From noergelpizza at hotmail.de Tue Jan 1 01:51:49 2013 From: noergelpizza at hotmail.de (Andreas Bader) Date: Tue, 1 Jan 2013 10:51:49 +0100 Subject: [liberationtech] Travel with notebook habit Message-ID: On 12/28/2012 12:46 PM, Maxim Kammerer wrote: > On Fri, Dec 28, 2012 at 10:49 AM, Julian Oliver wrote: >> I've been extensively questioned at the border on a few occassions over the >> years /because/ my laptops don't have a Desktop as such, no icons either. Both >> my arms were grabbed at the Australian border as I reached to type 'firefox' in >> a terminal, to start the browser in an attempt to show them a normal looking >> environment. > I think that in such a discussion, it is necessary to distinguish > between border guards wanting to look at your data, and border guards > wanting to make sure that your laptop is not a bomb (given the limited > training they receive on the subject). The situation that you describe > looks more like the latter than the former (although clearly there > might be omitted details). > For the case of Border guards that want to have a look at your data there's an article from schneier: http://www.schneier.com/blog/archives/2008/05/crossing_border.html You can also use a normal (fake | Windows) OS on your standart HDD and a hidden OS on a mSATA SSD, you can use a 16 GB disk with a small and encryted Ubuntu distribution. If you set the boot standart to your standart HDD then you have a good chance to get through the control. Another possibility is to combine this with a hidden truecrypt container, no one can force you to write down a password to a container that is probably not even existing. You can't prove that. If this is to complicated for you, you can still install a OS on a small USB stick. Or a SDHC card. It's not that expensive and if you have an USB stick fixed at your keyring I think no one will notice. The most secure thing would be a Live CD and a hidden container on an USB / SDHC device. So they can't infiltrate a system that is not even installed (backtrack and stuff have truecrypt onboard) and they can't force you to open that hidden container (because you only know if there is a container when you hit the right password. When nobody performs a hardware hack on your SATA or something then nothing can happen. If they keep your notebook for some minutes | hours | days then you should examine it before use.. It's also helpful to check the md5 checksum of the boot partition; you can have a virus / keylogger in there. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Jan 1 03:36:30 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 1 Jan 2013 12:36:30 +0100 Subject: [liberationtech] Travel with notebook habit Message-ID: <20130101113630.GM9750@leitl.org> ----- Forwarded message from Andreas Bader ----- From eugen at leitl.org Tue Jan 1 05:54:41 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 1 Jan 2013 14:54:41 +0100 Subject: [HacDC:Byzantium] Future paths? Message-ID: <20130101135440.GZ9750@leitl.org> ----- Forwarded message from Sky- AA6AX ----- From eugen at leitl.org Tue Jan 1 07:42:08 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 1 Jan 2013 16:42:08 +0100 Subject: Revealed: how the FBI coordinated the crackdown on Occupy Message-ID: <20130101154208.GC9750@leitl.org> http://www.guardian.co.uk/commentisfree/2012/dec/29/fbi-coordinated-crackdown-occupy?CMP=twt_gu Revealed: how the FBI coordinated the crackdown on Occupy New documents prove what was once dismissed as paranoid fantasy: totally integrated corporate-state repression of dissent Naomi Wolf guardian.co.uk, Saturday 29 December 2012 14.58 GMT Jump to comments (699) Police used teargas to drive back protesters following an attempt by the Occupy supporters to shut down the city of Oakland. Photograph: Noah Berger/AP It was more sophisticated than we had imagined: new documents show that the violent crackdown on Occupy last fall b so mystifying at the time b was not just coordinated at the level of the FBI, the Department of Homeland Security, and local police. The crackdown, which involved, as you may recall, violent arrests, group disruption, canister missiles to the skulls of protesters, people held in handcuffs so tight they were injured, people held in bondage till they were forced to wet or soil themselves bwas coordinated with the big banks themselves. The Partnership for Civil Justice Fund, in a groundbreaking scoop that should once more shame major US media outlets (why are nonprofits now some of the only entities in America left breaking major civil liberties news?), filed this request. The document b reproduced here in an easily searchable format b shows a terrifying network of coordinated DHS, FBI, police, regional fusion center, and private-sector activity so completely merged into one another that the monstrous whole is, in fact, one entity: in some cases, bearing a single name, the Domestic Security Alliance Council. And it reveals this merged entity to have one centrally planned, locally executed mission. The documents, in short, show the cops and DHS working for and with banks to target, arrest, and politically disable peaceful American citizens. The documents, released after long delay in the week between Christmas and New Year, show a nationwide meta-plot unfolding in city after city in an Orwellian world: six American universities are sites where campus police funneled information about students involved with OWS to the FBI, with the administrations' knowledge (p51); banks sat down with FBI officials to pool information about OWS protesters harvested by private security; plans to crush Occupy events, planned for a month down the road, were made by the FBI b and offered to the representatives of the same organizations that the protests would target; and even threats of the assassination of OWS leaders by sniper fire b by whom? Where? b now remain redacted and undisclosed to those American citizens in danger, contrary to standard FBI practice to inform the person concerned when there is a threat against a political leader (p61). As Mara Verheyden-Hilliard, executive director of the PCJF, put it, the documents show that from the start, the FBI b though it acknowledges Occupy movement as being, in fact, a peaceful organization b nonetheless designated OWS repeatedly as a "terrorist threat": "FBI documents just obtained by the Partnership for Civil Justice Fund (PCJF) b& reveal that from its inception, the FBI treated the Occupy movement as a potential criminal and terrorist threat b& The PCJF has obtained heavily redacted documents showing that FBI offices and agents around the country were in high gear conducting surveillance against the movement even as early as August 2011, a month prior to the establishment of the OWS encampment in Zuccotti Park and other Occupy actions around the country." Verheyden-Hilliard points out the close partnering of banks, the New York Stock Exchange and at least one local Federal Reserve with the FBI and DHS, and calls it "police-statism": "This production [of documents], which we believe is just the tip of the iceberg, is a window into the nationwide scope of the FBI's surveillance, monitoring, and reporting on peaceful protestors organizing with the Occupy movement b& These documents also show these federal agencies functioning as a de facto intelligence arm of Wall Street and Corporate America." The documents show stunning range: in Denver, Colorado, that branch of the FBI and a "Bank Fraud Working Group" met in November 2011 b during the Occupy protests b to surveil the group. The Federal Reserve of Richmond, Virginia had its own private security surveilling Occupy Tampa and Tampa Veterans for Peace and passing privately-collected information on activists back to the Richmond FBI, which, in turn, categorized OWS activities under its "domestic terrorism" unit. The Anchorage, Alaska "terrorism task force" was watching Occupy Anchorage. The Jackson, Michigan "joint terrorism task force" was issuing a "counterterrorism preparedness alert" about the ill-organized grandmas and college sophomores in Occupy there. Also in Jackson, Michigan, the FBI and the "Bank Security Group" b multiple private banks b met to discuss the reaction to "National Bad Bank Sit-in Day" (the response was violent, as you may recall). The Virginia FBI sent that state's Occupy members' details to the Virginia terrorism fusion center. The Memphis FBI tracked OWS under its "joint terrorism task force" aegis, too. And so on, for over 100 