Re: [liberationtech] Revealed: Seven years later, how Facebook shuts down free speech in Egypt | Middle East Eye

On Sun, Jan 28, 2018 at 04:59:02AM -0500, Thomas Delrue wrote: [ a lot of things I thoroughly agree with, plus he quoted me, so of course I agree with that, too ;) ] Let me reiterate: Facebook, Twitter, Linkedin, etc. are NOT your friends. They are NOT your allies. And let me add something that

[liberationtech] Fwd: [p...@eff.org: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal] -- time sensitive

[ This was sent to NANOG, but many of you are also in the target groups. Please note that the deadline is today. ---rsk ] - Forwarded message from Peter Eckersley - > Date: Sun, 26 Mar 2017 16:05:34 -0700 > From: Peter Eckersley > To: na...@nanog.org >

Re: [liberationtech] Data Security for International Travel

On Mon, Mar 06, 2017 at 12:50:45PM -0500, Bruce G. Potter wrote: > For example, Get a dropbox account [...] No. Not Dropbox. Never Dropbox. A partial list of reasons why: Dropbox Authentication: Insecure By Design

Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?

On Sat, Feb 18, 2017 at 02:23:18PM -0800, Yosem Companys wrote: > To protect your privacy and security, stay off Facebook. > > But, to build movements, create an account on Facebook (or Twitter or any > other dominant centralized social network) and try to get as many people to > join. [

Re: [liberationtech] Liberationtech List Reminder

On Thu, Feb 02, 2017 at 07:30:15PM -0500, Jos? Mar?a Mateos wrote: > I think what you are describing is better accomplished by software like > Discourse (https://www.discourse.org/), which is the discussion engine > behind popular sites such as BoingBoing.net. This, however, presents the > danger

Re: [liberationtech] Can you confirm these are not best practices for handling disclosure?

On Mon, Jan 30, 2017 at 05:49:08PM -0500, Zak Rogoff wrote: > Is anyone who's knowledgeable about disclosure policies able to take a > look at it and share your thoughts? > > To me, it looks like it's not much of a protection for the researchers, > because it's totally voluntary and apparently

Re: [liberationtech] How do I unblock Symantec's spam service?

I'm attempting to assist with this off-list. ---rsk -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by

Re: [liberationtech] Price of the #MuslimBan

On Mon, Jan 30, 2017 at 07:35:40PM +0100, ernesto ortiz wrote: > Really? Are you sure that Republicans here -all of them- are so bad that > undoubtedly do not hesitate to demonize the others? I am quite certain that Trump's supporters (which is the set of people I'm talking about and is clearly

Re: [liberationtech] Price of the #MuslimBan

> I've tried to avoid commenting too much on Trump's election to avoid > demonizing Republicans and people in my network who support him. And that's fine, and noble, and nice of you. But understand very, VERY clearly: they will not hesitate to do that to you. If you're not a (a) white (b)

Re: [liberationtech] Boston event: How nonprofits can use Facebook to broadcast their impact??? (Feb 27th)

[ Yes, I know I'm following up my own message. There's a reason. ] Here's what Facebook Live did this week: Facebook Live 'broadcasts gang rape' of woman in Sweden http://www.bbc.com/news/world-europe-38717186 Police in Uppsala were contacted in the morning by a woman

Re: [liberationtech] Boston event: How nonprofits can use Facebook to broadcast their impact??? (Feb 27th)

On Fri, Jan 20, 2017 at 08:01:56AM -0500, Deborah Elizabeth Finn wrote: > Tech Networks of Boston (TNB) and TNB Labs (TNBL) are pleased to invite you > to a Roundtable session on how nonprofits can use Facebook to broadcast I can see that I'm going to have to post some basic security/privacy

Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

On Sun, Jan 15, 2017 at 03:52:57PM -0200, Daniel Arnaudo wrote: > Also anyone using Yahoo Mail on this thread might want to reconsider if > they're concerned with privacy. The same can be said of AOL, Hotmail/Outlook, and Gmail. (Even though I think very highly of Google's security people.) The

Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

On Sun, Jan 15, 2017 at 08:47:51AM -0600, Andr??s Leopoldo Pacheco Sanfuentes wrote: > Anybody serious about decryption cannot use standard social networks, > which are predicated on access to private data for marketing and > "development" (eg, as test data for new features, debugging, etc) >

Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

Who owns WhatsApp? Facebook. What is the purpose of Facebook? Surveillance and data acquisition. They've spent billions building the infrastructure for it. They have expanded the nature and scope of it at every possible opportunity. They have been caught -- over and over and over again --

[liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

It is long *past* time for everyone involved in the kinds of activities discussed here to completely and permanently excise Facebook's services/products from their computing environment. No excuses. ---rsk - Forwarded message from Richard Forno - > To:

Re: [liberationtech] [FoRK] [zs-p2p] Thank you for choosing cyberpunk dystopia.

On Sat, Dec 31, 2016 at 12:16:41AM -0800, Stephen D. Williams wrote: > If we all find a way to solve the anti-terrorism problem, or at least > carve out space for it to be solved, we'd be less at odds for protecting > privacy etc. There are some promising ideas I think, but all solutions > so far

Re: [liberationtech] Isaacson: The internet is broken. Starting from scratch, here's how I'd fix it.

On Thu, Dec 15, 2016 at 11:31:20AM -0500, Thomas Delrue wrote: > A great start to fixing the internet would be to stop using closed sites > (of which LinkedIn is one). This would go a ways to bringing us back to > a truly _distributed_ system, as the internet was intended to be, > instead of an

Re: [liberationtech] E-Voting

On Sun, Dec 11, 2016 at 10:08:18PM +0300, Zacharia Gichiriri wrote: > I still believe e-voting could substantially improve election outcomes [...] You may, of course, believe whatever you wish. But you are completely wrong on this point: e-voting is a disaster for election outcomes. I suggest

Re: [liberationtech] E-Voting

On Sat, Dec 10, 2016 at 12:39:39PM +0300, Zacharia Gichiriri wrote: > I think the subject of the discussion should be: How can we make e-voting > more secure and credible? Answer: don't use it. Period, full stop, end of discussion. Any suggestion that e-voting can be made secure is delusional.

Re: [liberationtech] E-Voting

On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote: > Rich, the article you link to talks about the risk of one individual voting > machine being tampered with. I think you missed the point Schneier was making. It's NOT about one individual voting machine, it's about attacker budgets. Look

Re: [liberationtech] E-Voting

On Thu, Nov 17, 2016 at 06:02:36PM +0200, Andres wrote: > Could Intel and AMD team up and hide a backdoor on the vote counting > server's CPU? It certainly is in the realm of possibilities. However, > it's extremely cost prohibitive, risky and as a result unlikely. It's not cost-prohibitive for

Re: [liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients

On Mon, Nov 02, 2015 at 09:13:08PM +0100, carlo von lynX wrote: [ a bunch of good points and one thing I'd like to expand/elaborate on ] > Correct. Still it makes no sense for benevolent nodes to fabricate > false warnings about insecure TLS usage. Question is if it makes > sense for malevolent

Re: [liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients

On Sun, Nov 01, 2015 at 06:42:23PM +0100, carlo von lynX wrote: > Let's frame the threat models. Bulk collection probably does > not include using OS backdoors so the suggestion to use mutt > on BSD isn't wrong, but not necessary to move a step forward. And why not? If the endpoints aren't

Re: [liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients

On Sun, Nov 01, 2015 at 12:32:37PM -0300, fauno wrote: > there's a thunderbird addon called "paranoia" that does this Correction: there's a Thunderbird addon called "Paranoia" that pretends to do this. Everyone should know by now that you can't trust any "Received" headers other than those

Re: [liberationtech] Revealed: how Whisper app tracks 'anonymous' users

On Thu, Oct 16, 2014 at 04:54:35PM +0100, Yishay Mor wrote: Revealed: how Whisper app tracks 'anonymous' users http://gu.com/p/42bqn It's apparently much, MUCH worse than that: a confederacy of 'privacy' dunces: what we found under the hood of an 'anonymous' chat app used

