Riseup Warrant Canary Falls?
https://news.ycombinator.com/item?id=13007234 Not as if anything should be thought untouchable.
On 01/19/2017 08:11 PM, grarpamp wrote:
https://news.ycombinator.com/item?id=13007234
Not as if anything should be thought untouchable.
I saw something on a twitter feed related to them that said they would be updating it and not to worry and this info is old. Have you checked? Check test 1 2... gpg --verify canary-statement-signed.txt gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E gpg: Good signature from "Riseup Networks <collective@riseup.net>" gpg: aka "Riseup Treasurer <treasurer@riseup.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E The canary hasn't been updated but the gpg output still shows a good sig (assuming) They could still kill the canary be revoking the key, and they haven't done that. See: https://riseup.net/en/canary Rr
Wrong thread > https://theintercept.com/2016/11/29/something-happened-to-activist-email-pro... On 2017-01-20 05:44, Razer wrote:
On 01/19/2017 08:11 PM, grarpamp wrote:
https://news.ycombinator.com/item?id=13007234
Not as if anything should be thought untouchable.
I saw something on a twitter feed related to them that said they would be updating it and not to worry and this info is old.
Have you checked?
Check test 1 2...
gpg --verify canary-statement-signed.txt
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E gpg: Good signature from "Riseup Networks <collective@riseup.net>" gpg: aka "Riseup Treasurer <treasurer@riseup.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E
The canary hasn't been updated but the gpg output still shows a good sig (assuming)
They could still kill the canary be revoking the key, and they haven't done that.
See: https://riseup.net/en/canary
Rr
On 01/19/2017 11:47 PM, No wrote:
Wrong thread > https://theintercept.com/2016/11/29/something-happened-to-activist-email-pro...
Wasn't the intercept. It was a twitter account of some org affiliated with riseup but thanks for the link. Rr
On 2017-01-20 05:44, Razer wrote:
On 01/19/2017 08:11 PM, grarpamp wrote:
https://news.ycombinator.com/item?id=13007234
Not as if anything should be thought untouchable.
I saw something on a twitter feed related to them that said they would be updating it and not to worry and this info is old.
Have you checked?
Check test 1 2...
gpg --verify canary-statement-signed.txt
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E gpg: Good signature from "Riseup Networks <collective@riseup.net>" gpg: aka "Riseup Treasurer <treasurer@riseup.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E
The canary hasn't been updated but the gpg output still shows a good sig (assuming)
They could still kill the canary be revoking the key, and they haven't done that.
See: https://riseup.net/en/canary
Rr
They received something but if were compromised would be shut down, which should happen if they lose in court. https://c4ss.org/content/47015 On 01/19/2017 10:44 PM, Razer wrote:
On 01/19/2017 08:11 PM, grarpamp wrote:
https://news.ycombinator.com/item?id=13007234
Not as if anything should be thought untouchable.
I saw something on a twitter feed related to them that said they would be updating it and not to worry and this info is old.
Have you checked?
Check test 1 2...
gpg --verify canary-statement-signed.txt
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E gpg: Good signature from "Riseup Networks <collective@riseup.net>" gpg: aka "Riseup Treasurer <treasurer@riseup.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E
The canary hasn't been updated but the gpg output still shows a good sig (assuming)
They could still kill the canary be revoking the key, and they haven't done that.
See: https://riseup.net/en/canary
Rr
On 01/20/2017 09:23 AM, M373 wrote:
They received something but if were compromised would be shut down, which should happen if they lose in court. https://c4ss.org/content/47015
I was part of the crew that occupied Courant Physics Institute @ NYU's downtown campus during the post-Cambodia invasion student strike in the early 70s. We had control of the room with the ArpaNet machine... They (Transcendental Students, the local NYU chapter of WU) threatened to take a fire axe to the motherfucker if the police stormed the building but as the police gained entry a day later and forced people milling around and camping in the hallways and classrooms out of the building they pissed on it (probably causing thousands of dollars worth of damage) and melded into the crowd being forced out... Never to be caught. The Riseup birds say they'll destroy their servers with user info rather than turn them over. Their machines. Their control. I believe them. Rr
On 01/19/2017 10:44 PM, Razer wrote:
On 01/19/2017 08:11 PM, grarpamp wrote:
https://news.ycombinator.com/item?id=13007234
Not as if anything should be thought untouchable.
I saw something on a twitter feed related to them that said they would be updating it and not to worry and this info is old.
Have you checked?
Check test 1 2...
gpg --verify canary-statement-signed.txt
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E gpg: Good signature from "Riseup Networks <collective@riseup.net>" gpg: aka "Riseup Treasurer <treasurer@riseup.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E
The canary hasn't been updated but the gpg output still shows a good sig (assuming)
They could still kill the canary be revoking the key, and they haven't done that.
See: https://riseup.net/en/canary
Rr
Ps C4SS was the tweet source I saw. This info is still sort of old, and as I stated earlier the birds could kill their canary by revoking the key required to validate it. On 01/20/2017 09:23 AM, M373 wrote:
They received something but if were compromised would be shut down, which should happen if they lose in court. https://c4ss.org/content/47015
On Thu, Jan 19, 2017 at 11:44 PM, Razer <g2s@riseup.net> wrote:
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E
The canary hasn't been updated but the gpg output still shows a good sig
They could still kill the canary be revoking the key, and they haven't done that.