pages. Jason Leopold, at Truthout.org, who has sought similar documents for more than a year, reported that the FBI falsely asserted in response to his own FOIA requests that no documents related to its infiltration of Occupy Wall Street existed at all. But the release may be strategic: if you are an Occupy activist and see how your information is being sent to terrorism task forces and fusion centers, not to mention the "longterm plans" of some redacted group to shoot you, this document is quite the deterrent. There is a new twist: the merger of the private sector, DHS and the FBI means that any of us can become WikiLeaks, a point that Julian Assange was trying to make in explaining the argument behind his recent book. The fusion of the tracking of money and the suppression of dissent means that a huge area of vulnerability in civil society b people's income streams and financial records b is now firmly in the hands of the banks, which are, in turn, now in the business of tracking your dissent. Remember that only 10% of the money donated to WikiLeaks can be processed b because of financial sector and DHS-sponsored targeting of PayPal data. With this merger, that crushing of one's personal or business financial freedom can happen to any of us. How messy, criminalizing and prosecuting dissent. How simple, by contrast, just to label an entity a "terrorist organization" and choke off, disrupt or indict its sources of financing. Why the huge push for counterterrorism "fusion centers", the DHS militarizing of police departments, and so on? It was never really about "the terrorists". It was not even about civil unrest. It was always about this moment, when vast crimes might be uncovered by citizens b it was always, that is to say, meant to be about you. From eugen at leitl.org Tue Jan 1 14:18:15 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 1 Jan 2013 23:18:15 +0100 Subject: [FoRK] Recommendations for a reliable subscription-based SSL VPN or proxy service for "secure, portable, virtual" office? Message-ID: <20130101221815.GZ9750@leitl.org> ----- Forwarded message from "Stephen D. Williams" ----- From gfoster at entersection.org Tue Jan 1 23:27:05 2013 From: gfoster at entersection.org (Gregory Foster) Date: Wed, 02 Jan 2013 01:27:05 -0600 Subject: [liberationtech] 29C3 whistleblower panel: Radack, Drake, Binney Message-ID: In Jacob's keynote (~29:50), he encourages participants to attend the whistleblower panel later in the day. 29th Chaos Communication Congress (Berlin: Dec 27-30, 2012) - "Enemies of the State: What happens when telling the truth about secret US government power becomes a crime" by Jesselyn Radack, Thomas Drake, and William Binney: http://youtu.be/nc5i8aROQkk?t=34m36s http://events.ccc.de/congress/2012/Fahrplan/events/5338.en.html Radack, Drake, and Binney take thirty minutes each to present their respective stories - powerful stuff. Kevin Gosztola's write up gives a sense: http://dissenter.firedoglake.com/2012/12/29/us-whistleblowers-on-being-targeted-by-the-secret-security-state/ http://twitter.com/kgosztola Within the first minute of his talk (~1:28:36), William Binney describes the legal and intellectual property guidance he received when retiring from the NSA to set the scene for an announcement that he has created a "commercial product" which describes a software architecture akin to ThinThread: > so I have that technology, it's on file, basically, with the Library of > Congress, we have a copyright on it, so it's open to anybody for $45 you > can get a copy, or you can go to the people here at the conference, they > have, I gave them copies, you can get copies from them. So it lays out > an architectural framework the entire process for how to automate an > analysis business process across the entire process, whatever you're > looking at, whatever kind of data you're doing because this applies to > everything: stock market exchange, money exchange, you know, travel, > phone calls, emails, Twitter, cloud, Facebook, whatever! So the point > is, that this is the kind of, this whole process will give you an idea > of what's really going on and the scale of what's happening. The Library of Congress defied my search queries. I didn't find mention on the CCC website, wiki, Twitter feeds, etc. Is this document(?) in digital form yet? Seems like it might be rather interesting. gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From lists at infosecurity.ch Wed Jan 2 00:05:08 2013 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Wed, 02 Jan 2013 09:05:08 +0100 Subject: [liberationtech] 29C3 whistleblower panel: Radack, Drake, Binney Message-ID: On 1/2/13 8:27 AM, Gregory Foster wrote: > > Within the first minute of his talk (~1:28:36), William Binney > describes the legal and intellectual property guidance he received > when retiring from the NSA to set the scene for an announcement that > he has created a "commercial product" which describes a software > architecture akin to ThinThread: Reading from the Wikipedia's relevant page https://en.wikipedia.org/wiki/ThinThread about the software the NSA's folks was trying to use, it seems much like that today they would be just making/using a Palantir's plug-in (http://www.palantir.com/) to do so, connected to the right set of databases . It would be nice a FOIA request to know which kind software and/or software manufacturer get used by US Security Agencies in handling "phone call logs" and/or "email logs" and/or "mobile phone's location data" . We may spot the company where are the NSA's whistleblowers of tomorrow ;-) -naif -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From drwho at virtadpt.net Wed Jan 2 06:55:45 2013 From: drwho at virtadpt.net (The Doctor) Date: Wed, 02 Jan 2013 09:55:45 -0500 Subject: [info] [FoRK] Recommendations for a reliable subscription-based SSL VPN or proxy service for "secure, portable, virtual" office? In-Reply-To: <20130101221815.GZ9750@leitl.org> References: <20130101221815.GZ9750@leitl.org> Message-ID: <50E44A71.1040104@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/01/2013 05:18 PM, Eugen Leitl wrote: > Although for a whole drive it would be a bit of an efficient > storage use issue (requiring just periodic reset maintenance), > SparkleShare+Gitolite git server via ssh is a great combination, > with clients for Windows/Macosx/Linux or you can use any git > client. If the git server were storing into a TrueCrypt loopback > on the server, you'd ruin offline attacks against your data. > Simply sync to another drive somewhere to get redundancy. I'm surprised more people aren't using Fossil (https://www.fossil-scm.org/) for this. In addition to git-like distributed revision control, the bug tracker and wiki are built in and synchronized along with commits. It has a project blog, too. I've been playing around with it for about a year now, and I'm very pleased with it (and with not having to rely on a central service like Github to hold everything). I still haven't had time to try synching Fossil instances over Tor yet, but it works pretty well over a point-to-point link over SSH. - -- The Doctor [412/724/301/703] [ZS|Media] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Red Adair Linux, for what we do most of the time." --Paul Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDkSnEACgkQO9j/K4B7F8FdJgCfdVKCvf3pfglkhUuUSwl9cjIv OeMAoIoHyJJoxN1SX9Zx4DwIbDsn3Rr5 =GRc0 -----END PGP SIGNATURE----- From turkish42 at rams.nfl.com Wed Jan 2 05:42:11 2013 From: turkish42 at rams.nfl.com (=?koi8-r?B?IvPVzcvJIMnaIOnUwczJySDP1CAyMzAkIg==?=) Date: Wed, 2 Jan 2013 10:42:11 -0300 Subject: =?koi8-r?B?88XHz8TO0SDTy8nEy8EgODAlICDOwSDT1c3LySD7wc7FzNgsIPDSwcTB?= =?koi8-r?B?LCDn1d7JIA==?= Message-ID: Шикарный подарок для женщини и мужчин! Сумки великих брендов за разумные деньги Скидки + роскошный подарок к каждой сумке Закажите сегодня доставим до 30 декабря Только для Москвы! Наш сайт http://www.прада-гучи.рф From eugen at leitl.org Wed Jan 2 04:03:24 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 2 Jan 2013 13:03:24 +0100 Subject: [liberationtech] 29C3 whistleblower panel: Radack, Drake, Binney Message-ID: <20130102120324.GP9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From eugen at leitl.org Wed Jan 2 04:08:26 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 2 Jan 2013 13:08:26 +0100 Subject: [liberationtech] 29C3 whistleblower panel: Radack, Drake, Binney Message-ID: <20130102120826.GQ9750@leitl.org> ----- Forwarded message from "Fabio Pietrosanti (naif)" ----- From womanishk162 at roberthalflegal.com Wed Jan 2 05:36:18 2013 From: womanishk162 at roberthalflegal.com (=?koi8-r?B?IvTPzNjLzyDEzNEg7c/Ty9fZIg==?