Re: [liberationtech] Ghostery, NoScript.. add-ons frequently phone home

I think there's a more fundamental problem here. We're all talking about add-ons that perform various security/privacy functions. Why are these add-ons? Why are they not designed-in and built-in to the browser? Those are only quasi-rhetorical questions, because I'm pretty sure we all know at

[liberationtech] Fwd, time sensitive: Technologists sign on letter re CISA bill, info sharing

This came in via Dave Farber's excellent IP mailing list. The attached PDF (which I hope makes it through) is the letter that Jennifer's referring to. Note that tonight at 8 PM EDT is the deadline if you intend to sign onto this -- see instructions in the message below. ---rsk - Forwarded

Re: [liberationtech] Introducing The GovLab Digest: covering innovations in Governance, delivered weekly

On Tue, Feb 17, 2015 at 07:17:18PM +0100, Christian Huldt wrote: Who are mailchimps.com and why should I trust them? Spammers for hire, and no, you shouldn't -- doubly so since (like many such operations) they embed unique-per-recipient tracking links in every message they send. Last time I

Re: [liberationtech] liberationtech Digest, Vol 231, Issue 1

On Wed, Jan 28, 2015 at 01:19:05PM -0500, Joe Hall wrote: Mailing lists like this often include a header element like this that you can use to unsubscribe yourself: List-Unsubscribe: https://mailman.stanford.edu/mailman/options/liberationtech,

Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?

On Fri, Jan 16, 2015 at 10:19:22AM -0800, Al Billings wrote: The problem is that I am a practical person who lives in the real world. The largest, most successful project in the history of computing has been built entirely on open standards, open protocols, open formats, and open source: you're

Re: [liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?

On Thu, Jan 15, 2015 at 02:46:56PM -0800, Al Billings wrote: I thought software freedom and access to the source code was considered a requirement for considering a system secure. According to whom? I think open source (I???ll leave aside whether ???open source??? is ???free software???)

Re: [liberationtech] TrueCrypt Alternatives?

On Fri, Oct 03, 2014 at 10:23:09PM +, Jonathan Wilkes wrote: Hi Rich, Your footnote #1 is dubious at best. The cost of aiming peoples eyes at bugs is _not_ $0. Until it is, the free software community has a problem with too few resources chasing too many bugs. I'm not sure why you're

Re: [liberationtech] TrueCrypt Alternatives?

This is dragging out, so I'm going to try to be brief. On Fri, Oct 03, 2014 at 06:07:36PM -0700, Greg wrote: You may also be misunderstanding our NDA. I'm not misunderstanding it. I didn't bother to read it, because the mere fact that it exists is the problem. People who are serious about

Re: [liberationtech] TrueCrypt Alternatives?

On Thu, Oct 02, 2014 at 05:50:08PM -0700, Greg wrote: K, thanks for the read (I read it but nothing there seems to apply, perhaps some of its points will be addressed below). I'm sorry that you feel that way; I included that link because I think the entire message applies, particularly this

Re: [liberationtech] TrueCrypt Alternatives?

1. Well, this has certainly been an interesting discussion, but until Espionage is FULLY open-source, it's moot, because it hasn't (yet) been exposed to unlimited peer review by arbitrary, independent third parties. Please see:

[liberationtech] Fwd: [IP] Sophisticated iPhone and Android malware is spying on Hong Kong protesters

[ Forwarded from Dave Farber's most excellent IP mailing list. ---rsk ] - Forwarded message from David Farber via ip i...@listbox.com - Date: Wed, 1 Oct 2014 12:15:09 -0400 From: David Farber via ip i...@listbox.com To: ip i...@listbox.com Subject: [IP] Sophisticated iPhone and

Re: [liberationtech] World Congress on Internet Security (WorldCIS-2014): Call for Submissions!

