Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OkayFreedom

hellekin hellekin at cepheide.org
Thu Oct 25 13:26:02 PDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/25/2012 02:07 PM, micah anderson wrote:
> 
> full disclosure: i'm with riseup (and consider myself
> trustworthy!), and I know a lot of activists also have a high
> degree of trust in the work we do at riseup, perhaps partially
> because we've been around for 12 years and have a lot of history
> with social movements.
> 
*** History is how trust grows within networks. I completely agree
with the importance of that factor in choosing to cooperate (use that
network) or defect.

> 
> Issues of trust
> 
*** Many factors come into play when you have to make a choice: among
them, ignorance, emulation, and necessity (or the feeling of it) can
put a lot of people in danger. Cooperate-first is a common strategy
that's rewarding when it works, and, in that case, can be devastating
when it fails. But you can't avoid people "feeling lucky".

How to raise awareness of relevant information in a noisy, saturated,
but distributed environment, so that it reaches the right people when
they need it?

For example, one of the most visible resources on using VPN services
does not mention Riseup[1].

(the following are hints to evaluate the danger, not in any case a
statement that the software is insecure.)

Steganos Software, the maker of OkayFreedom, is a German company, and
has been around since 1996.

As a Microsoft Partner, Steganos makes software for running on
Microsoft's proprietary operating system as administrator.

The OkayFreedom proprietary client program is available for download
on major (commercial) software providers.

It allows to "invite friends" by providing their email address,
Facebook or Twitter accounts, in order to get "bonus traffic"
(otherwise limited to 1GB per month in the gratis version). So,
there's an incentive to go viral in order to augment the transmission
capacity, which can help explain its popularity.

In case of the user's device is confiscated by the police, usage of
the software is not deniable.

(disclaimer: I'm not a lawyer, so take the following with a mountain
of salt.)

Article 5.1 of the Terms of Service[1] seems to provide legal ground
for Iran to sue Steganos Software, and forbid Iranians from further
using the service, but that remains to be seen in a German court.

The Terms of Service of OkayFreedom state that they restrict "the
usage of OkayFreedom in any way that violates valid laws or
regulations." It does not mention anything about jurisdiction, so the
Iranian government could theoretically sue Steganos Software in
Germany and eventually obtain some user data (email if transmitted) if
so compelled by a German court of law--unlikely, but not excluded.

In another point, users are held responsible for any damage they might
cause to any third party while using the service: if Iran sues the
company, and wins, the company can in turn sue its users according to
the terms of their license agreement.

How the company identifies the client for legal purpose, etc., remains
unclear: it could be a unique client identifier, and what data is
linked to that is unknown...


Regards,

==
hk

[1] http://en.flossmanuals.net/bypassing-censorship/ch025_what-is-vpn/
[2] http://www.okayfreedom.com/tos/

P.S.: I shamelessly say https://help.riseup.net/en/donate
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJQiaBZAAoJEDhjYTkcokoT1SgP/RZkLX+SSsyDcQguwR5zhl8S
tOAP1nm4dAp8ekWvpRjy6nseW5F30C46glNOZcJmqquMcil4EIDhlUv0B1krCj3O
KkIS1rIHcFu+6pROwWRkdEiNxhvBxS6nYEvaAZz3cTmfN2a40oCwjFtIhBZmc22+
Zw5s5xXjyqGSd2vcK8KfwD2/mM03/DL3TYr9tOdRrOjgvvA26otU3zva6TaYHpK8
biDdweeVWi/QHiGvCFgXsavWaUCVD9O3x6S9ECXfCZ8KPGHCkk5pA13zpopkcoft
ihCUpUfOLGxFrletfSW8gq+LnfR3soMuzA/Hv+/7SqfBfKVQT9oYbZcdt57KU7VH
KNx3SDgax0x9T90QsTxFALt2yBeKDAU91G4lGuArxPs4HuXiXTsbgidE2Z4zSRze
n+Krpn0+1BsRolVsRXnkHHYLWQV0Og+OeboM0vzKLvwFpQ2QfrDunqHQuCPNX3+/
VHTCF4sMYr7DgE5xfVpt3mtVlwu43y6Kju9mZkJi1RZTEgovu5wd2Lx5vUuy0ZDw
1hWevtdAQjgoSz8QBorhuwlPqSdI0/Te8dZyiRTo9CZ2jzIODjd9ENtB6FLBGKcC
0aWrCqmCR0q/Dxn7e8EFxEVdmKd0zux4SBhVcOvo7bbRr4W0NvJevuFyyGeKPgin
+huXg9zHZzFZwRjfNhb3
=d2dp
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list