
concerns.

There have been some interesting threads here that have brought up some 
interesting questions for me:
∙ The thread discussing the usability of tools, such as cryptocat. How 
it was (originally) easy to use but may not have been as secure as possible. 
(NB: This is not a jab/poke at anybodies work, or an excuse to bring up any of 
the previous discussions about Cryptocat)
∙ The perception of tools which are easy to use but may not be secure, 
eg. Viber, whereas other tools are seen as secure, 
∙ There are no shortcuts to being secure.

I am developing some ideas at the moment, which are mainly around mobile, 
privacy, security, encryption tools, people's use of these tools (and why some 
people don't use them), how to present information such as  possible 
interference with Internet users  traffic.

I would be very interested to hear from anyone (on or off-list) who has any 
suggestions, "I'd love to know XYZ" questions, or projects that are currently 
on-going that may benefit from a MSc level research project into the 
intersecting topics mentioned above. I am open to discussing any ideas, so 
please let me know if you have an idea.

thanks in advance,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQXdP1AAoJENsz1IO7MIrrkrIH/A38BhzKgnsuyoi/CcveytqI
FKvvw62iRFKYfD1YaPHgxxyaS8ygO0k/gEYKzQ6W42Swq0icZUdsgYUTv1B0LVoY
sSsc2TkGfLH6AkWA/0w0dFq3FH+q8lW/MvPHQ9zspYC4IBPwvB0Svb6uui49c6K1
n1ksSuVjy/4ONp2le+gUro6Y6dzY69fuPTDXWzbuCbZeOT4s6paJoCrGSNGWyeZF
oJDaqK2loncAKyOa/e2MkFNQOeLIvOUJzLpvcxzkRW6q2RmneSBvpcZk+eO6ykIk
q7r9phyzN6cfZ8Mf0G3hpnk/1qgqwwKbf4esL/i8HQCfxh0ZkNyevByXs/BfncI=
=skhS
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] FinFisher is now controlled by UK export controls

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I had to reread the article and the documents a few times, but I think this 
control is *for the short term* very good news. Congrats to PI and all involved 
for sticking a well-placed oar in.

In the long term the regulation isn't going to stop FinFisher sale. Clearly the 
Gamma International people are reasonably smart people, whatever you may say 
about their morals/ethics. The best it can do is cause them some short-medium 
term operational problems. Lots of project managers and business people running 
around figuring out what it is they can now actually do. What they need to talk 
to the UK government for, what documentation is needed, etc. They will be 
paying a lot of money and time to their lawyers (there's a question, who 
represents them legally?), and their project managers to juggle 
projects/engineers/developers time. What can we change to continue operation, 
without breaking the law?

I hope the UK government actually follow-up, and keep a close eye on what they 
are doing. Instead of being able to offer the installation files/media/training 
material, etc as a download via a server hosted in [INSERT FOREIGN COUNTRY] to 
your friendly dictator surveillance operation/dictator controlled telco, they 
will now presumably have to go to the UK government and ask for permission to 
conduct business outside of the EU.

Like you said in a previous mail, Gamma can just move the business to 
Italy/Germany and carry on exporting from there, but presumably the UK 
government could punish them for doing that? This will not stop Finspy sale 
forever, but  if the UK Government closely monitor Gammas operation regarding 
this, it will certainly cause delays and upset.

What constitutes an export, in the case of software? Is it the initial 
agreement to sell services/provide products? Is it download from a fileserver 
hosted in the UK to the client country? If it involves hardware, this could be 
circumvented by referring the client to some other hardware supplier.

About the "relying on cryptography" excuse - again long run it's probably not 
very useful, but if the UK government are going to restrict it due to its use 
of cryptography, Gamma have their hands tied, in the short term. Removing the 
cryptography would mean evading the restrictions, and lead to punishment? 

Presumably the long term objective is to get the UK government to suggest/push 
for changes to be made to Wassenar Agreement Part 2? From the really great, and 
terrifying analysis carried out by the Citizenlab people it seems the dual-use 
list category 5 already applies to some FinFisher/Spy operations (a. Generally 
available to the public by being sold, without restriction, c. Designed for 
installation by the user without further substantial support by the supplier; 
and d. Not used since 2000)?

If this software was created by a "hacker" group, would be classified as 
illegal software, and would carry a prison sentence for it's use. Any upset in 
operations, no matter how short, to companies who create software like this can 
only be a good thing. 

Bernard


On 12 Sep 2012, at 23:42, Pavol Luptak wrote:

> I think this regulation is absolutely useless.
> 
> Imagine that you are a dictator in some dictatorship country.
> 
> And now imagine how difficult with a lot of money and your people in many 
> non-dictatorship countries is to buy FinFisher :-)
> (Especially if you can easily buy weapons of mass destruction).
> 
> Pavol
> 
> On Mon, Sep 10, 2012 at 09:39:44PM +, Danny O'Brien wrote:
>> Just to add to this:
>> 
>> It's surprising just how much of the old cryptowar  language is still 
>> hanging around ready to trip someone up. The US government is still 
>> unwilling to grant blanket exemptions for classes of crypto-using products, 
>> so the only way you can know whether you're violating the broad language of 
>> the law is to ask very specifically for an export license.  And if you ask, 
>> they may say no. This was the issue with much of the United States "Axis of 
>> Evil" (Sudan/Syria/Iran/N. Korea) sanctions too  -- Mozilla had to tread 
>> very carefully in order to get a permitted exception before the recent 
>> sanctions rewrite. That rewrite contains no pre-emptive exemptions (you 
>> still have to apply)  and other companies still play far too safe WRT 
>> offering downloads to these countries rather than risk asking permission and 
>> being turned down.
>> 
>> As Eric says, the UK is part of Wassenaar, which means public domain and 
>> personal use crypto is okay to export, but various "strongish" crypto 
>> requires a license, at least in theory: 
>> http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#Wassenaar
>> 
>> 
>> To broaden Wassenaar to include surveillance tech by extending it with 
>> regard to specific categories of use is one approach to attempt to dissuade 
>> local companies from selling mass surveillance tools to repressive regimes. 
>> I know th

[liberationtech] Cryptoparty London 22 Sept.

