[liberationtech] OkayFreedom

[Amin Sabeti]

Then I will wait for your post and then post in Farsi about it.

Thanks Nadim.

A

On 29 October 2012 01:58, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Hm. I'm frustrated by Eric's reply to the point where I'm going to do a
> complete audit of OkayFreedom and post any vulnerabilities and exploits
> I may find in public on my blog, including detailed instructions on how
> to break everything.
>
> Expect something within weeks.
> NK
>
> On 10/28/2012 9:46 PM, Eric S Johnson wrote:
> >> misremember the entire discussion; it happens to all of us!
> >
> > I imagine we each remember what best supports our own point of view. I'm
> > sure it happens to all of us!
> >
> >> open at the moment for those in the US is if we will have some kind of
> >> justice for this spying on all of us. It sure seems bleak.
> >
> > Yes, it does. I hope all the Amcits on this list have voted (or will do
> so)!
> >
> >> to make their own choices, to show data and stories about lessons we've
> >> learned the hard way, and when we are able, to offer solidarity where it
> >> is possible and welcome.
> >> What matters is that users must be protected against serious
> >> attackers.
> >
> > Agreed.
> >
> >> I personally feel like it is often suggested
> >> that the burden to show something is unsafe is on us.
> >
> > You assume everything is unsafe. Saying "telephones are dangerous. VPNs
> are
> > dangerous. Anything Microsoft is dangerous. Everything's
> dangerous"--well,
> > okay, sure, so is walking across the street (let alone just breathing,
> > especially for those of us who live in China). But if you have only ten
> > minutes to get this journo in Gyanja, Gomel, or Gonder to do something
> > different, even you (let alone the rest of us relative neophytes) aren't
> > going to be able to get him using TAILS. So, we have to prioritise.
> >       One way to prioritise is to assign various levels of likelihood to
> > the possible threats. And one way to do that, in turn, is to assess what
> we
> > do know about the threats which have proven problematic in the past.
> Sure,
> > we don't know what we don't know: epistemology and all that. But we can
> > tally up what we have learned, and use that as a basis, however
> imperfect,
> > for saying to the activist from Gweru: if we only have ten minutes, the
> goal
> > is to move toward mitigating problem X (and we'll only be able to provide
> > the simple solution which takes partial care of the problem--not a
> solution
> > which would keep the NSA off Jake's back, but a solution which is likely
> to
> > make this particular person safer). If we have an hour, we should be
> able to
> > help mitigate X, Y, and Z. Ideally, we'll have three days, and then we
> can
> > help mitigate all 15 top problems.
> >       To "there's no point in anything less than perfection"--well, yes,
> > we'll have to agree to disagree on that. I think there's huge value in
> > getting someone to use a solution which is "more secure" in their
> particular
> > context (ideally we get that knowledge from on-the-ground research in
> > addition to reports in Western media), even if it's not a perfect
> solution.
> >
> > What I don't get is why you work so hard to discredit folks rather than
> > educating them. All of us on this list know you're a God (despite your
> > sarcastic "perhaps I'm just dense"). We all understand you know more
> about
> > cybersecurity and cybersurveillance (never mind that you hate certain
> words)
> > than the rest of us combined. Everyone loves gaining from your experience
> > (e.g. (just to name the most recent examples) your teardown of
> OkayFreedom,
> > the VPN security paper to which you referred a couple days ago, etc.).
> >
> > Best,
> > Eric
> >
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121029/9e6ef333/attachment.html>