July 2018 - cypherpunks-legacy

Re: [cryptography] can the German government read PGP and ssh traffic?
by Werner Koch 06 Jul '18

06 Jul '18

On Fri, 25 May 2012 17:23, marsh(a)extendedsubset.com said: > Perhaps someone who knows German can better interpret it. What they likely mean is traffic analysis and that for example the Subject in mails is not encrypted. For SSH my guess is that they were able to break accounts by brute force password cracking. Which is not a surprise given that many SSH users believe that ssh automagically make their root account save and continue to use their lame passwords instead of using PK based authentication. The whole thing is the usual disinformation by German secret services at a parliamentarian investigation committee. This committee is about German secret services snooping on mail b leaving and entering the countryb. They seem to use those old Echelon like word lists (sampling 20% of all mails using a list of 16400 different words). Nothing new and likely a copy of what the NSA does for years. For the fun part, we may still be able to annoy them with spooky MIME boundaries. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [INFO] Keep tuned: Script-Kiddie and ilk against Frog
by hung＠plainmail.com 06 Jul '18

06 Jul '18

On 28 Mar 2001 15:05:28 -0000, Frog-Admin threw some more dry wood on his funeral pyre when he wrote: >There is more from "Erwan David" <Erwan.David(a)teaser.fr> , (No doubt some innocent schmuck who made the mistake of sending to Frog/Frog2 without chaining first.) >who belongs to my "short list" of people I suspect to be >the single or collective entity called "Script-Kiddie" Why fret over TLAs,folks? We have our own internal law enforcement: Sheriff Frog-Admin. >HISTORY >"Erwan David" has a long history of terrorizing newbies, >bullying them on NG for whatever reason. >He has a passion to contact abuse departments and try to shut down accounts. >He also likes to propagate false information, > like Frog stopping last Summer because I was bankrupt. >He is very exactly the ilk I was thinking of when I wrote my policy, >and *explicitly* excluded remailer-haters from the benefit of privacy. (snip) >And I warn that occurrence of such posts would immediately >have me send my sworn testimony to the police and judge that >those posts were probably the making of "Erwan David". > >In the meantime, I suggest his ISP that he takes aside every mail sent >by "Erwan David", which would be encrypted to a remailer. >I would be more than happy to decypher my part of it to give >material proof Disgraceful. Frog-Admin protects only himself. He has a resolute intolerance of unpopular speech. He cannot tolerate the very thing a remailer is meant to protect! In contrast, I urge you to read the words of a trustworthy and honorable remop, Randseed Admin Len Sassaman: http://lexx.shinn.net/pipermail/remops/2001-March/000962.html Frog-Admin, Your arrogance will be your downfall. I take comfort in knowing that. Saddle (who now will be added to Frog-Admin's "short-list" if I'm not on it already) --------------------------------------------------- Get free personalized email at http://www.iname.com

1 0

[ANN] SSH Key Manager 1.0 beta
by Yann Bizeul 06 Jul '18

06 Jul '18

Hello guys, I'm releasing the first beta of SSH Key Manager. Basically, it lets you manage ssh-agent and identities (keys) session wide, quite well integrated with OSX (I hope). Full description and download here : http://projects.tynsoe.org/ phpBB3/viewtopic.php?f=13&t=537 Thanks for you past and future help Yann Bizeul - yann at tynsoe.org Cocoa Developer Tynsoe Projects BuddyPop - GeekTool - SSH Tunnel Manager - ... http://projects.tynsoe.org/ _______________________________________________ Cocoa-dev mailing list (Cocoa-dev(a)lists.apple.com) Do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/rah%40shipwright.com This email sent to rah(a)shipwright.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

