[liberationtech] liberationtech Digest, Vol 169, Issue 1
William Koplitz
william at koplitz.net
Wed Aug 21 00:29:10 PDT 2013
Whole lot of navel-gazing. Unsubscibe.
On Mon, Aug 19, 2013 at 10:56 PM,
<liberationtech-request at lists.stanford.edu> wrote:
> Send liberationtech mailing list submissions to
> liberationtech at lists.stanford.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> or, via email, send a message with subject or body 'help' to
> liberationtech-request at lists.stanford.edu
>
> You can reach the person managing the list at
> liberationtech-owner at lists.stanford.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of liberationtech digest..."
>
>
> Today's Topics:
>
> 1. Re: Secure alternatives to Dropbox? (Ben Laurie)
> 2. Re: Cryptocat Hackathon, NYC, August 17-18! (Nadim Kobeissi)
> 3. "Massive Open Online Courses and Beyond: the Revolution to
> Come" (Doug Schuler)
> 4. US Feds Threaten to Arrest Lavabit Founder for Shutting Down
> His Service | Techdirt (Yosem Companys)
> 5. Re: US Feds Threaten to Arrest Lavabit Founder for Shutting
> Down His Service | Techdirt (LilBambi)
> 6. Re: Shuttering of Lavabit and Silent Mail Illustrate
> Potential Effects of a CALEA II (LilBambi)
> 7. Trsst: An Open and Secure Alternative to Twitter (Edwin Chu)
> 8. Re: Trsst: An Open and Secure Alternative to Twitter (Ben Laurie)
> 9. World's Most Private Search Engine? (Yosem Companys)
> 10. Re: Trsst: An Open and Secure Alternative to Twitter
> (Michael Powers)
> 11. Fwd: Avaaz in "grave danger" due to GMail spam filters
> (Moritz Bartl)
> 12. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters (LS)
> 13. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters (Tom O)
> 14. Re: Trsst: An Open and Secure Alternative to Twitter (Ben Laurie)
> 15. Re: Trsst: An Open and Secure Alternative to Twitter
> (Michael Rogers)
> 16. Re: Trsst: An Open and Secure Alternative to Twitter (Ben Laurie)
> 17. Re: verifying SSL certs (was Re: In defense of client-side
> encryption) (Ben Laurie)
> 18. Re: World's Most Private Search Engine? (LilBambi)
> 19. Re: World's Most Private Search Engine? (Patrick Mylund Nielsen)
> 20. News-based egyptian protest dashboard pilot using gdelt
> (Yosem Companys)
> 21. Call for translators - Commotion localization project
> (Chris Ritzo)
> 22. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters
> (Jillian C. York)
> 23. Re: US Feds Threaten to Arrest Lavabit Founder for Shutting
> Down His Service | Techdirt (R. Jason Cronk)
> 24. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters
> (staticsafe)
> 25. Seeing threats, feds target instructors of polygraph-beating
> methods (Kyle Maxwell)
> 26. Re: US Feds Threaten to Arrest Lavabit Founder for Shutting
> Down His Service | Techdirt (Daymon Schroeder)
> 27. Re: Seeing threats, feds target instructors of
> polygraph-beating methods (Griffin Boyce)
> 28. Re: Seeing threats, feds target instructors of
> polygraph-beating methods (Kyle Maxwell)
> 29. Inflated expectations? (Yosem Companys)
> 30. Re: US Feds Threaten to Arrest Lavabit Founder for Shutting
> Down His Service | Techdirt (Fran Parker)
> 31. Re: Inflated expectations? (Fran Parker)
> 32. Re: World's Most Private Search Engine? (LilBambi)
> 33. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters
> (Jillian C. York)
> 34. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters (Tom O)
> 35. Re: Fwd: Avaaz in "grave danger" due to GMail spam filters
> (Rich Kulawiec)
> 36. Re: [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare
> Americans Into Giving Up More Rights? (Bernard Tyers - ei8fdb)
> 37. Re: [Dewayne-Net] Are Hackers the Next Bogeyman Used to Scare
> Americans Into Giving Up More Rights? (Kyle Maxwell)
> 38. Lawful Hacking: Using Existing Vulnerabilities for
> Wiretapping on the Internet (James S. Tyre)
> 39. Re: Seeing threats, feds target instructors of
> polygraph-beating methods (Tom Ritter)
> 40. Re: verifying SSL certs (was Re: In defense of client-side
> encryption) (Darlene Scott)
> 41. Re: Seeing threats, feds target instructors of
> polygraph-beating methods (Tom O)
> 42. Re: verifying SSL certs (was Re: In defense of client-side
> encryption) (Tom O)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 17 Aug 2013 08:24:05 -0400
> From: Ben Laurie <ben at links.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Secure alternatives to Dropbox?
> Message-ID:
> <CAG5KPzy2Nk9waV2E=M2Kid8T=qMFpLP0-vdDT+hihb+M2EBSbg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Why on Earth did you quote an entire digest along with your question?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130817/454492d5/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 17 Aug 2013 09:27:19 -0400
> From: Nadim Kobeissi <nadim at nadim.cc>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Cryptocat Hackathon, NYC, August 17-18!
> Message-ID: <F4DA7AEE-4FBB-46EC-8611-CCEEA2548560 at nadim.cc>
> Content-Type: text/plain; charset="us-ascii"
>
> Just a last friendly reminder for those planning to attend today/this weekend! :-)
>
> We're just about to start!
>
> Schedule:
> https://blog.crypto.cat/2013/08/cryptocat-hackathon-august-17-18-new-york-city/
>
> NK
>
> On 2013-08-10, at 11:33 AM, Nadim Kobeissi <nadim at nadim.cc> wrote:
>
>> Hi everyone,
>> I just wanted to share the happy news that the Cryptocat Hackathon has a sign-up rate composed of more than 35% women so far. This is really awesome.
>>
>> Having more women participating in such events may help bridge the gender gap in the tech scene. I'm glad that for some reason Cryptocat is attractive to both genders. I think it has something to do with the focus on accessibility and the fact that cats are appealing to everyone, no matter your gender! :3
>>
>> Let's hope for a 50% women sign-up rate next time!
>>
>> https://twitter.com/cryptocatapp/status/366219529577168898
>>
>> NK
>>
>> On 2013-08-07, at 11:36 PM, Kyle Maxwell <kylem at xwell.org> wrote:
>>
>>> https://github.com/cryptocat/cryptocat naturally! :D
>>>
>>> On Wed, Aug 7, 2013 at 3:09 PM, Anthony Papillion
>>> <anthony at cajuntechie.org> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA512
>>>>
>>>> On 08/07/2013 12:10 PM, Nadim Kobeissi wrote:
>>>>> (Moving on from my very, very expensively made point?)
>>>>>
>>>>> Dear Libtech,
>>>>>
>>>>> Cryptocat, in collaboration with OpenITP, will be hosting the very
>>>>> first Cryptocat Hackathon weekend in New York City, on the weekend
>>>>> of the 17th and 18th of August 2013! We're going to have a coding
>>>>> track as well as a *special track for journalists*, so please
>>>>> spread the word!
>>>>>
>>>>> https://blog.crypto.cat/2013/08/cryptocat-hackathon-august-17-18-new-york-city/
>>>>>
>>>>> Join us on August 17-18 for the Cryptocat Hackathon and help
>>>>> empower people worldwide by improving useful tools and discussing
>>>>> the future of making privacy accessible. This two day event will
>>>>> take place at the OpenITP offices, located on 199 Lafayette Street,
>>>>> Suite 3b, New York City.
>>>>>
>>>>> Tweet: https://twitter.com/cryptocatapp/status/36515529735183974
>>>>
>>>> This is exciting, Nadim. I'm nowhere near NYC but would be interested
>>>> in contributing code if the time arose. I apologize for doing
>>>> absolutely no research on this at all before asking (again, time) but
>>>> where can I grab the latest CryptoCat source?
>>>>
>>>> Thanks!
>>>> Anthony
>>>>
>>>>
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>>
>>>> iQIcBAEBCgAGBQJSAqleAAoJEAKK33RTsEsVjhAQAITJLjOwwHbVAHGdLRdvVELG
>>>> wkSDD8wdfeIk2x9k2slAIIpB8T8DYZk6jC3z/McKC4BbQNqZ4nbi5CaABDJDJIyb
>>>> eoJiNASgQLnPWk9lh3WbkArJhDZLM4dtF59DbVTLo/OiNn6rwgC4tWlcMWifNMCU
>>>> 57N/FdVVjc3VpTTpbewr4+XqfGlA7QB2G+oG/khvHhtK9tyzbul2PIQtIrdeSgQI
>>>> JqRUtHf9z3cyzg4Z/ohQgeTWHbLD+UDF5Vqi6pzFv00C745SkL0EjBpADzbiGayg
>>>> swKJleXxQYRTxJmdo/s/U52w1p/H1wEsAeeM6qOIz3zIOHg0xiU0Ufjy32JB0iDL
>>>> wJDrzm4BML56sWS3DdJY+7/ZdPcj2KanOWNo4KWFbcsbYYFgeWPrOhASt/QMDyOD
>>>> C/IUYKGqiv0HfqT4RUOxJV1ZqreXaYtTg6dxgY7I55rAlKDUcoJ/dtZULgwBspDV
>>>> FgGAyWRCIEDT+cmZOJbvgrTYRH2bKZT59XiAcp+g4d7KtRKvX0GijHcscNqbPFRL
>>>> iC3vuAIqlwzP94zXey9HTRjzf18NZmQ0py5C6Y2TDXIoZosHLUd+3JQ8EpoidE/B
>>>> UW80ymdMrFl0n39vaD8XihsjbLFQyN1Ei+4wtHvRIvNJa60fOg3LR8lz+AMQ4B6r
>>>> IfMVjMR/a3KU09wYjSpZ
>>>> =AtB1
>>>> -----END PGP SIGNATURE-----
>>>> --
>>>> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>>
>>>
>>> --
>>> @kylemaxwell
>>> --
>>> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 17 Aug 2013 14:14:29 -0700
> From: Doug Schuler <douglas at publicsphereproject.org>
> To: liberationtech Technologies <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] "Massive Open Online Courses and Beyond: the
> Revolution to Come"
> Message-ID:
> <A83006FD-43ED-4017-9A4A-BA32A4E865D6 at publicsphereproject.org>
> Content-Type: text/plain; charset="windows-1252"
>
>
> May be of interest?
>
>
> http://truth-out.org/news/item/18120-massive-open-online-courses-and-beyond-the-revolution-to-come
>
> First two lines of the article:
>
> The New York Times dubbed 2012 the year of the MOOCs - massive open online courses. Suddenly the discourse of MOOCs and the future of the university hit the headlines with influential reports using the language of "the revolution to come." Most of these reports hailed the changes and predicted a transformation of the delivery of teaching and higher education competition from private venture for-profit and not-for-profit partnerships. Rarely did the media focus on questions of pedagogy or academic labor. This article suggests that MOOCs should be seen within the framework of postindustrial education and cognitive capitalism where social media has become the dominant culture.
>
> Ernst & Young's Universities of the Future carries the line, "A thousand year old industry on the cusp of profound change." The report suggests that the current Australian university model "will prove unviable in all but a few cases." It identifies five major "drivers of change": democratization of knowledge and access, contestability of markets and funding, digital technologies, global mobility and integration with industry.
>
> Thanks!
>
> ? Doug
>
>
>
> Douglas Schuler
> douglas at publicsphereproject.org
>
> ------------------------------------------------------------------------------
> Public Sphere Project
> http://www.publicsphereproject.org/
>
> Creating the World Citizen Parliament
> http://interactions.acm.org/archive/view/may-june-2013/creating-the-world-citizen-parliament
>
> Liberating Voices! A Pattern Language for Communication Revolution (project)
> http://www.publicsphereproject.org/patterns/lv
>
> Liberating Voices! A Pattern Language for Communication Revolution (book)
> http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130817/7f3933a3/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Sat, 17 Aug 2013 14:43:06 -0700
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] US Feds Threaten to Arrest Lavabit Founder
> for Shutting Down His Service | Techdirt
> Message-ID:
> <CANhci9FqY7tzyBMVbuJjKER3=fXrVx5VsWqsVgUQ_YFYuW_TUg at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> The saga of Lavabit founder Ladar Levison is getting even more
> ridiculous, as he explains that the government has threatened him with
> criminal charges for his decision to shut down the business, rather
> than agree to some mysterious court order. The feds are apparently
> arguing that the act of shutting down the business, itself, was a
> violation of the order.
>
> http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 17 Aug 2013 18:05:51 -0400
> From: LilBambi <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] US Feds Threaten to Arrest Lavabit
> Founder for Shutting Down His Service | Techdirt
> Message-ID:
> <CA+AzaOcX=mchp_iqZ4dcZ-1MpjD33OZGaG-Om-0djK4Otg9NTw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Whoa! That is nuts!
>
> On Sat, Aug 17, 2013 at 5:43 PM, Yosem Companys <companys at stanford.edu> wrote:
>> The saga of Lavabit founder Ladar Levison is getting even more
>> ridiculous, as he explains that the government has threatened him with
>> criminal charges for his decision to shut down the business, rather
>> than agree to some mysterious court order. The feds are apparently
>> arguing that the act of shutting down the business, itself, was a
>> violation of the order.
>>
>> http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 6
> Date: Sat, 17 Aug 2013 18:07:41 -0400
> From: LilBambi <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Shuttering of Lavabit and Silent Mail
> Illustrate Potential Effects of a CALEA II
> Message-ID:
> <CA+AzaOdZA=PY44Dytgav3D6DxvsqOrKnJgoJB-Sfsq2C1QYQmA at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Thanks, much appreciated.
>
> On Wed, Aug 14, 2013 at 3:20 PM, Joseph Lorenzo Hall <joe at cdt.org> wrote:
>> (This gets a big wonky, but I figured many of you would be interested in
>> reading our take. Please do share, forward, critique, etc.)
>>
>> https://www.cdt.org/blogs/joseph-lorenzo-hall/1408shuttering-lavabit-and-silent-mail-illustrate-potential-effects-calea
>>
>> # Shuttering of Lavabit and Silent Mail Illustrate Potential Effects of
>> a CALEA II
>>
>> by Joseph Lorenzo Hall
>> August 14, 2013
>>
>>
>> With all the news during this ?Summer of Snowden,? it can be easy to
>> forget some of the issues that many of us worried about before the
>> unprecedented sunlight cast into the U.S. surveillance apparatus. One of
>> these issues, updates to the Communications Assistance for Law
>> Enforcement Act (CALEA) (?CALEA II?), has resurfaced. With CALEA II, the
>> FBI is pushing to expand to Internet applications the technology
>> mandates of the 1994 CALEA statute, which requires telecommunications
>> companies to design their services to be wiretap-friendly. Last week,
>> two providers of encrypted email service ? Lavabit[1] and Silent
>> Circle?s Silent Mail[2] ? announced that they were shutting down given
>> the prospect of secret government demands for access. The news raises
>> concerns that the government may be, in effect, achieving the goals of
>> CALEA II without Congress? approval and, moreover, with a sledgehammer.