This is (unsurprisingly) spam from one of the many fake conference scams currently polluting the Internet. I recommend permanently blacklisting the sender and the referenced domain. ---rsk -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get

Re: [liberationtech] Internet Infrastructure Software Database

I think this list is a pretty good starting point. Of course, having said that, now I want to edit it. ;) On Fri, Aug 01, 2014 at 02:21:12PM -0700, Bill Woodcock wrote: BIND NSD add unbound, I think Sendmail add postfix, exim, courier add

[liberationtech] Soghoian's written remarks for the German Parliament Committee of Inquiry

Recommended reading: http://files.cloudprivacy.net/bundestag-testimony-csoghoian-june-26-final.pdf ---rsk -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated:

Re: [liberationtech] New Citizen Lab report on Hacking Team's Government Surveillance Malware

I skimmed this earlier today and plan to read it in depth later: it looks like superb work. The most disturbing thing about it is the realization that this can't possibly be the only such project. Surely there are others. Many others. And since there are others, it's necessary to ask: are any

Re: [liberationtech] when you are using Tor, Twitter will blocked your acc

On Mon, Jun 09, 2014 at 07:52:51PM -0700, Seth wrote: I'm in agreement with pretty much all the points made, but how do you feel this approach? 1) ALWAYS publish the original source information via freedom/privacy/dignity respecting services using a name-space (a DNS

Re: [liberationtech] Wicker: D??j?? vu all over again

On Tue, Jun 10, 2014 at 10:08:26AM -0700, Yosem Companys wrote: The mention of NDAs by the Wickr founder makes it a non-starter. Their web site doesn't have any download link for the source files, nor mention of open source, but they do mention patent pending technology. How do they expect

Re: [liberationtech] when you are using Tor, Twitter will blocked your acc

On Sat, Jun 07, 2014 at 10:39:06AM +0100, Nariman Gharib wrote: what solution do you have for solve this problem? Don't use Twitter. Yes, I'm quite serious. Twitter has clearly stated that they're delighted to provide censorship-on-demand for any country that asks nicely:

Re: [liberationtech] when you are using Tor, Twitter will blocked your acc

On Mon, Jun 09, 2014 at 11:36:01AM +0100, Amin Sabeti wrote: Rick, I think you delete the problem instead of solving it! I suspect that's because I have a different definition of the problem. ;) Outsourcing your communications to a so-called social network whose interests (a) diverge markedly

Re: [liberationtech] Not an Emergency: Has TrueCrypt.org been Hijacked?

On Wed, May 28, 2014 at 07:42:02PM -0400, Griffin Boyce wrote: My suspicion is that either they were hacked (and had their key stolen), or that they were ordered to shutdown and recommend Microsoft's (presumably backdoored) BitLocker as a replacement. BitLocker's enterprise documentation

Re: [liberationtech] Not an Emergency: Has TrueCrypt.org been Hijacked?

It's probably just been hacked. Since the principals haven't commented yet, I suspect they're probably busy diagnosing and fixing it. I suggest ignoring the yapping on Twitter, having a nice microbrew, and awaiting further developments. And if those further developments amount to it's true,

Re: [liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

On Mon, May 19, 2014 at 07:24:39PM -0700, Tony Arcieri wrote: If you really want secure updates, depending on your threat model doing it correctly is a very difficult problem. First, thanks for the pointer to the web site/paper/etc.: that's going to make for some interesting reading later

Re: [liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

On Thu, May 15, 2014 at 07:36:07AM +0200, Fabio Pietrosanti (naif) wrote: i think that would be very important to organize a project to Audit the functionalities of Auto-Update of software commonly used by human rights defenders. Yes, but I'll go one step further: auto-update is a horrible

Re: [liberationtech] New IT security measures underway

On Mon, Feb 03, 2014 at 03:09:24PM -0800, John Adams wrote: Reality: You don't understand business nor threat modeling. Reality: I understand both *painfully* well, having worked for/consulted to a number of Fortune 100 companies and several major universities as well as a few ISPs and

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote: The main point is Coursera has done something that it's not legitimate. They were (apparently) forced to do this. It's not like Coursera staff woke up one day and suddenly decided to block those countries because they had nothing