=) Date: Wed, 2 Jan 2013 15:36:18 +0200 Subject: =?koi8-r?B?ODAlINPLycTLwSDOwSDz1c3LySDw0sHEwSwg59XeySwg+8HOxczY?= Message-ID: <92C0202158234F5E8C30E2EEEFC99B7F@user> Только сегодня 80% скидка на женские и мужские сумки из Италии элитных брендов Закажите сегодня и мы успеем доставить к Вам до 30 го декабя! + подарок к каждой сумке на сайте www.прада-гучи.рф From damian at google.com Wed Jan 2 21:14:31 2013 From: damian at google.com (Damian Menscher) Date: Wed, 2 Jan 2013 21:14:31 -0800 Subject: Gmail and SSL Message-ID: On Wed, Jan 2, 2013 at 8:52 PM, wrote: > On Wed, 02 Jan 2013 19:59:35 -0800, Damian Menscher said: > > Aurora compromised at least 20 other companies, failed at its assumed > > objective of seeing user data, and Google was the only organization to > > notice, let alone have the guts to expose the attack [0]. And you're > going > > to hold that against them? > > I didn't say that. What I *said* was "one should *expect* a nation-state > adversary to go after your mail hosting company via multiple avenues of > attack, > because it's already been tried before". Google is indeed one of the > better > actors. But if you're a target, maybe it's time to reconsider whether the > phrase "hosting company" should be included in your environment *at all*. > Thanks for clarifying. We're off-topic, but that decision needs to be weighed against the alternatives. If your alternative is running your own mailserver at home, then your risks are: - They can come into your home and walk off with your machines. Even if your hard drives are encrypted, your backups might not be... or maybe you don't have backups? - If you browse from the server they can get you with a trojan impacting Flash or Java. - Even if you don't browse from your mailserver they can try to compromise it remotely if it's not fully patched. How good are you at keeping your system patched. Does it fall a day or two behind when you're on vacation? - Speaking of vacation, how do you authenticate to your system? Does it support 2-factor? Or maybe you don't think you need 2-factor because you have an SSL cert. Did you self-sign it and tell your browser to ignore all other CAs (to approximate Chrome's certificate pinning)? - How does your email arrive/leave? They could be tapping your line... or they could just DoS you off the net. If you really think you can get all of that right, all the time, then I wish you the best of luck. But remembering that most targets are not cypherpunks, telling them to do it themselves is incredibly bad advice. Back on topic: encryption without knowing who you're talking to is worse than useless (hence no self-signed certs which provide a false sense of security), and there are usability difficulties with exposing strong security to the average user (asking users to generate and upload a self-signed cert would be a customer-support disaster, not to mention all the outages that would occur when those certs expired). Real-world security is all about finding a reasonable balance and adapting to the current threats. Damian ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From delllovetta at qbrebuilders.com Wed Jan 2 22:20:36 2013 From: delllovetta at qbrebuilders.com (Jeana Ashlee) Date: Thu, 03 Jan 2013 04:20:36 -0200 Subject: Cialis Fastest delivery, up to 2 days p8drmr Message-ID: <50e52334.0d027a48@qbrebuilders.com> Cialis Fastest delivery, up to 2 days FREE Shipping! Visa MC ACCEPT http://pharmacydrugstablets.ru From eugen at leitl.org Thu Jan 3 04:14:54 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 3 Jan 2013 13:14:54 +0100 Subject: [serval-project-dev] Encrypted rhizome bundles! Message-ID: <20130103121454.GM9750@leitl.org> ----- Forwarded message from Jeremy Lakeman ----- From eugen at leitl.org Thu Jan 3 04:16:21 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 3 Jan 2013 13:16:21 +0100 Subject: Gmail and SSL Message-ID: <20130103121621.GN9750@leitl.org> ----- Forwarded message from Damian Menscher ----- From eugen at leitl.org Thu Jan 3 04:19:34 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 3 Jan 2013 13:19:34 +0100 Subject: [liberationtech] Travel with notebook habit Message-ID: <20130103121934.GQ9750@leitl.org> ----- Forwarded message from Bryce Lynch ----- From eugen at leitl.org Thu Jan 3 04:52:42 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 3 Jan 2013 13:52:42 +0100 Subject: [liberationtech] Modern FIDONET for net disable countries? Message-ID: <20130103125242.GT9750@leitl.org> ----- Forwarded message from Peter Fein ----- From gem at rellim.com Thu Jan 3 15:31:23 2013 From: gem at rellim.com (Gary E. Miller) Date: Thu, 3 Jan 2013 15:31:23 -0800 Subject: Gmail and SSL Message-ID: Yo All! Apropos the recent discussions: "Google says that someone was caught trying to use an unauthorized digital certificate issued in its name in an attempt to impersonate Google.com for a man-in-the-middle attack." http://www.wired.com/threatlevel/2013/01/google-fraudulent-certificate/ RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem at rellim.com Tel:+1(541)382-8588 ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From jeremy at servalproject.org Wed Jan 2 21:49:25 2013 From: jeremy at servalproject.org (Jeremy Lakeman) Date: Thu, 3 Jan 2013 16:19:25 +1030 Subject: [serval-project-dev] Encrypted rhizome bundles! Message-ID: I've just pushed the final changes to land encrypted payloads in rhizome, covered by some appropriate test cases. But don't try to use the latest serval-dna in the android batphone application just yet. There's a breaking API change related to extracting files that we need to deal with first. That's hopefully a small job I can tackle tomorrow. -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From gfoster at entersection.org Thu Jan 3 19:33:39 2013 From: gfoster at entersection.org (Gregory Foster) Date: Thu, 03 Jan 2013 21:33:39 -0600 Subject: [drone-list] UAVDronesForSale.com Message-ID: Hey, it's a craigslist for drones! http://uavdronesforsale.com/ High level categories: Amateur, Commercial, and Law Enforcement drones (new and used). Parts, Cameras, and Repair Services. Aerial Services, Pilot Training, Drone Consultants, and Jobs. It looks like a lot of interesting information may accumulate here. HT @DronesForSale via @DIYDroneSafety: http://twitter.com/DronesForSale/status/286954853958311936 gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From nadim at nadim.cc Thu Jan 3 17:09:41 2013 From: nadim at nadim.cc (Nadim Kobeissi) Date: Fri, 4 Jan 2013 03:09:41 +0200 Subject: [liberationtech] Another CA Compromise: TurkTrust Message-ID: Another CA has been found issuing SSL certificates for Google services. Mozilla has acted on the issue: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ The weird thing is that it's starting to appear less and less crazy to just get rid of the CA system and replace it withb& nothing. What do you guys think? NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Fri Jan 4 02:46:02 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 11:46:02 +0100 Subject: Gmail and SSL Message-ID: <20130104104602.GS9750@leitl.org> ----- Forwarded message from "Gary E. Miller" ----- From eugen at leitl.org Fri Jan 4 02:48:10 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 11:48:10 +0100 Subject: [liberationtech] Another CA Compromise: TurkTrust Message-ID: <20130104104810.GT9750@leitl.org> ----- Forwarded message from Nadim Kobeissi ----- From jeremy at servalproject.org Thu Jan 3 17:45:15 2013 From: jeremy at servalproject.org (Jeremy Lakeman) Date: Fri, 4 Jan 2013 12:15:15 +1030 Subject: [serval-project-dev] Re: Encrypted rhizome bundles! Message-ID: And done. We now have encrypted MeshMS messaging between android phones. On Thu, Jan 3, 2013 at 4:19 PM, Jeremy Lakeman wrote: > I've just pushed the final changes to land encrypted payloads in > rhizome, covered by some appropriate test cases. > > But don't try to use the latest serval-dna in the android batphone > application just yet. There's a breaking API change related to > extracting files that we need to deal with first. That's hopefully a > small job I can tackle tomorrow. -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Fri Jan 4 03:44:15 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 12:44:15 +0100 Subject: [serval-project-dev] Re: Encrypted rhizome bundles! Message-ID: <20130104114415.GZ9750@leitl.org> ----- Forwarded message from Jeremy Lakeman ----- From eugen at leitl.org Fri Jan 4 03:54:44 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 12:54:44 +0100 Subject: [drone-list] UAVDronesForSale.com Message-ID: <20130104115444.GB9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From eugen at leitl.org Fri Jan 4 03:56:27 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 12:56:27 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: <20130104115627.GD9750@leitl.org> ----- Forwarded message from Martin Johnson ----- From greatfire at greatfire.org Thu Jan 3 22:50:47 2013 From: greatfire at greatfire.org (Martin Johnson) Date: Fri, 4 Jan 2013 14:50:47 +0800 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: Sometime between December 5 and December 8 last year, Google made a surprising decision that hasnbt yet been reported. They decided to remove a feature which had previously informed users from China of censored keywords. At the same time, they deleted the help article which explained how to use the feature. This indicates a new development in the relationship between the Chinese government and Google. Since Google moved its search engine to Hong Kong in 2010, censorship of its services such as YouTube, Google Plus and thousands of keywords on Google Search has been done by the Great Firewall, out of control of Google. This latest move was fully controlled by Google and can as such only be described as self-censorship. Full story at https://en.greatfire.org/blog/2013/jan/google-bows-down-chinese-government-censorship -- Martin Johnson --- https://GreatFire.org - Monitoring Online Censorship In China. https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search. https://Unblock.cn.com - We Can Unblock Your Website In China. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From klerichar at gmail.com Fri Jan 4 08:13:23 2013 From: klerichar at gmail.com (Claire Richard) Date: Fri, 4 Jan 2013 17:13:23 +0100 Subject: [drone-list] Rent-a-Robocops Message-ID: here is an interesting interview with a retired drone pilot, suffering from PTSD syndrom after flying drones for years The article in from a recent international edition of German newspaper Der Spiegel (the article is in English) http://www.spiegel.de/international/world/pain-continues-after-war-for-american-drone-pilot-a-872726.html cr 2012/12/28 Gregory Foster > IEEE Spectrum (Dec 28) - "Japanese Security Firm to Start Renting > Surveillance Drones": > http://spectrum.ieee.org/**automaton/robotics/military-** > robots/japanese-security-firm-**to-start-renting-surveillance-**drones > > For $58/month beginning in 2014 (I guess Japan is establishing regulations > for private sector drones?). Also includes video of a rather aggressive > sentry robot. > > gf > > -- > Gregory Foster || gfoster at entersection.org > @gregoryfoster <> http://entersection.com/ > > ______________________________**_________________ > drone-list mailing list > drone-list at lists.stanford.edu > > Should you need to change your subscription options, please go to: > > https://mailman.stanford.edu/**mailman/listinfo/drone-list > > If you would like to receive a daily digest, click "yes" (once you click > above) next to "would you like to receive list mail batched in a daily > digest?" > > You will need the user name and password you receive from the list > moderator in monthly reminders. > > Should you need immediate assistance, please contact the list moderator. > -- Claire Richard 917 254 1311 Independent Journalist MA candidate in Media Culture and Communication at NYU http://www.uniondocs.org/people/claire-richard/ http://klerichar.wordpress.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Fri Jan 4 08:17:21 2013 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 4 Jan 2013 17:17:21 +0100 Subject: [drone-list] Rent-a-Robocops Message-ID: <20130104161721.GF9750@leitl.org> ----- Forwarded message from Claire Richard ----- From virtualadept at gmail.com Sat Jan 5 08:23:34 2013 From: virtualadept at gmail.com (Bryce Lynch) Date: Sat, 5 Jan 2013 11:23:34 -0500 Subject: [ZS] Re: Quantified Prestige (was Two Criticisms) Message-ID: A little searching of my mail queue didn't show that this link was posted recently. There was a TED talk on reputation economics that might be of interest to a few people in this thread: http://www.ted.com/talks/rachel_botsman_the_currency_of_the_new_economy_is_trust.html Also, openhatch.org and coderwall.com. -- The Doctor [412/724/301/703] [ZS|Media] https://drwho.virtadpt.net/ "I am everywhere." -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From dr at jones.dk Sat Jan 5 05:22:52 2013 From: dr at jones.dk (Jonas Smedegaard) Date: Sat, 05 Jan 2013 14:22:52 +0100 Subject: [Freedombox-discuss] Building a personal software stack Message-ID: Quoting Melvin Carvalho (2013-01-05 02:43:28) > On 29 December 2012 18:30, Petar PetroviD <[1]petar at petrovic.io> wrote: >> I think that we don't HAVE to integrate everything, at least not >> during the initial development. I think we should focus on building a >> software stack, and then at some point, we can decide if deep >> integration is worth the effort. Of course, I am always open for >> different opinions and ideas. Yes, let's build FreedomBox 1.0 before we build FreedomBox 2.0. In my mind, FreedomBox 1.0 is *boring* - it contains no new inventions, only oldfashioned Debian mechanisms served user-friendly boxed. That in itself is a *big* milestone for FreedomBox. FreedomBox 2.0 is *interesting* - it contains improved ways of doing stuff classic among geeks, and still does it user-friendly boxed. FreedomBox 3.0 is *exciting* - it contains new inventions that have happened in parallel to our "boring" work, inspired by similar events that triggered the FreedomBox project but without that tough contraint of being user-friendly. Of course when those inventions reach FreedomBox they _are_ provided user-friendly boxed - because that is a fundamental requirement of FreedomBox. We (as in the developers on FreedomBox) HAVE to integrate everything needed for serving privacy-aware functionality in a user-friendly way. If we don't, we don't have a FreedomBox, but some other Debian-related tool or toy. > Yes, I think this is a valid approach.B The web was designed to tie > many systems together via the hyperlink. True that the web is about tying many systems together. FreedomBox, however, is about protecting privacy, and here it does matter crucially to have enough functionality locally so as to not leak privacy when doing said hyperlinking. FreedomBox is also about serving non-geeks, and here it is crucial that all interaction is user-friendly. *ALL* interaction! There is *no* admin, beyond the user herself/himself! > Of course it would be nice if the integrations could provide a > seamless user experience, but perhaps that can only happen over > time... If you mean postponing user-friendliness till later, then it sounds to me like you are talking about something (quite exciting and worthwhile to try reach but) different from Freedombox. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss at lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Jan 5 06:38:24 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 5 Jan 2013 15:38:24 +0100 Subject: [Freedombox-discuss] Building a personal software stack Message-ID: <20130105143824.GW9750@leitl.org> ----- Forwarded message from Jonas Smedegaard ----- From eugen at leitl.org Sat Jan 5 06:38:35 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 5 Jan 2013 15:38:35 +0100 Subject: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs) Message-ID: <20130105143835.GX9750@leitl.org> ----- Forwarded message from Peter Gutmann ----- From eugen at leitl.org Sat Jan 5 08:47:36 2013 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 5 Jan 2013 17:47:36 +0100 Subject: [ZS] Re: Quantified Prestige (was Two Criticisms) Message-ID: <20130105164736.GY9750@leitl.org> ----- Forwarded message from Bryce Lynch ----- From pgut001 at cs.auckland.ac.nz Sat Jan 5 05:26:27 2013 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 06 Jan 2013 02:26:27 +1300 Subject: [cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs) Message-ID: In the light of yet another in an apparently neverending string of CA failures, how long are browser vendors going to keep perpetuating this PKI farce? [0]. Not only is there no recorded instance, anytime, anywhere, of a browser certificate warning actually protecting users from