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(NB: Just passing on the info, no way involved)

For anyone London based interested in/knowledgable about crypto, you might be 
interested in the follow. It seems like they are targetting (for the want of a 
better phrase) to educate journalists, which would not be a bad idea..


1. What is are crypto parties: 
Gatherings where people with knowledge of crypto take the opportunity to spread 
that knowledge to others who has a need and/or interest, such as journalists, 
activists etc.

2. Date: 
Saturday 22nd September, 2012

3. Time: 
5pm till late

4. Venue: 
TBC (It looks like it will be in London centre, travel Zone 1/ or 2)

5. Tentative agenda: 

   Tor and the Tor Browser Bundle
   PGP/GnuPG key generation & use
   Truecrypt and LUKS
   SSL and authentication
   VPNs

6. More info:
http://www.cryptoparty.org/wiki/London
Follow @CryptoPartyLond


regards,
Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQSbCEAAoJENsz1IO7MIrrRtkIALbmDIn+3qKUkN2MR6WGyq6b
Q+dfS3fWaJjq85Vr/CHuI9tPcqiN1XX1IOz9TC32RjfV23pNeVlpnajPXfXTKap+
BqWuD8I36SvG76K6RQMYHPPIFR/cTTim1S0SCE4Nk9kw8PiHAmB19Bqgv2Z3E8aC
nSwpf/GDM6ff6kG56TE7SdxIOOmhEQkeAkYyiQd6O7RqJPkdh50HVgc/GAgGH7oS
1oG2DViNGfUhYHzKZ2rPKUC3aWlLFb5+HzJMC7jrqA/d+eKpXEmOrsgnsswIP13J
QBi+HGKuj+qdGi4jlvz/D4Th4WR5YFbDFCvkmaXQu0gweSDa9WYiFdklTxXynXY=
=63Py
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] RNC activist tracking or evasion of it? who is RNCCTV.COM?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- From what I read on Jon Gales' twitter account, and put 1 and 1 together, it 
seems like he created it

https://twitter.com/jonknee/status/236885560696897536

and the video on this link has him talking as the author:

http://www.wmnf.org/news_stories/new-app-shows-you-where-tampas-surveillance-cameras-are-during-republican-convention

hth,

Bernard

On 23 Aug 2012, at 16:49, Benjamin J Doherty wrote:

> Friends:
> 
> This came to my inbox this morning.
> 
> http://rncctv.com
> 
>> Tampa is watching you at the 2012 RNC
>> Tampa has installed dozens of high-def CCTV cameras in advance of the 2012 
>> RNC. The cameras are fairly easy to spot, but to save you the time we have 
>> canvassed the downtown area and mapped out the cameras. If you're using a 
>> mobile device we can show you the closest cameras to where you are and even 
>> where to look.
>> 
> 
> It uses the Geolocation API to locate the user and place them on a map 
> relative to the known location of tracking cameras.
> 
> However, it's not clear who is behind the site. Press reports name Jon Gales, 
> who may be on the list but isn't identified on the site itself.
> 
> http://www.tampabay.com/news/publicsafety/tampa-man-releases-map-of-police-cameras-set-up-for-rnc/1246412
> 
> I haven't looked to see if the location of the user is sent to the site. I 
> don't know if anyone has audited this tool.
> 
> (If he's on the list, hi Jon!)
> 
> --
> Unsubscribe, change to digest, or change password at: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQNldfAAoJENsz1IO7MIrrLCgIAK5nzSziz7XiNv3NMw+Bs04Z
hU9W5GbSPCbEK3JvnYPr7g04vjef48LYt6UXS6Jvgt6yxXqWW66ZJ7cjm3178GDo
1zIHIkOX7O8rAZvWJAeACxikR2orraisTCpK2Er+FZf8j/AT51GIvWjNvHOEYnIX
2dP/EqjJ+C/02R2jqCTSaR8EBq6xsFXp/fnN+dthjbvgY79lKcWhmN7MMrHOMB6H
tkEfHGqlpgOs16zyQjOIjHfGDBjjo6AESTLI4FSdJmHYlxwEVK4SwjAtUIvRIKLD
N7lAX6eWQPFdofe1FbIVknwlXNdoRLxesbEQTSDX1/l3OB/K4ofIIESA40XeWUk=
=AcQk
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] TeliaSonera and Azerbaijan, Belarus and Uzbekistan

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Some wonderful quotes from Mr. Nyberg:

"the company itself could not solve the underlying problem that undemocratic 
governments could abuse their  legal right to access and shut down telecoms 
networks"

"We need help from national and international organisations whether that be the 
UN, EU, (or) NGOs if we are going to make any significant impact on human 
rights"

"If we experience a situation where under a certain government there are 
serious breaches of human rights on a regular basis ... we must be ready to 
have a debate in the company whether we should be in that country or not"

Telecoms firm TeliaSonera to focus more on human rights
http://uk.reuters.com/article/2012/08/23/uk-telia-responsibility-idUKBRE87M0LC20120823

(Reuters) - TeliaSonera (TLSN.ST), burnt by charges it cooperated with 
authoritarian governments, said on Thursday it would focus more on human rights 
issues where it operates and is eying Myanmar as a possible target for 
expansion.