Re: [liberationtech] Concerns with new Stanford University security mandate

On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote: To Liberation Tech: Stanford is implementing a new security policy detailed here: http://ucomm.stanford.edu/computersecurity/ First, if they were serious about security, they wouldn't be using Microsoft products. Second,

Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

On Fri, Sep 13, 2013 at 09:14:27AM +1000, Erik de Castro Lopo wrote: No such agency and the like are almost certainly able (with the help of carriers and manufacturers) backdoor and exploit all the major smartphone brands and models [0]. Smartphones are horrendously complex, rely heavily on

Re: [liberationtech] iPhone5S Fingerprint and 5th amendment

That's a valid concern. But I think you should probably be more concerned that it's only a matter of time until malware is released which grabs the fingerprint and quietly uploads it to someone's database. I'm sure they'll find uses for it, doubly so if it happens to unlock something other than

Re: [liberationtech] Fwd: Avaaz in grave danger due to GMail spam filters

On Wed, Sep 04, 2013 at 06:19:35PM -0400, Dave Karpf wrote: One distinction that I think is worth pondering though: it seems like the standard of serious about email is in conflict with the goal of frequently communicating with 20M supporters. That's a good point. Two responses: 1. At this

Re: [liberationtech] CFP: WorldCIST'14 - World Conference on IST; Best papers published in ISI Journals

This is a fraudulent/fake conference being promoted via spam. I recommend permanently blacklisting the sender. ---rsk -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated:

Re: [liberationtech] Websites with privacy

On Wed, Sep 04, 2013 at 10:27:54PM -0700, Jillian C. York wrote: Is this spam? No, it is not. Spam is UBE (unsolicited bulk email) and there is no evidence whatsoever that this is bulk. It may be against list policies (that is for the list-owners to decide) but that determination is orthogonal

Re: [liberationtech] Fwd: Avaaz in grave danger due to GMail spam filters

On Tue, Aug 20, 2013 at 12:27:24PM -0400, Matt Holland wrote: Rich: We actually do run our email lists in-house, sent from our own MTA's, with appropriate SPF records, DKIM signature, list-precedence headers, etc. etc. Our message to members was focused on getting into a particular tab at

Re: [liberationtech] Fwd: Avaaz in grave danger due to GMail spam filters

On Mon, Aug 19, 2013 at 12:32:59AM +0200, Moritz Bartl wrote: Subject: Avaaz in grave danger due to GMail spam filters This should be retitled Avaaz allegedly in grave danger due to their own extremely stupid decisions as regards running their mailing list, and oh, by the way, Gmail's anti-spam

Re: [liberationtech] abuse control for Tor exit nodes [was: Twitter Underground Market Research - pdf]

On Wed, Jun 05, 2013 at 10:16:23PM -0700, Andy Isaacson wrote: This is a really deeply interesting assertion. You seem to imagine a bright line of abuse that is agreed on by all parties, with a policy that can be implemented by thoughtful operators to make the abuse stop. I submit that that

Re: [liberationtech] Yahoo Hacks [and: it's about to get MUCH worse]

[ Sorry. Just saw this now. ] On Tue, Apr 09, 2013 at 07:54:23AM +0100, David Miller wrote: On 9 April 2013 01:29, Steven Clift cl...@e-democracy.org wrote: Part of the problem maybe yahoo mail hacked accounts which are an ongoing disaster. What's the deal with that - I seem to get

Re: [liberationtech] MOOC'd

On Thu, Jun 20, 2013 at 01:17:18AM -0700, Raven Jiang CX wrote: My own concern lies with the fact that the a great deal of academia and knowledge creation is currently being funded by the inefficient tuition system. If the transition to MOOC is too sudden, then we might irreversibly damage our

Re: [liberationtech] Deterministic builds and software trust [was: Help test Tor Browser!]