EDRi-gram newsletter - Number 9.16, 24 August 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.16, 24 August 2011 ============================================================ Contents ============================================================ 1. EDRi responds to European Commission consultation on gambling 2. UK riots give birth to the idea of suspending social media services 3. German DPA asks for the removal of Facebook "like" button 4. Turkey postpones its Internet filtering plans 5. No effective sanction for Police abuse of Irish data retention system 6. US Hotline reports vast improvements in removal of child abuse websites 7. Copyright industry obtains court injunction against BT to block website 8. Recommended Action 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. EDRi responds to European Commission consultation on gambling ============================================================ European Digital Rights responded to the European Commission consultation on online gambling. As previously reported, an early draft of the consultation document appeared to be in favour of blocking, in principle, but recognised the failings of this approach, which it described as "challenging," "costly" and "ineffective". The final version of the consultation document was more neutral, simply asking about existing schemes, effectiveness and ISP liability. The Commission finds itself in a difficult position with regard to this consultation because it is looking at the issue of online gambling with regard to protectionism of domestic services by Member States, real and perceived dangers with regard to gambling addiction and organised crime (money laundering and fraud, in particular) - without any clear idea either from the Commission or the Member States as regards the relative importance of each issue. The situation is made even more complicated by Member States that claim to be in favour of blocking of foreign (including those legally registered in other EU Member States and non-EU ) websites for consumer protection reasons while their real motivation is simple, old-fashioned protectionism. Belgium provides the best example of this - on the one hand, it allowed blatantly fraudulent TV-based games to remain in operation for years (as shockingly illustrated by the Basta documentary team) and, on the other, it will launch a blocking system in January to "protect consumers." Rumours are that the main target of the blocking system is a fully legal and registered British website deemed to offer too much competition to Belgian services. Similarly, blocking in France "protects" French consumers from services in Britain which give significantly higher returns to gamblers compared with French services. A further layer of complexity is added by a lack of clarity as to how the blocking would be done. The Commission only refers to DNS blocking and "IP blocking" (it is not clear if this means IP address blocking by the intermediary or geographic blocking by the sites themselves). Blocking via deep packet inspection, as appears possible in France in the short-to medium-term is not discussed. In short, the Commission was consulting in order to address one or more of the problems mentioned above, with no clear prioritisation, and assessed one blocking solution (DNS blocking) and one unclear solution ("IP blocking"), while ignoring another (deep packet inspection). EDRi's response looks at the necessity and proportionality of blocking in relation to each of the possible motivations that are mentioned by the Commission and in relation to each of the technologies listed by the Commission, as well as deep packet inspection. Our view is that blocking is not the "least restrictive alternative" in any of the possible scenarios and that blocking of gambling sites in order to protect domestic services from competition is a blatant and unacceptable affront to the most basic principles on which the European Union is based. Consultation document - Green Paper: On on-line gambling in the Internal Market (24.03.2011) http://ec.europa.eu/internal_market/consultations/docs/2011/online_gambling… EDRi's consultation response (29.07.2011) http://www.edri.org/files/110729_gamblingconsultation_EDRI.pdf Basta documentary (only in Dutch) http://www.een.be/programmas/basta/de-mol-in-het-belspel EDRi-gram: EC's leak describes blocking as "challenging", "costly" and ineffective (26.01.2011) http://www.edri.org/edrigram/number9.2/blocking-commission-gambling (Contribution by Joe McNamee - EDRi) ============================================================ 2. UK riots give birth to the idea of suspending social media services ============================================================ The recent riots that have taken place in the UK have initiated a wave of statements from officials on the necessity to shut down or suspend access of UK citizens to certain social media services. The Metropolitan Police Service confirmed that it considered shutting off some social media sites: "The MPS did consider whether social media sites could be closed during the disorder but police do not have the facilities or the legislation to enable this." David Lammy, the parliamentary representative for the London district of Tottenham, went so far as to ask BlackBerry to consider suspending its messaging service. Even the prime minister David Cameron in his speech in the House of Commons indicated that there was a need to find a way to stop people from communicating via such services: "Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality." Privacy campaigners such as Open Rights Group (ORG) are concerned about the precedent that might be created by this situation and the possible abuse of powers by the authorities. "Events like the recent riots are frequently used to attack civil liberties," said Jim Killock, executive director of ORG who added: "Policing should be targeted at actual offenders, with the proper protection of the courts. How do people 'know' when someone is planning to riot? Who makes that judgement? The only realistic answer is the courts must judge. If court procedures are not used, then we will quickly see abuses by private companies and police. Citizens also have the right to secure communications. Business, politics and free speech relies on security and privacy. David Cameron must be careful not to attack these fundamental needs because of concerns about the actions of a small minority". Reporters Without Borders urged the British authorities "to rule out any possibility of shutting down or drastically restricting the use of social networks such as Facebook and Twitter". The NGO also expressed its concern on the personal data provided by Research in Motion (RIM) - the Canadian manufacturer of the popular BlackBerry smartphone - the validity of the data as evidence and the legality of the way it was acquired. Reporters Without Borders declared that "(it) is not minimizing the gravity of the situation in the United Kingdom and the urgency of the need to restore order, but it believes that the provision of personal data to the police sets a disturbing precedent in a western country and could have significant consequences as regards setting an example for others kinds of government." The tendency is even more concerning, as a study on the effects of censorships published by AntonioCasilli from Telecom ParisTech and EHESS of Paris, Paola Tubaro from Greenwich University, revealed that, actually, censoring of the Internet and communication is a factor that increases the violence of riots. The hypothesis is verified by the situation in Tunis where the censoring of the Internet precipitated Ben Ali's fall and in Egypt where the total cut off of the Internet led to the civil uprisings against Hosni Mubarak. Concern that social networks to be targeted as BlackBerry helps British police identify rioters (12.08.2011) http://en.rsf.org/united-kingdom-concern-that-social-networks-to-be-12-08-2… Social media information helped prevent some riot damage, police say (17.08.2011) http://out-law.com/page-12161 Rioters' access to social media could be stopped, Government says (12.08.2011) http://out-law.com/page-12148 Prime Minister's attack on social media unwarranted (11.08.2011) http://www.openrightsgroup.org/blog/2011/david-cameron A study reaches the conclusion that Internet censuring increases the riots (only in French, 18.08.2011) http://www.numerama.com/magazine/19585-une-etude-conclut-que-la-censure-du-… ============================================================ 3. German DPA asks for the removal of Facebook "like" button ============================================================ Thilo Weichert, the German data protection commissioner from the Independent Center for Privacy Protection (ULD) - the Data Protection Authority (DPA) from the state of Schleswig-Holstein, on 19 August 2011 called on website owners in his north German state to remove Facebook "like" buttons by the end of September 2011 or possibly face a fine. Weichert stated that, according to a thorough legal and technical analysis by ULD, when people use the "like" button on Facebook pages, traffic and content data are transferred to Facebook's US-based servers. "Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years. Facebook builds a broad individual - and for members even a personalized - profile," stated Weichert. ULD considers that such a profiling infringes German and European data protection law. In this case, if the website owners in the respective German state do not comply with the request, ULD, after performing the hearing and administrative procedure, may place a formal complaint, a prohibition order as well as a penalty fine that may reach 50 000 Euro. "We firmly reject any assertion that Facebook is not compliant with EU data-protection standards. The Facebook 'like' button is such a popular feature because people have complete control over how their information is shared through it," was Facebook spokesman Andrew Noyes's statement. Facebook admitted the "Like" button could pass on information such as user IP addresses, but said the data was deleted after 90 days according to the industry standard. Having strict online privacy policies, Germany has had several issues with Facebook lately. German data protection authorities also said Facebook's new facial recognition feature was illegal and asked the site to remove it and delete all related information. They also demanded that network users get more control over their e-mail address books in the "Friend Finder" tool. ULD to website owners: "Deactivate Facebook web analytics" (19.08.2011) https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm Facebook 'like' button declared illegal (19.08.2011) http://www.thelocal.de/sci-tech/20110819-37073.html In his statement, Weichert German official: Ditch Facebook's 'like' buttons (19.08.2011) http://articles.cnn.com/2011-08-19/tech/facebook.germany.like_1_facebook-ac… Germany vs. Facebook: Like Button Declared Illegal, Sites Threatened With Fine (19.08.2011) http://siliconfilter.com/germany-vs-facebook-like-button-declared-illegal-s… EDRi-gram: Facebook's face recognition raises privacy complaints (15.06.2011) http://www.edri.org/edrigram/number9.12/facebook-face-recognition-privacy ============================================================ 4. Turkey postpones its Internet filtering plans ============================================================ Having been fiercely criticized since May 2011 over its Internet filtering system (Procedures and Principles regarding Safe Internet Use) planned to be imposed on 22 August, the Information Technologies Board (BTK) has decided to delay the introduction of the system till 22 November 2011 and to reduce the number of filters that are now said to cover adult content. The government's plan was to force Internet users to choose from among a list of filtering packages meant to block certain unspecified websites. Under the modified version, Turkish Internet users will no longer be obliged to install the BTK filtering software on their computers and the number of alternative versions of the software has been reduced from four to two ("family" and "child"). Also, under the new version, filtering is optional. A subscriber who does not want to choose an Internet profile to be brought to the BTK will be able to access the Internet without a profile or filtering system. The BTK's changes follow recommendations from the Internet Council, which is a part of the Transportation and Communications Ministry. Serhat Vzeren, the head of the Internet Council stated for the Anatolia news agency that BTK had paid attention to the opinions and proposals of civil society when revising the regulation adding that the introduction of the regulations had been postponed in order to give time for service providers to prepare their infrastructure for the new system. The criteria for the two optional Internet profiles would be determined soon and would be periodically updated. Turkey backtracks on controversial Internet filtering plans (5.08.2011) http://www.todayszaman.com/news-252787-turkey-backtracks-on-controversial-i… In Turkey, Proposed Internet Filters Stir Protests (9.08.2011) http://www.npr.org/2011/08/09/139239928/in-turkey-proposed-internet-filters… Internet agency retreats on filtering, but does not give up (10.08.2011) http://en.rsf.org/turkey-government-agency-wants-to-install-06-05-2011,4023… EDRi-gram: Don't use "crispy" on the Turkish Internet! (4.05.2011) http://www.edri.org/edrigram/number9.9/turkey-blocks-138-words-internet ============================================================ 5. No effective sanction for Police abuse of Irish data retention system ============================================================ Recent media reports have confirmed that an Irish Garda (Police) detective sergeant will not face criminal prosecution and will keep her job despite abusing the data retention system to spy on an ex-boyfriend. In November 2010 the annual report of the judge who oversees the Irish data retention system confirmed media reports that the sergeant, who then worked in the Garda intelligence division, had abused her position by accessing the phone records of her former boyfriend, tracking details of his communications. It appears that this came to light when the former boyfriend became suspicious that she knew about calls which he had made since they separated, and not as the result of any internal audit or other safeguards. Following a Garda investigation, the Director of Public Prosecutions has directed that no criminal charges will be brought against the sergeant, and after an internal disciplinary process she will retain her job. Despite this abuse of trust, the sergeant has been transferred to the Garda Special Branch, an anti-terrorist division within the police force, where she will continue to have access to sensitive information. The matter was also referred to the independent Garda Siochana Ombudsman Commission which decided not to investigate the matter further. A number of significant questions are left unanswered. In relation to the specific case: Why was no prosecution brought? Why was it considered appropriate to leave a person found to have abused sensitive records in a position of responsibility, much less the Special Branch? Why was this person not dismissed? More general questions are also raised: Was this part of a wider pattern of abuse? Is there an adequate internal audit trail of data retention requests? If so, who is responsible for reviewing that trail? Does the designated judge access a sample of requests from the preceding year to ensure that the surveillance was appropriate? If not, what other steps are taken to review the approximately 15 000 data retention requests which are made every year? Given the lack of adequate sanctions for this abuse and the failure of either the designated judge or the Department of Justice to provide answers to these questions it is hard to see how the Irish public can be expected to have any confidence in the data retention system. Report of the Designated Judge (26.01.2010) http://www.scribd.com/doc/58099350/Interception-and-Data-Retention-Annual-R… Judge's report reveals allegations that Garda used phone records to spy on her ex (20.02.2011) http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.ht… Garda detective quizzed for 'spying on her ex', Mail on Sunday, (27.06.2011) Garda accused of bugging her ex-boyfriend, The Sunday Times, (20.02.2011) Garda who spied on her boyfriend will keep job, The Sunday Times, (14.08.2011) (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 6. US Hotline reports vast improvements in removal of child abuse websites ============================================================ In the course of the past year the US National Centre for Missing and Exploited Children (NCMEC) made huge improvements in its handling of both domestic and international reports of web-based child abuse material. These sudden and huge improvements come at a time when both the European Commission and individual member states, Germany in particular, have increased their international efforts to address child abuse crimes at source, rather than relying on addressing the symptoms through measures such as web blocking. These efforts are, in large part, the result of anti-blocking campaigns on national and EU level. Although still far from perfect (with regard to due press of law and anonymous reporting, in particular), the US has moved from being widely considered to being a "safe haven" for such material to introducing diligent procedures that are significantly better than those in the EU on a number of fronts. The raw data are impressive. In May 2010, it was taking an average of 6.85 days to process complaints (94% of reports concerned legal material) while in May 2011, this delay had been reduced to 0.91 days. The amount of time to have the websites disabled was also impressively reduced, from 5.09 days to 1.99 days over the same period. Both the EU and US systems suffer from the serious problem that sites are removed without judicial order, thereby circumventing both due process of law and also the automatic involvement of law enforcement authorities, despite the seriousness of the crimes depicted on the websites. It is inexplicable and sad that child abuse appears to be the only crime in society where it is normal and accepted that evidence can be posted on the Internet and not investigated and where due process of law is not an automatic reaction to compelling evidence of the crime being found. Ironically, the quicker the "takedown" happens, the greater the risk that law enforcement authorities will feel able to devote their resources to other priorities, leaving the criminals with an effective licence to commit their crimes again. However, the US system "freezes" the site, storing all of the data that could be used by law enforcement authorities whereas the European approach is to simply delete the sites. The European approach therefore often works on the assumption that there will not be an investigation, that there will not be an effort to identify the victims, the owner of the site and the users of the site and, crucially, removes any pressure on law enforcement authorities to take action. It is to be hoped that the US approach will lead to statistics being produced to show how many times the disabling of the websites is not followed up by law enforcement authorities - such statistics should help focus politicians' minds on the crimes going uninvestigated and unpunished. In the EU, European hotlines are contractually obliged by the European Commission to produce statistics and, since last year, required to publish public statistics. Despite this, there is very little information available apart from the limited data provided by the Irish Internet Hotline and the Internet Watch Foundation (UK) and the thorough and impressive data produced by the ISPA Stopline in Austria. In the absence of such information, policy-makers, as shown all too clearly in the blocking debate, are forced to make policy without the data needed to make informed decisions. NCMEC: URL reports to the CyberTipline and average # of days for staff to process http://www.edri.org/files/ncmec-1.pdf NCMEC Notice Tracking System http://www.edri.org/files/ncmec-2.pdf NCMEC Notice Tracking Statistics http://www.edri.org/files/ncmec-3.pdf Irish Internet Hotline http://www.hotline.ie Internet Watch Foundation http://www.iwf.org.uk ISPA Austria Stopline http://www.stopline.at (Contribution by Joe McNamee - EDRi) ============================================================ 7. Copyright industry obtains court injunction against BT to block website ============================================================ In a dangerous precedent, on 28 July 2011, an UK High Court judge ruled that British Telecom (BT), the UK largest ISP, had to prevent its customers from accessing Newzbin 2, a website searching Usenet and providing links to lots of films, books and music - most of which infringe copyright. The case was brought to court by six major film studios, including Warner Brothers, Disney and Fox. BT will have to use in this case the technology it has developed to block access to websites featuring images of child abuse. According to Section 97A of the Copyright, Designs and Patents Act, UK courts have the power to grant an injunction against an ISP if it had actual knowledge that someone had used its service to infringe copyright. The judge in this case rejected Newzbin's argument that it was merely providing search results. "In my judgement it follows that BT has actual knowledge of other persons using its service to infringe copyright: it knows that the users and operators of Newzbin 2 infringe copyright on a large scale, and in particular infringe the copyrights of the Studios in large numbers of their films and television programmes," he said. As Article19 has pointed out, the judge ordered BT to block its subscribers from using Newzbin.com even for legitimate purposes, and concluded that the intellectual property rights of the rights holders "clearly outweighed" the freedom of expression rights of the users of Newzbin.com, and "even more clearly" those of the operators of Newzbin.com. Also, Article19 underlined that the high court order is very likely in breach of international standards for the protection of freedom of expression, particularly of the proportionality principle and considers it has set too low the threshold for ordering blocking, it does not properly balance the right to property with the right to freedom of expression, and shows no consideration for the chilling effect of the measure. Ordering the blocking of an entire domain name, and not of specific web-pages, is also considered to be in breach of the requirement for necessity in international law. BT also argued against blocking an entire website suggesting it would be more proportionate for the studios to provide a list of specific web-pages to be blocked but the argument was rejected by the court. Other campaigners, such as EDRi-member ORG, consider the decision as "pointless and dangerous". The worst part of this decision is that actually the court does not really care if the technical blocking really works or not. The judge wrote: "I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users". ORG also raised the concern that this precedent might be a first step for future blocking injunctions. It also tried to emphasized that "blocking should not be seen as an easy fix for complex social problems." Following this victory, the studios now intend to seek similar orders against other large ISPs in the UK. . High Court forces BT to block links to pirate site (28.07.2011) http://www.out-law.com/page-12117 Will Newzbin be blocked? (28.07.2011) http://www.lightbluetouchpaper.org/2011/07/28/will-newzbin-be-blocked/ A big week for copyright in the courts (2.08.2011) http://www.openrightsgroup.org/blog/2011/a-big-week-for-copyright-in-the-co… England and Wales: blocking website sets bad international precedent (1.08.2011) http://www.article19.org/resources.php/resource/2508/en/england-and-wales:-… ============================================================ 8. Recommended Action ============================================================ Survey that gathers the views of internet users from all EU countries on the use of personal information, privacy, and giving consent online. This survey is part of the CONSENT project - a collaborative project co-funded by the European Commission under the FP7 programme. http://bit.ly/Survey-CONSENT ============================================================ 9. Recommended Reading ============================================================ UK: Protecting information privacy - Equality and Human Rights Commission Research report 69 (Summer 2011) http://www.equalityhumanrights.com/uploaded_files/research/rr69.pdf ============================================================ 10. Agenda ============================================================ 7 September 2011, Berlin, Germany Balancing the interests in the context of data retention http://www.uni-kassel.de/einrichtungen/iteg/forschung/invodas/invodas-absch… 8-9 September 2011, Brussels, Belgium 6th Annual Conference of the European Policy for Intellectual Property Fine-Tuning IPR debates http://www.epip.eu/conferences/epip06/ 10-17 September 2011 Freedom Not Fear - International Action Week http://www.freedomnotfear.org 16-18 September 2011, Warsaw, Poland Creative Commons Global Summit 2011 http://wiki.creativecommons.org/Global_Summit_2011 16 September 2011, Leeds, UK Conference "Human Rights in the Digital Era" http://digitalrights.leeds.ac.uk 27-30 September 2011, Nairobi, Kenya Sixth Annual IGF Meeting: Internet as a catalyst for change: access, development, freedoms and innovation http://www.intgovforum.org/cms/nairobipreparatory 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 13-14 October 2011, Lisbon, Portugal 2nd International Graduate Conference in Communication and Culture: The Culture of Remix http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of_remi… 20-21 October 2011, Warsaw, Poland Open Govrenment Data Camp http://opengovernmentdata.org/camp2011/ 27-30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ 9 November 2011, Bucharest, Romania Inet Conference: Access, Trust and Freedom: Coordinates for future Internet http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml 11-13 November 2011, Gothenburg, Sweden FSCONS is the Nordic countries' largest gathering for free culture, free software and a free society. http://fscons.org/ 25-27 January 2012, Brussels, Belgium Computers, Privacy and Data Protection 2012 http://www.cpdpconferences.org/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. This EDRi-gram has been published with financial support from the EU's Fundamental Rights and Citizenship Programme. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [INFO] Keep tuned: Script-Kiddie and ilk against Frog
by hung＠plainmail.com 06 Jul '18