The Nordic and emerging markets telecoms group, in which Sweden has a 37 
percent stake, came under scathing criticism earlier this year for allowing 
authorities in Azerbaijan, Belarus and Uzbekistan to access its network to keep 
tabs on anti-government activists.

CEO Lars Nyberg said Telia, which has businesses across central Asia as well as 
the Nordic and Baltic regions, would take measures to bolster the protection of 
freedom of expression and privacy.

Requests from governments to close sites or networks would now be dealt with at 
board level not nationally, he said.

Telia will also cooperate with 10 other companies - including Alcatel-Lucent 
(ALUA.PA), France Telecom (FTE.PA), Nokia Siemens Networks NOKI.UL Vodafone 
(VOD.L), AT&T (T.N) and Telefonica (TEF.MC) - to draw up rules on how telecoms 
firms implement the United Nation's guidelines for preserving privacy and 
freedom of expression.

Although Telia is not considering withdrawing from any of the countries in 
which it operates and has management control, it would have to consider that 
possibility if the situation merited it, Nyberg said.

"If we experience a situation where under a certain government there are 
serious breaches of human rights on a regular basis ... we must be ready to 
have a debate in the company whether we should be in that country or not," 
Nyberg said.

Telia has been in hot water again in recent days after its daughter company in 
Tajikistan blocked news sites at the request of the government.

Nyberg said the company itself could not solve the underlying problem that 
undemocratic governments could abuse their legal right to access and shut down 
telecoms networks.

"We need help from national and international organisations whether that be the 
UN, EU, (or) NGOs if we are going to make any significant impact on human 
rights," he said.

Telia said criticism of its actions in central Asia has not undermined the 
company in countries without full democracy and where telecoms markets are set 
to develop fast.

Nyberg said that Telia was looking at the possibility of entering the market in 
Myanmar where, after decades of military rule, the government has introduced 
sweeping reforms, including allowing elections, easing rules on protests and 
censorship and freeing dissidents.

Nyberg said the developments were such that Telia could now consider operating 
in the country, where the telecoms network for the country's 60 million people 
is barely developed.

"Two years ago I would never have thought that we could even think about going 
into Myanmar," he said. "But what has happened in Myanmar over the last 18 
months allows us to consider if we could do something in Myanmar."

(Reporting by Simon Johnson and Olof Swahnberg; Editing by David Cowell)

Some history on the story:

TeliaSonera 'profits by helping dictators spy'
http://www.thelocal.se/40334/20120418/

"The Black Boxes" - How Teliasonera Sells to Dictatorships (Swedish TV Uppdrag 
Granskning Mission investigation) (VIDEO)
http://archive.org/details/theBlackBoxes-HowTeliasoneraSellsToDictatorshipsuppdragGranskning

Teliasonera i hemligt samarbete med diktaturer (Swedish only)
http://www.svt.se/ug/teliasonera-i-hemligt-samarbete-med-diktaturer



- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQNlLKAAoJENsz1IO7MIrrtKUH/3x+PJ0AdBZTgS5aTErhLZl+
XT3HuufzE5Z4Cf2hTrpjyc41BHOACWb39i4EFArepEjCUm1HknRtrW/QtyFJgTXY
L6sronQwLiFinIn8T8dS6YEiabNiIDj47wTjzsprKwCUyBOmWa1KzMpcsubdaJUO
rJt6TObxa+6xkCpeuGg0oFimTDXOU7TFmqroq4y3GRQxnMhQCnfj0StaxO2t0RTA
r+3vsECNjf6kTjug2ouVV2qODDN1Sqh4fNuax5n4sb7B/4sDwyypX3iqO6taQTwa
aUtZAu3Di+O/g0JLS4N1jJOGD7ns1k/5XcZIWev4S+ZKuY2WfB4igLS84LvxwCY=
=+dAk
-END PGP SIGNATURE-
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.ed

Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jillian,

Maybe I was hasty in my commentary, but I have spent time reading so many 
"we're sorry" statements by companies that I've become slightly jaded. Blame 
South Park :) I also find it very difficult that NBC "didn't initially 
understand the repercussions of our complaint, but now that we do, we have 
rescinded it."  [1]

Surely arguing against unfair Ts & Cs is something the Internet community 
should be doing? Particularly when it seems the whole US population watching 
the Olympics seemed to be complaining also. [2] [3] [4] Curiously I had a link 
to a Reuters article yesterday about how US TV watchers were using VPN services 
(TunnelBear for example) to watch BBC coverage of the games as they were being 
provided with terrible coverage via NBC. The link now seems to be a 404. [5]

The fact that NBC were delaying the video feeds and requiring people to 
purchase online subscriptions to watch live video is perfectly acceptable. It's 
their business decision. I think it's pretty lame, but they're a for-profit 
business and can do what they like (within reason). Again people should 
complain and argue against it.

As Simon Phipps mentioned (as is reported) Twitter alerted NBC to the message 
by Adams and showed them how to complain, without contacting the originator of 
the offending message. Surely that's against their Ts & Cs? The user messes up 
(or not in this case) and is punished. The service provider messes up, and 
nothing happens? [6]

Lina: A US based lawyer commented to me yesterday that NBC and Comcast are 
subject federal oversight (I don't know the legal definition of "oversight") in 
the USA. Which would presumably means that the "government" can assert some 
control/influence on them, and that the public would be entitled to contact the 
corporations employees. I think I will leave the legal interpretation to the 
lawyers. It would be interesting to hear what the legal status of this is.