On Tue, Jun 18, 2013 at 08:54:30PM -0700, Mike Perry wrote: [ one the most insightful, thoughtful messages I've ever read here ] There's very little I can add to that, except to say that I look forward to reading the future, longer writeup you mentioned. Now get to work. ;-) ---rsk -- Too many

Re: [liberationtech] Quick Guide to Alternatives

On Tue, Jun 18, 2013 at 11:30:00AM +0200, Julian Oliver wrote: It'd be also good to add GNU/Linux however. [...[ And the BSD family, notably OpenBSD -- whose development is led in large part by one of my favorite curmudgeons. (As I've said elsewhere, some of the people working on OpenBSD are

Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm

On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote: First of all, thank you for all your valuable input on this list. You're very kind, but my contributions are minor and unimportant. Others have done far more. I wanted to ask you if you have any good resources on getting the

Re: [liberationtech] Oakland Cryptoparty This Sunday at 1pm

On Fri, Jun 14, 2013 at 06:34:42PM +0200, Eleanor Saitta wrote: The issue with this approach is that maintaining infrastructure like this takes an ongoing time commitment by someone who is clueful (and thus at least moderately expensive for broke organizations where everyone's constantly

Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

On Sun, Jun 09, 2013 at 10:11:08AM -0400, Nadim Kobeissi wrote: On 2013-06-09, at 10:08 AM, Rich Kulawiec r...@gsp.org wrote: Second: stupidity, in all forms, fully deserves to be slapped down -- This is where I stop reading. I have to admit, even though I've read this half a dozen times, I

Re: [liberationtech] Internet blackout

On Thu, Jun 13, 2013 at 04:27:17PM -0700, Seth David Schoen wrote: These properties are really awesome. One thing that I'm concerned about is that classic Usenet doesn't really do authenticity. It was easy for people to spoof articles, although there would be _some_ genuine path information

Re: [liberationtech] U.S. Agencies Said to Swap Data With Thousands of Firms

On Fri, Jun 14, 2013 at 02:14:16PM +0300, Maxim Kammerer wrote: An interesting article, showing why ?responsible disclosure? of exploitable bugs is a bad idea. I concur. I've often argued that there is no such thing as responsible disclosure -- it's a self-serving fiction concocted to satisfy

Re: [liberationtech] Internet blackout

On Tue, Jun 11, 2013 at 05:44:38PM -0400, Richard Brooks wrote: This lead me to start thinking about the possibility of deploying something like Fidonet as a tool for getting around Internet blackouts. Has anyone tried something like that? Usenet has long since demonstrated the ability to

Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

On Mon, Jun 10, 2013 at 01:48:23PM -0700, x z wrote: @Rich, those are good movie scripts :-). But it does not work for 9 firms, and hundreds of execs all with diverse values and objectives. Two responses. hundreds? Not necessary. Not desirable, from the NSA's point of view, either. One

[liberationtech] Edward Snowden has gone missing

http://www.theatlanticwire.com/national/2013/06/where-is-edward-snowden/66072/ I'm reminded of this exchange, which I presume everyone on this list is familiar with: I'd like to go back to New York. You have not much future there. It will happen this way: you

Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

On Mon, Jun 10, 2013 at 01:30:19AM -0700, x z wrote: First of all, I don't feel offended by Jacob's reply to my email at all, probably because I know and expect his style of wording. So far I think the discussion is still pretty civil. I concur. This is what spirited discussion looks like.

Re: [liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

On Sun, Jun 09, 2013 at 09:45:31AM -0400, Nadim Kobeissi wrote: I don't agree with x z (and rather agree with you), but I'm really tired of just how aggressive and rude you always are on Libtech. First: you've got to be kidding. I've never seen a single message on this list that goes past

Re: [liberationtech] Google Denies PRISM Involvement

(Quoting myself from something I just sent to NANOG in re the same question: are the Cxx people at Google and elsewhere telling the truth?) *puts on evil hat, adjusts for snug fit* Targeting the technical people who actually have their hands on the gear might be the best choice. They don't

Re: [liberationtech] Want to shield text, photos from government? Wickr says it has an app for that | SiliconBeat

It's not open-source, therefore it not only *can* be discarded without any further discussion, it MUST be. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at