>>
>> For the past several years, various law enforcement officials have been
>> pressing for updates to CALEA in order to require a wide variety of
>> online services to be wiretap-capable, a move that CDT has opposed. CDT
>> and others have argued that CALEA II could slow or even block the
>> development of innovative products providing secure communications to
>> businesses and individuals. This past spring, technology experts issued
>> a report[3] on CALEA II, arguing that requiring backdoors into end-point
>> software and devices would make these products vastly less secure.
>>
>> Fast forward to last week: the secure email service Lavabit voluntarily
>> shut down, without notice, based on an undisclosed judicial order that
>> Lavabit founder Ladar Levison said put the privacy of Lavabit?s
>> encrypted email users at risk. ?Unfortunately, what?s become clear is
>> that there?s no protections in our current body of law to keep the
>> government from compelling us to provide the information necessary to
>> decrypt those communications in secret,? Levison was quoted[4] as
>> saying. A few hours after Lavabit announced its closure, Phil
>> Zimmermann, the creator of the widely used PGP encryption and co-founder
>> of Silent Circle, announced[5] that Silent Circle had decided to shut
>> down its secure email product too, anticipating judicial demands in the
>> future similar to the order Lavabit received.
>>
>> Secure communications tools are the backbone of modern e-commerce and,
>> increasingly, of a wide range of online interactions. However, Lavabit
>> clearly felt that it had to choose between violating the integrity of
>> its users? communications or ceasing operations. Likewise, Silent Circle
>> pre-emptively shut its Silent Mail service down in anticipation of
>> having to make a similar choice in the future when facing government
>> demands.
>>
>> The result goes far beyond what Congress provided for even in CALEA I.
>> That statute has a provision explicitly intended to preserve the ability
>> of service providers to offer unbreakable encryption. (?A
>> telecommunications carrier shall not be responsible for decrypting, or
>> ensuring the government's ability to decrypt, any communication
>> encrypted by a subscriber or customer, unless the encryption was
>> provided by the carrier and the carrier possesses the information
>> necessary to decrypt the communication.? 47 USC 1002(b)(3) (emphasis
>> added)) CALEA I also explicitly states that it does not authorize ?any
>> law enforcement agency or officer to prohibit the adoption of any ?
>> service, or feature by any provider of a wire or electronic
>> communication service.? Moreover, CALEA I allows, indeed encourages,
>> companies to disclose the surveillance features they adopt by providing
>> a safe harbor for compliance with ?publicly available technical
>> requirements or standards.?
>>
>> What did the government demand and under what authority prompted
>> Lavabit?s shutdown? We don?t know, and that?s part of the problem. The
>> Wiretap Act, which authorizes the government to intercept communications
>> content prospectively in criminal investigations, indicates that a
>> provider of wire or electronic communication service (such as Lavabit)
>> can be compelled to furnish law enforcement with ?all information,
>> facilities and technical assistance necessary to accomplish the
>> interception unobtrusively? .? 18 USC 2518(4). The Foreign Intelligence
>> Surveillance Act (FISA), which regulates surveillance in intelligence
>> investigations, likewise requires any person specified in a surveillance
>> order to provide the same assistance (50 USC 1805(2)(B)) and so does the
>> FISA Amendments Act with respect to directives for surveillance
>> targeting people and entities reasonably believed to be abroad (50 USC
>> 1881a(h)(1)). The ?assistance? the government demands may include the
>> disclosure of the password information necessary to decrypt the
>> communications it seeks, if the service provider has that information,
>> but modern encryption services can be designed so that the service
>> provider does not hold the keys or passwords. Was the ?assistance? that
>> the government demanded of Lavabit a change in the very architecture of
>> its secure email service? Was the ?assistance? the installation of the
>> government?s own malware to accomplish the same thing? Lavabit has not
>> answered these questions outright, but it did make it clear that its
>> concern extended to the privacy of the communications of all of its
>> users, not just those of one user under one court order.
>>
>> We think the law is clear: if you?ve built a secure email service, the
>> government can?t secretly force you to break it and rebuild it to be
>> insecure under the ?provider assistance? mandate that might accompany a
>> surveillance order or directive. If that's what the government is
>> demanding here, then we have CALEA II design mandates imposed by secret
>> court order, going far beyond anything that Congress ever intended with
>> the ?assistance? requirements of current law and far beyond anything in
>> CALEA I.
>>
>> If it is the government?s theory that existing law already empowers it
>> to demand secret alterations in communications services, then the
>> shutdowns of Lavabit and Silent Mail are very troubling indeed. Take
>> just one concern: the personal safety of human rights activists who
>> depend on secure email service in carrying out their work. The U.S.
>> government has actually supported the development of secure
>> communications tools for human rights activists. Does the shutdown of
>> Lavabit mean that secure email services cannot be secure against
>> government access? Or does it say the U.S. will not tolerate in the U.S.
>> the kind of secure communications it is promoting in Iran or Tibet?
>>
>> Last week, President Obama committed his Administration to being more
>> forthcoming about its surveillance activities in order to engender
>> public trust. Allowing Lavabit to explain what it was about the
>> government?s surveillance demands that prompted the company to shut down
>> its service would go a long way toward building that trust. It would
>> also tell us whether we can trust any service that promises security
>> online. A negative answer to that question would have profound
>> implications for both commerce and the democratic potential of the Internet.
>>
>> [1]: http://lavabit.com/
>> [2]: https://silentcircle.com/web/silent-mail/
>> [3]: https://www.cdt.org/files/pdfs/CALEAII-techreport.pdf
>> [4]:
>> http://news.cnet.com/8301-1009_3-57597954-83/lavabit-chief-predicts-long-fight-with-feds-q-a/
>> [5]: https://silentcircle.wordpress.com/2013/08/09/to-our-customers/
>>
>> --
>> Joseph Lorenzo Hall
>> Senior Staff Technologist
>> Center for Democracy & Technology
>> 1634 I ST NW STE 1100
>> Washington DC 20006-4011
>> (p) 202-407-8825
>> (f) 202-637-0968
>> joe at cdt.org
>> PGP: https://josephhall.org/gpg-key
>> fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 7
> Date: Sun, 18 Aug 2013 16:47:24 +0800
> From: Edwin Chu <edwincheese at gmail.com>
> To: "liberationtech at lists.stanford.edu"
> <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID: <ED65252B-DBEE-4714-B4A7-5A10BD8CB757 at gmail.com>
> Content-Type: text/plain; charset="us-ascii"
>
> I came across this project in kickstarter. Subscribers of this list may find it interesting. (Btw I am not associated with them)
>
> --
>
> Welcome to Trsst: An Open and Secure Alternative to Twitter
>
> Post your thoughts, share links, and follow other interesting people or web sites, using the web or your mobile or any software of your choice.
>
> All of your private posts to individuals or friends and family are securely encrypted so that even your hosting provider - or government - can't unlock them.
> All of your public posts are digitally signed so you can prove that no one - and no government - modified or censored your writings.
> You control your identity and your posts and can move them to another site or hosting provider at any time.
> Think of Trsst as an RSS reader (and writer) that works like Twitter but built for the open web. The public stuff stays public and search-indexable, and the private stuff is encrypted and secured. Only you will hold your keys, so your hosting provider can't sell you out.
>
>
> http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o/description
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130818/5d0c2a71/attachment-0001.html>
>
> ------------------------------
>
> Message: 8
> Date: Sun, 18 Aug 2013 13:08:10 -0400
> From: Ben Laurie <ben at links.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID:
> <CAG5KPzyGDbPO0Tz6Lq4NpbNFtSv0Fau6DFmC0otZVrtc7p_y5Q at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 18 August 2013 04:47, Edwin Chu <edwincheese at gmail.com> wrote:
>
>> I came across this project in kickstarter. Subscribers of this list may
>> find it interesting. (Btw I am not associated with them)
>>
> They lost me at bitcoin. Why???
>
>
>> --
>>
>> *Welcome to Trsst: An Open and Secure Alternative to Twitter*
>>
>> Post your thoughts, share links, and follow other interesting people or
>> web sites, using the web or your mobile or any software of your choice.
>>
>> - All of your private posts to individuals or friends and family are
>> securely encrypted so that even your hosting provider - or government -
>> can't unlock them.
>> - All of your public posts are digitally signed so you can prove that
>> no one - and no government - modified or censored your writings.
>> - You control your identity and your posts and can move them to
>> another site or hosting provider at any time.
>>
>> Think of Trsst as an RSS reader (and writer) that works like Twitter but
>> built for the open web. The public stuff stays public and
>> search-indexable, and the private stuff is encrypted and secured. Only you
>> will hold your keys, so your hosting provider can't sell you out.
>>
>>
>> http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o/description
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130818/78dc987f/attachment-0001.html>
>
> ------------------------------
>
> Message: 9
> Date: Sun, 18 Aug 2013 11:18:17 -0700
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] World's Most Private Search Engine?
> Message-ID:
> <CANhci9GaMaSY4xqGz4bo-706hje9Hf6Rh8GSVOuc07LW4syx3g at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> RT @bytesforall: "World's Most Private Search Engine"
> http://ixquick.com/eng/. Anyone evaluated this? #Pakistan #Privacy
> #NetFreedom #Google @PrivacySurgeon
>
>
> ------------------------------
>
> Message: 10
> Date: Sun, 18 Aug 2013 17:49:40 -0400
> From: Michael Powers <michael at mpowers.net>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID: <7E4E3D03-CB61-44C4-B930-D9588BE48F2B at mpowers.net>
> Content-Type: text/plain; charset=us-ascii
>
> Yep, the bitcoin stuff seems to be a distraction for whatever reason.
>
> The only connection with bitcoin is that each blog gets a keypair and the public key is also the guid. Now if the keypair generation happens to adheres to bitcoin's scheme, then your blog id happens to be a payment address too, which could be useful for micropayment content monetization.
>
> I've had some people ask me if this is going to make them wanted by the feds (or the Fed for that matter) so I'm considering just taking the whole thing out. But there it is.
>
> The "blog chain" is merely bitcoin-inspired. Each entry contains the message digest of the previous entry, hence the "blog chain" ala block chain, so you can prove against censored messages or tampering.
>
> All we're doing is extending RSS to support self-signed and/or self-encrypted entries. Your public posts remain public and search-indexable but the private posts you encrypt with the recipient's public key (aka their blog id and -ahem- payment address) so that it shows up in your rss feed as encoded text. Existing RSS reader can read your feed; you can follow any existing RSS feed.
>
> (I've been reading the client-side/javscript encryption stuff here with interest.)
>
> White paper is here: http://trsst.com
>
> If it's not clear by now, I'm the project founder.
>
> Happy to answer any other questions and generally would love feedback.
>
> Thanks.
>
> -----
>
>> I came across this project in kickstarter. Subscribers of this list may
>> find it interesting. (Btw I am not associated with them)
>>
> They lost me at bitcoin. Why???
>
>> --
>>
>> *Welcome to Trsst: An Open and Secure Alternative to Twitter*
>>
>> Post your thoughts, share links, and follow other interesting people or
>> web sites, using the web or your mobile or any software of your choice.
>>
>> - All of your private posts to individuals or friends and family are
>> securely encrypted so that even your hosting provider - or government -
>> can't unlock them.
>> - All of your public posts are digitally signed so you can prove that
>> no one - and no government - modified or censored your writings.
>> - You control your identity and your posts and can move them to
>> another site or hosting provider at any time.
>>
>> Think of Trsst as an RSS reader (and writer) that works like Twitter but
>> built for the open web. The public stuff stays public and
>> search-indexable, and the private stuff is encrypted and secured. Only you
>> will hold your keys, so your hosting provider can't sell you out.
>>
>>
>> http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o/description
>>
>
>
>
> ------------------------------
>
> Message: 11
> Date: Mon, 19 Aug 2013 00:32:59 +0200
> From: Moritz Bartl <moritz at torservers.net>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] Fwd: Avaaz in "grave danger" due to GMail
> spam filters
> Message-ID: <52114B9B.3000500 at torservers.net>
> Content-Type: text/plain; charset=UTF-8
>
> -------- Original Message --------
> Subject: Avaaz in "grave danger" due to GMail spam filters
> Date: Sun, 18 Aug 2013 23:48:58 +0200
> From: rysiek <rysiek at hackerspace.pl>
> Organization: Warsaw Hackerspace
> To: cypherpunks at cpunks.org
>
> OHAI,
>
> I happen to be on Avaaz's info distribution list, and I got an e-mail
> lately
> that Avaaz is in "grave danger" as GMail will now filter mailings like that
> out to a separate folder for similar spam-ish (yet not spam per se)
> mailings.
>
> So what they're asking people to do is to reply directly to that e-mail, so
> that GMail will note that Avaaz's mailings are not to be messed around with.
>
> Instead of telling people, you know, to decentralise and use other, smaller
> providers.
>
> I facepalmed so hard I could cry. It's Stockholm Syndrome if I ever saw
> one.
> "GMail fucks us in the arse, so let's ask them politely to use some
> lubricant".
>
> My question is: does *anybody* on this list have some kind of contact
> within
> Avaaz? I'd *love* to talk to them about it. It's simply disingenuous to do
> such a campaign and *not* at least signal "oh and by the way, had we all
> been
> still using different, dispersed, decentralised e-mail services we wouldn't
> get even close to having this problem".
>
> --
> Pozdr
> rysiek
>
>
>
>
> ------------------------------
>
> Message: 12
> Date: Sun, 18 Aug 2013 18:38:34 -0400
> From: LS <murasakiame at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID:
> <CAPa27dcvZY6Lt_9nEAVN_XR3p19WPrMD=P8OP-DoTx6NNF83XQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Ricken at avaaz.org executive director and milena at avaaz.org CTO
>
> On Sunday, August 18, 2013, Moritz Bartl wrote:
>
>> -------- Original Message --------
>> Subject: Avaaz in "grave danger" due to GMail spam filters
>> Date: Sun, 18 Aug 2013 23:48:58 +0200
>> From: rysiek <rysiek at hackerspace.pl <javascript:;>>
>> Organization: Warsaw Hackerspace
>> To: cypherpunks at cpunks.org <javascript:;>
>>
>> OHAI,
>>
>> I happen to be on Avaaz's info distribution list, and I got an e-mail
>> lately
>> that Avaaz is in "grave danger" as GMail will now filter mailings like that
>> out to a separate folder for similar spam-ish (yet not spam per se)
>> mailings.
>>
>> So what they're asking people to do is to reply directly to that e-mail, so
>> that GMail will note that Avaaz's mailings are not to be messed around
>> with.