Bernard

[1]: 
http://www.reuters.com/article/2012/07/31/net-us-twitter-nbc-journalist-idINBRE86U1EZ20120731
[2]: http://storify.com/btballenger/nbcfail-x-ways-nbc-blew-olympics-coverage
[3]: 
http://www.independent.co.uk/news/world/americas/nbcfail-backlash-as-twitter-locks-out-reporter-guy-adams-7987906.html
[4]: 
http://lifehacker.com/5930437/how-an-american-can-stream-the-bbcs-official-olympics-coverage-and-overcome-nbcfail
[5]: 
http://www.reuters.com/article/2012/07/31/net-us-olympics-tech-workaround-idUSBRE86U02R20120731
[6]: 
http://www.telegraph.co.uk/technology/twitter/9440137/London-Olympics-2012-Twitter-alerted-NBC-to-British-journalists-critical-tweets.html


On 31 Jul 2012, at 22:22, Lina Srivastava wrote:

> Not in defense of Twitter's underlying decision, but in the case of the 
> apology, I wouldn't say this is usual BS language. This is   Twitter's GC, 
> not the PR department, stating their policy and an explanation in response to 
> this particular situation. They handled at least the apology and explanation 
> correctly.  And as Jillian said, as a private corporation, they are well 
> within their legal rights to suspend any user they want, or draft any kind of 
> usage policy they want, as long as that policy isn't itself illegal (eg. 
> discriminatory, etc.)  That they screwed up in terms of the user 
> relationships, and in the larger sense of how you craft these policies today, 
> is fairly obvious-- and hopefully they'll listen to Jillian re: appeals 
> processes.
> 
> About the question of whether an email address per se is confidential, it all 
> depends. Email addresses may constitute personally identifiable information, 
> but I don't know if that applies to corporate email addresses, because I 
> guess you could make a case that's part of the public record and/or it's 
> routine business information-- and there are different standards about 
> personally identifiable information depending on the state, agency, or 
> jurisdiction. So I don't know the answer to that without researching the case 
> law. Anyone else? 
> 
> 
> On Tue, Jul 31, 2012 at 4:46 PM, Jillian C. York  
> wrote:
> Bernard,
> 
> 1. Not reading a post and then pontificating on assumptions is pretty lame.
> 
> 2. EFF Legal is not on this, because Twitter is well within their legal 
> rights to suspend a user for any reason.  While I think that sucks, it is, in 
> fact, the truth.
> 
> 3. I very much hope that Twitter either rephrases their rules or starts 
> investigating claims such as this in the future.  I also firmly believe that 
> they need an appeals/escalation process for situations like this.
> 
> Best,
> Jillian
> 
> 
> On Tue, Jul 31, 2012 at 1:24 PM, Bernard Tyers - ei8fdb  
> wrote:
>

Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks for the link to the blogpost Jillian.

I didn't read through it all - I don't have to. They have no doubt used the 
usual BS language of "security", "trust", and "working to make sure this never 
happens again". I never believe any of this PR script that is trotted out by 
such companies when they've made a mess of things. It seems to happen again and 
again with no repercussions.

So the reasoning for removing his account was he published information which 
was "a not widely available e-mail address"? Hmm, I'm not sure how that e-mail 
address would communicate on the Internet!

Lina: By law, are e-mail addresses protected by privacy and confidentiality in 
the US? If they are can the recruitment agents who plague me on Linked-In 
please be told that? :) 

Bernard.

On 31 Jul 2012, at 21:01, Jillian C. York wrote:

> Twitter has publicly apologized, though only for the fact that their 
> employees notified NBC about the tweet: 
> http://blog.twitter.com/2012/07/our-approach-to-trust-safety-and.html
> 
> On Tue, Jul 31, 2012 at 8:48 AM, Lina Srivastava  
> wrote:
> Bernard,
> Even if NBC were claiming libel, it probably wouldn't fly. Defamation 
> requires the declaration of a false statement, and Adams would likely have a 
> fairly strong argument that the first part of his tweet is an opinion, and 
> the second part, the email address, is a fact.  We're fairly narrow about 
> defamation in the US because of the 1st Amendment. (Also, not sure defamation 
> would constitute a cybercrime in the US, as we tend to see it largely as a 
> civil matter-- a tort giving rise to damages, as opposed to a crime. Cyber 
> law would likely apply, though.)  This is a matter of privacy and 
> confidentiality, if the email address were considered to be confidential, and 
> rights of use. 
> 
> Lina
> 
> On Tue, Jul 31, 2012 at 11:13 AM, Jillian C. York  
> wrote:
> Bernard,
> 
> Twitter's explanation was not that the statement was defamatory, but that 
> Adams had posted private information.  The email address he posted, however, 
> is not private: it is available on NBC.com.  That's the entire case.
> 
> -Jillian
> 
> 
> On Tue, Jul 31, 2012 at 1:39 AM, Bernard Tyers - ei8fdb  
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> (Slightly devil's advocate/contrarian POV)
> 
> Interesting story, and Adams probably has a case but it never ceases to amaze 
> me when people disconnect their "real world" brains from their "Internet" 
> brains.
> 
> I would be the first person to complain if someone's free-speech was taken 
> away, however, if Adams has said anything defamatory in his Twitter stream, 
> then he is still bound by "real world" laws.
> 
> Just because I say something defamatory or libellous about person X on the 
> Internet, doesn't mean that *IF* it's found that a "real-world" legal process 
> cannot be executed.
> 
> Most people using the Internet may not understand that, but I would have 
> expected journalists to understand it.
> 
> Is it illegal to suspend someones services for naming an executive of a media 
> company for doing XYZ in the USA? I have no idea.
> 
> If it is illegal, then people need to speak out against a ridiculously 
> brain-dead law.
> 
> If it is not illegal, people need to complain to Twitter for freedom of 
> speech. Twitter need to rewind their equally brain-dead actions and apologise 
> to the guy.
> 
> Now, if he has said nothing "illegal" on Twitter, then IMHO, fire up the 
> legal drones Guy. This I unfortunately have direct experience of. At this 
> point it becomes (certainly in parts of Europe) a case of "who's got the 
> bigger legal team".
> 
> (My reasoning comes from Bruce Schneier's argument on laws specific to 
> "cybercrimes". To paraphrase "Prosecution can be difficult in cyberspace. On 
> one hand the crimes are the same.The laws against certain practices, 
> complete with criminal justice infrastructure to enforce them, are already in 
> placeFraud is fraud, whether it takes place over the US mail or the 
> Internet.")
> 
> 
> On 31 Jul 2012, at 00:17, David Johnson wrote:
> 
> >
> > http://sports.yahoo.com/news/olympics--critic-of-nbc-has-twitter-account-suspended-after-network-complains.html
> >
> > --
> > David V. Johnson
> > Web Editor
> > Boston Review
> > Website: http://www.bostonreview.net
> >
> > Twitter:
> > http://twitter.com/BostonReview
> > Tumblr: http://bostonreview.tumblr.com
> >

Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Jillian,

Thanks for explaining the details. Pardon my language but...FFS. This is 
disgraceful.

Adams used publicly available information like this: 
http://www.linkedin.com/pub/gary-zenkel/3/569/126 and Twitter closed his 
account?

In which case, if I were Adams, I would release my legal attack hounds, and sue 
Twitter under what ever legislation they could.  Anyone from the EFF Legal want 
to comment?

That is disgraceful. Another example of why I believe Twitters self-censorship 
"internal struggle" earlier this year was an easy out for them.

I hope Adams doesn't take the usual "we're sorry" excuse thats trotted out.

Bernard

On 31 Jul 2012, at 16:13, Jillian C. York wrote:

> Bernard,
> 
> Twitter's explanation was not that the statement was defamatory, but that 
> Adams had posted private information.  The email address he posted, however, 
> is not private: it is available on NBC.com.  That's the entire case.
> 
> -Jillian
> 
> On Tue, Jul 31, 2012 at 1:39 AM, Bernard Tyers - ei8fdb  
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> (Slightly devil's advocate/contrarian POV)
> 
> Interesting story, and Adams probably has a case but it never ceases to amaze 
> me when people disconnect their "real world" brains from their "Internet" 
> brains.
> 
> I would be the first person to complain if someone's free-speech was taken 
> away, however, if Adams has said anything defamatory in his Twitter stream, 
> then he is still bound by "real world" laws.
> 
> Just because I say something defamatory or libellous about person X on the 
> Internet, doesn't mean that *IF* it's found that a "real-world" legal process 
> cannot be executed.
> 
> Most people using the Internet may not understand that, but I would have 
> expected journalists to understand it.
> 
> Is it illegal to suspend someones services for naming an executive of a media 
> company for doing XYZ in the USA? I have no idea.
> 
> If it is illegal, then people need to speak out against a ridiculously 
> brain-dead law.
> 
> If it is not illegal, people need to complain to Twitter for freedom of 
> speech. Twitter need to rewind their equally brain-dead actions and apologise 
> to the guy.
> 
> Now, if he has said nothing "illegal" on Twitter, then IMHO, fire up the 
> legal drones Guy. This I unfortunately have direct experience of. At this 
> point it becomes (certainly in parts of Europe) a case of "who's got the 
> bigger legal team".
> 
> (My reasoning comes from Bruce Schneier's argument on laws specific to 
> "cybercrimes". To paraphrase "Prosecution can be difficult in cyberspace. On 
> one hand the crimes are the same.The laws against certain practices, 
> complete with criminal justice infrastructure to enforce them, are already in 
> placeFraud is fraud, whether it takes place over the US mail or the 
> Internet.")
> 
> 
> On 31 Jul 2012, at 00:17, David Johnson wrote:
> 
> >
> > http://sports.yahoo.com/news/olympics--critic-of-nbc-has-twitter-account-suspended-after-network-complains.html
> >
> > --
> > David V. Johnson
> > Web Editor
> > Boston Review
> > Website: http://www.bostonreview.net
> >
> > Twitter:
> > http://twitter.com/BostonReview
> > Tumblr: http://bostonreview.tumblr.com
> >
> > Cell: (917)903-3706
> >
> > ___
> > liberationtech mailing list
> > liberationtech@lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you click 
> > above) next to "would you like to receive list mail batched in a daily 
> > digest?"
> >
> > You will need the user name and password you receive from the list 
> > moderator in monthly reminders. You may ask for a reminder here: 
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> - --
> Bernard / bluboxthief / ei8fdb
> 
> IO91XM / www.ei8fdb.org
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBAgAGBQJQF5m9AAoJENsz1IO7MIrrcPwH/3Gp

Re: [liberationtech] Independent UK Critic of NBC has Twitter account suspended after network complains

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


(Slightly devil's advocate/contrarian POV)

Interesting story, and Adams probably has a case but it never ceases to amaze 
me when people disconnect their "real world" brains from their "Internet" 
brains.

I would be the first person to complain if someone's free-speech was taken 
away, however, if Adams has said anything defamatory in his Twitter stream, 
then he is still bound by "real world" laws.

Just because I say something defamatory or libellous about person X on the 
Internet, doesn't mean that *IF* it's found that a "real-world" legal process 
cannot be executed.

Most people using the Internet may not understand that, but I would have 
expected journalists to understand it.