A canary that has not met its own terms of service is a dead canary. If the terms were defective, cause of death might be found as some specific like from being tossed overboard in muddy waters with concrete shoes on, regardless still quite dead. The sig will always bitwise validate, though what level of value to place in any sig expiry parameter is up to user. In canary it should be treated as a bound on validity. Though most seem to make their validity period statement in the content they're signing over. As to key revocation, a reup selfsig to that key landed on 2016-10-21, with five hopefully thoughtful and careful wot sigs over it since then. With four of them occurring on or after the content expiry date. Other keys possibly belonging to riseup have not reupped or revoked, nor may necessarily be known to public wot, such as this on sks pub 4096R/D6F6C5B4 2010-11-11 archive collective@ The bird is well beyond it's update schedule, therefore it's dead. Remains to be seen whether there will be an updated canary, silence, or free speech / destruction possibly including potential martrydom in the brig.
On 01/20/2017 12:40 PM, grarpamp wrote:
On Thu, Jan 19, 2017 at 11:44 PM, Razer <g2s@riseup.net> wrote:
gpg: Signature made Mon 15 Aug 2016 10:01:19 PM PDT using RSA key ID 139A768E Primary key fingerprint: 4E07 9126 8F7C 67EA BE88 F1B0 3043 E2B7 139A 768E The canary hasn't been updated but the gpg output still shows a good sig They could still kill the canary be revoking the key, and they haven't done that. A canary that has not met its own terms of service is a dead canary. If the terms were defective, cause of death might be found as some specific like from being tossed overboard in muddy waters with concrete shoes on, regardless still quite dead.
The sig will always bitwise validate, though what level of value to place in any sig expiry parameter is up to user. In canary it should be treated as a bound on validity. Though most seem to make their validity period statement in the content they're signing over.
As to key revocation, a reup selfsig to that key landed on 2016-10-21, with five hopefully thoughtful and careful wot sigs over it since then. With four of them occurring on or after the content expiry date.
Other keys possibly belonging to riseup have not reupped or revoked, nor may necessarily be known to public wot, such as this on sks pub 4096R/D6F6C5B4 2010-11-11 archive collective@
The bird is well beyond it's update schedule, therefore it's dead. Remains to be seen whether there will be an updated canary, silence, or free speech / destruction possibly including potential martrydom in the brig.
A revoked key is a revoked key no matter how many people signed it. You take what you can get and think on your feet or YOU'RE the dead canary. Most legal wonks have publicly stated that KILLING A CANARY IS THE EQUIVALENT OF VIOLATING A FISA WARRANT OR GAG ORDER meaning Canaries are damn near useless anyway. But revoking a sig related to it? Legally obtuse. You figure it out. Palaver about it all you want. I'll bank on their key not being revoked thanks. Rr
The current warrant canary biz isn't that useful anyways. Everyone has known through offrecord backchannels, even before but definitely including PATRIOT hence, that govt[s] have beein doing this stuff. The big5 and many other internet major entities, all used their collective influence to... ignore free speech and whine permission of their taxing govt to publish useless banded 0-500 etc reporting games. They asked for and got a cute pdf coloring book full of how to do that to get an A Grade from teacher. Sites announcing new canaries are meetoo'd on twitter like a cute fad to get kudos and cred, and are hifived by morons and supposedly top privacy / antisecrecy thinkers. They're often not maintained / taken seriously. They're often signed by corporate role keys, who the fuck knows who all has access to those. Keys also often not even in the WoT. They don't provide any useful info to those most in need of knowing... the users... because they're not signed individually to each user in a context specific to each user. So much for any hope they might have of legit quashing before the entirety of their boring life gets irrevocably IMPORT TABLE'd into every govt db. And worst, they effect very little real change whatsoever. Remaining a quiet permissive slave to secrecy is hardly the way to handle secret law, secret courts and secret police. Hundreds of thousands of warrants a year with some secrecy terms in them. Not a single one published instantly upon receipt as freespeech. Just a bunch of sheep asking for permission, being told no and basically ignored. If these gigantic CEO's etc grew balls and published, or even just publicly lobbied spoke out much more often and freely and from a believable position of principle, they'd be instant heroes, complete with Trump like cult following and theme bands propping them from ten feet behind when they walk the streets. Even if they published, worst is they'd have to pay a little fine and do a year and a day in the minimun security federal social club, then back to CEO they go. And that's only if their collective march to the Supreme Court failed. Perhaps some are in on the secrect state game, or a kissass just in case. No company has ever really published, they either quit or asked permission or fought a legal fight. Many are now beginning to engineer and routing around things like damage. So this is not to diminish any action, because each one does add an amount into the sum total somewhere, and is thus needed, useful, and appreciated. Yet that plan is approaching 20 years of, well, not exactly reforming much of anything within governments, secret papers are still rolling in. It's just not the same. Only the real leakers of govt secrecy have accepted and taken real risk by speaking freely, without permission, into that sum. Maybe a win will be found somewhere, but probably not before cypherpunks take govt office. Or a colossal mass action the likes of which the internet and people have not mustered before. Probably both.
participants (4)
-
grarpamp -
M373 -
No -
Razer