06 Jul '18

On 28 Mar 2001 15:05:28 -0000, Frog-Admin threw some more dry wood on his funeral pyre when he wrote: >There is more from "Erwan David" <Erwan.David(a)teaser.fr> , (No doubt some innocent schmuck who made the mistake of sending to Frog/Frog2 without chaining first.) >who belongs to my "short list" of people I suspect to be >the single or collective entity called "Script-Kiddie" Why fret over TLAs,folks? We have our own internal law enforcement: Sheriff Frog-Admin. >HISTORY >"Erwan David" has a long history of terrorizing newbies, >bullying them on NG for whatever reason. >He has a passion to contact abuse departments and try to shut down accounts. >He also likes to propagate false information, > like Frog stopping last Summer because I was bankrupt. >He is very exactly the ilk I was thinking of when I wrote my policy, >and *explicitly* excluded remailer-haters from the benefit of privacy. (snip) >And I warn that occurrence of such posts would immediately >have me send my sworn testimony to the police and judge that >those posts were probably the making of "Erwan David". > >In the meantime, I suggest his ISP that he takes aside every mail sent >by "Erwan David", which would be encrypted to a remailer. >I would be more than happy to decypher my part of it to give >material proof Disgraceful. Frog-Admin protects only himself. He has a resolute intolerance of unpopular speech. He cannot tolerate the very thing a remailer is meant to protect! In contrast, I urge you to read the words of a trustworthy and honorable remop, Randseed Admin Len Sassaman: http://lexx.shinn.net/pipermail/remops/2001-March/000962.html Frog-Admin, Your arrogance will be your downfall. I take comfort in knowing that. Saddle (who now will be added to Frog-Admin's "short-list" if I'm not on it already) --------------------------------------------------- Get free personalized email at http://www.iname.com

1 0

[ANN] SSH Key Manager 1.0 beta
by Yann Bizeul 06 Jul '18

06 Jul '18

Hello guys, I'm releasing the first beta of SSH Key Manager. Basically, it lets you manage ssh-agent and identities (keys) session wide, quite well integrated with OSX (I hope). Full description and download here : http://projects.tynsoe.org/ phpBB3/viewtopic.php?f=13&t=537 Thanks for you past and future help Yann Bizeul - yann at tynsoe.org Cocoa Developer Tynsoe Projects BuddyPop - GeekTool - SSH Tunnel Manager - ... http://projects.tynsoe.org/ _______________________________________________ Cocoa-dev mailing list (Cocoa-dev(a)lists.apple.com) Do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/rah%40shipwright.com This email sent to rah(a)shipwright.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

