[liberationtech] OkayFreedom
Eric S Johnson
crates at oneotaslopes.org
Sun Oct 28 18:46:15 PDT 2012
> misremember the entire discussion; it happens to all of us!
I imagine we each remember what best supports our own point of view. I'm
sure it happens to all of us!
> open at the moment for those in the US is if we will have some kind of
> justice for this spying on all of us. It sure seems bleak.
Yes, it does. I hope all the Amcits on this list have voted (or will do so)!
> to make their own choices, to show data and stories about lessons we've
> learned the hard way, and when we are able, to offer solidarity where it
> is possible and welcome.
> What matters is that users must be protected against serious
> attackers.
Agreed.
> I personally feel like it is often suggested
> that the burden to show something is unsafe is on us.
You assume everything is unsafe. Saying "telephones are dangerous. VPNs are
dangerous. Anything Microsoft is dangerous. Everything's dangerous"--well,
okay, sure, so is walking across the street (let alone just breathing,
especially for those of us who live in China). But if you have only ten
minutes to get this journo in Gyanja, Gomel, or Gonder to do something
different, even you (let alone the rest of us relative neophytes) aren't
going to be able to get him using TAILS. So, we have to prioritise.
One way to prioritise is to assign various levels of likelihood to
the possible threats. And one way to do that, in turn, is to assess what we
do know about the threats which have proven problematic in the past. Sure,
we don't know what we don't know: epistemology and all that. But we can
tally up what we have learned, and use that as a basis, however imperfect,
for saying to the activist from Gweru: if we only have ten minutes, the goal
is to move toward mitigating problem X (and we'll only be able to provide
the simple solution which takes partial care of the problem--not a solution
which would keep the NSA off Jake's back, but a solution which is likely to
make this particular person safer). If we have an hour, we should be able to
help mitigate X, Y, and Z. Ideally, we'll have three days, and then we can
help mitigate all 15 top problems.
To "there's no point in anything less than perfection"--well, yes,
we'll have to agree to disagree on that. I think there's huge value in
getting someone to use a solution which is "more secure" in their particular
context (ideally we get that knowledge from on-the-ground research in
addition to reports in Western media), even if it's not a perfect solution.
What I don't get is why you work so hard to discredit folks rather than
educating them. All of us on this list know you're a God (despite your
sarcastic "perhaps I'm just dense"). We all understand you know more about
cybersecurity and cybersurveillance (never mind that you hate certain words)
than the rest of us combined. Everyone loves gaining from your experience
(e.g. (just to name the most recent examples) your teardown of OkayFreedom,
the VPN security paper to which you referred a couple days ago, etc.).
Best,
Eric
More information about the liberationtech
mailing list