[liberationtech] Fwd: Fwd: Avaaz

Jacob Appelbaum jacob at appelbaum.net
Mon May 7 07:10:33 PDT 2012 

On 05/06/2012 10:35 PM, Brant Olson wrote:
> Hello all,
> 
> I've relayed questions about the specifics of the attack and generous
> offers from Jacob and Hal to our tech team -- thank you both.
> 

Sure thing.

( Full disclosure for the list: I know Brant from previous working
engagements but my benefit of the doubt for Avaaz isn't related to that
relationship. )

> And I appreciate the discussion front the list. Some are raising questions
> about the accuracy of our description of the attack. Judges more informed
> than I will have to make that call -- but I have no reason not to trust the
> organization. Its integrity is one reason I work here :)

I hope they allow it to be open - it will better allow us to ask others
to be open when they claim so called "cyberwar" type things.

> 
> But accuracy aside -- others are questioning whether fundraising off the
> back of a DDOS is "tasteful" and implied that raising more funds than what
> is needed for defending against the attack (for added bandwidth, say) is
> disingenuous.
> 
> Here's where I object, and suggest these critics broaden their definition
> of defense.
> 
> First, I think our email was clear about the dual objective of the
> fundraiser:
> 
> donate to an Avaaz defence fund to take our security to the next level, and
>> show our attackers that whatever they throw at us only makes us stronger.
> 
> 
> And again, I'm not a security expert -- but growing stronger from attacks
> seems like a pretty good security objective to me. Fundraising is the best
> way that most of our members can help support it (great if members of this
> list can contribute their time/expertise to the same ends).
> 
> Allow me to belabor the point:
> 
> When I worked at Rainforest Action Network, we came under a different of
> kind of attack in 2002 when US logging giant Boise Cascade sent letters to
> RAN's individual and foundation donors calling us  “illegal, anti-business,
> and anti-American.” We responded with an essentially identical strategy --
> a fundraising appeal to show that attempts to take us down would only make
> us stronger. Long story short: it worked. We raised a bunch of money,
> invested it in the campaign, and kicked Boise's
> ass.<http://www.utwatch.org/oldnews/wsj_boise_9_03_03.html>
> 
> Then shortly after in 2003, the House Ways and Means Committee subpoenaed
> every record <http://www.civilliberties.org/RAN.html> related protests
> organized by RAN since 1993 in a bid to revoke our tax-exempt status.
> Again, big fundraiser, big response, reinvestment (this time in big legal
> guns). Ultimately the Committee backed down and we became a stronger
> organization.

I worked at RAN during this time - I remember it clearly. I think it's
reasonable when under attack to ask for help. I also think it's
reasonable when that kind of attack is literally a physical beating or
figuratively a DDOS/DOS on your institution.

> 
> Crying wolf or hyping threats that don't exist would be worthy of ridicule.
> But suffice it to say, I think fundraising in response to legitimate
> attacks is totally legit.
> 
> Others?

I think one thing Avaaz needs to do is to stop shipping hardware to
Syria that puts people into danger. That might be where some of this
noise is coming from but I might just be protecting...

All the best,
Jacob

More information about the liberationtech mailing list