[liberationtech] RiseUp

Sahar Massachi sayhar at gmail.com
Fri Oct 18 10:53:11 PDT 2013 

As Elijah wrote, the point of riseup is to serve a specific constituency.
The point is not to help the general public encrypt their email.
On Oct 18, 2013 1:30 PM, "Jonathan Wilkes" <jancsika at yahoo.com> wrote:

> On 10/15/2013 06:47 PM, elijah wrote:
>
>> On 10/15/2013 03:07 PM, Yosem Companys wrote:
>>
>>  If you have any thoughts about Riseup, whether
>>> security/privacy-related or otherwise, I'd love to hear them.
>>>
>> I think I am the only person from the Riseup collective who is
>> subscribed to liberationtech, so I will reply, although what follows is
>> not an official position or response from the collective.
>>
>> We started when it was impossible to get even simple IMAP service that
>> was affordable. Very early on, it became apparent that one of the
>> primary issue facing our constituency (social justice activists) was the
>> rapid rise in abusive surveillance by states and corporations.
>>
>> Riseup does the best it can with antiquated 20th century technology.
>> Without getting into any details, we do the best that can be done,
>> particularly when both sender and recipient are using email from one of
>> service providers we have special encrypted transport arrangements with.
>> Admittedly, the best we can do is not that great. And, of course, our
>> webmail offering is laughably horrible.
>>
>> Riseup is not really a "US email provider". The great majority of our
>> users live outside the United States, and email is just one of many
>> services we provide.
>>
>> There has been much discussion on the internets about the fact that
>> Riseup is located in the US, and what possible country would provide the
>> best "jurisdictional arbitrage". Before the Lavabit case, the US
>> actually looked pretty good: servers in the US are not required to
>> retain any customer data or logs whatsoever. The prospect of some shady
>> legal justification for requiring a provider to supply the government
>> with their private TLS keys seems to upend everything I have read or
>> been told about US jurisprudence. Unfortunately, no consensus has
>> emerged regarding any place better than the US for servers, despite
>> notable bombast the the contrary.
>>
>> As a co-founder of Riseup, my personal goal at the moment is to destroy
>> Riseup as we know it, and replace it with something that is based on
>> 21st century technology [1]. My hope is that this transition can happen
>> smoothly, without undo hardship on the users.
>>
>> As evidence by the recent traffic on this list, many people are loudly
>> proclaiming that email can never be secure and it must be abandoned. I
>> have already written why I feel that this is both incredibly
>> irresponsible and technically false. There is an important distinction
>> between mass surveillance and being individually targeted by the NSA.
>> The former is an existential threat to democracy and the latter is
>> extremely difficult to protect against.
>>
>> It is, however, entirely possible to layer a very high degree of
>> confidentially, integrity, authentication, and un-mappability onto email
>> if we allow for opportunistic upgrades to enhanced protocols. For
>> example, we should be able to achieve email with asynchronous forward
>> secrecy that is also protected against meta-data analysis (even from a
>> compromised provider), but it is going to take work (and money) to get
>> there. Yes, in the long run, we should all just run pond [2], but in the
>> long run we are all dead.
>>
>
> The first thing you should do is remove the social contract from your
> registration page.  It's creepy and (should be) completely at odds with
> your privacy policy.  (That is, it should read "even _we_ can't ban you
> from using our service to talk about the following things in confidence
> with others...")
>
> Furthermore, every single bullet point is ambiguous and would be
> subject to a flame war if I posted them here.  That is, they are so
> wide open that people could reasonably take an opposing view for
> any or all of them, in good faith or bad.
>
> Personally, I agree with Riseup's position on those bullet points
> (assuming I understand them the same as you).  But I disagree
> with requiring people to answer them if they want to try to be
> safer when they use the internet.
>
> Essentially, a requirement to click such a button is asking people to
> lie to themselves in order to use your service.  Even the Pope and
> the military have seen fit to stop making people do that.
>
> Best,
> Jonathan
>
>
>> -elijah
>>
>> [1] https://leap.se/email
>> [2] https://pond.imperialviolet.**org/ <https://pond.imperialviolet.org/>
>>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/**
> mailman/listinfo/**liberationtech<https://mailman.stanford.edu/mailman/listinfo/liberationtech>.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131018/2b499fea/attachment.html>

More information about the liberationtech mailing list