EDRi-gram newsletter - Number 9.16, 24 August 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.16, 24 August 2011 ============================================================ Contents ============================================================ 1. EDRi responds to European Commission consultation on gambling 2. UK riots give birth to the idea of suspending social media services 3. German DPA asks for the removal of Facebook "like" button 4. Turkey postpones its Internet filtering plans 5. No effective sanction for Police abuse of Irish data retention system 6. US Hotline reports vast improvements in removal of child abuse websites 7. Copyright industry obtains court injunction against BT to block website 8. Recommended Action 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. EDRi responds to European Commission consultation on gambling ============================================================ European Digital Rights responded to the European Commission consultation on online gambling. As previously reported, an early draft of the consultation document appeared to be in favour of blocking, in principle, but recognised the failings of this approach, which it described as "challenging," "costly" and "ineffective". The final version of the consultation document was more neutral, simply asking about existing schemes, effectiveness and ISP liability. The Commission finds itself in a difficult position with regard to this consultation because it is looking at the issue of online gambling with regard to protectionism of domestic services by Member States, real and perceived dangers with regard to gambling addiction and organised crime (money laundering and fraud, in particular) - without any clear idea either from the Commission or the Member States as regards the relative importance of each issue. The situation is made even more complicated by Member States that claim to be in favour of blocking of foreign (including those legally registered in other EU Member States and non-EU ) websites for consumer protection reasons while their real motivation is simple, old-fashioned protectionism. Belgium provides the best example of this - on the one hand, it allowed blatantly fraudulent TV-based games to remain in operation for years (as shockingly illustrated by the Basta documentary team) and, on the other, it will launch a blocking system in January to "protect consumers." Rumours are that the main target of the blocking system is a fully legal and registered British website deemed to offer too much competition to Belgian services. Similarly, blocking in France "protects" French consumers from services in Britain which give significantly higher returns to gamblers compared with French services. A further layer of complexity is added by a lack of clarity as to how the blocking would be done. The Commission only refers to DNS blocking and "IP blocking" (it is not clear if this means IP address blocking by the intermediary or geographic blocking by the sites themselves). Blocking via deep packet inspection, as appears possible in France in the short-to medium-term is not discussed. In short, the Commission was consulting in order to address one or more of the problems mentioned above, with no clear prioritisation, and assessed one blocking solution (DNS blocking) and one unclear solution ("IP blocking"), while ignoring another (deep packet inspection). EDRi's response looks at the necessity and proportionality of blocking in relation to each of the possible motivations that are mentioned by the Commission and in relation to each of the technologies listed by the Commission, as well as deep packet inspection. Our view is that blocking is not the "least restrictive alternative" in any of the possible scenarios and that blocking of gambling sites in order to protect domestic services from competition is a blatant and unacceptable affront to the most basic principles on which the European Union is based. Consultation document - Green Paper: On on-line gambling in the Internal Market (24.03.2011) http://ec.europa.eu/internal_market/consultations/docs/2011/online_gambling… EDRi's consultation response (29.07.2011) http://www.edri.org/files/110729_gamblingconsultation_EDRI.pdf Basta documentary (only in Dutch) http://www.een.be/programmas/basta/de-mol-in-het-belspel EDRi-gram: EC's leak describes blocking as "challenging", "costly" and ineffective (26.01.2011) http://www.edri.org/edrigram/number9.2/blocking-commission-gambling (Contribution by Joe McNamee - EDRi) ============================================================ 2. UK riots give birth to the idea of suspending social media services ============================================================ The recent riots that have taken place in the UK have initiated a wave of statements from officials on the necessity to shut down or suspend access of UK citizens to certain social media services. The Metropolitan Police Service confirmed that it considered shutting off some social media sites: "The MPS did consider whether social media sites could be closed during the disorder but police do not have the facilities or the legislation to enable this." David Lammy, the parliamentary representative for the London district of Tottenham, went so far as to ask BlackBerry to consider suspending its messaging service. Even the prime minister David Cameron in his speech in the House of Commons indicated that there was a need to find a way to stop people from communicating via such services: "Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality." Privacy campaigners such as Open Rights Group (ORG) are concerned about the precedent that might be created by this situation and the possible abuse of powers by the authorities. "Events like the recent riots are frequently used to attack civil liberties," said Jim Killock, executive director of ORG who added: "Policing should be targeted at actual offenders, with the proper protection of the courts. How do people 'know' when someone is planning to riot? Who makes that judgement? The only realistic answer is the courts must judge. If court procedures are not used, then we will quickly see abuses by private companies and police. Citizens also have the right to secure communications. Business, politics and free speech relies on security and privacy. David Cameron must be careful not to attack these fundamental needs because of concerns about the actions of a small minority". Reporters Without Borders urged the British authorities "to rule out any possibility of shutting down or drastically restricting the use of social networks such as Facebook and Twitter". The NGO also expressed its concern on the personal data provided by Research in Motion (RIM) - the Canadian manufacturer of the popular BlackBerry smartphone - the validity of the data as evidence and the legality of the way it was acquired. Reporters Without Borders declared that "(it) is not minimizing the gravity of the situation in the United Kingdom and the urgency of the need to restore order, but it believes that the provision of personal data to the police sets a disturbing precedent in a western country and could have significant consequences as regards setting an example for others kinds of government." The tendency is even more concerning, as a study on the effects of censorships published by AntonioCasilli from Telecom ParisTech and EHESS of Paris, Paola Tubaro from Greenwich University, revealed that, actually, censoring of the Internet and communication is a factor that increases the violence of riots. The hypothesis is verified by the situation in Tunis where the censoring of the Internet precipitated Ben Ali's fall and in Egypt where the total cut off of the Internet led to the civil uprisings against Hosni Mubarak. Concern that social networks to be targeted as BlackBerry helps British police identify rioters (12.08.2011) http://en.rsf.org/united-kingdom-concern-that-social-networks-to-be-12-08-2… Social media information helped prevent some riot damage, police say (17.08.2011) http://out-law.com/page-12161 Rioters' access to social media could be stopped, Government says (12.08.2011) http://out-law.com/page-12148 Prime Minister's attack on social media unwarranted (11.08.2011) http://www.openrightsgroup.org/blog/2011/david-cameron A study reaches the conclusion that Internet censuring increases the riots (only in French, 18.08.2011) http://www.numerama.com/magazine/19585-une-etude-conclut-que-la-censure-du-… ============================================================ 3. German DPA asks for the removal of Facebook "like" button ============================================================ Thilo Weichert, the German data protection commissioner from the Independent Center for Privacy Protection (ULD) - the Data Protection Authority (DPA) from the state of Schleswig-Holstein, on 19 August 2011 called on website owners in his north German state to remove Facebook "like" buttons by the end of September 2011 or possibly face a fine. Weichert stated that, according to a thorough legal and technical analysis by ULD, when people use the "like" button on Facebook pages, traffic and content data are transferred to Facebook's US-based servers. "Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years. Facebook builds a broad individual - and for members even a personalized - profile," stated Weichert. ULD considers that such a profiling infringes German and European data protection law. In this case, if the website owners in the respective German state do not comply with the request, ULD, after performing the hearing and administrative procedure, may place a formal complaint, a prohibition order as well as a penalty fine that may reach 50 000 Euro. "We firmly reject any assertion that Facebook is not compliant with EU data-protection standards. The Facebook 'like' button is such a popular feature because people have complete control over how their information is shared through it," was Facebook spokesman Andrew Noyes's statement. Facebook admitted the "Like" button could pass on information such as user IP addresses, but said the data was deleted after 90 days according to the industry standard. Having strict online privacy policies, Germany has had several issues with Facebook lately. German data protection authorities also said Facebook's new facial recognition feature was illegal and asked the site to remove it and delete all related information. They also demanded that network users get more control over their e-mail address books in the "Friend Finder" tool. ULD to website owners: "Deactivate Facebook web analytics" (19.08.2011) https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm Facebook 'like' button declared illegal (19.08.2011) http://www.thelocal.de/sci-tech/20110819-37073.html In his statement, Weichert German official: Ditch Facebook's 'like' buttons (19.08.2011) http://articles.cnn.com/2011-08-19/tech/facebook.germany.like_1_facebook-ac… Germany vs. Facebook: Like Button Declared Illegal, Sites Threatened With Fine (19.08.2011) http://siliconfilter.com/germany-vs-facebook-like-button-declared-illegal-s… EDRi-gram: Facebook's face recognition raises privacy complaints (15.06.2011) http://www.edri.org/edrigram/number9.12/facebook-face-recognition-privacy ============================================================ 4. Turkey postpones its Internet filtering plans ============================================================ Having been fiercely criticized since May 2011 over its Internet filtering system (Procedures and Principles regarding Safe Internet Use) planned to be imposed on 22 August, the Information Technologies Board (BTK) has decided to delay the introduction of the system till 22 November 2011 and to reduce the number of filters that are now said to cover adult content. The government's plan was to force Internet users to choose from among a list of filtering packages meant to block certain unspecified websites. Under the modified version, Turkish Internet users will no longer be obliged to install the BTK filtering software on their computers and the number of alternative versions of the software has been reduced from four to two ("family" and "child"). Also, under the new version, filtering is optional. A subscriber who does not want to choose an Internet profile to be brought to the BTK will be able to access the Internet without a profile or filtering system. The BTK's changes follow recommendations from the Internet Council, which is a part of the Transportation and Communications Ministry. Serhat Vzeren, the head of the Internet Council stated for the Anatolia news agency that BTK had paid attention to the opinions and proposals of civil society when revising the regulation adding that the introduction of the regulations had been postponed in order to give time for service providers to prepare their infrastructure for the new system. The criteria for the two optional Internet profiles would be determined soon and would be periodically updated. Turkey backtracks on controversial Internet filtering plans (5.08.2011) http://www.todayszaman.com/news-252787-turkey-backtracks-on-controversial-i… In Turkey, Proposed Internet Filters Stir Protests (9.08.2011) http://www.npr.org/2011/08/09/139239928/in-turkey-proposed-internet-filters… Internet agency retreats on filtering, but does not give up (10.08.2011) http://en.rsf.org/turkey-government-agency-wants-to-install-06-05-2011,4023… EDRi-gram: Don't use "crispy" on the Turkish Internet! (4.05.2011) http://www.edri.org/edrigram/number9.9/turkey-blocks-138-words-internet ============================================================ 5. No effective sanction for Police abuse of Irish data retention system ============================================================ Recent media reports have confirmed that an Irish Garda (Police) detective sergeant will not face criminal prosecution and will keep her job despite abusing the data retention system to spy on an ex-boyfriend. In November 2010 the annual report of the judge who oversees the Irish data retention system confirmed media reports that the sergeant, who then worked in the Garda intelligence division, had abused her position by accessing the phone records of her former boyfriend, tracking details of his communications. It appears that this came to light when the former boyfriend became suspicious that she knew about calls which he had made since they separated, and not as the result of any internal audit or other safeguards. Following a Garda investigation, the Director of Public Prosecutions has directed that no criminal charges will be brought against the sergeant, and after an internal disciplinary process she will retain her job. Despite this abuse of trust, the sergeant has been transferred to the Garda Special Branch, an anti-terrorist division within the police force, where she will continue to have access to sensitive information. The matter was also referred to the independent Garda Siochana Ombudsman Commission which decided not to investigate the matter further. A number of significant questions are left unanswered. In relation to the specific case: Why was no prosecution brought? Why was it considered appropriate to leave a person found to have abused sensitive records in a position of responsibility, much less the Special Branch? Why was this person not dismissed? More general questions are also raised: Was this part of a wider pattern of abuse? Is there an adequate internal audit trail of data retention requests? If so, who is responsible for reviewing that trail? Does the designated judge access a sample of requests from the preceding year to ensure that the surveillance was appropriate? If not, what other steps are taken to review the approximately 15 000 data retention requests which are made every year? Given the lack of adequate sanctions for this abuse and the failure of either the designated judge or the Department of Justice to provide answers to these questions it is hard to see how the Irish public can be expected to have any confidence in the data retention system. Report of the Designated Judge (26.01.2010) http://www.scribd.com/doc/58099350/Interception-and-Data-Retention-Annual-R… Judge's report reveals allegations that Garda used phone records to spy on her ex (20.02.2011) http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.ht… Garda detective quizzed for 'spying on her ex', Mail on Sunday, (27.06.2011) Garda accused of bugging her ex-boyfriend, The Sunday Times, (20.02.2011) Garda who spied on her boyfriend will keep job, The Sunday Times, (14.08.2011) (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 6. US Hotline reports vast improvements in removal of child abuse websites ============================================================ In the course of the past year the US National Centre for Missing and Exploited Children (NCMEC) made huge improvements in its handling of both domestic and international reports of web-based child abuse material. These sudden and huge improvements come at a time when both the European Commission and individual member states, Germany in particular, have increased their international efforts to address child abuse crimes at source, rather than relying on addressing the symptoms through measures such as web blocking. These efforts are, in large part, the result of anti-blocking campaigns on national and EU level. Although still far from perfect (with regard to due press of law and anonymous reporting, in particular), the US has moved from being widely considered to being a "safe haven" for such material to introducing diligent procedures that are significantly better than those in the EU on a number of fronts. The raw data are impressive. In May 2010, it was taking an average of 6.85 days to process complaints (94% of reports concerned legal material) while in May 2011, this delay had been reduced to 0.91 days. The amount of time to have the websites disabled was also impressively reduced, from 5.09 days to 1.99 days over the same period. Both the EU and US systems suffer from the serious problem that sites are removed without judicial order, thereby circumventing both due process of law and also the automatic involvement of law enforcement authorities, despite the seriousness of the crimes depicted on the websites. It is inexplicable and sad that child abuse appears to be the only crime in society where it is normal and accepted that evidence can be posted on the Internet and not investigated and where due process of law is not an automatic reaction to compelling evidence of the crime being found. Ironically, the quicker the "takedown" happens, the greater the risk that law enforcement authorities will feel able to devote their resources to other priorities, leaving the criminals with an effective licence to commit their crimes again. However, the US system "freezes" the site, storing all of the data that could be used by law enforcement authorities whereas the European approach is to simply delete the sites. The European approach therefore often works on the assumption that there will not be an investigation, that there will not be an effort to identify the victims, the owner of the site and the users of the site and, crucially, removes any pressure on law enforcement authorities to take action. It is to be hoped that the US approach will lead to statistics being produced to show how many times the disabling of the websites is not followed up by law enforcement authorities - such statistics should help focus politicians' minds on the crimes going uninvestigated and unpunished. In the EU, European hotlines are contractually obliged by the European Commission to produce statistics and, since last year, required to publish public statistics. Despite this, there is very little information available apart from the limited data provided by the Irish Internet Hotline and the Internet Watch Foundation (UK) and the thorough and impressive data produced by the ISPA Stopline in Austria. In the absence of such information, policy-makers, as shown all too clearly in the blocking debate, are forced to make policy without the data needed to make informed decisions. NCMEC: URL reports to the CyberTipline and average # of days for staff to process http://www.edri.org/files/ncmec-1.pdf NCMEC Notice Tracking System http://www.edri.org/files/ncmec-2.pdf NCMEC Notice Tracking Statistics http://www.edri.org/files/ncmec-3.pdf Irish Internet Hotline http://www.hotline.ie Internet Watch Foundation http://www.iwf.org.uk ISPA Austria Stopline http://www.stopline.at (Contribution by Joe McNamee - EDRi) ============================================================ 7. Copyright industry obtains court injunction against BT to block website ============================================================ In a dangerous precedent, on 28 July 2011, an UK High Court judge ruled that British Telecom (BT), the UK largest ISP, had to prevent its customers from accessing Newzbin 2, a website searching Usenet and providing links to lots of films, books and music - most of which infringe copyright. The case was brought to court by six major film studios, including Warner Brothers, Disney and Fox. BT will have to use in this case the technology it has developed to block access to websites featuring images of child abuse. According to Section 97A of the Copyright, Designs and Patents Act, UK courts have the power to grant an injunction against an ISP if it had actual knowledge that someone had used its service to infringe copyright. The judge in this case rejected Newzbin's argument that it was merely providing search results. "In my judgement it follows that BT has actual knowledge of other persons using its service to infringe copyright: it knows that the users and operators of Newzbin 2 infringe copyright on a large scale, and in particular infringe the copyrights of the Studios in large numbers of their films and television programmes," he said. As Article19 has pointed out, the judge ordered BT to block its subscribers from using Newzbin.com even for legitimate purposes, and concluded that the intellectual property rights of the rights holders "clearly outweighed" the freedom of expression rights of the users of Newzbin.com, and "even more clearly" those of the operators of Newzbin.com. Also, Article19 underlined that the high court order is very likely in breach of international standards for the protection of freedom of expression, particularly of the proportionality principle and considers it has set too low the threshold for ordering blocking, it does not properly balance the right to property with the right to freedom of expression, and shows no consideration for the chilling effect of the measure. Ordering the blocking of an entire domain name, and not of specific web-pages, is also considered to be in breach of the requirement for necessity in international law. BT also argued against blocking an entire website suggesting it would be more proportionate for the studios to provide a list of specific web-pages to be blocked but the argument was rejected by the court. Other campaigners, such as EDRi-member ORG, consider the decision as "pointless and dangerous". The worst part of this decision is that actually the court does not really care if the technical blocking really works or not. The judge wrote: "I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users". ORG also raised the concern that this precedent might be a first step for future blocking injunctions. It also tried to emphasized that "blocking should not be seen as an easy fix for complex social problems." Following this victory, the studios now intend to seek similar orders against other large ISPs in the UK. . High Court forces BT to block links to pirate site (28.07.2011) http://www.out-law.com/page-12117 Will Newzbin be blocked? (28.07.2011) http://www.lightbluetouchpaper.org/2011/07/28/will-newzbin-be-blocked/ A big week for copyright in the courts (2.08.2011) http://www.openrightsgroup.org/blog/2011/a-big-week-for-copyright-in-the-co… England and Wales: blocking website sets bad international precedent (1.08.2011) http://www.article19.org/resources.php/resource/2508/en/england-and-wales:-… ============================================================ 8. Recommended Action ============================================================ Survey that gathers the views of internet users from all EU countries on the use of personal information, privacy, and giving consent online. This survey is part of the CONSENT project - a collaborative project co-funded by the European Commission under the FP7 programme. http://bit.ly/Survey-CONSENT ============================================================ 9. Recommended Reading ============================================================ UK: Protecting information privacy - Equality and Human Rights Commission Research report 69 (Summer 2011) http://www.equalityhumanrights.com/uploaded_files/research/rr69.pdf ============================================================ 10. Agenda ============================================================ 7 September 2011, Berlin, Germany Balancing the interests in the context of data retention http://www.uni-kassel.de/einrichtungen/iteg/forschung/invodas/invodas-absch… 8-9 September 2011, Brussels, Belgium 6th Annual Conference of the European Policy for Intellectual Property Fine-Tuning IPR debates http://www.epip.eu/conferences/epip06/ 10-17 September 2011 Freedom Not Fear - International Action Week http://www.freedomnotfear.org 16-18 September 2011, Warsaw, Poland Creative Commons Global Summit 2011 http://wiki.creativecommons.org/Global_Summit_2011 16 September 2011, Leeds, UK Conference "Human Rights in the Digital Era" http://digitalrights.leeds.ac.uk 27-30 September 2011, Nairobi, Kenya Sixth Annual IGF Meeting: Internet as a catalyst for change: access, development, freedoms and innovation http://www.intgovforum.org/cms/nairobipreparatory 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 13-14 October 2011, Lisbon, Portugal 2nd International Graduate Conference in Communication and Culture: The Culture of Remix http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of_remi… 20-21 October 2011, Warsaw, Poland Open Govrenment Data Camp http://opengovernmentdata.org/camp2011/ 27-30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ 9 November 2011, Bucharest, Romania Inet Conference: Access, Trust and Freedom: Coordinates for future Internet http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml 11-13 November 2011, Gothenburg, Sweden FSCONS is the Nordic countries' largest gathering for free culture, free software and a free society. http://fscons.org/ 25-27 January 2012, Brussels, Belgium Computers, Privacy and Data Protection 2012 http://www.cpdpconferences.org/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. This EDRi-gram has been published with financial support from the EU's Fundamental Rights and Citizenship Programme. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[Freedombox-discuss] Twitter data subpoenas
by Sandy Harris 06 Jul '18