Re: [liberationtech] Stop promoting Skype

These revelations constitute an existence proof that the number of backdoors in various services is nonzero. There's no reason to believe that this nonzero value is 1. After, if the NSA could backdoor them (with or without their cooperation) then why couldn't MI6? Or Mossad? Or some other

Re: [liberationtech] Stop promoting Skype

On Fri, Jun 07, 2013 at 02:48:58PM +0200, Eugen Leitl wrote: On Fri, Jun 07, 2013 at 08:32:36AM -0400, Rich Kulawiec wrote: These revelations constitute an existence proof that the number of backdoors in various services is nonzero. There's no reason to believe that this nonzero value

Re: [liberationtech] Twitter Underground Market Research - pdf

On Tue, Jun 04, 2013 at 06:44:37PM +0100, Bernard Tyers - ei8fdb wrote: I wonder if there is any connection between these merchants and botnets? Botnet owners or spammers would seem like a great source of valid IDs. Let me introduce a term you might/might not have heard before in other

Re: [liberationtech] Cell phone tracking

On Sun, Jun 02, 2013 at 10:16:20PM -0400, Nathan of Guardian wrote: In summary, if the focused threat you need to address is location tracking by carriers/operators, and you live in an area with a decent saturation of open wifi hotspots, I feel there is something you can do about it. Now your

Re: [liberationtech] Medill online Digital Safety Guide

On Wed, May 29, 2013 at 03:21:45PM -0700, fr...@journalistsecurity.net wrote: I appreciate your feedback and your bluntness, Rich. But you are providing far more guidance about what to avoid than what to use. If journalists and other users should avoid all commercial based operating systems

Re: [liberationtech] Microsoft Accesses Skype Chats

On Tue, May 14, 2013 at 09:14:19PM +0530, Pranesh Prakash wrote: Heise Security is reporting that Microsoft accesses links sent over Skype chat.[1] Everyone who thinks that's the *only* thing that Microsoft is quietly doing behind everyone's back, raise your hand. And incidentally, the

Re: [liberationtech] Call for Papers: World Congress on Internet Security (WorldCIS-2013)

On Fri, Apr 05, 2013 at 10:29:12AM +0100, Dan Lin wrote: World Congress on Internet Security (WorldCIS-2013) Technically Co-Sponsored by IEEE Tokyo Section August 5-7, 2013 Venue: Tokyo University of Information Sciences, Japan www.worldcis.org I'm throwing the bullshit flag. I think this

Re: [liberationtech] how spammers work, was: You are awesome, Treat yourself to a love one

On Sun, Mar 31, 2013 at 11:47:31AM +0200, M. Fioretti wrote: How could that happen? In the same, totally unsurprising ways in which always happen to everybody who takes the same measures as you (no offense meant, really, just a technical explanation!). It happened in one of these two ways

Re: [liberationtech] suggestions for a remote wipe software for Windows?

I think remote wipe software is a scam. There is no way to know that the system will ever be remotely accessible[1]; there is no way to know that it will be booted into the operating system that was installed; there is no way to know that the storage media will even be in the same system when

[liberationtech] Fwd: [ra...@psg.com: alexandria cable cutters?]

I don't think it's a huge leap to suggest that someone may be trying to hobble telecommunications in/out of the Middle East, that they're doing so for a reason, and that they'll try again. ---rsk - Forwarded message from Randy Bush ra...@psg.com - From: Randy Bush ra...@psg.com Date:

Re: [liberationtech] Installation free end-to-end encryption: Asking for public review / opinion / suggestion

On Thu, Mar 28, 2013 at 10:48:17AM +0100, Simon Rothe wrote: - fast and secure hosted by Amazon-Web-Service I wouldn't. (a) Nobody with any clue accepts SMTP traffic from Amazon's cloud, as it's proven itself to be a massive source of spam and other forms of SMTP-borne abuse. Attempts to get

Re: [liberationtech] Schneier: Focus on training obscures the failures of security design

On Wed, Mar 27, 2013 at 07:45:45PM -0400, Carol Waters wrote: At the risk of igniting an inbox-exploding smackdown thread [...] You say that like it's a bad thing. ;-) I'll quote Marcus Ranum on the subject of educating users, from his essay: The Six Dumbest Ideas in Computer Security

