Let me just suggest, again, that we should find out how much it would cost to avoid the most widely "baked in" vulnerabilities which are known to state and non-state actor. I can't imagine why that wouldn't be worth it. If the NSA wants private Foundation data, they could send a National Security Letter, ordinary subpoena, or bribe Zimbabwean police to send a subpoena from their Interpol FAX.
On Mon, Jan 22, 2018 at 12:45 AM, Craig Franklin <cfrank...@halonetwork.net> wrote: > I think, as Geni says, that even that isn't going to provide any effective > barrier. If the NSA or other US Government spooks want to get into the > servers, they will, regardless of what hardware it's running on, what > software it uses, or what jurisdiction it is located in. Anything that the > Foundation does to "protect" itself is just going to be security theatre. > Anyone doing anything that the current or future American administrations > might object to should keep that in mind. I assume that every place I go > on the Internet is already compromised and act accordingly. > > Cheers, > Craig > > On 21 January 2018 at 19:13, Yaroslav Blanter <ymb...@gmail.com> wrote: > >> What about moving to another country? Still not an option? >> >> Cheers >> Yaroslav >> >> On Sun, Jan 21, 2018 at 8:38 AM, Lodewijk <lodew...@effeietsanders.org> >> wrote: >> >> > 1) still don't see the relevance. If better technology is needed, it's >> > needed - that should be independent of any lobbying preferences. It looks >> > like you're just pushing tangents again. >> > >> > 2) You do realize that the FTC and the FEC are very different >> > organizations? But again, it seems you just used this statement as an >> > opportunity to push a tangent. >> > >> > Please don't do that. >> > >> > Thanks, >> > Lodewijk >> > >> > On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <jsals...@gmail.com> >> wrote: >> > >> > > > 1) I don't quite see how your question about servers and switches >> > relates >> > > > to Stephen's statement. Could you explain for us mere mortals how you >> > > link >> > > > the two? >> > > >> > > The NSA surveillance which was reauthorized by Congress can not depend >> > > on eavesdropping alone with new HTTPS cyphers. It needs compromised >> > > hardware to work, such as has been included in Dell servers since the >> > > Foundation started purchasing them, and the design of which was >> > > overseen by the Foundation's CTO, who worked then at Intel. This >> > > provides us with the know-how, a teachable moment, and an excellent >> > > opportunity to specify and acquire replacement open source hardware >> > > which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT >> > > and related backdoors. >> > > >> > > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html >> > > >> > > > 2) I somehow missed the commitment by the WMF to research "FEC >> > > requirements >> > > > of organized advocates for US political candidates' or anything that >> > > > suggests that the WMF may advocate for specific political candidates >> > > (which >> > > > seems a change of course that would be hard to sweep under the rug). >> > > Could >> > > > you quote? >> > > >> > > https://en.wikipedia.org/w/index.php?title=Wikipedia_ >> > > talk:Conflict_of_interest&diff=prev&oldid=815460492# >> > > Note_from_Wikimedia_Legal >> > > >> > > https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)# >> > > Research_topic_request >> > > >> > > _______________________________________________ >> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ >> > > wiki/Wikimedia-l >> > > New messages to: Wikimedia-l@lists.wikimedia.org >> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> > > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> >> > > >> > _______________________________________________ >> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ >> > wiki/Wikimedia-l >> > New messages to: Wikimedia-l@lists.wikimedia.org >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> >> > >> _______________________________________________ >> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ >> wiki/Wikimedia-l >> New messages to: Wikimedia-l@lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> >> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>