>>
>> Instead of telling people, you know, to decentralise and use other, smaller
>> providers.
>>
>> I facepalmed so hard I could cry. It's Stockholm Syndrome if I ever saw
>> one.
>> "GMail fucks us in the arse, so let's ask them politely to use some
>> lubricant".
>>
>> My question is: does *anybody* on this list have some kind of contact
>> within
>> Avaaz? I'd *love* to talk to them about it. It's simply disingenuous to do
>> such a campaign and *not* at least signal "oh and by the way, had we all
>> been
>> still using different, dispersed, decentralised e-mail services we wouldn't
>> get even close to having this problem".
>>
>> --
>> Pozdr
>> rysiek
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu <javascript:;>.
>>
>
>
> --
> Lee-Sean Huang
> foossa.com <http://www.foossa.com/>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130818/b535623a/attachment-0001.html>
>
> ------------------------------
>
> Message: 13
> Date: Mon, 19 Aug 2013 11:31:35 +1000
> From: Tom O <winterfilth at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID:
> <CAH4Aj8rcFCQR8fDVLzVkcAh0dQZuKPrBT4iNK2J0WC9_dVO8uw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> In an ideal world, decentralise of course. Unfortunately we dont live in an
> ideal world. We live in a world of whatever is convenient at the time.
>
> Most of those supporters that it was mass emailed to signed up once to add
> their signature to a Save the "name your outrage here" movement. I bet a
> majority don't even pay attention to those Avaaz emails now anyway. They
> clicked their button, they accomplished their slacktivism and that was that.
>
> Trying to get them to change their email service, I'd say thats harder than
> trying to get some of the change they are trying to provoke in people.
>
>
>
>
> On Mon, Aug 19, 2013 at 8:32 AM, Moritz Bartl <moritz at torservers.net> wrote:
>
>> -------- Original Message --------
>> Subject: Avaaz in "grave danger" due to GMail spam filters
>> Date: Sun, 18 Aug 2013 23:48:58 +0200
>> From: rysiek <rysiek at hackerspace.pl>
>> Organization: Warsaw Hackerspace
>> To: cypherpunks at cpunks.org
>>
>> OHAI,
>>
>> I happen to be on Avaaz's info distribution list, and I got an e-mail
>> lately
>> that Avaaz is in "grave danger" as GMail will now filter mailings like that
>> out to a separate folder for similar spam-ish (yet not spam per se)
>> mailings.
>>
>> So what they're asking people to do is to reply directly to that e-mail, so
>> that GMail will note that Avaaz's mailings are not to be messed around
>> with.
>>
>> Instead of telling people, you know, to decentralise and use other, smaller
>> providers.
>>
>> I facepalmed so hard I could cry. It's Stockholm Syndrome if I ever saw
>> one.
>> "GMail fucks us in the arse, so let's ask them politely to use some
>> lubricant".
>>
>> My question is: does *anybody* on this list have some kind of contact
>> within
>> Avaaz? I'd *love* to talk to them about it. It's simply disingenuous to do
>> such a campaign and *not* at least signal "oh and by the way, had we all
>> been
>> still using different, dispersed, decentralised e-mail services we wouldn't
>> get even close to having this problem".
>>
>> --
>> Pozdr
>> rysiek
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/398e4ba1/attachment-0001.html>
>
> ------------------------------
>
> Message: 14
> Date: Mon, 19 Aug 2013 02:33:39 -0400
> From: Ben Laurie <ben at links.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID:
> <CAG5KPzwNQXb-mZoFRYqWhr20tRJpb_uCwyumtoEO4zVKSc-5Nw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 18 August 2013 17:49, Michael Powers <michael at mpowers.net> wrote:
>
>> Yep, the bitcoin stuff seems to be a distraction for whatever reason.
>>
>> The only connection with bitcoin is that each blog gets a keypair and the
>> public key is also the guid. Now if the keypair generation happens to
>> adheres to bitcoin's scheme, then your blog id happens to be a payment
>> address too, which could be useful for micropayment content monetization.
>>
>> I've had some people ask me if this is going to make them wanted by the
>> feds (or the Fed for that matter) so I'm considering just taking the whole
>> thing out. But there it is.
>>
>> The "blog chain" is merely bitcoin-inspired. Each entry contains the
>> message digest of the previous entry, hence the "blog chain" ala block
>> chain, so you can prove against censored messages or tampering.
>>
>> All we're doing is extending RSS to support self-signed and/or
>> self-encrypted entries. Your public posts remain public and
>> search-indexable but the private posts you encrypt with the recipient's
>> public key (aka their blog id and -ahem- payment address) so that it shows
>> up in your rss feed as encoded text. Existing RSS reader can read your
>> feed; you can follow any existing RSS feed.
>>
>> (I've been reading the client-side/javscript encryption stuff here with
>> interest.)
>>
>> White paper is here: http://trsst.com
>>
>> If it's not clear by now, I'm the project founder.
>>
>> Happy to answer any other questions and generally would love feedback.
>>
>
> Merkle trees (a la Certificate Transparency) are more efficient than
> chains. Also, if you did that, you could have a global log, and so prove
> against censorship of an entire blog.
>
>
>> Thanks.
>>
>> -----
>>
>> > I came across this project in kickstarter. Subscribers of this list may
>> > find it interesting. (Btw I am not associated with them)
>> >
>> They lost me at bitcoin. Why???
>>
>> > --
>> >
>> > *Welcome to Trsst: An Open and Secure Alternative to Twitter*
>> >
>> > Post your thoughts, share links, and follow other interesting people or
>> > web sites, using the web or your mobile or any software of your choice.
>> >
>> > - All of your private posts to individuals or friends and family are
>> > securely encrypted so that even your hosting provider - or government
>> -
>> > can't unlock them.
>> > - All of your public posts are digitally signed so you can prove that
>> > no one - and no government - modified or censored your writings.
>> > - You control your identity and your posts and can move them to
>> > another site or hosting provider at any time.
>> >
>> > Think of Trsst as an RSS reader (and writer) that works like Twitter but
>> > built for the open web. The public stuff stays public and
>> > search-indexable, and the private stuff is encrypted and secured. Only
>> you
>> > will hold your keys, so your hosting provider can't sell you out.
>> >
>> >
>> >
>> http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o/description
>> >
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/71baaa9e/attachment-0001.html>
>
> ------------------------------
>
> Message: 15
> Date: Mon, 19 Aug 2013 10:30:29 +0100
> From: Michael Rogers <michael at briarproject.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID: <5211E5B5.9060605 at briarproject.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19/08/13 07:33, Ben Laurie wrote:
>> Merkle trees (a la Certificate Transparency) are more efficient
>> than chains. Also, if you did that, you could have a global log,
>> and so prove against censorship of an entire blog.
>
> I wonder if Twitter would be interested in publishing something like
> this. Then if they were forced to censor a tweet in one jurisdiction
> but not another, a third party could reassemble the uncensored stream
> of tweets and use Twitter's signed hash tree to prove its authenticity.
>
> Cheers,
> Michael
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEcBAEBAgAGBQJSEeW1AAoJEBEET9GfxSfM/TQH/juaDphcbowwxmL75Z3ApRYM
> facSkfTQNE2SaRg+zSDOPxzir+YNbKKH5rK7yKDixF/nXf/QLkuwq0P/YEnwBCJl
> 5xYUd3CyNXxHj8x/7/dq7Idm1b6/rWmf/PtEDULIBzIKN4C4yyIoFpW29MDoy7gI
> 86NO9ksKBWn1hk4+AXfzUpCnakUYU5b6rA/S57qPlZ7DW8MzoVlNQVGKZy+JDVrN
> TG/JsLl9nhunLl5r/32edGWxnni4sDYfA2JK3nsqnAmW4e0v9uNhUDkNu6KuxLFg
> UhjT9XaoEiGpQFtjah8QWBKmbIPZstxwZ4r+KbQsdtjK152wzPcW9T1cSs1cWsY=
> =wKv6
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 16
> Date: Mon, 19 Aug 2013 06:01:50 -0400
> From: Ben Laurie <ben at links.org>
> To: Michael Rogers <michael at briarproject.org>
> Cc: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Trsst: An Open and Secure Alternative to
> Twitter
> Message-ID:
> <CAG5KPzyrJ=voxFqWJzo052wT6DL83zsN8Nq=vtueaCZN2Jqq2w at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 19 August 2013 05:30, Michael Rogers <michael at briarproject.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 19/08/13 07:33, Ben Laurie wrote:
>> > Merkle trees (a la Certificate Transparency) are more efficient
>> > than chains. Also, if you did that, you could have a global log,
>> > and so prove against censorship of an entire blog.
>>
>> I wonder if Twitter would be interested in publishing something like
>> this. Then if they were forced to censor a tweet in one jurisdiction
>> but not another, a third party could reassemble the uncensored stream
>> of tweets and use Twitter's signed hash tree to prove its authenticity.
>>
>
> Nice idea. If anyone has an appropriate contact I'd be happy to help :-)
>
>
>>
>> Cheers,
>> Michael
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iQEcBAEBAgAGBQJSEeW1AAoJEBEET9GfxSfM/TQH/juaDphcbowwxmL75Z3ApRYM
>> facSkfTQNE2SaRg+zSDOPxzir+YNbKKH5rK7yKDixF/nXf/QLkuwq0P/YEnwBCJl
>> 5xYUd3CyNXxHj8x/7/dq7Idm1b6/rWmf/PtEDULIBzIKN4C4yyIoFpW29MDoy7gI
>> 86NO9ksKBWn1hk4+AXfzUpCnakUYU5b6rA/S57qPlZ7DW8MzoVlNQVGKZy+JDVrN
>> TG/JsLl9nhunLl5r/32edGWxnni4sDYfA2JK3nsqnAmW4e0v9uNhUDkNu6KuxLFg
>> UhjT9XaoEiGpQFtjah8QWBKmbIPZstxwZ4r+KbQsdtjK152wzPcW9T1cSs1cWsY=
>> =wKv6
>> -----END PGP SIGNATURE-----
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/931f2a2f/attachment-0001.html>
>
> ------------------------------
>
> Message: 17
> Date: Mon, 19 Aug 2013 06:41:09 -0400
> From: Ben Laurie <ben at links.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] verifying SSL certs (was Re: In defense
> of client-side encryption)
> Message-ID:
> <CAG5KPzx9DDypjMU0XFz5sxzi1QywJnUi-7bo4RgeJUzk=2BLMw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 14 August 2013 10:46, Guido Witmond <guido at witmond.nl> wrote:
>
>> On 08/14/13 15:18, Ben Laurie wrote:
>> > On 14 August 2013 08:54, Guido Witmond <guido at witmond.nl
>> > <mailto:guido at witmond.nl>> wrote:
>> >
>> > On 08/13/13 19:42, Andy Isaacson wrote:
>> > > On Mon, Aug 12, 2013 at 11:10:39AM +0200, Guido Witmond wrote:
>> > >> There is another problem. You rely on HTTPS. Here is the 64000
>> > >> dollar question:
>> > >>
>> > >> Q._"What is the CA-certificate for your banks' website?"_
>> > >>>
>>
>> [snip]
>>
>> > I too have given up on expecting security from the global CA's.
>> That's
>> > why I want to see DNSSEC succeed.
>> >
>> >
>> > DNSSEC merely transfers the problem to registries and registrars, who
>> > are no more reliable than CAs. You need to solve the problem of having
>> > to trust third parties before DNSSEC will work (which is the same
>> > problem you need to solve for CAs),
>>
>> Yes, there is trust involved, but there is a difference.
>>
>> With CA's anyone can sign a certificate for any site. It's a race to the
>> bottom with no winners. Not even the CA's as they can't differentiate
>> between themselves. The consequence is that no one trusts any of them.
>> And who likes to do business with a party he doesn't trust but needs
>> anyway?
>>
>> With DNSSEC, I have the choice of registrar. If there is a bad apple, I
>> choose another who I find better worth my money.
>>
>>
>> > And, sorry to bang on about it, but
>> > the answer is Certificate Transparency. BTW, my team is about to start
>> > looking at DNSSEC Transparency, too.
>>
>> Don't bang to hard: DNSSEC and CT solve the same problem.
>>
>
> This is not correct.
>
>
>>
>> The problem is that there is no registry that specifies which of the
>> Global Certificate authorities is the one you should trust to validate a
>> server-certificate. The mess we have right now is that each of the
>> Global CA's can sign a server certificate. Hence my 64000 dollar question.
>>
>> Both DNSSEC and CT solve the problem. Albeit in different ways with
>> different pros and cons.
>>
>> With DNSSEC and DANE, the site operator specifies *a priori* which CA he
>> uses to sign the server certificates. It can be a self signed certificate.
>>
>> With CT, you register which CA has signed a certificate for a web site
>> *after the fact*.
>>
>
> Not really. The registration occurs before the cert can be used.
>
>
>>
>> We need them both! To keep the CA's and registrars honest. I really
>> appreciate your work on CT.
>>
>
> CT does not keep registrars honest. This is why you need DNSSEC
> transparency.
>
>
>>
>> Guido.
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/edcc6f9c/attachment-0001.html>
>
> ------------------------------
>
> Message: 18
> Date: Mon, 19 Aug 2013 09:00:19 -0400
> From: LilBambi <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] World's Most Private Search Engine?
> Message-ID:
> <CA+AzaOfAVndPD9F896erqHso9=m8r24_+K9w6ezHv+NxDquUJQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I have used ixquick.com and startpage.com (both from the same folks) for years.
>
> More info here:
>
> http://en.wikipedia.org/wiki/Ixquick
>
> "Ixquick is a metasearch engine based in New York and the
> Netherlands.[2] Founded by David Bodnick in 1998, Ixquick is owned by
> Dutch company, Surfboard Holding BV, which acquired the internet
> company in 2000.[3]"
>
> "On July 7, 2009 Ixquick launched Startpage.com to offer a new service
> at a URL that is both easier to remember and spell. Startpage.com
> fetches its results straight from the Google search engine without
> saving the users' IP addresses or giving any personal user information
> to Google's servers."
>
> I had been using ixquick.com for quite a while when StartPage.com came
> out and was being promoted by Spy Chips author Katherine Albrecht and
> CASPIAN advocate.
>
> Startpage.com info on how it protects you:
> https://startpage.com/eng/prism-program-exposed.html
>
> Here's the content of that page:
>
> --snip--
>
> No PRISM. No Surveillance. No Government Back Doors. You Have our Word on it.
>
> Giant US government Internet spying scandal revealed
>
> The Washington Post and The Guardian have revealed a US government
> mass Internet surveillance program code-named "PRISM". They report
> that the NSA and the FBI have been tapping directly into the servers
> of nine US service providers, including Facebook, Microsoft, Google,
> Apple, Yahoo, YouTube, AOL and Skype, and began this surveillance
> program at least seven years ago. (clarifying slides)
>
> These revelations are shaking up an international debate.