harm [1], but the blind faith that browsers place in certificates is actively harming users when things fail, as they have again and again and again. Users, or at least technical ones with enough knowledge to understand the issues, have completely lost faith in browser PKI. If you look at discussion threads on technical forums [2], browser PKI is seen purely as something to roll your eyes at, to make jokes about. No-one (and as before that's with an implied "who understands the details") has any faith in it any more. The total inability and/or unwillingness of the browser vendors to respond to this and provide real security measures that don't involve simply changing the silly-walk they do with certificates and continuing as before is not only not helping users in any way, it's actively harming them, and users are aware of this. Browsers may as well turn off all their PKI-related code and just use anon-DH for everything, which would be safer than the current false-sense-of-security silly-walk they're doing, not to mention saving tens (hundreds?) of millions of dollars paid to commercial CAs by sites wanting to disable the browser warnings. Browser PKI costs a fortune to run, it doesn't protect users from anything the attackers are doing, and at worst it actively endangers them. If it was a commercial good, RAPEX would have it withdrawn [3]. Peter. [0] I mean "farce" in its theatrical sense here, "unlikely, extravagant, and improbable situations [...] highly incomprehensible plot-wise (due to the large number of plot twists and random events that often occur) [...] Farce is also characterized by [...] the use of deliberate absurdity or nonsense, and broadly stylized performances" (from Wikipedia, which has a more detailed definition than e.g. the OED). [1] See "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users", Cormac Herley. [2] And I realise the likes of Slashdot aren't the best of them, but it's the most accessible and has the most participants, so it's a quick way to gauge public opinion. [3] "RAPEX is the EU rapid alert system that facilitates the rapid exchange of information between Member States and the Commission on measures taken to prevent or restrict the marketing or use of products posing a serious risk to the health and safety of consumers". _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From kierstenrhiannon at ganymede.com Mon Jan 7 01:41:51 2013 From: kierstenrhiannon at ganymede.com (Lianne Margrett) Date: Mon, 07 Jan 2013 13:41:51 +0400 Subject: Order DrMax Today & Save up to $339.45! 100% Guaranteed to Work or Your Money Back. Click Here! lfmrq9 Message-ID: <201301071639.A99515430C0551ABC345AA@e3n4h4pqe4> DrMax Pills® Official Site Order DrMax Today & Save up to $339.45! 100% Guaranteed to Work or Your Money Back. Click Here! http://leerm.ru From larraineeddie at strykercorp.com Mon Jan 7 15:36:15 2013 From: larraineeddie at strykercorp.com (MIKA) Date: Mon, 07 Jan 2013 18:36:15 -0500 Subject: Cialis 20mg - $1.72 Any Order Size No Rx mh5eds2u8 Message-ID: <58y49z59r60-63266443-573a9b49@wnubvcozq> Cialis 20mg - $1.72 Any Order Size No Rx Best price for even small orders. Cialis only $1.72 per pill for any order size and No Rx ! http://pillstabletscheapdrugstore.ru From r.rohozinski at psiphon.ca Mon Jan 7 17:04:33 2013 From: r.rohozinski at psiphon.ca (Rafal Rohozinski) Date: Mon, 7 Jan 2013 20:04:33 -0500 Subject: [liberationtech] Modern FIDONET for net disable countries? Message-ID: This is a great conversation, and I really like the fact that some of these "old as new" technologies are being talked about. I spent much of early 1990s and Russia and the former Soviet Union. Fido7 or Region 50, in Fido terms, was at one point in time the largest FidoNet network in the world! I wrote a paper about this in the mid-1990s, but the bottom line was that FidoNet that time allowed people to use Internet like technologies (email/newsgroups) avoiding the high tariff rates that were set on the Russian Internet, which at that time was UUCP/PC-based and charged for traffic by the kilobyte. The FidoNet protocols were also tenacious and worked really well crappy and very noisy aluminum wiresb& However, I don't think it's practical to go back to the days of old style alternative networks. This is because in the intervening 20 or years, telecommunication carriers have evolved from purveyors of wires and switches, that availed themselves to overlay networks like the Internet, to becoming the intelligent network in and of themselves. The intelligence migrated from the edges to the core of the network. Telecom carriers now run all-IP core networks, and with advanced DPI, they can detect data signals on voice circuits. That means the opportunity of hiding data traffic on virtual voice switched networks isn't as practical as it once was. I think there's still a future for wireless-based alternative networks. And by that I don't mean satellite (BGAN or VSAT), but long-distance directional Wi-Fi, and even old fashioned IP over VHF/HF. There are challenges here, not least of which that these kinds of wireless radio networks are good targets for RDF. But in some respects, fishing for signals in the ether is a lot more challenging than detecting them on the wire. Rafal PS. Any one wanting to read my old paper of on the Russian Internet in the 1990's can find it here: http://unpan1.un.org/intradoc/groups/public/documents/untc/unpan015092.pdf The part about Fidonet starts around page 11. IP over VHF : www.southgatearc.org/articles/internetgateways.htm ... In the late 1990's the UN (WFP) used a system like this for Deep Field communications in Africa's Great Lakes regions Sent by PsiPhone mobile. Please excuse typos or other oddities. On 2013-01-07, at 6:34 PM, "Gary Garriott (ggarriott at INTERNEWS.ORG)" wrote: > FWIW, over the weekend I discovered I still have an unused SEAdog package dating from the late eighties. SEAdog was a commercial adaptation of the Fidonet Electronic Mail Protocol and which for a bunch of years we used extensively in another NGO to make overseas modem calls to far flung partners and associates, usually scheduled in the middle of the night. SEAdog also includes a provision for UUCP gateway addressing. > > Gary > > -----Original Message----- > From: liberationtech-bounces at mailman.stanford.edu [mailto:liberationtech-bounces at mailman.stanford.edu] On Behalf Of Rich Kulawiec > Sent: Sunday, January 06, 2013 4:57 PM > To: liberationtech > Subject: Re: [liberationtech] Modern FIDONET for net disable countries? > > On Thu, Dec 27, 2012 at 01:21:38PM -0500, Miles Fidelman wrote: >> That's a rather intriguing concept, though I might look at starting >> from UUCP & NNTP, or perhaps BITNET, rather than the FIDO model - the >> software is a bit more mature, and UUCP at least is still supported. >> Mobile devices could associate themselves, via local WiFi, when in >> range of each other, and messages would just flow through normal news >> exchange protocols. > > I'll second this. Usenet is still the most successful experiment in distributed communication, it's resource-frugal (after all, it was developed at a time when we thought 1200 baud modems were speedy), it's highly resilient, it's delay-tolerant, it's scalable, it's agnostic about transport, and it supports undirected broadcast communication -- something useful when trying to evade traffic analysis. It supports bidirectional mail<->news gateways, it runs on minimal hardware, and among other things, it could be used to provide prolific news feeds (albeit with some delay) into areas that are heavily censored. > > ---rsk > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Mon Jan 7 23:49:01 2013 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 8 Jan 2013 08:49:01 +0100 Subject: [liberationtech] Modern FIDONET for net disable countries? Message-ID: <20130108074901.GC5970@leitl.org> ----- Forwarded message from Rafal Rohozinski ----- From eugen at leitl.org Wed Jan 9 05:25:16 2013 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 9 Jan 2013 14:25:16 +0100 Subject: Linguistics identifies anonymous users Message-ID: <20130109132516.GW30918@leitl.org> http://www.scmagazine.com.au/News/328135,linguistics-identifies-anonymous-users.aspx Linguistics identifies anonymous users By Darren Pauli on Jan 9, 2013 9:49 AM Researchers reveal carders, hackers on underground forums. Up to 80 percent of certain anonymous underground forum users can be identified using linguistics, researchers say. The techniques