06 Jul '18

Speaking of protecting oneself, here's an Icelandic MP on the US gov't grabbing data from her Twitter account. http://www.guardian.co.uk/world/2011/nov/11/us-verdict-privacy-wikileaks-tw… THis sort of thing is another good reason for the Box. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[Freedombox-discuss] Twitter data subpoenas
by Sandy Harris 06 Jul '18

06 Jul '18

Speaking of protecting oneself, here's an Icelandic MP on the US gov't grabbing data from her Twitter account. http://www.guardian.co.uk/world/2011/nov/11/us-verdict-privacy-wikileaks-tw… THis sort of thing is another good reason for the Box. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [serval-project-dev] Implementing a different routing protocol
by Jeremy Lakeman 06 Jul '18

06 Jul '18

On Fri, Dec 14, 2012 at 5:57 AM, Fraser Cadger <cadge01(a)googlemail.com> wrote: > Jeremy, > > Thanks again for your help. I appreciate that as you said, it can be > difficult trying to help people understand your own software. I decided to > send my initial message because I had tried reading through the code several > times, picking up bits and pieces, but being unsure about exactly how things > fitted together. I genuinely found your previous comments very illuminating > and useful, and when I compared your comments with the code a great deal of > it made sense and I then started thinking about ways of implementing my own > routing. In fact, I produced a short report for my supervisor based on this > and detailing the steps I intended to take to implement our routing protocol > on Serval. I was about to dive in with this when I realised that I did not > really know how the update process worked and that this was a very important > factor! So I looked at the code again and tried to work my way through, > making notes, those notes were then used in my last post. As you said in > your comment it is better to work with people who are making independent > progress, so that was why I tried to explain my understanding instead of > jumping straight in with questions. Actually, I have been meaning to check > back with the current version of the software in repository, as I noticed a > few functions were in different locations and you mentioned that the self > announce had been redesigned, so this is something I'll look at. > > Ok, so I'll now try to explain what I intend to do with routing. > > Our overall aim is to develop a protocol called Geographic QoS Predictive > Routing (GQPR) which uses geographic/location/mobility information as well > as other context to make QoS predictions for neighbours, these predictions > are then used as the basis for forwarding decisions. GQPR is intended to act > as the routing element in a framework called Geographic QoS Peer-to-peer > Streaming (GQP2PS) which will run on WiFi devices (at the moment a testbed > of six Android phones + my own Android tablet) and facilitate the streaming > of both live (i.e. video call) and on-demand (i.e. recorded video) between > the devices. The intended use case is for disaster recovery scenarios, for > instance someone with basic medical/first aid training comes across an > injured person but is not exactly sure what course of action to take, so > they can initiate a video call with a doctor located at base station (or > anywhere else covered by the network) who is able to view the patient and > perform a diagnosis and if necessary supervise the treatment. This is just > on scenario, it could also be used for repairing infrastructure where an > engineer supervises and guides the repair process. Indeed, the technology > could be used for many purposes unrelated to disaster recovery, but we are > focussing on this to give us a specific aim, although the ideas for the > technology actually came before the idea for application. > > What we have at present is the building blocks of GQPR which we have called > GPR - Geographic Predictive Routing - GPR contains some of the main elements > of what will become GQPR but not all of the functionality. At present GPR > uses location predictions (provided by an Artificial Neural Network) as well > as some other factors (congestion level, radio range, a metric we'd > developed called neighbour range (this relates to the positions of a > neighbour's neighbours), amongst others to make forwarding decisions. I > think explaining GPR would make the most sense if I first explained how > basic geographic routing worked and then discussed our modifications to it. > As the name implies, geographic routing makes forwarding decisions based on > node's geographic locations instead of logical addresses. The most basic > form of geographic routing is greedy geographic routing. > > Greedy geographic routing works as follows: > > A packet is received, the node inspects the packet and records the location > of the destination > The node then calculates the physical distance between itself and the > destination > All of the node's neighbours are then compared against this distance > The one with the shortest distance to the destination is selected as the > next hop > > Greedy geographic routing does not create end-to-end routes (which is why > some people prefer the term forwarding, although the terms are used > interchangeably in literature), instead nodes are forwarded on a per-hop > basis using the greedy criterion. This does seem a bit similar to BATMAN, > where packets are also forwarded on a per-hop basis, however the big > difference is that in greedy geographic routing nodes only have knowledge > about their directly connected neighbours (i.e. those within their radio > range) and they do not know about destinations. So while BATMAN nodes know > of the destination node's existence (but only know the next hop to reach it > and not a full route), greedy geographic routing nodes know nothing about > the destination (aside from its address and location) and simply make the > forwarding decision based on which neighbour is closest to that destination. > The idea being that by shortening the geographic distance at each hop we are > finding the quickest way to reach a destination. > > Obviously this does not always hold true in practice, and their is a problem > known as the local maximum where nodes are forced to drop packets if they > cannot find a neighbour closer to the destination than themselves (to > prevent loops, the packet cannot travel physically backwards). However, > greedy geographic routing is relatively lightweight, and highly localised as > nodes are only required to know their directly connected neighbours and so > are not affected by topology changes at the other side of the network > (although this does mean nodes will sometimes forward packets to unreachable > destinations). There have been quite a few modifications and variants to > standard greedy geographic routing, some of which are more similar to > conventional routing protocols by establishing end-to-end routes (but using > geographic information to do so), while others focus on particular problems > (QoS, energy consumption, security, etc.) I spent a large period of my first > year surveying different geographic routing protocols and published this as > a paper if you're interested in finding more about geographic routing > (shameless plug for my own paper!!!); > http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6238283&tag=1 . > > Getting back to basic greedy routing, obviously nodes need a way of > discovering their immediate neighbours as well as finding the locations of > other nodes who they are not directly connected to. The first is achieved > through the sending of beacon messages at set periods of time, beacons are > just your bog standard hello-type messages except they contain the > coordinates of the sending node. Neighbours are stored in a dedicated > neighbour table along with their coordinates, this neighbour table is the > only table nodes store. The second is more difficult, but typically involves > the use of something called a location service which usually involves > certain nodes being designated as location servers. Regular nodes > periodically send location updates to these servers and when a node needs to > send a packet to a destination it is not connected to it will query the > relevant location server for that node's destination. Exactly how the > location service works depends on the particular scheme being used. > > So now to talk about GPR. > > Structurally GPR is very similar to classical greedy geographic routing, it > was originally implemented on top of the code developed by Karp and Kung for > their protocol known as GPSR (Geographic Perimeter Stateless Routing). What > we did was first implement a neural network algorithm which predicts the > future location of a device based on two previous coordinates, and the times > they were recorded at. Tests found that the location prediction algorithm > was able to accurately predict the future locations of neighbouring devices > with an error of less than 1m in most instances. At present the use of the > location prediction algorithm is relatively simple, all we are doing is > looking at our neighbours two previous locations (and timestamps) and using > these to determine what position the neighbour will be in when we send the > packet. This allows us to use greedy geographic routing, but with the > ability to cope with changes in location. In order to avoid sending packets > to nodes that are too far away, we always check their predicted location > against our transmission range to ensure they are within it. So in addition > to using the location predictions we developed a modified