>
> StartPage has always been very outspoken when it comes to protecting
> people's Privacy and civil liberties. So it won't surprise you that we
> are a strong opponent of overreaching, unaccountable spy programs like
> PRISM. In the past, even government surveillance programs that were
> begun with good intentions have become tools for abuse, for example
> tracking civil rights and anti-war protesters.
>
> Programs like PRISM undermine our Privacy, disrupt faith in
> governments, and are a danger to the free Internet.
>
> StartPage and its sister search engine Ixquick have in their 14-year
> history never provided a single byte of user data to the US
> government, or any other government or agency. Not under PRISM, nor
> under any other program in the US, nor under any program anywhere in
> the world.
>
> Here's how we are different:
>
> StartPage does not store any user data. We make this perfectly clear
> to everyone, including any governmental agencies. We do not record the
> IP addresses of our users and we don't use tracking cookies, so there
> is literally no data about you on our servers to access. Since we
> don't even know who our customers are, we can't share anything with
> Big Brother. In fact, we've never gotten even a single request from a
> governmental authority to supply user data in the fourteen years we've
> been in business.
>
> StartPage uses encryption (HTTPS) by default. Encryption prevents
> snooping. Your searches are encrypted, so others can't "tap" the
> Internet connection to snoop what you're searching for. This
> combination of not storing data together with using strong encryption
> for the connections is key in protecting your Privacy.
>
> Our company is based in The Netherlands, Europe. US jurisdiction does
> not apply to us, at least not directly. Any request or demand from ANY
> government (including the US) to deliver user data, will be thoroughly
> checked by our lawyers, and we will not comply unless the law which
> actually applies to us would undeniably require it from us. And even
> in that hypothetical situation, we refer to our first point; we don't
> even have any user data to give. We will never cooperate with
> voluntary spying programs like PRISM.
>
> StartPage cannot be forced to start spying. Given the strong
> protection of the Right to Privacy in Europe, European governments
> cannot just start forcing service providers like us to implement a
> blanket spying program on their users. And if that ever changed, we
> would fight this to the end.
> Privacy. It's not just our policy, it's our mission.
>
> Sincerely,
>
> Robert E.G. Beens
> CEO StartPage.com and Ixquick.com
>
> --snip--
>
> Hope that helps some Yosem.
>
> On Sun, Aug 18, 2013 at 2:18 PM, Yosem Companys <companys at stanford.edu> wrote:
>> RT @bytesforall: "World's Most Private Search Engine"
>> http://ixquick.com/eng/. Anyone evaluated this? #Pakistan #Privacy
>> #NetFreedom #Google @PrivacySurgeon
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 19
> Date: Mon, 19 Aug 2013 10:10:27 -0400
> From: Patrick Mylund Nielsen <patrick at patrickmylund.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] World's Most Private Search Engine?
> Message-ID:
> <CAEw2jfxxqoeQRhbrpksyO++oug=MyoChRaFsnJBwFywXCS1Xxg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> If we have learned anything from PRISM it's that words are cheap, and not
> complying is difficult to impossible (without shutting down your business).
> You should probably be using Tor regardless of which search engine you're
> using if you're worried about your privacy.
> On Aug 19, 2013 9:00 AM, "LilBambi" <lilbambi at gmail.com> wrote:
>
>> I have used ixquick.com and startpage.com (both from the same folks) for
>> years.
>>
>> More info here:
>>
>> http://en.wikipedia.org/wiki/Ixquick
>>
>> "Ixquick is a metasearch engine based in New York and the
>> Netherlands.[2] Founded by David Bodnick in 1998, Ixquick is owned by
>> Dutch company, Surfboard Holding BV, which acquired the internet
>> company in 2000.[3]"
>>
>> "On July 7, 2009 Ixquick launched Startpage.com to offer a new service
>> at a URL that is both easier to remember and spell. Startpage.com
>> fetches its results straight from the Google search engine without
>> saving the users' IP addresses or giving any personal user information
>> to Google's servers."
>>
>> I had been using ixquick.com for quite a while when StartPage.com came
>> out and was being promoted by Spy Chips author Katherine Albrecht and
>> CASPIAN advocate.
>>
>> Startpage.com info on how it protects you:
>> https://startpage.com/eng/prism-program-exposed.html
>>
>> Here's the content of that page:
>>
>> --snip--
>>
>> No PRISM. No Surveillance. No Government Back Doors. You Have our Word on
>> it.
>>
>> Giant US government Internet spying scandal revealed
>>
>> The Washington Post and The Guardian have revealed a US government
>> mass Internet surveillance program code-named "PRISM". They report
>> that the NSA and the FBI have been tapping directly into the servers
>> of nine US service providers, including Facebook, Microsoft, Google,
>> Apple, Yahoo, YouTube, AOL and Skype, and began this surveillance
>> program at least seven years ago. (clarifying slides)
>>
>> These revelations are shaking up an international debate.
>>
>> StartPage has always been very outspoken when it comes to protecting
>> people's Privacy and civil liberties. So it won't surprise you that we
>> are a strong opponent of overreaching, unaccountable spy programs like
>> PRISM. In the past, even government surveillance programs that were
>> begun with good intentions have become tools for abuse, for example
>> tracking civil rights and anti-war protesters.
>>
>> Programs like PRISM undermine our Privacy, disrupt faith in
>> governments, and are a danger to the free Internet.
>>
>> StartPage and its sister search engine Ixquick have in their 14-year
>> history never provided a single byte of user data to the US
>> government, or any other government or agency. Not under PRISM, nor
>> under any other program in the US, nor under any program anywhere in
>> the world.
>>
>> Here's how we are different:
>>
>> StartPage does not store any user data. We make this perfectly clear
>> to everyone, including any governmental agencies. We do not record the
>> IP addresses of our users and we don't use tracking cookies, so there
>> is literally no data about you on our servers to access. Since we
>> don't even know who our customers are, we can't share anything with
>> Big Brother. In fact, we've never gotten even a single request from a
>> governmental authority to supply user data in the fourteen years we've
>> been in business.
>>
>> StartPage uses encryption (HTTPS) by default. Encryption prevents
>> snooping. Your searches are encrypted, so others can't "tap" the
>> Internet connection to snoop what you're searching for. This
>> combination of not storing data together with using strong encryption
>> for the connections is key in protecting your Privacy.
>>
>> Our company is based in The Netherlands, Europe. US jurisdiction does
>> not apply to us, at least not directly. Any request or demand from ANY
>> government (including the US) to deliver user data, will be thoroughly
>> checked by our lawyers, and we will not comply unless the law which
>> actually applies to us would undeniably require it from us. And even
>> in that hypothetical situation, we refer to our first point; we don't
>> even have any user data to give. We will never cooperate with
>> voluntary spying programs like PRISM.
>>
>> StartPage cannot be forced to start spying. Given the strong
>> protection of the Right to Privacy in Europe, European governments
>> cannot just start forcing service providers like us to implement a
>> blanket spying program on their users. And if that ever changed, we
>> would fight this to the end.
>> Privacy. It's not just our policy, it's our mission.
>>
>> Sincerely,
>>
>> Robert E.G. Beens
>> CEO StartPage.com and Ixquick.com
>>
>> --snip--
>>
>> Hope that helps some Yosem.
>>
>> On Sun, Aug 18, 2013 at 2:18 PM, Yosem Companys <companys at stanford.edu>
>> wrote:
>> > RT @bytesforall: "World's Most Private Search Engine"
>> > http://ixquick.com/eng/. Anyone evaluated this? #Pakistan #Privacy
>> > #NetFreedom #Google @PrivacySurgeon
>> > --
>> > Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/a6f02645/attachment-0001.html>
>
> ------------------------------
>
> Message: 20
> Date: Mon, 19 Aug 2013 09:42:41 -0700
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] News-based egyptian protest dashboard pilot
> using gdelt
> Message-ID:
> <CANhci9GJB3V9OxFKWdVM7-Rr1-QqBPfQ2Qd+o4so9bWF9h0QjQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> From: kalev leetaru <kalev.leetaru5 at gmail.com>
>
> Hi everyone, thought many of you might find of interest this pilot "protest
> dashboard" John Beieler at PSU created using our GDELT event archive (
> http://gdelt.utdallas.edu/) of protest, violence, and force posture change
> events in Egypt over the past week derived from global English-language
> news media coverage:
>
> http://gdeltblog.wordpress.com/2013/08/19/week-of-egyptian-protests/
>
> This is a very early pilot prototype to explore how we might present the
> data in a way that is useful for humanitarian responders and the general
> public to better understand these kinds of fast-moving fluid situations
> that cover a wide geographic area. You can interactively zoom into the map
> and click on a point to see a list of URLs containing protest events from
> that location. The pink dots represent areas with protests, while the red
> semi-transparent circles indicate areas with violence. You can turn the
> two layers on/off using the drop-down in the upper-right of the map.
>
> John also created two previous maps of global protests, one for all
> protests in 2013 in GDELT thus far:
>
> http://gdeltblog.wordpress.com/2013/08/05/mapping-protest-data/
>
> and an animated one that shows all global protests 1979-present in GDELT
> (this one reflects the exponential rise in available global news media
> coverage over the last quarter-century):
>
> http://gdeltblog.wordpress.com/2013/08/01/animated-protest-mapping/
> http://johnbeieler.org/protest_mapping
>
> The geographers on the list may find these next two studies of interest,
> looking at how the resolution of the GNS and GNIS gazeteers affects the
> ability to precisely place events and how much that varies by locality:
>
> http://gdeltblog.wordpress.com/2013/08/16/93/
>
> And this comparison of GDELT and the NASA Night Lights imagery and the
> reach of global English-language mainstream media:
>
> http://gdeltblog.wordpress.com/2013/07/14/visualizing-global-gdelt-coverage/
>
> We'd love any feedback you might have on the pilot Egyptian protests
> dashboard as we start exploring how we might create some visualizations and
> interfaces to allow the data to be more easily utilized by the humanitarian
> community, so email me directly at kalev.leetaru5 at gmail.com with any
> suggestions/comments/thoughts/etc.
>
> Also, if anyone on this list has suggestions for other large global
> collections of placenames (ie global gazeteers) that include centroid
> coordinates for each location, that are more extensive than GNS, GNIS, and
> geonames.org, we'd love to hear about them! Especially gazeteers that
> include more local names and regional name variants.
>
> ~Kalev
> Georgetown University
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/3c30cac5/attachment-0001.html>
>
> ------------------------------
>
> Message: 21
> Date: Mon, 19 Aug 2013 13:57:30 -0400
> From: Chris Ritzo <critzo at opentechinstitute.org>
> To: liberationtech at lists.stanford.edu
> Subject: [liberationtech] Call for translators - Commotion
> localization project
> Message-ID: <52125C8A.3030605 at opentechinstitute.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Commotion Wireless Project: Calling Translators
>
> Commotion is an open-source software that helps create a distributed
> peer-to-peer (mesh) network between two or more wireless devices such as
> mobile phones, laptops and routers. Find out more about Commotion at:
> https://commotionwireless.net
>
> In order to make Commotion available to communities all over the world,
> the Open Technology Institute (developer of Commotion) has begun
> localizing it. We are looking for volunteer translators to participate
> in the French, Spanish and Arabic localization of the project. We are
> especially interested in professionals who have experience working with
> technical texts.
>
> We are using Transifex for translation management:
> https://www.transifex.com/
>
> Here are the links to our two projects on Transifex:
>
> Commotion Documentation
> https://www.transifex.com/projects/p/commotion-documentation/
>
> Commotion User Interface
> https://www.transifex.com/projects/p/commotion-user-interface/
>
> If the idea of becoming associated with this project excites you, then
> write to us at: i18n at commotionwireless.net
>
> If you already have an account with Transifex, please include your
> username for it in your email.
>
>
> --
> Chris Ritzo
> Technologist, Open Technology Institute
> New America Foundation
>
>
> ------------------------------
>
> Message: 22
> Date: Mon, 19 Aug 2013 20:36:48 +0200
> From: "Jillian C. York" <jilliancyork at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID:
> <CAN=RHLmGk2xCXhU8K5EeVyvjFtNn+51iMZ9Etnw_POX-BGb1rg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Avaaz made it clear a year ago on this very mailing list that they have no
> interest whatsoever in engaging with our community.
>
>
> On Mon, Aug 19, 2013 at 12:32 AM, Moritz Bartl <moritz at torservers.net>wrote:
>
>> -------- Original Message --------
>> Subject: Avaaz in "grave danger" due to GMail spam filters
>> Date: Sun, 18 Aug 2013 23:48:58 +0200
>> From: rysiek <rysiek at hackerspace.pl>
>> Organization: Warsaw Hackerspace
>> To: cypherpunks at cpunks.org
>>
>> OHAI,
>>
>> I happen to be on Avaaz's info distribution list, and I got an e-mail
>> lately
>> that Avaaz is in "grave danger" as GMail will now filter mailings like that
>> out to a separate folder for similar spam-ish (yet not spam per se)
>> mailings.
>>
>> So what they're asking people to do is to reply directly to that e-mail, so
>> that GMail will note that Avaaz's mailings are not to be messed around
>> with.
>>
>> Instead of telling people, you know, to decentralise and use other, smaller
>> providers.
>>
>> I facepalmed so hard I could cry. It's Stockholm Syndrome if I ever saw
>> one.
>> "GMail fucks us in the arse, so let's ask them politely to use some
>> lubricant".
>>
>> My question is: does *anybody* on this list have some kind of contact
>> within
>> Avaaz? I'd *love* to talk to them about it. It's simply disingenuous to do
>> such a campaign and *not* at least signal "oh and by the way, had we all
>> been
>> still using different, dispersed, decentralised e-mail services we wouldn't
>> get even close to having this problem".
>>
>> --
>> Pozdr
>> rysiek
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
>
>
> --
> *Note: *I am slowly extricating myself from Gmail. Please change your
> address books to: jilliancyork at riseup.net or jillian at eff.org.
>
> US: +1-857-891-4244 | NL: +31-657086088
> site: jilliancyork.com <http://jilliancyork.com/>* | *
> twitter: @jilliancyork* *
>
> "We must not be afraid of dreaming the seemingly impossible if we want the
> seemingly impossible to become a reality" - *Vaclav Havel*
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/493e2020/attachment-0001.html>
>
> ------------------------------
>
> Message: 23
> Date: Mon, 19 Aug 2013 15:02:33 -0400
> From: "R. Jason Cronk" <rjc at privacymaverick.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] US Feds Threaten to Arrest Lavabit
> Founder for Shutting Down His Service | Techdirt
> Message-ID: <52126BC9.1010002 at privacymaverick.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> As sad as it seems, I hope the do prosecute him....not because I want to
> see him convicted but it would be an excellent test of the law and keep
> the case in the news for the egregiousness that it is.