Is it illegal to suspend someones services for naming an executive of a media 
company for doing XYZ in the USA? I have no idea.

If it is illegal, then people need to speak out against a ridiculously 
brain-dead law. 

If it is not illegal, people need to complain to Twitter for freedom of speech. 
Twitter need to rewind their equally brain-dead actions and apologise to the 
guy.

Now, if he has said nothing "illegal" on Twitter, then IMHO, fire up the legal 
drones Guy. This I unfortunately have direct experience of. At this point it 
becomes (certainly in parts of Europe) a case of "who's got the bigger legal 
team".

(My reasoning comes from Bruce Schneier's argument on laws specific to 
"cybercrimes". To paraphrase "Prosecution can be difficult in cyberspace. On 
one hand the crimes are the same.The laws against certain practices, 
complete with criminal justice infrastructure to enforce them, are already in 
placeFraud is fraud, whether it takes place over the US mail or the 
Internet.")


On 31 Jul 2012, at 00:17, David Johnson wrote:

> 
> http://sports.yahoo.com/news/olympics--critic-of-nbc-has-twitter-account-suspended-after-network-complains.html
> 
> -- 
> David V. Johnson
> Web Editor
> Boston Review
> Website: http://www.bostonreview.net
> 
> Twitter: 
> http://twitter.com/BostonReview
> Tumblr: http://bostonreview.tumblr.com
> 
> Cell: (917)903-3706
> 
> ___
> liberationtech mailing list
> liberationtech@lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click 
> above) next to "would you like to receive list mail batched in a daily 
> digest?"
> 
> You will need the user name and password you receive from the list moderator 
> in monthly reminders. You may ask for a reminder here: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQF5m9AAoJENsz1IO7MIrrcPwH/3Gp/JVZrYaRgx34zB1QnvJ8
fGC6+GWIOVFsdcITA3uPTrISuMTE8bngCPoz7ogjeH2ErCTsEej12UqHcN3s+bpw
ffBQJ4oO5fAqtnTA25xtXOea++bA5yRfsYZ/QGfTyMPUCmCw+3dQ5gr1h+84KnLO
Cmcr/bNsUzbxFvBRuX8f1lh5giLMSPiz1mR/ajO5OniE81F4a2CYGsE7k8juD75/
a+HyY15qiPEl6uislwcrrzpXN2tVDQqCI8O6R1T4g9uNmHG+SXM5dFMk9FVQ+k4g
rxN42I4Rb21h/MfRMVbLwxXRlFMKcU6cQ8uEhOR3jO/S0qgeUCqTRA1vcvJI/40=
=fgEp
-END PGP SIGNATURE-
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Are analogue technologies making a comeback for activists?

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would wager they never went away. It was more that IP based (that is, 
communications that somehow went over "The Internet") became easier to access, 
and more popular.

There was a thread on this in the past, but amateur radio has been used for 
years in activist circles. To a certain degree primitive satellite phone 
technology could (I'd be willing to overrule my own point) be classed as 
analogue tech.

Also, don't rule out morse code, while it is no longer a requirement for having 
an amateur radio licence, it has been used for decades as a robust 
communication tool due to a) extremely low power levels can still get you a 
large distance, b) equipment can be extremely basic and very robust, c) you can 
transmit in any cipher and be "relatively" sure of security.

There was a Guardian Newspaper article recently about activists in Syria using 
carrier-pigeons to pass coded messages.

Again, I don't think its a comeback, but more people are realising electronic 
communications allow for targetting based on location, and for recording.

Bernard


On 18 Jul 2012, at 08:43, Helena Puig Larrauri wrote:

> Hi Luke
> I know a few examples from Sudan - mostly people switching to radio, but also 
> some where they've stayed offline entirely. Let me know if that is of 
> interest and what details you'd like to know.
> cheers,
> Helena
> 
> On 17 July 2012 16:42, Luke Allnutt  wrote:
> 
> Hello everyone, 
> 
> I'm working on a story about "analogue activism," basically cases of when 
> activists, fearing government surveillance, are choosing to leave their 
> phones behind, stay offline, or communicate by handwritten notes (for 
> example). 
> 
> I have a number of cases already, in particular in Egypt. 
> 
> Going further, I'd also be interested in cases where activists, after 
> evaluating the risks, are deciding to communicate using older analogue 
> technologies like CB radio, or even Morse code (perhaps that one's a 
> stretch), to evade government surveillance. 
> 
> Or any other analogue technologies making a comeback? 
> 
> I would love to hear from the folks here about any such cases, on list or off 
> list. 
> 
> Any help would be hugely appreciated. 
> 
> Thanks, as ever, 
> 
> Luke 
> http://www.rferl.org/archive/Tangled_Web/latest/3281/3281.html
> ___
> liberationtech mailing list
> liberationtech@lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click 
> above) next to "would you like to receive list mail batched in a daily 
> digest?"
> 
> You will need the user name and password you receive from the list moderator 
> in monthly reminders. You may ask for a reminder here: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> 
> 
> -- 
> letthemtalk.org
> 
> ___
> liberationtech mailing list
> liberationtech@lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click 
> above) next to "would you like to receive list mail batched in a daily 
> digest?"
> 
> You will need the user name and password you receive from the list moderator 
> in monthly reminders. You may ask for a reminder here: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQCB92AAoJENsz1IO7MIrrAtcH/AnffxPNzqQDaQ/TjoY2ti3F
WWnR1VP2qy3j6wZqzTAmHRvaWr034gLF6LLTJrvyyaktAfnbAh9ILsCTVDPVcN0m
SINVTXSciLOIVcXnIPHa9dBLDRf3hdXxsqE5pNYSsB4PXvhnan/nPsf5PdcA2LvW
TGqxq+6b1TDL5+FY9/9kkjNPOmN3YoXbPKel9HAbPO4IfSUa7cqsQD9NvpGl4ou9
5Vg07Ie2ER+/DffBgE5I8mKKEJxAFsr6eHjE0DG8FFOOJElsrcJjRt+9DvrhVSju
6NECXS9E/I65w5nkp6gd/QexOr4Hz+0DqB2CUcKx6oWcmCXSjZoS8AtQWnIZiC8=
=vLPh
-END PGP SIGNATURE-
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and 