compare user posts to track them across forums and could even unveil authors of thesis papers or blogs who had taken to underground networks. "If our dataset contains 100 users we can at least identify 80 of them," researcher Sadia Afroz told an audience at the 29C3 Chaos Communication Congress in Germany. "Function words are very specific to the writer. Even if you are writing a thesis, you'll probably use the same function words in chat messages. "Even if your text is not clean, your writing style can give you away." The analysis techniques could also reveal botnet owners, malware tool authors and provide insight into the size and scope of underground markets, making the research appealing to law enforcement. To achieve their results the researchers used techniques including stylometric analysis, the authorship attribution framework Jstylo, and Latent Dirichlet allocation which can distinguish a conversation on stolen credit cards from one on exploit-writing, and similarly help identify interesting people. The analysis was applied across millions of posts from tens of thousands of users of a series of multilingual underground websites including thebadhackerz.com, blackhatpalace.com, www.carders.cc, free-hack.com, hackel1te.info, hack-sector.forumh.net, rootwarez.org, L33tcrew.org and antichat.ru. It found up to 300 distinct discussion topics in the forums, with some of the most popular being carding, encryption services, password cracking and blackhat search engine optimisation tools. While successful, the work faces a series of challenges. Analysis could only be performed using a minimum of 5000 words (this research used the "gold standard" of 6500 words) which culled the list of potential targets from tens of thousands to mere hundreds. It also needs to separate discussion on product information like credit cards, exploits and drugs from conversational text in order to facilitate machine learning to automate the process, according to researcher Aylin Caliskan Islam. And posts must be translated to English, a process which boosted author identification from 66 to around 80 per cent but was imperfect using freely available tools like Google and Bing. However both of these tasks were performed successfully, and further development including the use of "exclusive" language translation tools would only serve to boost the identification accuracy. Leetspeak, an alternative alphabet popular in some forum circles, cannot be translated. The project is ongoing and future work promises to increase the capacity to unmask users. This Islam said would include temporal information which would exploit users who logged into forums from the same IP addresses and wrote posts at around the same time. Antichat user analysis "They might finish work, come home and log in," Islam said. It could also tie user identities to the topics they write about and produce a map of their interactions, identify multiple accounts held by a single author, and combine forum messages with internet relay chat (IRC) data sets. "We want to automate the whole process." Afroz said while the work appeals to law enforcements and government agencies, it is not designed to catch users out. "We aren't trying to identify users, we are trying to show them that this is possible," she said. To this end, the researchers released tools last year, updated last December, which help users to anonymise their writing. One tool, Anonymouth, takes a 500 word sample of a user's writing to identify unique features such as function words which could make them identifiable. The other, JStylo, is the machine learning engine which powers Anonymouth. The Drexel and George Mason universities research team is composed of Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, and Damon McCoy. From kfogel at red-bean.com Wed Jan 9 13:01:50 2013 From: kfogel at red-bean.com (Karl Fogel) Date: Wed, 09 Jan 2013 15:01:50 -0600 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: Maxim Kammerer writes: >On Fri, Jan 4, 2013 at 8:50 AM, Martin Johnson wrote: >> This latest move was fully controlled by Google and can as such only be described as self-censorship. > >The impression I am getting from my contacts at Google is that this is >not true. That is, Google apparently lost to Chinese Cyber experts in >being able to keep this censored keywords system up, and decided to >drop it altogether. PR team then, for whatever other reasons, decided >to keep complete silence on the subject. > >Of course, one can then ask why didn't Google simply force HTTPS on >Chinese users to begin with, but they probably considered complete >block of Google by GFC too real a possibility, and were too afraid to >lose market share. [not directed at Maxim, just a general thought on this topic] Rushes to judge Google about its handling of China should probably be tempered by the knowledge what the Chinese government really wants is to push local companies like Baidu. The government's protectionist policy for Chinese web & technology companies just happens to mesh nicely with their censorship policy in this case. So if Google pushes too hard, the overall result will just be to give more market share to Baidu, which doesn't really help the cause of freedom for Chinese Internet users either. Google's executives understand this very well. There's a good argument to be made that the things they could do to look brave and principled are not the things that would actually help information freedom in China in the long run. Please note that I'm not making a "shades of gray" point, just a "complexity" point. Best, -Karl -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From mk at dee.su Wed Jan 9 12:50:37 2013 From: mk at dee.su (Maxim Kammerer) Date: Wed, 9 Jan 2013 22:50:37 +0200 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: On Fri, Jan 4, 2013 at 8:50 AM, Martin Johnson wrote: > This latest move was fully controlled by Google and can as such only be described as self-censorship. The impression I am getting from my contacts at Google is that this is not true. That is, Google apparently lost to Chinese Cyber experts in being able to keep this censored keywords system up, and decided to drop it altogether. PR team then, for whatever other reasons, decided to keep complete silence on the subject. Of course, one can then ask why didn't Google simply force HTTPS on Chinese users to begin with, but they probably considered complete block of Google by GFC too real a possibility, and were too afraid to lose market share. -- Maxim Kammerer Liberti Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From dominicajovita at jacksongroup.com Wed Jan 9 09:09:22 2013 From: dominicajovita at jacksongroup.com (CHANTE GEORGETTA) Date: Thu, 10 Jan 2013 01:09:22 +0800 Subject: Natural Male & Female Sexual Health Enhancers. 100% Natural Sex Enhancement & Seduction Products. 7eqip6f Message-ID: <79n92n84k78-25702163-796j1j76@wgzxm1avdw> Better Sex Pill - For Him & For Her Natural Male & Female Sexual Health Enhancers. 100% Natural Sex Enhancement & Seduction Products. http://aruck.ru From julian at julianoliver.com Thu Jan 10 04:19:29 2013 From: julian at julianoliver.com (Julian Oliver) Date: Thu, 10 Jan 2013 13:19:29 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: ..on Thu, Jan 10, 2013 at 02:01:10PM +0200, Maxim Kammerer wrote: > On Thu, Jan 10, 2013 at 1:03 PM, Martin Johnson wrote: > > Yes, the question is what you call "working well". The censorship-warning > > feature added last year was clearly improving the user experience. Removing > > it worsened the user experience again. > > Is this backed up by actual user experiences from China? > > bWhen Wired.co.uk spoke to a few Chinese residents about the disabled > Google feature, they were not even aware of it because they used VPNs, > demonstrating Google might not be taking into account just how savvy > its users are at all.b [1] I found the article 'Five Myths about the Chinese Internet' a very useful read, especially as regards savvy-factor of users. We in the West love to generalise 'the situation' in China but often have little or no idea as to the scale, scope or dynamics at play. Another reason I find it particularly valuable to be reading people on this list that are operating there. The article was walled off at ForeignPolicy.com (ironically) but is available here in its entirety: Five Myths about the Chinese Internet: http://strategicstudyindia.blogspot.de/2012/11/five-myths-about-chinese-internet.html "Chinese Internet users are cosmopolitan, educated, and informed. Many use, or at least know they can use, circumvention technology like VPNs (Virtual Private Networks) to access blocked content." Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Jan 10 05:01:20 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 10 Jan 2013 14:01:20 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: <20130110130120.GR30918@leitl.org> ----- Forwarded message from Maxim Kammerer ----- From eugen at leitl.org Thu Jan 10 05:01:49 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 10 Jan 2013 14:01:49 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: <20130110130149.GS30918@leitl.org> ----- Forwarded message from Karl Fogel ----- From eugen at leitl.org Thu Jan 10 05:30:11 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 10 Jan 2013 14:30:11 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: <20130110133011.GZ30918@leitl.org> ----- Forwarded message from Julian Oliver ----- From eugen at leitl.org Thu Jan 10 05:30:38 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 10 Jan 2013 14:30:38 +0100 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: <20130110133038.GA30918@leitl.org> ----- Forwarded message from Martin Johnson ----- From 8f6e58ee at gmail.com Thu Jan 10 08:09:50 2013 From: 8f6e58ee at gmail.com (8f6e58ee at gmail.com) Date: Thu, 10 Jan 2013 17:09:50 +0100 Subject: [serval-project-dev] New algorithm for message dissemination in decentralized networks faster than its predecessors and guarantees delivery Message-ID: http://phys.org/news/2013-01-algorithm-message-dissemination-decentralized-networks.html -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Jan 10 09:04:13 2013 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 10 Jan 2013 18:04:13 +0100 Subject: [serval-project-dev] New algorithm for message dissemination in decentralized networks faster than its predecessors and guarantees delivery Message-ID: <20130110170413.GW30918@leitl.org> ----- Forwarded message from "8f6e58ee at gmail.com" <8f6e58ee at gmail.com> ----- From tony.arcieri at gmail.com Thu Jan 10 19:14:34 2013 From: tony.arcieri at gmail.com (Tony Arcieri) Date: Thu, 10 Jan 2013 19:14:34 -0800 Subject: [p2p-hackers] Distributed identity, chat, publishing, and sharing Message-ID: On Thu, Jan 10, 2013 at 6:49 PM, Sean Lynch wrote: > Hi, folks. I'm sure similar ideas to this have been discussed on this > list before, but I wanted to talk about an application that's been > living in my head for years and that I keep working on in fits and > starts, in the hopes that either someone will "steal" the idea or decide > to work on it with me to keep me motivated even when the goal seems so > far away. > For what it's worth, this sounds an awfully lot like what I have envisioned for the Cryptosphere: https://github.com/tarcieri/cryptosphere Contacts would be identified by their (Ed25519) public key. When you add > someone, you just paste their public key and type a "pet name" for them, > which is what would be shown in your contact list. Really close to what I had in mind, and I plan on using Ed25519. This is actually an approach that forces you to do more than take a fleeing glance at a given user's public key thumbprint/ID and I feel that's missing from many similar systems (e.g. OTR) > People could also associate various metadata with their public key in a > very similar way > to how they do with PGP keys: with metadata packets signed by themselves > and other people, thus establishing a web of trust that would enable > search, the same way we can reliably search for PGP keys but with an > easier-to-use interface that will always show someone's relationship to > your current trusted contacts. > My goal was to collect metadata about content transfers in the system by having all participants in file transfers sign a client-specific long chain which serves as a record of who has transferred what. Through the course of normal system operation any given peer will collect a number of these long chains, which can be run through a collaborative filtering algorithm (e.g. singular value decomposition) in order to make an educated guess about the properties of peers you've never interacted with based on their collective similarity to peers you have interacted with directly. Here are some possible implementation strategies. The only one I've made > any progress on so far is uTP: > > 1. uTP with our own DHT implementation for bootstrapping, lookup, and > storage of published stuff > My plan was to use CurveCP with the Ed25519 private scalar as the CurveCP private key. This allows you to set up secure channels which are based on the same identities as the other signatures in the system. CurveCP presently has some issues with embedding and congestion control but I hope if people actually start using it these problems will get resolved. I guess you could call this a p2p, pseudonymous version of Facebook, > with all the same functionality and none of the privacy problems because > privacy would always be defined by encryption. If you want something > public, you post it in the clear. If you want something seen by only > your friends, you encrypt the encryption key with each of their > curve25519 keys. > A crypto capability-based access control scheme comes to mind here. -- Tony Arcieri _______________________________________________ p2p-hackers mailing list p2p-hackers at lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From greatfire at greatfire.org Thu Jan 10 04:22:30 2013 From: greatfire at greatfire.org (Martin Johnson) Date: Thu, 10 Jan 2013 20:22:30 +0800 Subject: [liberationtech] Google Bows Down To Chinese Government On Censorship Message-ID: I am in China. Google is said to have a 5% market share in China. There are at least 500 million Internet users so that makes for about 25 million users. The number of users using VPNs or circumvention tools is unknown but likely much smaller. For example, Twitter is estimated to have less than 20,000 active users in China ( https://en.greatfire.org/blog/2013/jan/there-are-not-millions-twitter-users-china-heres-proof ). Commercial VPNs require credit cards to sign up and are used by very few. Free circumvention tools like FreeGate reach many more but are also continuously targeted by authorities making them slow and unstable. Users who can circumvent the GFW do not always do it. Connecting is slow and, for running a general Google search, unnecessary. All this means that Google's user experience without a VPN matters a lot. Because of the decision they took in December, that user experience got worse. The users Wired talked to were not representative of Chinese netizens. As for the Techcrunch statements, "sources suggest" doesn't make it true. But it is true that "since the notification feature was implemented, access to Googlebs search engine in China has been blocked more often than usual". That is, it was blocked once (on November 9) as opposed to "usual" which is that it isn't blocked. This blocking being part of Google's decision to disable the feature was exactly the argument that we were making. The authorities blocked Google and likely used this and the threat to permanently block it to pressure Google into doing their bidding. Martin Johnson Founder https://GreatFire.org - Monitoring Online Censorship In China. https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search. https://Unblock.cn.com - We Can Unblock Your Website In China. On Thu, Jan 10, 2013 at 8:01 PM, Maxim Kammerer wrote: > On Thu, Jan 10, 2013 at 1:03 PM, Martin Johnson > wrote: > > Yes, the question is what you call "working well". The censorship-warning > > feature added last year was clearly improving the user experience. > Removing > > it worsened the user experience again. > > Is this backed up by actual user experiences from China? > > bWhen Wired.co.uk spoke to a few Chinese residents about the disabled > Google feature, they were not even aware of it because they used VPNs, > demonstrating Google might not be taking into account just how savvy > its users are at all.b [1] > > bSources close to the matter suggest Google pulled the feature because > it was making it more difficult for users to access its search > services. [b&] However, since the notification feature was implemented, > access to Googlebs search engine in China has been blocked more often > than usual [b&] meaning even fewer users were able to use Google > search.b [2] > > [1] > http://www.wired.co.uk/news/archive/2013-01/04/google-china-anti-censorship-fail > [2] > http://techcrunch.com/2013/01/04/google-quietly-removes-censorship-warning-feature-for-search-users-in-china/ > > -- > Maxim Kammerer > LibertC) Linux: http://dee.su/liberte > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From seanl at literati.org Fri Jan 11 10:08:59 2013 From: seanl at literati.org (Sean Lynch) Date: Fri, 11 Jan 2013 10:08:59 -0800 Subject: [p2p-hackers] Distributed identity, chat, publishing, and sharing Message-ID: On 01/10/2013 07:14 PM, Tony Arcieri wrote: > For what it's worth, this sounds an awfully lot like what I have > envisioned for the Cryptosphere: > > https://github.com/tarcieri/cryptosphere Very interesting. "Cryptosphere" is a good name for such a system, though from what you describe there the project seems more concerned about identifying content than people, whereas my idea centers around identifying people, with content being secondary. > > Contacts would be identified by their (Ed25519) public key. When you add > someone, you just paste their public key and type a "pet name" for them, > which is what would be shown in your contact list. > > > Really close to what I had in mind, and I plan on using Ed25519. This is > actually an approach that forces you to do more than take a fleeing > glance at a given user's public key thumbprint/ID and I feel that's > missing from many similar systems (e.g. OTR) Yeah, to me verifying key fingerprints is a lost cause - people will never do it. Instead we need the socialist millionaire protocol for bootstrapping, and a web of trust. Or the very simple fact that you got someone's public key via a MITM-proof channel in the first place, like a QR code on a business card, NFC, etc. > > > People could also associate various metadata with their public key > in a very similar way > to how they do with PGP keys: with metadata packets signed by themselves > and other people, thus establishing a web of trust that would enable > search, the same way we can reliably search for PGP keys but with an > easier-to-use interface that will always show someone's relationship to > your current trusted contacts. > > > My goal was to collect metadata about content transfers in the system by > having all participants in file transfers sign a client-specific long > chain which serves as a record of who has transferred what. > > Through the course of normal system operation any given peer will > collect a number of these long chains, which can be run through a > collaborative filtering algorithm (e.g. singular value decomposition) in > order to make an educated guess about the properties of peers you've > never interacted with based on their collective similarity to peers you > have interacted with directly. Can you elaborate on this? By metadata I was thinking of things like filename, content description, ratings, etc. > > Here are some possible implementation strategies. The only one I've made > any progress on so far is uTP: > > 1. uTP with our own DHT implementation for bootstrapping, lookup, and > storage of published stuff > > > My plan was to use CurveCP with the Ed25519 private scalar as the > CurveCP private key. This allows you to set up secure channels which are > based on the same identities as the other signatures in the system. Given that the part that needs to be small is the public key, what's the benefit of using the same private key? Once you have an Ed25519 public key, you can always do an authenticated Diffie-Hellman exchange with an ephemeral session key, which gives you perfect forward security if any individual session private key is compromised. > > CurveCP presently has some issues with embedding and congestion control > but I hope if people actually start using it these problems will get > resolved. I ran across CurveCP before and had forgotten about it. Embedding and congestion control are primary requirements for me, and libutp fits the bill, even allowing the user to provide a callback for sending and receiving data, which is where I'd apply the encryption. > > I guess you could call this a p2p, pseudonymous version of Facebook, > with all the same functionality and none of the privacy problems because > privacy would always be defined by encryption. If you want something > public, you post it in the clear. If you want something seen by only > your friends, you encrypt the encryption key with each of their > curve25519 keys. > > > A crypto capability-based access control scheme comes to mind here. The system you describe could certainly make a good platform for what I describe, though I'm far more interested in the "applications" themselves, i.e. chat, publishing, sharing, etc., than in the underlying infrastructure. My primary concern about the underlying infrastructure is that it be secure, easy to install/use, doesn't use a tremendous amount of CPU or bandwidth (this should ideally run on mobile phones), and connects reasonably quickly. All of the applications could even be written in Javascript and distributed through the network itself, signed by their authors. They could run as web workers using a particular protocol to talk to the main app if the network runs in a browser, or in QtScript if it's a native Qt app. I have no idea how to securely run untrusted JS in Java, though. I'd like to implement as little of this as possible, since it's a pretty big undertaking and will require a number of iterations to get something usable. That's why I am thinking of things like embedding I2P and Freenet or Tor and Gnunet. I'd prefer C++ and Qt over Java, though building for Windows will be a bit of a challenge, especially for Gnunet with its huge number of not-very-crossplatform dependencies like libgcrypt, among others. I'd love to have it able to build in VS, but Tor won't either IIRC. _______________________________________________ p2p-hackers mailing list p2p-hackers at lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From tony.arcieri at gmail.com Fri Jan 11 10:43:07 2013 From: tony.arcieri at gmail.com (Tony Arcieri) Date: Fri, 11 Jan 2013 10:43:07 -0800 Subject: [p2p-hackers] Distributed identity, chat, publishing, and sharing Message-ID: On Fri, Jan 11, 2013 at 10:08 AM, Sean Lynch wrote: > Very interesting. "Cryptosphere" is a good name for such a system, > though from what you describe there the project seems more concerned > about identifying content than people, whereas my idea centers around > identifying people, with content being secondary. > It's all equally important, although I intend to identify nodes or peers rather than people (who may operate many nodes). Can you elaborate on this? By metadata I was thinking of things like > filename, content description, ratings, etc. > I was thinking of a log of how much data was transferred and the transfer rate. The type of metadata you're describing is kept secret in my system. > Given that the part that needs to be small is the public key, what's the > benefit of using the same private key? Once you have an Ed25519 public > key, you can always do an authenticated Diffie-Hellman exchange with an > ephemeral session key, which gives you perfect forward security if any > individual session private key is compromised. > The point of doing this is so both ends can authenticate the other party as the same party who signed data they're interested in. CurveCP still uses DH to generate an ephemeral session key. I was to CodesInChaos earlier on about this approach on the CurveCP and he said he looked into it before and thought it seemed sound. I ran across CurveCP before and had forgotten about it. Embedding and > congestion control are primary requirements for me, and libutp fits the > bill, even allowing the user to provide a callback for sending and > receiving data, which is where I'd apply the encryption. Yeah, uTP is definitely nice in that it has the congestion part licked (perhaps too well). It would be neat to try to take the CurveCP encryption protocol design and sort of layer it on top of uTP. > All of the applications could even be written in Javascript and > distributed through the network itself, signed by their authors. They > could run as web workers using a particular protocol to talk to the main > app if the network runs in a browser, or in QtScript if it's a native Qt > app. I have no idea how to securely run untrusted JS in Java, though. > Yeah, this is definitely something else I am extremely interested in. I have been looking at a friend's capabilities-based JavaScript wrapper around