[liberationtech] Need some advice re: online secure communications platform for a survivors group

Miles Fidelman mfidelman at meetinghouse.net
Mon Jul 11 09:32:12 PDT 2016 

That may be - though some of the PGP solutions are pretty close to 
one-click install these days.  The old Napster never seemed to phase 
anybody.  Maybe, whomever is organizing the group needs to spend a 
little time picking a system and writing up a how-to-install checklist.

The reality is that anything that's not encrypted tends to get indexed 
by google - so, if privacy is a concern (as the OP indicated), then any 
standard email list, probably including a google group, is problematic - 
at the very least one has to pay very close attention to configuration, 
and better to not have an archive (hard to do with google groups).

At the very least, go with a service that has registration and strong 
privacy guarantees, or maybe set up a Wordpress or Drupal instance, with 
access limited to registered users.  Point and click on wordpress.com or 
godaddy.

Miles Fidelman


On 7/11/16 11:26 AM, Steve Weis wrote:
> Hello Miles. I think your suggestions are not practical for an ad hoc 
> group of sexual assault survivors. You're talking about them using 
> PGP, downloading open source clients, or using untested blockchain 
> systems. I think for a random group of people, all of these will fail 
> in practice due to poor usability and platform incompatibility. I 
> think there is little benefit to using a P2P system in this case.
>
> Their threat model is against their abusers and potentially media, 
> bloggers, or trolls who pick up on the story. It's not against hosted 
> services like Google or the NSA.
>
> You want something dead simple that works on every platform and 
> managed by an organization with their own security team. I suggested 
> Google Apps because it's battle-tested, easy, and in this use case, 
> free. Yes, Google would see this survivors' group data. They also see 
> a enterprise data -- even from competitors -- that is much more 
> valuable and targeted.
>
> On Mon, Jul 11, 2016 at 5:09 AM Miles Fidelman 
> <mfidelman at meetinghouse.net <mailto:mfidelman at meetinghouse.net>> wrote:
>
>     Personally, I'd recommend staying away from any kind of hosting
>     service
>     - stick with a peer-to-peer system designed for privacy.
>
>     One, really simple notion would be to simply use encrypted email,
>     perhaps over a list server.  It's a pain, but straightforward.  It
>     does,
>     however expose group membership, in the form of email addresses.
>
>
>

-- 
In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160711/3ebf8a20/attachment.html>

More information about the liberationtech mailing list