congestion control > algorithm which weighs the neighbour's congestion level against the distance > between the neighbour and other factors such as the reliability of the > node's information. The calculation is stored as a value t, and then we > evaluate the neighbour's neighbour range (i.e. the physical range covered by > its own neighbours), and if that neighbour is the best it becomes the > candidate node and the other node's values for t are compare against it, and > so until we finish the loop and end up with the best neighbour (or none in > which case we'll drop the packet). > > Another factor is that because we are using location predictions we do not > need node updates as frequently as geographic routing normally dictates. So > while ordinary geographic routing protocols usually send these messages over > 0.5s we send them every 13.6s which reduces the amount of control traffic. > This is a number based on ns-2 experimentation and it is likely that in real > wireless network it will need to be more frequent, but we still expect it to > be a lot less frequent than the conventional 0.5s. The real world isn't a flat 2d plain with no obstructions. But with ACK's, NACK's and re-transmission it shouldn't matter too much if we try to send a payload to a node that's now out of range. It should be possible to detect broken network paths lazily with minimal impact to throughput and latency. Plus when the network is busy, every data packet can act as a beacon without wasting bandwidth. > It might not seem like a huge modification, but it performs a lot better > than unmodified greedy geographic routing in simulations of video calling > and streaming traffic, and compares well with AODV, DSR, and DSDV. If you > look at the bulletin points I typed above to describe greedy geographic > routing, it is very similar except our means of calculating the best next > hop is slightly different. > > As I said earlier, I had thought about and discussed with my supervisor how > we could go about implementing GPR in Serval. We both decided that it was > best to implement basic greedy geographic routing first and then work from > there. There is a possibility that the NN algorithm we used in simulations > will be too resource-intensive for the phones we are using and will either > need to be modified or replaced with a different approach (we have some > backups), so our plan is to implement basic geographic routing first, > conduct separate experiments of the NN algorithm on the phones, and if > everything goes well combine them, build GPR, and then continue working on > the phones and simulations to create GQPR. > > In terms of implementing basic greedy geographic routing, I think making the > forwarding decisions could be quite simple. When we are in > overlay_stuff_packet(), instead of looking at the destination's next_hop > field we would call a function which would loop through our list of > neighbours and find the neighbour closest to the destination and select that > as the next hop for the packet (or drop it if we can't find a suitable next > hop). So that part seems quite simple. How to you communicate the current geographical location of the destination? How does the node that creates the payload work this out? For that matter, how are we going to communicate the device's location to the servald daemon? What about devices that don't have a working location service? Or they don't currently have the available power to run one? But don't let that stop you from experimenting. > However, what seems a bit more complicated is implementing the beaconing > messages. I can see two ways of doing this; keep the current Serval system > of self announcements, self announcement acks, and node announcements and > simply add locations to these messages. The other would be to get rid of > node announcements, and just use self announcement and self announcement > acks to transmit location information between directly connected nodes. I would recommend you keep the existing messages and formats, and add new message types that are sent at the same time, in the same packet. Firstly, if the existing messages change, you don't need to maintain your forked version. Secondly, network nodes that aren't implementing your routing protocol will still be able to communicate in other ways. Which is an important point. I want to make it easy to use servald as a platform for future routing experiments such as this. We should aim to build a single generic payload format and internal memory format for tracking links to neighbours, while allowing the storage and communication of extra protocol specific link information. It may be useful to forward this protocol specific data even if we don't understand it. I think it's reasonable for the core of servald to build a map of all 2-hop neighbours, regardless of the routing approach being used. This should allow us to limit unnecessary repetition of messages that need to be flooded to all nodes, similar to olsr's MPR selection. > This > actually brings me to a question I forgot to ask; if self announce messages > are regularly sent why do we need to ack these? If we are sending our own > acks and receiving acks from other neighbours do we need an explicit reply? > I.e. if we just send self announce messages, but after a period of time we > don't get any self announce messages from neighour x, we remove them from > our list of neighbours. Slight digression. We can't assume all network links are symmetrical. At the physical layer, a high powered transmission can be heard by nodes in a large area, but that doesn't mean they can all transmit with enough power to send a packet in the other direction. Localised interference can also be a significant factor. The adhoc wifi standard has a number of flaws that can prevent packets being delivered. Just because you can hear a broadcast packet, doesn't mean you could receive a unicast one and vice versa. And since Android doesn't support adhoc mode specifically, it isn't tested at all by device manufacturers. And most android devices deliberately drop all broadcast traffic when they enter power saving modes, eg when the display powers off. The real world is a very messy place. > Both of the two approaches I described have their advantages; the first is > ostensibly simpler as we don't need to stop anything being sent, while the > second means that we are getting something closer to the 'traditional' > beacon approach used in geographic routing as well as avoiding the > transmission of node announcements and the recording of indirect nodes which > we will just ignore. On the other hand, if we keep node announcements this > could actually act as a 'surrogate' for the location service if we include > their locations. So if for instance we have three nodes; a, b, and with b > being connected to a and c, a only being connected to b, and c only being > connected to c. If b advertises c to a and a to c, then a is able to know > the location of c (and vice versa) despite not being connected and without > the need for a location service (obviously this is a trivial example as in > this instance a can only reach c via b, so b is not really compared against > anyone else). > > I realise that Serval's implementation of BATMAN is intended to limit the > number of nodes a particular device knows about to avoid bandwidth going out > of control, but as we only have a testbed of six this shouldn't be a problem > for our experiments. Although we would obviously need to rethink for future > uses which involve larger networks. So I imagine this would really be a > temporary way of avoiding a location service, and in the long run we would > still try to implement an explicit location service (possibly based on > Serval Maps which Paul pointed me in the direction of). However, I did > discuss the idea of retaining some BATMAN elements in our implementation > (where we have some knowledge of nodes we are not directly connected to), > instead of going for a pure greedy geographic routing approach (where we > only know about our one-hop neighbours) as we are by no means obliged to use > a particular approach and our ultimate aim is performance. Therefore it is > possible that this will lead to us developing a hybrid approach between > GPR/GQPR and BATMAN. > > However, I think for now the best approach might be for us to try both > messages of messaging and see how they perform. I'm meeting my supervisor > tomorrow, and I'm going to discuss this with him. I've read through your > comments fully, so I think I should be able to start planning how I will > modify Serval announcement/advertisement messages and then try to get > something running next week. Unfortunately I am going back home for the > Christmas holidays, and I will only have access to an Android tablet and a > Windows laptop (which belongs to someone else!), so I'm not sure how much > work I'll get done until January, but if I can get Android NDK up and > running on the laptop I might be able to get some routing work done. > > Hopefully, the explanation of my work makes sense (or enough sense), and as > I indicated before I am happy to share any code I develop myself (I have > spoken about this with Paul). So in addition to developing my routing > protocol I intend to work on video calling, and Paul stated this was > something the Serval team wanted to include, so if I get that working I am > more than happy to put the code in the repo. > > Regards, > > Fraser > -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers(a)googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe(a)googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0