[liberationtech] Social Research in the Digital Age

2012-10-11 Thread Yosem Companys
‘SOCIAL RESEARCH IN THE DIGITAL AGE’ We are pleased to invite you to the Social Research Association's annual conference on Monday 10 December 2012 at the British Library in London. The digital revolution increasingly affects how we do social research. It brings fresh opportunities and

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread James Losey
Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Nadim Kobeissi
On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread James Losey
*TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still

[liberationtech] Join eCampaigning Forum Europe Nov 7-9 in Austria?

2012-10-11 Thread Duane Raymond
Hi everyone, This might interest a few of you..and if not you might know who it would interest. In just under a month, the 2012 European eCampaigning Forum (e-campaigning = digital activism for anyone in the US) is taking place near Vienna, Austria on November 7-9. See more here

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Moxie Marlinspike
On 10/11/2012 09:15 AM, Nadim Kobeissi wrote: James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Nadim Kobeissi
On 10/11/2012 1:54 PM, Moxie Marlinspike wrote: In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Katrin Verclas
Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Nadim Kobeissi
On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Katrin Verclas
I like to see them deliver on the code audits before jumping to judgment since the product is not even released. Zimmerman gets those reservations, for sure, so let's see whether they can do a lot better than some companies before them. For now, the fact that Zimmerman and another staffer

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Robert Guerra
Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head of research at Privacy International, where he runs the Big Brother Incorporated project, an investigation of the international

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Nadim Kobeissi
That's great -- I'm going to hold up until there is some actual source code. NK On 10/11/2012 2:41 PM, Robert Guerra wrote: Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Moxie Marlinspike
On 10/11/2012 11:24 AM, Nadim Kobeissi wrote: Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore,

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Christopher Parsons
I just wanted to note that hosting things in Canada isn't inherently, or necessarily, safer than hosting in other countries. Canadian courts are as able as American courts to apply pressure towards 'privacy sensitive' companies, with Hushmail being a good example. I would also note that

Re: [liberationtech] best practices - roundup

2012-10-11 Thread The Doctor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/09/2012 03:03 PM, Lindsay Beck wrote: Thanks for compiling these resources! Another great tool that is perfect for traveling is TAILS, which stands for The Amnesiac Incognito Live System ... For what it's worth, I was traveling OCONUS last

[liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Yosem Companys
Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nadim Kobeissi
It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say

Re: [liberationtech] CryptoParty Handbook

2012-10-11 Thread The Doctor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/2012 06:10 AM, Julian Oliver wrote: Seth, your comments about the Quantum Crypto text are excellent and, on looking more closely, factually correct. I personally don't think such material has a place in a handbook like this but with your

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Yosem Companys
We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example,

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Katrin Verclas
Copying Susan Alderson, VP of Informatics, Silent Circle who was also in the meeting Eric and I referred to. Susan, forwarding you a thread from the Liberation Tech discussion list about Silent Circle source code, location of servers, etc. Please feel free to chime in, and nice to meet you!

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nathan
Can someone explain what this big secret briefing was? Are they making the PR rounds in DC? Yosem Companys compa...@stanford.edu wrote: We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nathan
Here's my prediction: Silent Circle will not fundamentally change anything. It will have no where near the impact that Phil's work on open cryptography standards has. It may be a great niche product for businesses, professional journalist groups and large NGOs looking for a turnkey solution. It

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nadim Kobeissi
On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Ryan Gallagher
On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very

[liberationtech] One year later: German police unable to develop ‘state trojan’

2012-10-11 Thread Anne Roth
http://annalist.noblogs.org/post/2012/10/12/one-year-later-german-police-unable-to-develop-state-trojan/ One year after the Chaos Computer Club found and analysed an illegal trojan virus used by German police, the so-called “state trojan”, and one year after the German Federal Minister of

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Christopher Soghoian
Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nadim Kobeissi
I'm sorry but this could easily refer to open source libraries, and commonly does. I will update my blog post again once source code is available, which should hopefully be when the app is released next week. NK On Oct 11, 2012 6:49 PM, Ryan Gallagher r...@rjgallagher.co.uk wrote: On

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nadim Kobeissi
Hi Chris, I regrettably did not speak to anyone from Silent Circle. This is off-topic, but I find it kind of ironic for you to be asking me this; you have written scathing critiques involving my own software efforts without once contacting me, and I believe you to be much more guilty of jumping

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Bernard Tyers - ei8fdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this a case of people (lib tech/security community) trusting people of up-to-now good security community reputation (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of we will be releasing the source code)

Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development

2012-10-11 Thread Christopher Soghoian
Hi all, When considering the threat of legally compelled assistance, I think it is useful to spell out the specific threats. The two big ones, IMHO, are 1. Compelled disclosure of data retained about users. 2. Compelled insertion of backdoors into the product. Now, folks on this list are

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Nadim Kobeissi
Thanks for spelling it out, and Nathan. NK On Oct 11, 2012 8:12 PM, Nathan nat...@freitas.net wrote: Ryan, mm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Seth David Schoen
Ryan Gallagher writes: On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In

Re: [liberationtech] Silent Circle to publish source code?

2012-10-11 Thread Seth David Schoen
Nathan writes: Like organic, open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to.

[liberationtech] Tech Challenge for Atrocity Prevention Website Goes Live

2012-10-11 Thread Yosem Companys
USAID and Humanity United’s *Tech Challenge for Atrocity Prevention*website, www.thetechchallenge.org, has gone live today. The website identifies five specific challenges around atrocity prevention, the first two of which will launch on October 31st. We’re grateful for the support of everyone