[liberationtech] The security and ethics of mapping in repressive environments

Tue Feb 8 22:54:26 PST 2011

Jacob,

I'd love to implement GPG/PGP on my Gmail. Is there an easy primer
that you can point me (or rather, this list/the public) to?

Thx,

-C

On Wed, Feb 9, 2011 at 3:19 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> On 02/08/2011 01:29 PM, Katrin Verclas wrote:
>> Would love to hear what the list thinks of this post:
>>
>> http://blog.standbytaskforce.com/?p=259
>
> Just quickly skimming, I see a ton of stuff that made me slap my forehead.
>
> They suggest not using gmail because of "hacking fears" but in reality,
> gmail is probably the best from a security standpoint of any public or
> free webmail/email provider. The cost of gmail is your privacy and in
> return you're given targeted ads. This is probably an improvement over
> leaking lots of data to the local network where the targeting is violence.
>
> They suggest hushmail - I can't impress on people how bad that advice
> is! Use PGP and gmail before using hushmail. Hushmail has proven
> themselves to be untrustworthy (in architecture and perhaps personally)
> for the only thing that made them special:
> http://en.wikipedia.org/wiki/Hushmail#Controversy
>
> Their advice on passphrases is OK, I guess.
>
> They suggest using Skype for sensitive content - this is a horrible
> idea. Skype is absolute garbage if you're worried about state sponsored
> attackers. It's probably absolute garbage if you're worried about some
> people from the Chaos Computer Club too.
>
> If you have to use non-free software, I suggest zfone, redphone, or
> another system that at least has an open specification or behaves in a
> manner that could be vetted by a third party.
>
> zfone:
> http://zfoneproject.com/
>
> redphone:
> http://www.whispersys.com/
>
> Otherwise, I'd suggest some free software with ZRTP:
>
> zrtp:
> http://zfoneproject.com/prod_asterisk.html
>
> Gnu ZRTP (probably not ready for prime time)
> http://www.gnutelephony.org/index.php/GNU_ZRTP
>
> People who do not require encrypted voice and video would be better
> served by using OTR in the chat client of their choice:
> http://www.cypherpunks.ca/otr/
>
> They also suggest using HTTPS when possible - I'd suggest the EFF
> project HTTPS-everywhere:
> https://www.eff.org/https-everywhere
>
> I'd suggest (as Tor developers do) using the Tor Browser Bundle:
> https://www.torproject.org/projects/torbrowser.html
>
> Personally, I think all of the data being sent by an activist in the
> field should go over Tor. If you're in an area where the traffic is
> being recorded, a failure to anonymize anything could be a seriously
> dangerous failure in the long run.
>
>>
>> My take:  It does not go far enough to secure certain communications
>> mentioned there.  Also, as an aside, the Ushahidi SMS Anonymizer is
>> totally and misleadingly misnamed.
>>
>
> Probably anything with SMS in the name is going to be misleading if it
> also has Anonymous or Anonymizer in the name. SMS but specifically SMS
> and GSM are a total privacy nightmare. With only a phone number it is
> usually possible to track someone globally.
>
> All the best,
> Jacob
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>

-- 
----------------------------------------
Cyrus Farivar
"suh-ROOS FAR-ih-var"

 Freelance Technology Journalist
cfarivar at cfarivar.org

DE: +49 163 763 3108 (m)
US: +1 510 394 5485 (m)

AIM: FarivarCJ
Twitter/Skype/Yahoo/gChat: cfarivar

http://www.cyrusfarivar.com

"Being a good writer is 3% talent, 97% not being distracted by the Internet."