Re: [liberationtech] IPv6 good for anonymity

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi David,

On 18 Jun 2012, at 21:23, David Conrad wrote:

> Bernard,
> 
> On Jun 18, 2012, at 1:05 PM, ei8...@ei8fdb.org wrote:
>> I'm not an IPv6 expert, but any technical courses I have done on IPv6 have 
>> promoted the complete trackability and full audit-trail possible with IPv6 - 
>> each unique IPv6 host makes a direct connection to the other host, which 
>> simplifies security, and routing.
> 
> This assumes statically assigned, non-varying, and non-NAT'd addresses.  None 
> of these are a requirement with IPv6 (and, in fact, significant  effort has 
> been expended to not require the first two).

Interesting, I did not know about this. However, whenever a data connection is 
made to a mobile network, a PDP context is created (the logical association 
between mobile device and the public data network). This has a record of your 
IMSI (subscriber ID), you MSIDSN (your telephone number), your allocated IP 
address, and other location related information.

If you're IP address is dynamic or static, it doesn't really matter as the 
operator has your MSISDN + IP address. From this they know the identity of the 
device used for that particular connection. This will be made easier 
particularly in LTE networks where IPv6 is native and DPI is built into the 
technology from the beginning.

A lot of the operators I work with are sounding "positive" about using 
statically assigned IPv6 addresses for devices like dongles (which are used to 
make more permanent data connections rather than mobile devices like phone 
handsets). It makes their lives easier as they now don't have to worry about a 
PDP context (plus valuable IP address) being active for days, weeks on end. 
There are already live trials of LTE networks being rolled out in the UK where 
I am currently living using static addressing for some devices.


>> There is no need to carry out NAT (Network Address Translation), or IP 
>> Masquerading, which is great news for ISPs or mobile operators.
> 
> While it is true there is no need to perform NAT, it remains to be seen 
> whether this model is acceptable to Internet users.  The problem is that, as 
> with IPv4, if you don't do NAT, you must either take your addresses with you 
> if you change providers (aka, 'address portability') or renumber your network 
> from your old provider's address space to your new provider's address space.  
> Address portability has risks to the routing system (specifically, it 
> requires the 'core' routers to know/understand each of the portable blocks of 
> addresses and this will be a problem if too many sites try to do this) and 
> also requires organizations to get address space from the regional registries 
> which requires a yearly fee to be paid.  Renumbering also has its obvious 
> costs. NAT for IPv6 removes both of these concerns, but does impact the 
> end-to-end architecture of the Internet the exact same way IPv4 does.

Interesting, I hadn't even thought of that. This sounds similar to the idea of 
telephone number portability. Of course IP and circuit switched portability 
operate completely differently, this feature has (I think) been successful, 
once its finished. A "pointer" is entered into the original mobile network home 
location register database (a large database of all subscribers) pointing 
towards the new "home" network HLR of the ported number. Obviously timing is 
not as critical in voice call connections as in IP, so I guess those concerns 
aren't as visible.


> It isn't clear to me how this is 'great news' to ISPs or Mobile operators.

Firstly, I'm using the words "ISP" and mobile operators synonymously as to me 
they are becoming the same entity - IP based data pipe providers, no different 
from electricity, or water providers.

It's great news for mobile operators for a few reasons. One being IP address 
allocation (either dynamic or static)  is currently translated into cost for 
licenses. You purchase a piece of equipment for X (with a theoretical maximum 
capacity of 1, 000, 000 active subscribers), then you have to purchase the 
licensing files to enable capacity on that box - 10k/100k/1, 000, 000 active 
subs or possibly 1, 000, 000 active PDP contexts. This model will have to 
change when IPv6 is adopted as it won't make sense anymore.

Also, it will (might?) do away with the carrier grade NATing equipment/features 
used to translate all of the private IP space of mobile devices. This will make 
network planning much easier. The time it takes to expand user IP ranges on 
mobile networks when it outgrows whats configured takes a lot of time, and 
hence money.

There will be less equipment, which will manage more. It will be more 
complicated in software, but simpler in hardware - essentially becoming a box 
with lots of switching resources and inputs/outputs. All IP no circuit 
switching interface, so again essentially cheaper hardware. The equipment I 
work with has to currently do a l

Re: [liberationtech] If we want to be anonymous in #azerbaijan we take batteries out of our cellphones

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 18 Jun 2012, at 19:55, Parker Higgins wrote:

> On 6/18/12 11:44 AM, Bernard Tyers - ei8fdb wrote:
>> The "still being tracked with no battery in my phone" story sounds 
>> like a hoax to me.
> 
> Yeah, I wouldn't want my answer to be interpreted as providing
> evidence for it. I'm not advocating breaking any laws in this forum,
> but especially not laws of physics.

Some laws were made to :)

>> As Eleanor said, if there is no power source attached to
>> telephone, or to whatever secondary tracking device installed in
>> the telephone, then it is not possible to track someone. No power
>> source, no radio frequencies being created, no transmissions of
>> information.
> 
> Right. On a specific device, you could imagine a secondary battery
> powering the tracking device (er, the radio) but it's hard to imagine
> a scenario where that's the easiest way to track somebody.