Re: [liberationtech] Privacy, data protection questions

On Tue, Mar 26, 2013 at 04:24:33PM -0700, Brian Conley wrote: I generally read most of your comments on this list as I find them insightful, however in this case, I was struck by your entirely hostile attitude. You're misreading exasperation and frustration as anger, and you're still focused

Re: [liberationtech] Privacy, data protection questions

On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote: Mostly I'm taking issue with your nonconstructive demeanor. Clearly you have no idea how I write when I'm being nonconstructive. ;-) Think equal proportions Kingsfield[1], Vader, Snape. Season to taste with HST and Mencken, serve at

Re: [liberationtech] Privacy, data protection questions

On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote: Nose to the grindstone Andrew. Use Rich's email to remind you this is hard, but its still worth doing. I've read this multiple times and I still have no idea how your remarks relate to what I wrote in re the (in)security of

Re: [liberationtech] Privacy, data protection questions

On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote: We're in the late prototype phase for Groundsourcehttp://groundsourcing.com, a mobile data collection and engagement platform -- designed for journalists, researchers, NGO's and others to use to gather first-hand knowledge. We've

Re: [liberationtech] list reply-all

On Wed, Mar 20, 2013 at 05:48:20AM -0400, Michael Allan wrote: Pardon me, but that's not true. GNU Mailman is a decent list server and it ships with reply-to-sender. You must go out of your way to munge the Reply-to header. They recommend against it:

Re: [liberationtech] Announcing a privacy preserving authentication protocol

On Tue, Mar 12, 2013 at 06:31:56PM -0500, Kyle Maxwell wrote: A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them.

Re: [liberationtech] skype

On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts wrote: One is tempted to suggest using other than Skype. Alternatives exist, and these are secure, at least according to their claims. As well, Skype's code is not transparent, in the way that other, open source, applications' are.

Re: [liberationtech] [ Spotfluxx what about it? ]

On Mon, Mar 18, 2013 at 12:59:48PM +0100, Giuseppe Calamita wrote: Hello, I wonder if application such as Spotflux: http://www.spotflux.com/ in security general terms and agency proof strength. At first glance it appears to be a closed-source app which allegedly solves certain security/privacy

Re: [liberationtech] list reply-all

On Tue, Mar 19, 2013 at 07:08:48PM -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Maybe I'm the only one that trips over it so often. best, Joe This is something that has been debated numerous, and I do mean *numerous*,

Re: [liberationtech] Here Come the Encryption Apps

On Sun, Mar 10, 2013 at 10:29:44AM +0700, Nathan of Guardian wrote: Glad to see such a great level of academic investigation and discourse coming out of this esteemed university. I'll give him a pass on rigor, as this is an informal article and not intended to be a journal paper. (Besides, I

Re: [liberationtech] recommendation for WP host

On Sun, Mar 03, 2013 at 09:10:30PM -0500, Rich Kulawiec wrote: On Sun, Mar 03, 2013 at 04:13:26PM -0500, Griffin Boyce wrote: If the problem is limited to DDoS attacks, you might find that Cloudflare offers some relief. I agree, but: this thread (dating from today) may be of interest

Re: [liberationtech] Cryptography super-group creates unbreakable encryption

On Fri, Feb 15, 2013 at 01:35:53PM -0800, Adam Fisk wrote: At the risk of getting swept up in this by consciously saying something unpopular, I want to put my shoulder against the wheel of the open source process produces more secure software machine. [snip] I've been thinking about your

[liberationtech] [SPAM:####] Re: [SPAM:####] CfP: Society, Informatics and Cybernetics (March 19)

On Mon, Mar 04, 2013 at 09:42:27AM -0800, Yosem Companys wrote: 7th International Multi-Conference on Society, Cybernetics and Informatics: IMSCI 2013 (www.2013iiisconferences.org/imsci) to be held in Orlando, Florida, USA, on July 9-12, 2013. It's a scam. This is one in a long series of

  1   2   >