On Mon, Aug 13, 2012 at 12:38 PM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
The average user (a very stupid, dumb user but with very strong political
commitment in freedom fighting) will always trust the website / operator.
We CANNOT FIX that problem in any technical/cryptographic
On 8/13/12 6:53 PM, Gregory Maxwell wrote:
For example, it wouldn't be hard to educate people to only install
software on their secure systems via a downloading tool that verifies
(cryptographically) that the software which is being installed has
been independently peer reviewed by multiple
Do activists seriously diverge from general browser usage
statistics?
Oh hey -- at last, quantifiable question that would lend itself to a solid
research paper. Let's gather aggregate analytics data from activist sites
and compare to the norm. I think I can help on this...
On Friday, August 10,
Collin Anderson:
Do activists seriously diverge from general browser usage
statistics?
Oh hey -- at last, quantifiable question that would lend itself to a solid
research paper. Let's gather aggregate analytics data from activist sites
and compare to the norm. I think I can help on this...
hi,
i collaborate on a server-project similar to riseup, a lot smaller but
similar in inception.
On 07/08/12 02:45, Moxie Marlinspike wrote:
I actually disagree with your premise. I don't see Riseup as a
security project, but as a project that's value is in self-sufficiency
and self-control.
-boun...@lists.stanford.edu
08/07/2012 07:19 AM
To
Moxie Marlinspike mo...@thoughtcrime.org,
liberationtech@lists.stanford.edu
cc
Subject
Re: [liberationtech] What I've learned from Cryptocat
Hey guys,
I appreciate the importance and depth
by: liberationtech-boun...@lists.stanford.edu
08/07/2012 07:19 AM
To
Moxie Marlinspike mo...@thoughtcrime.org,
liberationtech@lists.stanford.edu
cc
Subject
Re: [liberationtech] What I've learned from Cryptocat
Hey guys,
I appreciate
On Thu, Aug 9, 2012 at 11:56 AM, Mark Belinsky mark.belin...@gmail.com wrote:
Of course it's important to note that this too can be spoofed, but it's
potentially better than nothing
But thats so trivially spoofed and the only users it would protect
would be the ones trying to get protection...
On Tue, Aug 07, 2012 at 05:18:02PM -0700, e...@sundelof.com wrote 4.7K bytes in
111 lines about:
:partial defenses using any technology tool. I may feel too strong about
:tools being discussed as THE solution or THE bulletproof vest so to speak.
I'm not picking on you Erik, but this comment
Andrew: That is exactly what I was trying to say but you explained it much
better :-)
Erik
Sent from my iPad
On Aug 8, 2012, at 6:37 AM, liberationt...@lewman.us wrote:
On Tue, Aug 07, 2012 at 05:18:02PM -0700, e...@sundelof.com wrote 4.7K bytes
in 111 lines about:
:partial defenses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/08/12 06:19, fr...@journalistsecurity.net wrote:
How many people on this list have spent time asking
non-technologists and other users who have tried, but have since
given up even trying to use tools like PGP? Or have examined how
new users
Hi all,
I've been trying to decide how to weigh in on this thread, I'm sure some of
you are surprised its taken me this long to jump in.
That said, I'll keep this brief, because I'm going to write up more
detailed thoughts on a blog post that I'll share with the list.
The first issue I see is
In my attempt for brevity, I forgot to congratulate Nadim on the Chrome
implementation.
I'd also like to ask that anyone who is critical of pushing individuals to
implement the chrome extension please *try installing the chrome extension*
and provide us their thoughts as to whether this is still
.
Original Message
Subject: Re: [liberationtech] What I've learned from Cryptocat
From: Michael Rogers mich...@briarproject.org
Date: Wed, August 08, 2012 1:22 pm
To: fr...@journalistsecurity.net
Cc: Moxie Marlinspike mo...@thoughtcrime.org,
liberationtech@lists.stanford.edu
-BEGIN
document for activists?
Luke
fr...@journalistsecurity.net
Sent by: liberationtech-boun...@lists.stanford.edu
08/07/2012 07:19 AM
To
Moxie Marlinspike mo...@thoughtcrime.org,
liberationtech@lists.stanford.edu
cc
Subject
Re: [liberationtech] What I've learned from Cryptocat
Hey guys,
I
[mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Ali-Reza
Anghaie
Sent: Tuesday, 07 August 2012 04:40
To: Luke Allnutt
Cc: liberationtech-boun...@lists.stanford.edu;
liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] What I've learned from Cryptocat
On Tue, Aug 7, 2012 at 4:25 AM
Eleanor Saitta:
On 2012.08.06 18.40, Jacob Appelbaum wrote:
Eleanor Saitta:
It is true that you have to trust the server operator in both cases.
However, having a server configuration which does not completely
compromise user privacy (vs. the operator) by default, like Facebook
does, is
Nadim Kobeissi:
OKAY!
I just came back from a long, incredibly intense dinner with Jacob, Ian
Goldberg and a few other people. Believe it or not, we have actually
managed to agree on a conversation model that both answers the concerns of
people like Jacob while remaining easy to use and
Ali-Reza Anghaie:
On Tue, Aug 7, 2012 at 7:19 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Ali-Reza Anghaie:
I don't think it's they don't get it - once explained to even the most
jaded they accept the expertise - it's that in the time period with
immediate windows of opportunity present
Jillian,
Sorry if that came across as directed at someone as it truly was not my
intention. It was purely a comment and/or elaboration of the comment of partial
defenses using any technology tool. I may feel too strong about tools being
discussed as THE solution or THE bulletproof vest so to
On Mon, Aug 6, 2012 at 6:53 PM, Nadim Kobeissi na...@nadim.cc wrote:
The blog post suggests that becoming a local browser app means that
Cryptocat no longer uses JavaScript cryptography. This is nonsense:
JavaScript is a *language*, and since browser apps/plugins are written in an
HTML5
Jillian C. York:
It's difficult. I'm not a technologist, but I understand the issues and
the user needs well. My type, I'd surmise, is few and far between.
Security experts have obvious reasons for being conservative, and I get
that. Nevertheless, there are a lot of users who would
On Mon, Aug 6, 2012 at 8:43 PM, Jillian C. York jilliancy...@gmail.com wrote:
It's difficult. I'm not a technologist, but I understand the issues and the
user needs well. My type, I'd surmise, is few and far between.
The problem isn't that your type is few and far between - the problem
is
On 2012.08.06 17.54, xmux wrote:
On 08/06/2012 08:50 PM, Nadim Kobeissi wrote:
Suggestions welcome!!
Don't provide the insecure version at all? How many people use the
Chrome plugin vs. the website version currently?
The insecure version is currently the only thing which is interesting
On Mon, Aug 6, 2012 at 8:51 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
The problem is that the little bit is effectively zero.
What's the difference between Facebook chat over SSL and Cryptocat over SSL?
Without a browser extension/plugin - there is little to no difference.
You have to
On 2012.08.06 17.51, Jacob Appelbaum wrote:
Jillian C. York:
It's difficult. I'm not a technologist, but I understand the issues and
the user needs well. My type, I'd surmise, is few and far between.
Security experts have obvious reasons for being conservative, and I get
that.
First, xmux: I want to sincerely thank you for participating in this
conversation. I really respect your expertise (and your strong familiarity
with a side of this debate) and I strongly hope that you will remain a
contributor to this conversation. Much better than bitter tweeting!
I want to
On Mon, Aug 6, 2012 at 9:08 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Ali-Reza Anghaie:
Except you're trying to solve a resource and environmental OPSEC
problem while effectively reducing the available exfiltration surface
(as it were) to a point where the adversary Nation-State (one use
On 08/06/2012 05:28 PM, Jillian C. York wrote:
A /safer /web-based tool than Facebook chat with a GIANT WARNING is far
better than everyone continuing to hold their discussions in insecure fora.
I think this sentence is really the essence of the problem. Why do you
assume it's safer?
Hi Libtech,
Jillian C. York wrote:
Security experts have obvious reasons for being conservative, and I
get that. Nevertheless, there are a lot of users who would benefit
from *a little bit* of added security. The question, then, as I see
it, is:
*How do we provide that little bit while
It *is* safer than Facebook, for both the reason Douglas lays out below and
for the fact that *just to have a Facebook account* you're technically
required to use your real name (yes, I know lots of people break this rule,
but it's also something lots of people don't think about).
That said, fair
Eleanor Saitta:
On 2012.08.06 17.51, Jacob Appelbaum wrote:
Jillian C. York:
It's difficult. I'm not a technologist, but I understand the issues and
the user needs well. My type, I'd surmise, is few and far between.
Security experts have obvious reasons for being conservative, and I get
On 08/06/2012 06:22 PM, Douglas Lucas wrote:
Is not Riseup accessed over SSL webmail a comparable analogy to current
Cryptocat? And yet activists without their own .mx trust Riseup, and no
one says there's little to no difference between Facebook email and
Riseup email.
I actually disagree
Actually, I think it almost *only* applies in the US. I know you said you
were only talking about security, but since you bring up warrants...
Because of that, I'd recommend Riseup over Google for most activists
outside the US. Whereas Google may not do the legwork around resisting an
order
On 2012.08.06 18.40, Jacob Appelbaum wrote:
Eleanor Saitta:
It is true that you have to trust the server operator in both cases.
However, having a server configuration which does not completely
compromise user privacy (vs. the operator) by default, like Facebook
does, is still a significant
https://crypto.cat will soon stop being a web-based service, and will
only exist as a browser extension.
The question is, what should future web-app developers do if they need
crypto? Rewrite all crypto primitives from scratch [and hope there's
enough interest in reviewing the code], then let
36 matches
Mail list logo