Absolutely, and again like Eleanor said it would (probably) be a) cheaper b) 
faster, and c) more efficient to have someone follow in person. People forget 
social engineering is a very powerful tool. It doesn't need sophisticated 
technology and lots of money.

> The conversation I had with the security researcher was actually about
> a related question, and that's whether "airplane mode" could be
> trusted as well. Again, I don't want my acknowledging a theoretical
> possibility to be taken as advocating a hoax or anything, but the
> agreement was that SOFTWARE solutions like airplane mode can't really
> be trusted, and some processor components do not have open-source
> software options. Of course, on a current iPhone, there isn't an
> option to remove the battery.

That's a whole different scenario. In this case you are relying on the device 
maker to control shutting off the power to the radio modules (GPS, GSM, WiFi) 
to put the device into "airplane mode" (whatever the hell that actually means). 
Knowing how shoddy some device makers can be, I'd prefer not to leave my 
security and life in their hands.

Certainly in this case, the device is still powered on, and if there was any 
rogue software installed which had the intelligence to engage the microphone to 
record the ambient audio, or to store information on the device to send it once 
it was reconnected to a data network, this would be trivial to do.

The safest advice is still to remove the battery from the device. If needs be, 
keep it in a sealed container so there is no possibility of recording ambient 
audio. (Although I do not know how useful this would even be)

Bernard

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJP33yyAAoJENsz1IO7MIrrgKkH/3X6K9e07qt4AlnVYz+ATioM
K5UFnZ9zeJvBhtuA8rMElb/M6ebJIeNUQKqhJ/8Qht3bZbfTUe2VPa+Vk0Za9LaS
py9C4u+psgNwzryEWWDCttxTKSx1ZKWQr7B2ZzOVctQa33KzxK/nBuFRvl/Q5WL6
sSJqAqEGEAnAHC41ESn84PhtpaNaY0J2hYhjwlPtE8RfcovOy2nnRaWyuFi5eGAe
EkzSKnnUGCgXLeuRjiktrsOXidrjZewsmpikUmS1LPmvVBiPZGqaVKPQyUu75Xx/
qPWxrbONsn4n0Xd7/6aAiWLUjU3mmJWnfMK8NYaCMjJxVrDmgJocF2S4Y4Sdm+s=
=DEkU
-END PGP SIGNATURE-
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] If we want to be anonymous in #azerbaijan we take batteries out of our cellphones

[Bernard Tyers - ei8fdb]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The "still being tracked with no battery in my phone" story sounds like a hoax 
to me.

If you are within close proximity, enough to measure any weak passive 
(non-powered) electrical field, some inductance from an electronic article 
surveillance (AKA. "security tag"), then it is possible to "track" the device. 
However, these devices operate only over very short distances, metres.

As Eleanor said, if there is no power source attached to telephone, or to 
whatever secondary tracking device installed in the telephone, then it is not 
possible to track someone. No power source, no radio frequencies being created, 
no transmissions of information.

It constantly amazes me to ideas that it is possible to defy the laws of 
physics. It this were the case, we'd already have perpetual motion.

Any time there is a lack of proof it is either a) not true or b) a different 
problem (in this case secondary power source, etc).

Sorry to sound harsh but, to me, these hoaxes are as dangerous as having a 
flippant approach to security also.

Bernard

On 18 Jun 2012, at 18:40, Eleanor Saitta wrote:

> On 2012.06.18 13.29, Parker Higgins wrote:
>> On 6/18/12 8:36 AM, Yosem Companys wrote:
>>> Hi Liberationtech folks, is this always the case? I've heard cases
>>> where people can still be tracked whether they have batteries in
>>> their cell phones or not...
>> 
>> I've spoken with mobile security researchers who have given me the
>> impression that this theory hasn't been tested very much. It's
>> theoretically possible that some phones could be recording or
>> transmitting without the main battery, but the equipment that would be
>> required to test is prohibitively expensive and you'd have a hard time
>> demonstrating anything but an evidence of absence.
> 
> Unless there's a specific secondary battery powering a transmitter, it
> is improbable in the extreme that an unpowered passive device can have
> its location tracked at a distance of more than, say, a hundred meters,
> and any tracking at all is extremely unlikely.  Cellphones don't work
> that way, and physics says no, basically.
> 
> Now, *people* are very easy to tail, when you have a human doing the
> work.  That's a different story.  There are almost certainly many more
> pressing issues to worry about when it comes to locational privacy than
> a battery-less phone.
> 
> E.
> 
> -- 
> Ideas are my favorite toys.
> 

- --
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJP33cVAAoJENsz1IO7MIrrre4H/3khvSa7RJdu3f2cjv9gTpB2
m2KtfxXyQyvAfq59GAIO5bTIbPboUVD0RvSBZ2Uv0jDm2AVBRRki6DoPTwutmTAn
T3UXJYidklvmrTMk8PJCS5So+XaMzkwInUAhztts98X8Z4TTHd4L3Jv7PPwGgH1X
tXn0vU8szHhUz0vLouIMUUMZVEpsSwpfwdE8FTHKAByHGAk/tIzCIwW13FCkLBPa
OYn77/aNHMohSJgkP3xc3qNt8Jp+BI49SDPJKdw35V51/L2TfO0bfO9HJe5ipxkk
zZ1+4jsq4PZFWz9/BozudaAL0lrGpOElFp/ds35YC1Yu8NILxKvi1C339QJfkNE=
=2Luc
-END PGP SIGNATURE-
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech