[liberationtech] Need some advice re: online secure communications platform for a survivors group

Tue Jul 12 11:04:01 PDT 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Perhaps a good balance would be to set up a closed email discussion list
with a host you trust who has strong privacy guarantees as Miles
recommended (Greenhost can provide you with Mailman, or Electric Embers
has a great security reputation). And for sharing files you could use
something like OwnCloud that you can host yourself, or host with someone
you trust.

It doesn't get much more simple than an email discussion list, but you
may need to figure out how to verify people are who they say they are,
for the sake of privacy.

Kristin

On 7/11/16 12:32 PM, Miles Fidelman wrote:
> That may be - though some of the PGP solutions are pretty close to one-click install these days. 
The old Napster never seemed to phase anybody.  Maybe, whomever is
organizing the group needs to spend a little time picking a system and
writing up a how-to-install checklist.
>
> The reality is that anything that's not encrypted tends to get indexed
by google - so, if privacy is a concern (as the OP indicated), then any
standard email list, probably including a google group, is problematic -
at the very least one has to pay very close attention to configuration,
and better to not have an archive (hard to do with google groups).
>
> At the very least, go with a service that has registration and strong
privacy guarantees, or maybe set up a Wordpress or Drupal instance, with
access limited to registered users.  Point and click on wordpress.com or
godaddy.
>
> Miles Fidelman
>
>
> On 7/11/16 11:26 AM, Steve Weis wrote:
>> Hello Miles. I think your suggestions are not practical for an ad hoc
group of sexual assault survivors. You're talking about them using PGP,
downloading open source clients, or using untested blockchain systems. I
think for a random group of people, all of these will fail in practice
due to poor usability and platform incompatibility. I think there is
little benefit to using a P2P system in this case.
>>
>> Their threat model is against their abusers and potentially media,
bloggers, or trolls who pick up on the story. It's not against hosted
services like Google or the NSA.
>>
>> You want something dead simple that works on every platform and
managed by an organization with their own security team. I suggested
Google Apps because it's battle-tested, easy, and in this use case,
free. Yes, Google would see this survivors' group data. They also see a
enterprise data -- even from competitors -- that is much more valuable
and targeted.
>>
>> On Mon, Jul 11, 2016 at 5:09 AM Miles Fidelman
<mfidelman at meetinghouse.net <mailto:mfidelman at meetinghouse.net>> wrote:
>>
>>     Personally, I'd recommend staying away from any kind of hosting
>>     service
>>     - stick with a peer-to-peer system designed for privacy.
>>
>>     One, really simple notion would be to simply use encrypted email,
>>     perhaps over a list server.  It's a pain, but straightforward.  It
>>     does,
>>     however expose group membership, in the form of email addresses.
>>
>>
>>
>
>
>

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXhTERAAoJEEq2H0u+0mY5R5sP/2p2lXBXKXk7XDhlAqaS5qTf
FSyMUe3qIv3+wFHa4Kv0Q3r/4dNAiUwaHKZCuAECgFgi5e22ik/+plZjv/s2gNot
k0SU+wkVMFeH8OCnF8F0XT0fzFibKTUzdlzSldv+RB1UnEhudx/0io9ZJMPf6j3y
dULMaQMQixTxNpI21CKzZPKgyNKq0m5Q+1RlLOACdG/JlJIy6CzMextSdbCLY6bD
88glwuWco9OhmKuIcx+vT9Uk9vcwkMzQ0ypRbESqrFhKayvyJIYlGGggXVVIij0i
VhktjyF5TMwc//rYduWwM8FcjNLSfVQC9GMYTJWgNQBPXxOIqbQ5On3+NDu+tHCL
61USPWLLZBO7VP1NqiGJfS98VOoZ6XiTluytF6yUiyYn3jS29zzxgsqX6Z5VYDRF
faAiu2vbNfIpqW1Ss/YJfhZ2fPfLmutybXvQa2g4dPc2H9uYUZUYxm1jocz0BBs5
vrhsp63eARnn33XRmAaZpNtpaaIGbN0rAWx4aggxRms0WciHKYZqC7qYHvsOAqwh
mivbtFSupw4zIG2fElazBIRrbxQ5nsczlrwv/p4w/5CSwXCk9jB7fDS9+2XB8zoI
8eLPKJ4DdNUTXq3pc8Cpa4EbP5xvGEkNvJLX3rlvYAYL7AvkSZLB6WKtqy75TPF/
8g9pqXc7Nils5c7be7iL
=vV41
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160712/177859f2/attachment.html>