>
> Jason
>
>
> On 8/17/2013 6:05 PM, LilBambi wrote:
>> Whoa! That is nuts!
>>
>> On Sat, Aug 17, 2013 at 5:43 PM, Yosem Companys <companys at stanford.edu> wrote:
>>> The saga of Lavabit founder Ladar Levison is getting even more
>>> ridiculous, as he explains that the government has threatened him with
>>> criminal charges for his decision to shut down the business, rather
>>> than agree to some mysterious court order. The feds are apparently
>>> arguing that the act of shutting down the business, itself, was a
>>> violation of the order.
>>>
>>> http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml
>>> --
>>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
> *R. Jason Cronk, Esq., CIPP/US*
> /Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
> <enterprivacy.com>
>
> * phone: (828) 4RJCESQ
> * twitter: @privacymaverick.com
> * blog: http://blog.privacymaverick.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/9262ad85/attachment-0001.html>
>
> ------------------------------
>
> Message: 24
> Date: Mon, 19 Aug 2013 15:27:32 -0400
> From: staticsafe <me at staticsafe.ca>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID: <20130819192731.GF19173 at uriel.asininetech.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Aug 19, 2013 at 08:36:48PM +0200, Jillian C. York wrote:
>> Avaaz made it clear a year ago on this very mailing list that they have no
>> interest whatsoever in engaging with our community.
>> --
>> *Note: *I am slowly extricating myself from Gmail. Please change your
>> address books to: jilliancyork at riseup.net or jillian at eff.org.
>>
>> US: +1-857-891-4244 | NL: +31-657086088
>> site: jilliancyork.com <http://jilliancyork.com/>* | *
>> twitter: @jilliancyork* *
>>
>> "We must not be afraid of dreaming the seemingly impossible if we want the
>> seemingly impossible to become a reality" - *Vaclav Havel*
>
> I'm not sure if this is what you are referring to but I see an apology:
> https://mailman.stanford.edu/pipermail/liberationtech/2012-May/003843.html
>
> Either way, more details are appreciated.
> --
> staticsafe
> O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
> Please don't top post.
> Please don't CC! I'm subscribed to whatever list I just posted on.
>
>
> ------------------------------
>
> Message: 25
> Date: Mon, 19 Aug 2013 14:30:50 -0500
> From: Kyle Maxwell <kylem at xwell.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] Seeing threats, feds target instructors of
> polygraph-beating methods
> Message-ID:
> <CAESvgEpun26GnyhMhMpqrpfz=2Ju3+GLeN+ug1p08nqXkGCgSA at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> [Comment: This has implications for those of us involved in
> CryptoParty as well as other security education efforts.]
>
> http://www.mcclatchydc.com/2013/08/16/199590/seeing-threats-feds-target-instructors.html
>
> Doug Williams, a former Oklahoma City police polygrapher, says he can
> teach people how to pass lie detector tests. Federal prosecutors and
> agents recently targeted him and another instructor in undercover
> stings aimed at cracking down on the teaching of polygraph beating
> methods. | Handout/MCT
>
> By Marisa Taylor and Cleve R. Wootson Jr. | McClatchy Washington Bureau
>
> WASHINGTON ? Federal agents have launched a criminal investigation of
> instructors who claim they can teach job applicants how to pass lie
> detector tests as part of the Obama administration?s unprecedented
> crackdown on security violators and leakers.
>
> The criminal inquiry, which hasn?t been acknowledged publicly, is
> aimed at discouraging criminals and spies from infiltrating the U.S.
> government by using the polygraph-beating techniques, which are said
> to include controlled breathing, muscle tensing, tongue biting and
> mental arithmetic.
>
> So far, authorities have targeted at least two instructors, one of
> whom has pleaded guilty to federal charges, several people familiar
> with the investigation told McClatchy. Investigators confiscated
> business records from the two men, which included the names of as many
> as 5,000 people who?d sought polygraph-beating advice. U.S. agencies
> have determined that at least 20 of them applied for government and
> federal contracting jobs, and at least half of that group was hired,
> including by the National Security Agency.
>
> By attempting to prosecute the instructors, federal officials are
> adopting a controversial legal stance that sharing such information
> should be treated as a crime and isn?t protected under the First
> Amendment in some circumstances.
>
> ?Nothing like this has been done before,? John Schwartz, a U.S.
> Customs and Border Protection official, said of the legal approach in
> a June speech to a professional polygraphers? conference in Charlotte,
> N.C., that a McClatchy reporter attended. ?Most certainly our nation?s
> security will be enhanced.?
>
> ?There are a lot of bad people out there. . . . This will help us
> remove some of those pests from society,? he added.
>
> The undercover stings are being cited as the latest examples of the
> Obama administration?s emphasis on rooting out ?insider threats,? a
> catchall phrase meant to describe employees who might become spies,
> leak to the news media, commit crimes or become corrupted in some way.
>
> The federal government previously treated such instructors only as
> nuisances, partly because the polygraph-beating techniques are
> unproven. Instructors have openly advertised and discussed their
> techniques online, in books and on national television. As many as 30
> people or businesses across the country claim in Web advertisements
> that they can teach someone how to beat a polygraph test, according to
> U.S. government estimates.
>
> In the last year, authorities have launched stings targeting Doug
> Williams, a former Oklahoma City police polygrapher, and Chad Dixon,
> an Indiana man who?s said to have been inspired by Williams? book on
> the techniques, people who are familiar with the investigation told
> McClatchy. Dixon has pleaded guilty to federal charges of obstructing
> an agency proceeding and wire fraud. Prosecutors have indicated that
> they plan to ask a federal judge to sentence Dixon to two years in
> prison. Williams declined to comment other than to say he?s done
> nothing wrong.
>
> While legal experts agree that authorities could pursue the
> prosecution, some accused the government of overreaching in the name
> of national security.
>
> The federal government polygraphs about 70,000 people a year for
> security clearances and jobs, but most courts won?t allow polygraph
> results to be submitted as evidence, citing the machines?
> unreliability. Scientists question whether polygraphers can identify
> liars by interpreting measurements of blood pressure, sweat activity
> and respiration. Researchers say the polygraph-beating techniques
> can?t be detected with certainty, either.
>
> Citing the scientific skepticism, one attorney compared the
> prosecution of polygraph instructors to indicting someone for
> practicing voodoo.
>
> ?If someone stabs a voodoo doll in the heart with a pin and the victim
> they intended to kill drops dead of a heart attack, are they guilty of
> murder?? asked Gene Iredale, a California attorney who often
> represents federal defendants. ?What if the person who dropped dead
> believed in voodoo?
>
> ?These are the types of questions that are generally debated in law
> school, not inside a courtroom. The real question should be: Does the
> federal government want to use its resources to pursue this kind of
> case? I would argue it does not.?
>
> In his speech in June, Customs official Schwartz acknowledged that
> teaching the techniques _ known in polygraph circles as
> ?countermeasures? _ isn?t always illegal and might be protected under
> the First Amendment in some situations.
>
> ?I?m teaching about countermeasures right now. The polygraph schools
> are supposed to be teaching about countermeasures,? he said.?So
> teaching about countermeasures in and of itself certainly is not only
> not illegal, it?s protected. You have a right to free speech in this
> country.?
>
> But instructors may be prosecuted if they know that the people they?re
> teaching plan to lie about crimes during federal polygraphs, he said.
>
> In that scenario, prosecutors may pursue charges of false statements,
> wire fraud, obstructing an agency proceeding and ?misprision of
> felony,? which is defined as having knowledge of serious criminal
> conduct and attempting to conceal it.
>
> ?When that conspiracy occurs, both parties are guilty,? said Schwartz,
> a veteran federal polygrapher who heads Customs? polygraph program.
> ?And it makes more sense to me to try to investigate the party that?s
> doing the training because when you do that, you eliminate dozens or
> hundreds or thousands of people . . . from getting that training.?
>
> Schwartz, who was involved in the federal investigation, cited the
> risk of drug traffickers infiltrating his agency as justification for
> prosecutors going after instructors. However, he told the crowd of law
> enforcement officials from across the country that he wasn?t
> discussing a specific case but a ?blueprint? of how state and local
> officials might pursue a prosecution.
>
> Urging them to join forces with his agency, he declared in a more than
> two-hour speech that ?evil will always seek ways to hide the truth.?
>
> ?When you identify insider threats and you eliminate insider threats,
> then that agency is more efficient and more effective,? Schwartz said.
>
> The Obama administration?s Insider Threat Program is intended to deter
> what the government condemns as betrayals by ?trusted insiders? such
> as Edward Snowden, the former National Security Agency contractor who
> revealed the agency?s secret communications data-collection programs.
> The administration launched the Insider Threat Program in 2011 after
> Army Pfc. Bradley Manning downloaded hundreds of thousands of
> documents from a classified computer network and sent them to
> WikiLeaks, the anti-government secrecy group.
>
> As part of the program, employees are being urged to report their
> co-workers for a wide range of ?risky? behaviors, personality traits
> and attitudes, McClatchy reported in June. Broad definitions of
> insider threats also give agencies latitude to pursue and penalize a
> range of conduct other than leaking classified information, McClatchy
> found.
>
> Customs, which polygraphs about 10,000 applicants a year, has
> documented more than 200 polygraph confessions of wrongdoing since
> Congress mandated that the agency?s applicants undergo testing more
> than two years ago. Many of the applicants who confessed said they
> either were directly involved in drug or immigrant smuggling or were
> closely associated with traffickers.
>
> Ten Customs applicants were accused of trying to use countermeasures
> to pass their polygraphs. All were denied jobs as part of Customs?
> crackdown on the methods, dubbed ?Operation Lie Busters.?
>
> ?Others involved in the conspiracy were successful infiltrators in
> other agencies,? Customs said in a memo about the investigation.
>
> Documents in Dixon?s case are filed under seal in federal court, and
> prosecutors didn?t return calls seeking comment.
>
> Several people familiar with the investigation said Dixon and Williams
> had agreed to meet with undercover agents and teach them how to pass
> polygraph tests for a fee. The agents then posed as people connected
> to a drug trafficker and as a correctional officer who?d smuggled
> drugs into a jail and had received a sexual favor from an underage
> girl.
>
> Dixon wouldn?t say how much he was paid, but people familiar with
> countermeasures training said others generally charged $1,000 for a
> one-on-one session.
>
> Dixon, 34, also declined to provide specifics on his guilty plea but
> he said he?d become an instructor because he couldn?t find work as an
> electrical contractor. During the investigation, his house went into
> foreclosure.
>
> ?My wife and I are terrified,? he said. ?I stumbled into this. I?m a
> Little League coach in Indiana. I don?t have any law enforcement
> background.?
>
> Prosecutors plan to ask for prison time even though Dixon has agreed
> to cooperate, has no criminal record and has four young children. The
> maximum sentence for the two charges is 25 years in prison.
>
> ?The emotional and financial burden has been staggering,? Dixon said.
> ?Never in my wildest dreams did I somehow imagine I was committing a
> crime.?
>
> Williams, 67, has openly advertised his teachings for three decades,
> even discussing them in detail on ?60 Minutes? and other national news
> programs. A self-professed ?crusader? who?s railed against the use of
> polygraph testing, he testified in congressional hearings that led to
> the 1988 banning of polygraph testing by most private employers.
>
> Some opponents of polygraph testing, including a Wisconsin police
> chief, said they were concerned that the federal government also might
> be secretly investigating them, not for helping criminals to lie but
> for being critical of the government?s polygraph programs. In his
> speech to the American Association of Police Polygraphists, Schwartz
> said he thought that those who ?protest the loudest and the longest?
> against polygraph testing ?are the ones that I believe we need to
> focus our attention on.?
>
> McClatchy contacted Schwartz about his speech, but he refused to comment.
>
> Some federal officials questioned whether people who taught
> countermeasures should be prosecuted.
>
> Although polygraphers, who are known as examiners, are trained to
> identify people who are using the techniques with special equipment,
> ?there?s absolutely nothing that?s codified about countermeasures,?
> said one federal security official with polygraph expertise, who asked
> not to be named for fear of being retaliated against. ?It?s the most
> ambiguous thing that people can debate. If you have a guy who?s
> nervous about his test, the easiest way out of it for the examiner is
> to say it?s countermeasures, when it?s not.?
>
> The security official described Williams as a ?gadfly? who?s known for
> teaching ineffective methods. Polygraphers assert that one of
> Williams? signature techniques produces erratic respiration patterns
> on a polygraph test. Demonstrating their disdain for his methods, many
> polygraphers call the pattern the ?Bart Simpson.?
>
> ?Prosecutors are trying to make an example of him,? the official said.
> ?It serves to elevate polygraph to something it hasn?t been before,
> that teaching countermeasures is akin to teaching bomb making, and
> that there?s something inherently disloyal about disseminating this
> type of information.?
>
> Federal authorities, meanwhile, have concluded that some of the
> applicants who sought advice on countermeasures and were hired didn?t
> use the training after all. The list of people who sought out Dixon
> and Williams mostly comprises people who bought books or videos but
> didn?t hire the men for one-on-one training.
>
> Charles Honts, a psychology professor at Boise State University, said
> laboratory studies he?d conducted showed that countermeasures could be
> taught in one-on-one sessions to about 25 percent of the people who
> were tested. Polygraphers have no reliable way to detect someone who?s
> using the techniques, he said. In fact, he concluded that a
> significant number of people are wrongfully accused.
>
> Honts, a former government polygraph researcher, attributed the
> criminal investigation to ?a growing institutional paranoia in the
> federal government because they can?t control all their secrets.?
>
> Russell Ehlers, a police chief in Wisconsin, said he wouldn?t be
> surprised if federal authorities had scrutinized him. Schwartz cited
> an unnamed police chief in the Midwest who was ?advertising on the
> Internet that he would like to teach people to pass the polygraph? as
> an example of someone who should be investigated. In the last several
> months, Ehlers said, he?s noticed what appears to be Internet visitors
> from the Justice Department checking out his website that advises
> applicants on how to get a job at a police department.
>
> In his off-duty hours, Ehlers sold a video that discussed
> countermeasures, but he said he?d recently stopped selling it as a
> precaution after hearing about the criminal investigation. He said
> he?d intended it to help ?good? police officer candidates pass the
> test because he thought that innocent people were routinely accused of
> lying during polygraph tests.
>
> ?Imagine you?re a 25-year-old who has dreamed of serving in the field
> of law enforcement,? he said. ?You finally make it, only to find
> yourself booted out of the hiring process, the result of a
> false-positive exam result. In my opinion, that?s a real problem, not
> the sharing of information on countermeasures.?
>
> George Maschke, a former Army Reserve intelligence officer who?s a
> translator and runs a website that?s critical of polygraph testing,
> said he also suspected he?d been targeted although he?d done nothing
> illegal.
