[liberationtech] Fwd: Fwd: Avaaz

Sun May 6 19:35:07 PDT 2012

Hello all,

I've relayed questions about the specifics of the attack and generous
offers from Jacob and Hal to our tech team -- thank you both.

And I appreciate the discussion front the list. Some are raising questions
about the accuracy of our description of the attack. Judges more informed
than I will have to make that call -- but I have no reason not to trust the
organization. Its integrity is one reason I work here :)

But accuracy aside -- others are questioning whether fundraising off the
back of a DDOS is "tasteful" and implied that raising more funds than what
is needed for defending against the attack (for added bandwidth, say) is
disingenuous.

Here's where I object, and suggest these critics broaden their definition
of defense.

First, I think our email was clear about the dual objective of the
fundraiser:

donate to an Avaaz defence fund to take our security to the next level, and
> show our attackers that whatever they throw at us only makes us stronger.

And again, I'm not a security expert -- but growing stronger from attacks
seems like a pretty good security objective to me. Fundraising is the best
way that most of our members can help support it (great if members of this
list can contribute their time/expertise to the same ends).

Allow me to belabor the point:

When I worked at Rainforest Action Network, we came under a different of
kind of attack in 2002 when US logging giant Boise Cascade sent letters to
RAN's individual and foundation donors calling us  “illegal, anti-business,
and anti-American.” We responded with an essentially identical strategy --
a fundraising appeal to show that attempts to take us down would only make
us stronger. Long story short: it worked. We raised a bunch of money,
invested it in the campaign, and kicked Boise's
ass.<http://www.utwatch.org/oldnews/wsj_boise_9_03_03.html>

Then shortly after in 2003, the House Ways and Means Committee subpoenaed
every record <http://www.civilliberties.org/RAN.html> related protests
organized by RAN since 1993 in a bid to revoke our tax-exempt status.
Again, big fundraiser, big response, reinvestment (this time in big legal
guns). Ultimately the Committee backed down and we became a stronger
organization.

Crying wolf or hyping threats that don't exist would be worthy of ridicule.
But suffice it to say, I think fundraising in response to legitimate
attacks is totally legit.

Others?

-Brant

On May 6, 2012, at 3:03 AM, "Jillian C. York" <jilliancyork at gmail.com>
wrote:

Hi Brant,

You may not want to share it list-wide, but there is certainly interest in
disclosing to trusted members of the security community.  That said, I'm
also not a security expert, so I'm hoping that perhaps Hal Roberts or Jake
Appelbaum might jump in and say something here.

Best,
Jillian

On Sun, May 6, 2012 at 11:29 AM, Brant Olson <brant at avaaz.org> wrote:
>
>
> Regrets. I had intended to send this to the full list.
>
> I'm asking about specific interests because I suspect (but don't yet
know) that we have specific interests in not disclosing information -- such
as that which may make another attack more likely/difficult to defend
against.
>
> Unsure whether this info would fit that bill or not. Perhaps someone here
could speculate.
>
> -Brant
>
>
> Begin forwarded message:
>
> From: Brant Olson <brant at avaaz.org>
> Date: May 5, 2012 1:03:19 PM PDT
> To: Eric S Johnson <crates at oneotaslopes.org>
> Subject: Re: [liberationtech] Avaaz
>
> These are helpful - thank you Eric.
>
> I'm not familiar with the list, and I'm not a security expert, so pardon
me for asking but is there an interest in this information beyond
curiosity?
>
> -Brant
>
>
>
>
>
>
> On May 5, 2012, at 11:00 AM, Eric S Johnson <crates at oneotaslopes.org>
wrote:
>
> Brant, what was the attack’s size?
>
>
>
> What was done to repel it?
>
>
>
> Any idea who was behind the attack, or what its specific purpose was?
>
>
>
> If you’re on the LibTech list, it sounds as if these are questions the
list members would love to learn about.
>
>
>
> Best,
>
> Eric
>
> PGP
>
>
>
> From: liberationtech-bounces at lists.stanford.edu [mailto:
liberationtech-bounces at lists.stanford.edu] On Behalf Of Brant Olson
> Sent: Friday, 04 May 2012 17:10
> To: Yosem Companys
> Cc: Liberation Technologies
> Subject: Re: [liberationtech] Avaaz
>
>
>
> Sure enough. Howdy folks. Brant here.
>
>
>
> I'm not on the team responding to the DOS attack, but I can take any
questions or concerns and report back.
>
>
>
> Fire away!
>
>
>
> -Brant
>
>
>
>
> On May 4, 2012, at 3:07 PM, Yosem Companys <companys at stanford.edu> wrote:
>
> I believe someone from the Avaaz team has just joined our list, so if you
have questions for Avaaz, now would be the time to ask.
>
>
>
> Yosem
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
>
> You will need the user name and password you receive from the list
moderator in monthly reminders. You may ask for a reminder here:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
>
> You will need the user name and password you receive from the list
moderator in monthly reminders. You may ask for a reminder here:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

--
+1-857-891-4244 | jilliancyork.com | @jilliancyork

"We must not be afraid of dreaming the seemingly impossible if we want the
seemingly impossible to become a reality" - Vaclav Havel

--
Brant Olson
Program Manager
AVAAZ

p: (+01) 415-562-7268
e: brant at avaaz.org
s: branto1887
t: @branto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120506/74ca1d00/attachment.html>