[liberationtech] CryptoParty Handbook

[ttscanada]

Case in point: I received an invitation under the names of five separate 
organizations I am affiliated with (none of which are OWS related) to 
fill this out. It originally said real name required, was changed to 
alias after I objected publicly, but the rest still stands.

http://occupywallst.org/media-survey/

All the crypto and Tor in the world isn't going to help with this.

All the best,

Heather



On 12-10-09 1:26 PM, ttscanada wrote:
> On 12-10-09 10:41 AM, Jacob Appelbaum wrote:
>> ttscanada:
>>> On 12-10-09 4:23 AM, Bernard Tyers - ei8fdb wrote:
>>>> Sending a PGP encrypted e-mail to you mom, should be as easy as
>>>> sending an un-encrypted e-mail to your mom. But the education of
>>>> why you should be sending an e-mail encrypted should also be given.
>>>> Granted, a valid threat-model should be explained, as a given.
>>> Thank you. I understand that this is a *crypto* party discussion -
>>> but I really hope the end result of this manual focuses on use cases
>>> and threat modeling as well as the technology.
>> I agree entirely. We need to look at the real uses. We should stop
>> degrading the hypothetical mom though, the question is about literacy
>> and to suggest that women are less literate is pretty offensive.
>> Obviously, it wasn't intended in that way but boy, I've certainly had
>> someone read me the riot act for saying that exact example.
>>
> +1
>
>>> Some ideas of security rely far more on technical contortions than
>>> real life assessment, the equivalent of entering a crowd wearing a
>>> flame retardant SWAT suit instead of just taking an alley. Secure
>>> anonymity is frequently the dead opposite of security based on trust
>>> networks such as pgp signed emails which depend on a real life
>>> identity being known and completely remove deniability or ease of
>>> frequently switching identities.
>> I think this is rather bogus. Anonymity, in terms of traffic analysis
>> resistance, as far as the local network is concerned is not in conflict
>> with identified services.
>
> Hmm. I was not clear. My point was that I would like to see the 
> benefits of anonymity pointed out (as opposed to simply privacy) more 
> often than it is. Of course traffic analysis is a major threat to 
> anonymity, my concern is in encouraging people to think that they are 
> somehow safe simply because the content of their emails is encrypted. 
> We all know that people all over the world are suffering the 
> consequences of simply pulling attention or association, no proof of 
> content required. Trust networks are the antithesis of the type of 
> anonymity required to combat pulling attention.
>
>> I regularly sign or encrypt email with GPG that is sent with Thunderbird
>> (with TorBirdy) via Gmail over Tor. I do this because location anonymity
>> is important to me and without Tor's anonymity, gmail would know every
>> location and so too would my location be revealed by the headers in my
>> email. Additionally, I think this makes it harder to target a specific
>> MITM flaw in my email client - there were years where you could
>> downgrade the STARTTLS in some email clients. While a Tor exit node
>> might be able to do that if the flaw exists, the Tor exit node doesn't
>> know that I'm me automatically, so selective targeting becomes
>> significantly harder. Not impossible, of course.
>>
>> Juts today - I was on a network that blocked chat services and what we
>> found was that most people didn't notice because their chat was running
>> over Tor with TLS, a few were going to Tor Hidden Services - only those
>> that felt they didn't "need anonymity" were impacted. Oh the irony of
>> thinking of the issue of anonymity as only personal privacy, rather than
>> the larger issue of traffic analysis, surveillance, filtering and
>> censorship.
>
> Yes, you are outlining two cases where you are communicating with 
> people you know as a person known to them. I am suggesting we (as in 
> large scale movements around the world) need to look more closely at 
> data driven (as opposed to personality driven) models ... ie if/when 
> Tribler gets onion routing working and an anonymous entity can drop 
> data to a hashtag (instead of a person), this is to me a more secure 
> communication model than one which relies on relationships between 
> individuals, ie f2f or other. Then we have to deal with voice 
> amplification and astroturfing issues, but it is the path I would 
> rather proceed down than the trust networks being advocated by for 
> instance, OWS which are fairly obviously problematic.
>
> Of course this only applies to some specific instances such as large 
> scale organizing; as I said, let's look at what is best in each case.
>>> Let's not lose track of the end goal, which is security not just
>>> security tools.
>>>
>> The end goal for me is about social justice and law alone has not and
>> will not produce social justice in isolation. We also need various
>> innovations working in concert with policies. We won't have security
>> without code to back it up - that is what we're seeing all over the
>> world with the massive expansion of surveillance and censorship. The
>> people, corporations, and governments running national firewalls were
>> supposedly doing it for benevolent reasons. As expected from historical
>> context, they're expanding their power and their impact, to benefit of
>> powerful stake holders, to keep their position and influence well secured.
>
> Agreed, overcoming the guardian coupd'état is the real end goal. 
> http://georgiebc.wordpress.com/2012/09/17/individuals-in-society/
>
> All the best,
>
> Heather
>
>> All the best,
>> Jacob
>> --
>> Unsubscribe, change to digest, or change password at:https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121009/6243aaab/attachment.html>