>
> In May, the translator received an unsolicited email in Persian from
> someone purporting to be ?a member of an Islamic group that seeks to
> restore freedom to Iraq.?
>
> ?Because the federal police are suspicious of me, they want to do a
> lie detector test on me,? the email read.
>
> The emailer asked for a copy of Maschke?s book, which describes
> countermeasures, and for Maschke to help ?in any other way.?
>
> Maschke said he suspected the email was a ruse by federal agents. He
> advised the person ?to comply with applicable laws,? according to an
> email he showed McClatchy.
>
> Although federal authorities haven?t contacted him, Maschke said he
> worried that visitors to his site, AntiPolygraph.org, would be
> targeted simply for looking for information about polygraph testing.
>
> "The criminalization of the imparting of information sets a pernicious
> precedent,? he said. ?It is fundamentally wrong, and bad public
> policy, for the government to resort to entrapment to silence speech
> that it does not approve of."
>
>
>
> --
> @kylemaxwell
>
>
> ------------------------------
>
> Message: 26
> Date: Mon, 19 Aug 2013 12:39:09 -0700
> From: Daymon Schroeder <daymondesign at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] US Feds Threaten to Arrest Lavabit
> Founder for Shutting Down His Service | Techdirt
> Message-ID:
> <CA+BM=G4CTD8P8F+EbGEhx38HyQ141tSsZDOcvYvbn-A3n_y8qw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Scary stuff. Kind of reminds me of the act they pass in the book Atlas
> Shrugged that forces businesses not to close. I have to agree with Cronk
> though, if this becomes public knowledge I would like to hope that people
> would laugh out the idea of forcing a private business to remain open. I
> wonder what kind of legal right they have to make such a claim.
>
> Daymon
> On Aug 19, 2013 12:06 PM, "R. Jason Cronk" <rjc at privacymaverick.com> wrote:
>
>> As sad as it seems, I hope the do prosecute him....not because I want to
>> see him convicted but it would be an excellent test of the law and keep the
>> case in the news for the egregiousness that it is.
>>
>> Jason
>>
>>
>> On 8/17/2013 6:05 PM, LilBambi wrote:
>>
>> Whoa! That is nuts!
>>
>> On Sat, Aug 17, 2013 at 5:43 PM, Yosem Companys <companys at stanford.edu> <companys at stanford.edu> wrote:
>>
>> The saga of Lavabit founder Ladar Levison is getting even more
>> ridiculous, as he explains that the government has threatened him with
>> criminal charges for his decision to shut down the business, rather
>> than agree to some mysterious court order. The feds are apparently
>> arguing that the act of shutting down the business, itself, was a
>> violation of the order.
>> http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>>
>>
>>
>> *R. Jason Cronk, Esq., CIPP/US*
>> *Privacy Engineering Consultant*, *Enterprivacy Consulting Group*<http://enterprivacy.com>
>>
>> - phone: (828) 4RJCESQ
>> - twitter: @privacymaverick.com
>> - blog: http://blog.privacymaverick.com
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/5371e1d2/attachment-0001.html>
>
> ------------------------------
>
> Message: 27
> Date: Mon, 19 Aug 2013 16:07:26 -0400
> From: Griffin Boyce <griffinboyce at gmail.com>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Seeing threats, feds target instructors
> of polygraph-beating methods
> Message-ID: <52127AFE.8070404 at gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Kyle Maxwell wrote:
>> [Comment: This has implications for those of us involved in
>> CryptoParty as well as other security education efforts.]
>>
>> The criminal inquiry, which hasn?t been acknowledged publicly, is
>> aimed at discouraging criminals and spies from infiltrating the U.S.
>> government by using the polygraph-beating techniques, which are said
>> to include controlled breathing, muscle tensing, tongue biting and
>> mental arithmetic.
>
> One can also mitigate galvanic skin response via adderall. GSR (and
> polygraph as a whole) is *also* affected by such things as whether the
> interviewer is the same race as you (Fischer & Kotses, 1973). It's not
> admissible in court because it's not objective. Polygraph is arguably
> not even science, and was created at a time when almost nothing was
> known about the interplay between neurology and psychology. Spending
> time investigating polygraph-defeators is completely useless.
>
> ~Griffin
>
> --
> "Cypherpunks write code not flame wars." --Jurre van Bergen
> #Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
>
> My posts, while frequently amusing, are not representative of the thoughts of my employer.
>
>
>
> ------------------------------
>
> Message: 28
> Date: Mon, 19 Aug 2013 15:12:42 -0500
> From: Kyle Maxwell <kylem at xwell.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Seeing threats, feds target instructors
> of polygraph-beating methods
> Message-ID:
> <CAESvgEr_0RfQmL+1MDO4mDDz=ZGZfuQEe7vWXFgvHUctpg=-Zw at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Agreed, but I'm more interested in the legal implications here.
> According to prosecutors, if you're teaching people how to bypass a
> security control and you know they are concealing evidence of a crime,
> you could be liable. That's important to know and account for.
>
> On Mon, Aug 19, 2013 at 3:07 PM, Griffin Boyce <griffinboyce at gmail.com> wrote:
>> Kyle Maxwell wrote:
>>> [Comment: This has implications for those of us involved in
>>> CryptoParty as well as other security education efforts.]
>>>
>>> The criminal inquiry, which hasn?t been acknowledged publicly, is
>>> aimed at discouraging criminals and spies from infiltrating the U.S.
>>> government by using the polygraph-beating techniques, which are said
>>> to include controlled breathing, muscle tensing, tongue biting and
>>> mental arithmetic.
>>
>> One can also mitigate galvanic skin response via adderall. GSR (and
>> polygraph as a whole) is *also* affected by such things as whether the
>> interviewer is the same race as you (Fischer & Kotses, 1973). It's not
>> admissible in court because it's not objective. Polygraph is arguably
>> not even science, and was created at a time when almost nothing was
>> known about the interplay between neurology and psychology. Spending
>> time investigating polygraph-defeators is completely useless.
>>
>> ~Griffin
>>
>> --
>> "Cypherpunks write code not flame wars." --Jurre van Bergen
>> #Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
>>
>> My posts, while frequently amusing, are not representative of the thoughts of my employer.
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
>
> --
> @kylemaxwell
>
>
> ------------------------------
>
> Message: 29
> Date: Mon, 19 Aug 2013 13:26:02 -0700
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] Inflated expectations?
> Message-ID:
> <CANhci9Ee2=w4kWeLeVUWee74oaWpYYqXaf0JncLOy=U+PTE3Fw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Mesh Networks: The Cure for Keeping the NSA Out of Your Computer
> http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp
> by @pomeranian99
>
>
> ------------------------------
>
> Message: 30
> Date: Mon, 19 Aug 2013 16:33:30 -0400
> From: Fran Parker <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] US Feds Threaten to Arrest Lavabit
> Founder for Shutting Down His Service | Techdirt
> Message-ID: <AB4B407D-206D-4778-8CE9-484EC24D1CD6 at gmail.com>
> Content-Type: text/plain; charset="us-ascii"
>
> I would never wish the crapshoot of the court system on anyone where being in the right can even be subverted.
>
> On Aug 19, 2013, at 3:02 PM, "R. Jason Cronk" <rjc at privacymaverick.com> wrote:
>
>> As sad as it seems, I hope the do prosecute him....not because I want to see him convicted but it would be an excellent test of the law and keep the case in the news for the egregiousness that it is.
>>
>> Jason
>>
>>
>> On 8/17/2013 6:05 PM, LilBambi wrote:
>>> Whoa! That is nuts!
>>>
>>> On Sat, Aug 17, 2013 at 5:43 PM, Yosem Companys <companys at stanford.edu> wrote:
>>>> The saga of Lavabit founder Ladar Levison is getting even more
>>>> ridiculous, as he explains that the government has threatened him with
>>>> criminal charges for his decision to shut down the business, rather
>>>> than agree to some mysterious court order. The feds are apparently
>>>> arguing that the act of shutting down the business, itself, was a
>>>> violation of the order.
>>>>
>>>> http://www.techdirt.com/articles/20130816/14533924213/feds-threaten-to-arrest-lavabit-founder-shutting-down-his-service.shtml
>>>> --
>>>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>>
>>
>> R. Jason Cronk, Esq., CIPP/US
>> Privacy Engineering Consultant, Enterprivacy Consulting Group
>> phone: (828) 4RJCESQ
>> twitter: @privacymaverick.com
>> blog: http://blog.privacymaverick.com
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/b80e70bd/attachment-0001.html>
>
> ------------------------------
>
> Message: 31
> Date: Mon, 19 Aug 2013 16:34:33 -0400
> From: Fran Parker <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Inflated expectations?
> Message-ID: <0485320A-4466-45DD-AACF-257E54ED51B9 at gmail.com>
> Content-Type: text/plain; charset=us-ascii
>
>
> Was reading about this earlier today. Very interesting.
>
>
>
> On Aug 19, 2013, at 4:26 PM, Yosem Companys <companys at stanford.edu> wrote:
>
>> Mesh Networks: The Cure for Keeping the NSA Out of Your Computer
>> http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp
>> by @pomeranian99
>> --
>> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 32
> Date: Mon, 19 Aug 2013 16:53:48 -0400
> From: LilBambi <lilbambi at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] World's Most Private Search Engine?
> Message-ID:
> <CA+AzaOeMRn3hFmvapLYCSg96Gq0H--aBN3tyJQPsUUWhTY=OHw at mail.gmail.com>
> Content-Type: text/plain; charset=windows-1252
>
> Yep, talk is cheap. Always has been. But StartPage.com now uses:
>
> StartPage and Ixquick Deploy Newest Encryption Standards against Mass
> Surveillance
> First search engines to offer TLS 1.1.and 1.2 as well as ?Perfect
> Forward Secrecy?
> July 19, 2013 12:03 PM Eastern Daylight Time
>
> http://eon.businesswire.com/news/eon/20130719005641/en/StartPage/Ixquick/TLS
>
> Search Engines Ixquick & StartPage Double Up On Security Measures With
> 2 New Encryption Standards
>
> http://searchengineland.com/private-search-enggines-startpage-ixquick-double-down-on-security-measures-with-two-new-encryption-standards-167500
>
> --snip--
>
> On the heels of the US PRISM scandal, private search engines Ixquick
> and its partner site StartPage are leveraging new encryption methods
> that offer higher levels of security beyond the standard SSL
> encryption.
>
> With a combined four millions searches daily, Ixquick and StartPage
> boast they are the first search engines in the world to employ
> ?Perfect Forward Secrecy? (PFS) along with TLS 1.1. and 1.2, creating
> a more secure network around their search traffic data.
>
> ?We?re setting the standard for encryption in the post-PRISM world,?
> claims StartPage developer and privacy expert Dr. Katherine Albrecht.
>
> PFS encrypts large amounts of data by using different ?per-session?
> keys for individual data transfers, making it impossible to decrypt a
> website?s full library of files with a single ?private key? as can
> happen with an SSL encryption.
>
> According to the announcement:
>
> With SSL alone, if a target website?s ?private key? can be obtained
> once in the future ? perhaps through court order, social engineering,
> attack against the website, or cryptanalysis ? that same key can then
> be used to unlock all other historical traffic of the affected
> website. For larger Internet services, that could expose the private
> data of millions of people.
> PFS offers websites an extra layer of protection, ??even if a site?s
> private SSL key is compromised, data that was previously transmitted
> is still safe.? If someone, or an organization, wanted to decrypt
> files secured via PFS, they would have to decrypt each individual file
> ? a time consuming task when trying to decrypt large quantities of
> data.
>
> StartPage and Ixquick implemented PFS earlier this month in
> combination with TLS 1.1. and 1.2, an upgraded form of SSL encryption
> that establishes a secure ?tunnel? where search traffic cannot be
> intercepted.
>
> --snip--
>
>
> On Mon, Aug 19, 2013 at 10:10 AM, Patrick Mylund Nielsen
> <patrick at patrickmylund.com> wrote:
>> If we have learned anything from PRISM it's that words are cheap, and not
>> complying is difficult to impossible (without shutting down your business).
>> You should probably be using Tor regardless of which search engine you're
>> using if you're worried about your privacy.
>>
>> On Aug 19, 2013 9:00 AM, "LilBambi" <lilbambi at gmail.com> wrote:
>>>
>>> I have used ixquick.com and startpage.com (both from the same folks) for
>>> years.
>>>
>>> More info here:
>>>
>>> http://en.wikipedia.org/wiki/Ixquick
>>>
>>> "Ixquick is a metasearch engine based in New York and the
>>> Netherlands.[2] Founded by David Bodnick in 1998, Ixquick is owned by
>>> Dutch company, Surfboard Holding BV, which acquired the internet
>>> company in 2000.[3]"
>>>
>>> "On July 7, 2009 Ixquick launched Startpage.com to offer a new service
>>> at a URL that is both easier to remember and spell. Startpage.com
>>> fetches its results straight from the Google search engine without
>>> saving the users' IP addresses or giving any personal user information
>>> to Google's servers."
>>>
>>> I had been using ixquick.com for quite a while when StartPage.com came
>>> out and was being promoted by Spy Chips author Katherine Albrecht and
>>> CASPIAN advocate.
>>>
>>> Startpage.com info on how it protects you:
>>> https://startpage.com/eng/prism-program-exposed.html
>>>
>>> Here's the content of that page:
>>>
>>> --snip--
>>>
>>> No PRISM. No Surveillance. No Government Back Doors. You Have our Word on
>>> it.
>>>
>>> Giant US government Internet spying scandal revealed
>>>
>>> The Washington Post and The Guardian have revealed a US government
>>> mass Internet surveillance program code-named "PRISM". They report
>>> that the NSA and the FBI have been tapping directly into the servers
>>> of nine US service providers, including Facebook, Microsoft, Google,
>>> Apple, Yahoo, YouTube, AOL and Skype, and began this surveillance
>>> program at least seven years ago. (clarifying slides)
>>>
>>> These revelations are shaking up an international debate.
>>>
>>> StartPage has always been very outspoken when it comes to protecting
>>> people's Privacy and civil liberties. So it won't surprise you that we
>>> are a strong opponent of overreaching, unaccountable spy programs like
>>> PRISM. In the past, even government surveillance programs that were
>>> begun with good intentions have become tools for abuse, for example
>>> tracking civil rights and anti-war protesters.
>>>
>>> Programs like PRISM undermine our Privacy, disrupt faith in
>>> governments, and are a danger to the free Internet.
>>>
>>> StartPage and its sister search engine Ixquick have in their 14-year
>>> history never provided a single byte of user data to the US
>>> government, or any other government or agency. Not under PRISM, nor
>>> under any other program in the US, nor under any program anywhere in
>>> the world.
