[liberationtech] Quick Guide to Alternatives
Moritz Bartl
moritz at torservers.net
Mon Jun 17 22:57:02 PDT 2013
On 17.06.2013 21:06, micah wrote:
> Do you have any suggestions for what Riseup can do to resolve that
> concern for you? I don't disagree with you, I'm just curious about
> solutions here.
I am happy to repeat myself, since the issues I have with Riseup have
not been addressed so far.
Tactical Tech should not be recommending Riseup, and Riseup only,
without stressing that you *always* have to trust the operators and the
systems behind them, and at least mention some alternatives to Riseup. A
longer article should also discuss that Gmail is probably better
security-wise than some random open source installation. In the end it
depends on your threat model, right?
Anyway:
#1 There was a point in time when Riseup purposely decided to stop
pushing decentralization. A lot of work was and is put into features
that are *not* documented properly and not easily available to replicate.
#2 As an example, the website states "minimal logging". What the hell is
"minimum logging" other than marketing speech? Why don't you tell you're
users what you are logging, up to the last byte? Especially when you
provide a sensitive service like email, extra care should be put in the
documentation and specification of logging policies. And by that I mean
down to the config files of the syslog daemon.
#3 How hard is it to be transparent about money and sponsors? There's
some big money behind Riseup now, and you guys should be very open about
the sources.
--
Moritz Bartl
https://www.torservers.net/
More information about the liberationtech
mailing list