[liberationtech] Quick Guide to Alternatives

Jonathan Wilkes jancsika at yahoo.com
Mon Jun 17 14:16:56 PDT 2013 




________________________________
 >From: micah <micah at riseup.net>
>To: Jonathan Wilkes <jancsika at yahoo.com>; liberationtech <liberationtech at lists.stanford.edu>; liberationtech <liberationtech at lists.stanford.edu> 
>Sent: Monday, June 17, 2013 3:06 PM
>Subject: Re: [liberationtech] Quick Guide to Alternatives
 

>Jonathan Wilkes <jancsika at yahoo.com> writes:

>> Finally, the user of riseup must trust the description of their service on the website to be true because it is a form of
>> privacy by policy.  If joining it is to be anything other than practicing the bad habit of trusting implicitly something you
>> read on a list on the internet, you need to know and trust someone from the internet security/privacy world who can vouch
>> for the security of the system based on their own human trust relationship with someone who runs riseup (or is closely
>> connected to it).  If you're a human rights worker and you have such a relationship with a security/privacy expert, you'd
>> do better to pay them for some tutoring sessions on seting up and using one or more of the following: ssh, Tor, Tor + ssh,
>> torchat, and possibly otr + pidgin and help them develop a working experience about what the threats are to their privacy in
>> those instances.

>I happen to know and trust someone who can vouch for the security of the
system due to my human trust relationship with someone who runs riseup.

>Do you have any suggestions for what Riseup can do to resolve that
concern for you? I don't disagree with you, I'm just curious about
solutions here.

Doing your computations on someone else's computer and expecting
privacy is a bad mix, regardless of whether that computer is running
well-configured free software or not.  That goes for Google and
Riseup, though I do think using the server of someone you personally
trust is making the best of bad options.

Going further than making the best of bad options, here's a suggestion:
what about leveraging this trust they built among individuals and groups
to start a program of helping set up something like this for people:

http://yunohost.org/

It's surely less secure/robust than Riseup's servers in its current state,
but all the work and patches they make regarding logging/etc. which you
mention below would then go to strengthen a system that gives privacy
by design.  Plus Riseup doesn't have to host any data, encrypted or
otherwise for that particular person-- just a nice friendly interface for
pointing their email address at the location of the box.

Then when someone comes along and codes up a Tor plugin, or NAT
traversal stuff, or even some exciting new end-to-end encrypted messaging
system, instead of doing the old privacy-vs-convenience dance, you'd have
users contacting whatever privacy Jedi they know and trust, asking them if
they think it's ok to click the button to install that plugin.  (Or doing whatever
audit from whoever they want to pay to look directly at the system they're
running and using, and tell them whether its configured correctly.)

-Jonathan

> I think Riseup has done a few things to try to close that gap. One has
been a long term building up of trust among individuals and groups,
which spreads out through recommendations by those people to
others. Riseup people being involved in various forms of activism (from
counter globalization movement organizing, to indymedia, to occupy and
other much less well known, or hyper local activist efforts) has been
one way that has happened. In various ways Riseup has been involved in
defending, or fighting for the freedoms that Riseup tries to protect,
sometimes that has come in the form of legal battles that Riseup has
either joined or been subjected to, coalitions that Riseup has joined,
or campaigns that Riseup has participated in. In other cases it comes
technically through publishing documentation, guides, howtos and writing
patches and software that embody the various political principles that
Riseup tries to adhere to (such as privacy and log anonymization
patches, or social networking software, etc.). Another way is active
involvement in free software, Debian in particular. Contributing to that
ecosystem because the political ideals are harmonious makes a lot of
sense for an organization that is actually trying to fulfill its stated
'policies'.



micah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130617/af6b6c6b/attachment.html>

More information about the liberationtech mailing list