>>>
>>> Here's how we are different:
>>>
>>> StartPage does not store any user data. We make this perfectly clear
>>> to everyone, including any governmental agencies. We do not record the
>>> IP addresses of our users and we don't use tracking cookies, so there
>>> is literally no data about you on our servers to access. Since we
>>> don't even know who our customers are, we can't share anything with
>>> Big Brother. In fact, we've never gotten even a single request from a
>>> governmental authority to supply user data in the fourteen years we've
>>> been in business.
>>>
>>> StartPage uses encryption (HTTPS) by default. Encryption prevents
>>> snooping. Your searches are encrypted, so others can't "tap" the
>>> Internet connection to snoop what you're searching for. This
>>> combination of not storing data together with using strong encryption
>>> for the connections is key in protecting your Privacy.
>>>
>>> Our company is based in The Netherlands, Europe. US jurisdiction does
>>> not apply to us, at least not directly. Any request or demand from ANY
>>> government (including the US) to deliver user data, will be thoroughly
>>> checked by our lawyers, and we will not comply unless the law which
>>> actually applies to us would undeniably require it from us. And even
>>> in that hypothetical situation, we refer to our first point; we don't
>>> even have any user data to give. We will never cooperate with
>>> voluntary spying programs like PRISM.
>>>
>>> StartPage cannot be forced to start spying. Given the strong
>>> protection of the Right to Privacy in Europe, European governments
>>> cannot just start forcing service providers like us to implement a
>>> blanket spying program on their users. And if that ever changed, we
>>> would fight this to the end.
>>> Privacy. It's not just our policy, it's our mission.
>>>
>>> Sincerely,
>>>
>>> Robert E.G. Beens
>>> CEO StartPage.com and Ixquick.com
>>>
>>> --snip--
>>>
>>> Hope that helps some Yosem.
>>>
>>> On Sun, Aug 18, 2013 at 2:18 PM, Yosem Companys <companys at stanford.edu>
>>> wrote:
>>> > RT @bytesforall: "World's Most Private Search Engine"
>>> > http://ixquick.com/eng/. Anyone evaluated this? #Pakistan #Privacy
>>> > #NetFreedom #Google @PrivacySurgeon
>>> > --
>>> > Liberationtech is a public list whose archives are searchable on Google.
>>> > Violations of list guidelines will get you moderated:
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
>>> > change to digest, or change password by emailing moderator at
>>> > companys at stanford.edu.
>>> --
>>> Liberationtech is a public list whose archives are searchable on Google.
>>> Violations of list guidelines will get you moderated:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
>>> change to digest, or change password by emailing moderator at
>>> companys at stanford.edu.
>>
>>
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
>> change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 33
> Date: Mon, 19 Aug 2013 23:09:35 +0200
> From: "Jillian C. York" <jilliancyork at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID:
> <CAN=RHLk1rwhnUbWB=jL9WmRK-YSmGxZ0nxEuy-ffnk+pSsfDew at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Key paragraph:
>
> "So while I am told that you have norms about collaboration and engagement
> among you, I regret that we can't follow them. Hope you'll forgive us and
> judge us by the quality of our work over time. Good luck to you with yours."
>
> In a later phone call that I had with Ricken, he basically said that Avaaz
> "doesn't have time to engage" with its allies and the greater community. As
> a rule, I don't support any person or group that isn't interested in
> working together as a community.
>
>
> On Mon, Aug 19, 2013 at 9:27 PM, staticsafe <me at staticsafe.ca> wrote:
>
>> On Mon, Aug 19, 2013 at 08:36:48PM +0200, Jillian C. York wrote:
>> > Avaaz made it clear a year ago on this very mailing list that they have
>> no
>> > interest whatsoever in engaging with our community.
>> > --
>> > *Note: *I am slowly extricating myself from Gmail. Please change your
>> > address books to: jilliancyork at riseup.net or jillian at eff.org.
>> >
>> > US: +1-857-891-4244 | NL: +31-657086088
>> > site: jilliancyork.com <http://jilliancyork.com/>* | *
>> > twitter: @jilliancyork* *
>> >
>> > "We must not be afraid of dreaming the seemingly impossible if we want
>> the
>> > seemingly impossible to become a reality" - *Vaclav Havel*
>>
>> I'm not sure if this is what you are referring to but I see an apology:
>> https://mailman.stanford.edu/pipermail/liberationtech/2012-May/003843.html
>>
>> Either way, more details are appreciated.
>> --
>> staticsafe
>> O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
>> Please don't top post.
>> Please don't CC! I'm subscribed to whatever list I just posted on.
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
>
>
> --
> *Note: *I am slowly extricating myself from Gmail. Please change your
> address books to: jilliancyork at riseup.net or jillian at eff.org.
>
> US: +1-857-891-4244 | NL: +31-657086088
> site: jilliancyork.com <http://jilliancyork.com/>* | *
> twitter: @jilliancyork* *
>
> "We must not be afraid of dreaming the seemingly impossible if we want the
> seemingly impossible to become a reality" - *Vaclav Havel*
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130819/a8d7bc44/attachment-0001.html>
>
> ------------------------------
>
> Message: 34
> Date: Tue, 20 Aug 2013 07:15:44 +1000
> From: Tom O <winterfilth at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID:
> <CAH4Aj8orHV5vtpPo+Q=1L-k2d4JzEzoDSDtO4p3zajPtDXb-AQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Agree. If you refuse to reciprocate the goodwill, why should anyone bother.
>
> Relationships are a two way street
>
> On Tuesday, August 20, 2013, Jillian C. York wrote:
>
>> Key paragraph:
>>
>> "So while I am told that you have norms about collaboration and
>> engagement among you, I regret that we can't follow them. Hope you'll
>> forgive us and judge us by the quality of our work over time. Good luck
>> to you with yours."
>>
>> In a later phone call that I had with Ricken, he basically said that Avaaz
>> "doesn't have time to engage" with its allies and the greater community. As
>> a rule, I don't support any person or group that isn't interested in
>> working together as a community.
>>
>>
>> On Mon, Aug 19, 2013 at 9:27 PM, staticsafe <me at staticsafe.ca<javascript:_e({}, 'cvml', 'me at staticsafe.ca');>
>> > wrote:
>>
>>> On Mon, Aug 19, 2013 at 08:36:48PM +0200, Jillian C. York wrote:
>>> > Avaaz made it clear a year ago on this very mailing list that they have
>>> no
>>> > interest whatsoever in engaging with our community.
>>> > --
>>> > *Note: *I am slowly extricating myself from Gmail. Please change your
>>> > address books to: jilliancyork at riseup.net <javascript:_e({}, 'cvml',
>>> 'jilliancyork at riseup.net');> or jillian at eff.org <javascript:_e({},
>>> 'cvml', 'jillian at eff.org');>.
>>> >
>>> > US: +1-857-891-4244 | NL: +31-657086088
>>> > site: jilliancyork.com <http://jilliancyork.com/>* | *
>>> > twitter: @jilliancyork* *
>>> >
>>> > "We must not be afraid of dreaming the seemingly impossible if we want
>>> the
>>> > seemingly impossible to become a reality" - *Vaclav Havel*
>>>
>>> I'm not sure if this is what you are referring to but I see an apology:
>>> https://mailman.stanford.edu/pipermail/liberationtech/2012-May/003843.html
>>>
>>> Either way, more details are appreciated.
>>> --
>>> staticsafe
>>> O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
>>> Please don't top post.
>>> Please don't CC! I'm subscribed to whatever list I just posted on.
>>> --
>>> Liberationtech is a public list whose archives are searchable on Google.
>>> Violations of list guidelines will get you moderated:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>>> Unsubscribe, change to digest, or change password by emailing moderator at
>>> companys at stanford.edu <javascript:_e({}, 'cvml',
>>> 'companys at stanford.edu');>.
>>>
>>
>>
>>
>> --
>> *Note: *I am slowly extricating myself from Gmail. Please change your
>> address books to: jilliancyork at riseup.net <javascript:_e({}, 'cvml',
>> 'jilliancyork at riseup.net');> or jillian at eff.org <javascript:_e({},
>> 'cvml', 'jillian at eff.org');>.
>>
>> US: +1-857-891-4244 | NL: +31-657086088
>> site: jilliancyork.com <http://jilliancyork.com/>* | *
>> twitter: @jilliancyork* *
>>
>> "We must not be afraid of dreaming the seemingly impossible if we want the
>> seemingly impossible to become a reality" - *Vaclav Havel*
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130820/4d917173/attachment-0001.html>
>
> ------------------------------
>
> Message: 35
> Date: Mon, 19 Aug 2013 18:27:18 -0400
> From: Rich Kulawiec <rsk at gsp.org>
> To: liberationtech <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] Fwd: Avaaz in "grave danger" due to
> GMail spam filters
> Message-ID: <20130819222718.GA11010 at gsp.org>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Aug 19, 2013 at 12:32:59AM +0200, Moritz Bartl wrote:
>> Subject: Avaaz in "grave danger" due to GMail spam filters
>
> This should be retitled "Avaaz allegedly in grave danger due to their
> own extremely stupid decisions as regards running their mailing list,
> and oh, by the way, Gmail's anti-spam setup is awful."
>
> Briefly (VERY briefly) if Avaaz ran their mailing lists properly
> (in-house, using COI, RFC 2142-compliant, RFC 2919-compliant, and so on)
> then it would be very unlikely that they'd have an issue with Gmail...or
> any other large mail provider, for that matter. (Source: decades of
> experience running mailing lists.) As to Gmail, both their false positive
> and false negative rates are far too high *and* they use quarantines
> (a worst practice in mail system engineering). So there's plenty of
> blame to go around here, but really, most of it lies with Avaaz, because
> this problem is fixable IN A DAY using FOSS and a little bit of clue.
>
> ---rsk
>
>
> ------------------------------
>
> Message: 36
> Date: Tue, 20 Aug 2013 01:09:53 +0100
> From: Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] [Dewayne-Net] Are Hackers the Next
> Bogeyman Used to Scare Americans Into Giving Up More Rights?
> Message-ID: <C29F5361-5C9F-44DE-985F-028326BDC2DD at ei8fdb.org>
> Content-Type: text/plain; charset="us-ascii"
>
>
> On 15 Aug 2013, at 19:09, Kyle Maxwell <kylem at xwell.org> wrote:
>
>> On Wed, Aug 14, 2013 at 5:18 PM, Bernard Tyers - ei8fdb
>> <ei8fdb at ei8fdb.org> wrote:
>>> My issue is with - "Hacking" is bad when people do it. It's ok when the government do it.
>>
>> To play devil's advocate for a moment: isn't that true for a lot of
>> things?
>
> I'm not going to bite! ;)
>
>> The State is, in general, very jealous about its monopoly on
>> things like violence and taxation, and (modulo anarchists, many of
>> whom I love and respect) the majority of people are okay with those
>> things.
>
>
> I don't think most people are necessairly the same - extreme example, but I don't think I've ever heard "normal" (sure define "normal"!) people being ok with violence when carried out by states.
>
> --------------------------------------
> Bernard / bluboxthief / ei8fdb
>
> IO91XM / www.ei8fdb.org
>
>
> ------------------------------
>
> Message: 37
> Date: Mon, 19 Aug 2013 20:50:20 -0500
> From: Kyle Maxwell <kylem at xwell.org>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] [Dewayne-Net] Are Hackers the Next
> Bogeyman Used to Scare Americans Into Giving Up More Rights?
> Message-ID:
> <CAESvgErrOw=SpNOJDihWOzikPf1rvpyQEVnP=NNPdAtS3OwjtA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Mon, Aug 19, 2013 at 7:09 PM, Bernard Tyers - ei8fdb
> <ei8fdb at ei8fdb.org> wrote:
>>
>> On 15 Aug 2013, at 19:09, Kyle Maxwell <kylem at xwell.org> wrote:
>>> The State is, in general, very jealous about its monopoly on
>>> things like violence and taxation, and (modulo anarchists, many of
>>> whom I love and respect) the majority of people are okay with those
>>> things.
>>
>>
>> I don't think most people are necessairly the same - extreme example, but I don't think I've ever heard "normal" (sure define "normal"!) people being ok with violence when carried out by states.
>
> Sure they are: police and military, for example, are examples of the
> state's near-monopoly on (legal) violence. Exceptions exist, like
> self-defense, but even then, if a cop is present and somebody pulls
> out a gun for defense against somebody else in the area, it almost
> certainly won't go well.
>
> So the point is only that it's not sufficient to say that "hacking is
> bad when people do it, okay when the government does it". We have to
> slice a little more to get to the heart of the issue.
>
> --
> @kylemaxwell
>
>
> ------------------------------
>
> Message: 38
> Date: Mon, 19 Aug 2013 19:07:10 -0700
> From: "James S. Tyre" <jstyre at eff.org>
> To: "'liberationtech'" <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] Lawful Hacking: Using Existing
> Vulnerabilities for Wiretapping on the Internet
> Message-ID: <03e101ce9d49$fb1f9ed0$f15edc70$@eff.org>
> Content-Type: text/plain; charset="us-ascii"
>
> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107
>
> Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet
>
>
> Steven M. Bellovin
> Columbia University - Department of Computer Science
>
> Matt Blaze
> University of Pennsylvania - School of Engineering & Applied Science
>
> Sandy Clark
> University of Pennsylvania - School of Engineering & Applied Science
>
> Susan Landau
> Harvard University; Sun Microsystems, Inc.
>
> August 18, 2013
>
> Privacy Legal Scholars Conference, June 2013
>
> Abstract:
> For years, legal wiretapping was straightforward: the officer doing the intercept
> connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the
> changing structure of telecommunications - there was no longer just "Ma Bell" to talk to -
> and new technologies such as ISDN and cellular telephony made executing a wiretap more
> complicated for law enforcement. Simple technologies would no longer suffice. In response,
> Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which
> mandated a standardized lawful intercept interface on all local phone switches. Technology
> has continued to progress, and in the face of new forms of communication - Skype, voice
> chat during multi-player online games, many forms of instant messaging, etc.- law
> enforcement is again experiencing problems. The FBI has called this "Going Dark": their
> loss of access to suspects' communication. According to news reports, they want changes to
> the wiretap laws to require a CALEA--like interface in Internet software.
>
> CALEA, though, has its own issues: it is complex software specifically intended to create
> a security hole - eavesdropping capability - in the already--complex environment of a
> phone switch. It has unfortunately made wiretapping easier for everyone, not just law
> enforcement. Congress failed to heed experts' warnings of the danger posed by this
> mandated vulnerability, but time has proven the experts right. The so--called "Athens
> Affair", where someone used the built--in lawful intercept mechanism to listen to the cell
> phone calls of high Greek officials, including the Prime Minister, is but one example. In
> an earlier work, we showed why extending CALEA to the Internet would create very serious
> problems, including the security problems it has visited on the phone system.
>
> In this paper, we explore the viability and implications of an alternative method for
> addressing law enforcement's need to access communications: legalized hacking of target
> devices through existing vulnerabilities in end--user software and platforms. The FBI
> already uses this approach on a small scale; we expect that its use will increase,
> especially as centralized wiretapping capabilities become less viable.
>
> Relying on vulnerabilities and hacking poses a large set of legal and policy questions,
> some practical and some normative. Among these are:
>
> . Will it create disincentives to patching?
>
> . Will there be a negative effect on innovation? (Lessons from the so--called "Crypto
> Wars" of the 1990s, and, in particular, the debate over export controls on cryptography,
> are instructive here.)
>
> . Will law enforcement's participation in vulnerabilities purchasing skew the market?
>
> . Do local and even state law enforcement agencies have the technical sophistication to
> develop and use exploits? If not, how should this be handled? A larger FBI role?
>
> . Should law enforcement even be participating in a market where many of the sellers and
> other buyers are themselves criminals?
>
> . What happens if these tools are captured and re-purposed by miscreants?
>
> . Should we sanction otherwise--illegal network activity to aid law enforcement?
>
> . Is the probability of success from such an approach too low for it to be useful?
>
> As we will show, though, these issues are indeed challenging. We regard them, on balance,
> as preferable to adding more complexity and insecurity to online systems.
>
> Number of Pages in PDF File: 70
>
> Keywords: wiretap, CALEA, surveillance, hacking, vulnerabilities, cyber-security, law
> enforcement
>
> working papers series
>
>
> Download This Paper
> Date posted: August 19, 2013
>
> --
> James S. Tyre
> Law Offices of James S. Tyre
> 10736 Jefferson Blvd., #512
> Culver City, CA 90230-4969
> 310-839-4114/310-839-4602(fax)
> jstyre at jstyre.com
> Policy Fellow, Electronic Frontier Foundation
> https://www.eff.org
>
>
>
>
>
> ------------------------------
>
> Message: 39
> Date: Mon, 19 Aug 2013 22:42:56 -0400
> From: Tom Ritter <tom at ritter.vg>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Seeing threats, feds target instructors
> of polygraph-beating methods
> Message-ID:
> <CA+cU71nT3Ad1+6vQ5x0W9pViLwChVyGaQpQF2qVjO7sgf_xZKA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I'm trying to think of how you could prosecute free speech (in the
> US). It's not illegal to talk about how to use rusty nails to create
> themite - that's been in the Anarchist Cookbook for years. It's a
> somewhat fine line between "X should be killed" and "incitement to
> murder" but as all the Assange and Snowden press has shown, that's not
> a great indicator. I don't _think_ nuclear secrets is actually
> protected, it's just that the individuals who know about them are
> contracted/NDA-ed/under classified restrictions.
>
> ESPECIALLY when polygraphs aren't actually accepted by the courts, as
> far as I know.
>
> /sigh
>
> "So far, authorities have targeted at least two instructors, one of
> whom has pleaded guilty to federal charges, several people familiar
> with the investigation told McClatchy."
>
> Love to know the inside details of the person who pleaded guilty, and why.
>
> -tom
>
>
> ------------------------------
>
> Message: 40
> Date: Mon, 19 Aug 2013 19:42:06 -0700 (PDT)
> From: Darlene Scott <darlenescott673 at yahoo.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] verifying SSL certs (was Re: In defense
> of client-side encryption)
> Message-ID:
> <1376966526.33739.YahooMailBasic at web161706.mail.bf1.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
>
> Has anyone here looked into "Namecoin" at all? I must admit I've only seen a two line reference about it and meant to follow up but haven't had the time.
>
> https://en.wikipedia.org/Namecoin
>
> Do you think the same distributed approach could be applied to certifying SSL-like connections?
>
> Sorry if this question seem naive. I have no deep knowledge of internet protocol structure or function.
>
>
> --------------------------------------------
> On Mon, 8/19/13, Ben Laurie <ben at links.org> wrote:
>
> Subject: Re: [liberationtech] verifying SSL certs (was Re: In defense of client-side encryption)
> To: "liberationtech" <liberationtech at lists.stanford.edu>
> Date: Monday, August 19, 2013, 3:41 AM
>
>
>
>
> On 14 August 2013
> 10:46, Guido Witmond <guido at witmond.nl>
> wrote:
>
> On
> 08/14/13 15:18, Ben Laurie wrote:
>
> > On 14 August 2013 08:54, Guido Witmond <guido at witmond.nl
>
> > <mailto:guido at witmond.nl>>
> wrote:
>
> >
>
> > ? ? On 08/13/13 19:42, Andy Isaacson wrote:
>
> > ? ? > On Mon, Aug 12, 2013 at 11:10:39AM +0200,
> Guido Witmond wrote:
>
> > ? ? >> There is another problem. You rely on
> HTTPS. Here is the 64000
>
> > ? ? >> dollar question:
>
> > ? ? >>
>
> > ? ? >> Q._"What is the CA-certificate for
> your banks' website?"_
>
> > ? ? >>>
>
>
>
> [snip]
>
>
>
> > ? ? I too have given up on expecting security from
> the global CA's. That's
>
> > ? ? why I want to see DNSSEC succeed.
>
> >
>
> >
>
> > DNSSEC merely transfers the problem to registries and
> registrars, who
>
> > are no more reliable than CAs. You need to solve the
> problem of having
>
> > to trust third parties before DNSSEC will work (which
> is the same
>
> > problem you need to solve for CAs),
>
>
>
> Yes, there is trust involved, but there is a difference.
>
>
>
> With CA's anyone can sign a certificate for any site.
> It's a race to the
>
> bottom with no winners. Not even the CA's as they
> can't differentiate
>
> between themselves. The consequence is that no one trusts
> any of them.
>
> And who likes to do business with a party he doesn't
> trust but needs anyway?
>
>
>
> With DNSSEC, I have the choice of registrar. If there is a
> bad apple, I
>
> choose another who I find better worth my money.
>
>
>
>
>
> > And, sorry to bang on about it, but
>
> > the answer is Certificate Transparency. BTW, my team is
> about to start
>
> > looking at DNSSEC Transparency, too.
>
>
>
> Don't bang to hard: DNSSEC and CT solve the same
> problem.
>
> This is not
> correct.?
>
>
>
> The problem is that there is no registry that specifies
> which of the
>
> Global Certificate authorities is the one you should trust
> to validate a
>
> server-certificate. The mess we have right now is that each
> of the
>
> Global CA's can sign a server certificate. Hence my
> 64000 dollar question.
>
>
>
> Both DNSSEC and CT solve the problem. Albeit in different
> ways with
>
> different pros and cons.
>
>
>
> With DNSSEC and DANE, the site operator specifies *a priori*
> which CA he
>
> uses to sign the server certificates. It can be a self
> signed certificate.
>
>
>
> With CT, you register which CA has signed a certificate for
> a web site
>
> *after the fact*.
>
> Not really. The registration occurs before the
> cert can be used.?
>
>
>
> We need them both! To keep the CA's and registrars
> honest. I really
>
> appreciate your work on CT.
>
> CT does not keep registrars honest. This is why
> you need DNSSEC transparency.?
>
>
>
> Guido.
>
>
>
>
>
> --
>
> Liberationtech is a public list whose archives are
> searchable on Google. Violations of list guidelines will get
> you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu.
>
>
>
>
>
> -----Inline Attachment Follows-----
>
> --
> Liberationtech is a public list whose archives are
> searchable on Google. Violations of list guidelines will get
> you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 41
> Date: Tue, 20 Aug 2013 12:51:16 +1000
> From: Tom O <winterfilth at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Seeing threats, feds target instructors
> of polygraph-beating methods
> Message-ID:
> <CAH4Aj8qw1FJHtn=m5J4KPa4qBSDtc4uLyRgWviAOJRRPvOVLWw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> How anyone even uses lie detection tests and deems them useful should be a
> crime itself.
>
> People are naturally nervous in test situations, whether you sit for exams,
> psych profiles or lie detection. A lie detection test responding to the
> bodies natural stimulus to nerves and anxiety, and leaving the review up to
> a third party that is often not an expert in neuroscience, psychology or
> psychiatry is basically relying on guilt by pseudoscience. This technique
> would have been acceptable during the Inquisition, but has no place in
> todays modern justice system.
>
> Also, related
> Suppression of Incriminating Memories Can Beat Lie-Detector Tests
> http://psychcentral.com/news/2013/05/30/suppression-of-incriminating-memories-can-beat-lie-detector-tests/55411.html
>
>
> On Tue, Aug 20, 2013 at 12:42 PM, Tom Ritter <tom at ritter.vg> wrote:
>
>> I'm trying to think of how you could prosecute free speech (in the
>> US). It's not illegal to talk about how to use rusty nails to create
>> themite - that's been in the Anarchist Cookbook for years. It's a
>> somewhat fine line between "X should be killed" and "incitement to
>> murder" but as all the Assange and Snowden press has shown, that's not
>> a great indicator. I don't _think_ nuclear secrets is actually
>> protected, it's just that the individuals who know about them are
>> contracted/NDA-ed/under classified restrictions.
>>
>> ESPECIALLY when polygraphs aren't actually accepted by the courts, as
>> far as I know.
>>
>> /sigh
>>
>> "So far, authorities have targeted at least two instructors, one of
>> whom has pleaded guilty to federal charges, several people familiar
>> with the investigation told McClatchy."
>>
>> Love to know the inside details of the person who pleaded guilty, and why.
>>
>> -tom
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130820/bc29e4a0/attachment-0001.html>
>
> ------------------------------
>
> Message: 42
> Date: Tue, 20 Aug 2013 12:56:35 +1000
> From: Tom O <winterfilth at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] verifying SSL certs (was Re: In defense
> of client-side encryption)
> Message-ID:
> <CAH4Aj8r8dZaRoSQZoUc9TgmrmC75jkEJPrOriAWWLu8du2J_4Q at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> re this has anyone had a look at Tack.io?
>
>
> On Tue, Aug 20, 2013 at 12:42 PM, Darlene Scott
> <darlenescott673 at yahoo.com>wrote:
>
>>
>> Has anyone here looked into "Namecoin" at all? I must admit I've only seen
>> a two line reference about it and meant to follow up but haven't had the
>> time.
>>
>> https://en.wikipedia.org/Namecoin
>>
>> Do you think the same distributed approach could be applied to certifying
>> SSL-like connections?
>>
>> Sorry if this question seem naive. I have no deep knowledge of internet
>> protocol structure or function.
>>
>>
>> --------------------------------------------
>> On Mon, 8/19/13, Ben Laurie <ben at links.org> wrote:
>>
>> Subject: Re: [liberationtech] verifying SSL certs (was Re: In defense of
>> client-side encryption)
>> To: "liberationtech" <liberationtech at lists.stanford.edu>
>> Date: Monday, August 19, 2013, 3:41 AM
>>
>>
>>
>>
>> On 14 August 2013
>> 10:46, Guido Witmond <guido at witmond.nl>
>> wrote:
>>
>> On
>> 08/14/13 15:18, Ben Laurie wrote:
>>
>> > On 14 August 2013 08:54, Guido Witmond <guido at witmond.nl
>>
>> > <mailto:guido at witmond.nl>>
>> wrote:
>>
>> >
>>
>> > On 08/13/13 19:42, Andy Isaacson wrote:
>>
>> > > On Mon, Aug 12, 2013 at 11:10:39AM +0200,
>> Guido Witmond wrote:
>>
>> > >> There is another problem. You rely on
>> HTTPS. Here is the 64000
>>
>> > >> dollar question:
>>
>> > >>
>>
>> > >> Q._"What is the CA-certificate for
>> your banks' website?"_
>>
>> > >>>
>>
>>
>>
>> [snip]
>>
>>
>>
>> > I too have given up on expecting security from
>> the global CA's. That's
>>
>> > why I want to see DNSSEC succeed.
>>
>> >
>>
>> >
>>
>> > DNSSEC merely transfers the problem to registries and
>> registrars, who
>>
>> > are no more reliable than CAs. You need to solve the
>> problem of having
>>
>> > to trust third parties before DNSSEC will work (which
>> is the same
>>
>> > problem you need to solve for CAs),
>>
>>
>>
>> Yes, there is trust involved, but there is a difference.
>>
>>
>>
>> With CA's anyone can sign a certificate for any site.
>> It's a race to the
>>
>> bottom with no winners. Not even the CA's as they
>> can't differentiate
>>
>> between themselves. The consequence is that no one trusts
>> any of them.
>>
>> And who likes to do business with a party he doesn't
>> trust but needs anyway?
>>
>>
>>
>> With DNSSEC, I have the choice of registrar. If there is a
>> bad apple, I
>>
>> choose another who I find better worth my money.
>>
>>
>>
>>
>>
>> > And, sorry to bang on about it, but
>>
>> > the answer is Certificate Transparency. BTW, my team is
>> about to start
>>
>> > looking at DNSSEC Transparency, too.
>>
>>
>>
>> Don't bang to hard: DNSSEC and CT solve the same
>> problem.
>>
>> This is not
>> correct.
>>
>>
>>
>> The problem is that there is no registry that specifies
>> which of the
>>
>> Global Certificate authorities is the one you should trust
>> to validate a
>>
>> server-certificate. The mess we have right now is that each
>> of the
>>
>> Global CA's can sign a server certificate. Hence my
>> 64000 dollar question.
>>
>>
>>
>> Both DNSSEC and CT solve the problem. Albeit in different
>> ways with
>>
>> different pros and cons.
>>
>>
>>
>> With DNSSEC and DANE, the site operator specifies *a priori*
>> which CA he
>>
>> uses to sign the server certificates. It can be a self
>> signed certificate.
>>
>>
>>
>> With CT, you register which CA has signed a certificate for
>> a web site
>>
>> *after the fact*.
>>
>> Not really. The registration occurs before the
>> cert can be used.
>>
>>
>>
>> We need them both! To keep the CA's and registrars
>> honest. I really
>>
>> appreciate your work on CT.
>>
>> CT does not keep registrars honest. This is why
>> you need DNSSEC transparency.
>>
>>
>>
>> Guido.
>>
>>
>>
>>
>>
>> --
>>
>> Liberationtech is a public list whose archives are
>> searchable on Google. Violations of list guidelines will get
>> you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by
>> emailing moderator at companys at stanford.edu.
>>
>>
>>
>>
>>
>> -----Inline Attachment Follows-----
>>
>> --
>> Liberationtech is a public list whose archives are
>> searchable on Google. Violations of list guidelines will get
>> you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by
>> emailing moderator at companys at stanford.edu.
>> --
>> Liberationtech is a public list whose archives are searchable on Google.
>> Violations of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130820/90c0a455/attachment.html>
>
> ------------------------------
>
> --
> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
> End of liberationtech Digest, Vol 169, Issue 1
> **********************************************
More information about the liberationtech
mailing list