Search Mailing List Archives
hellekin at cepheide.org
Thu Oct 25 13:26:02 PDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 10/25/2012 02:07 PM, micah anderson wrote:
> full disclosure: i'm with riseup (and consider myself
> trustworthy!), and I know a lot of activists also have a high
> degree of trust in the work we do at riseup, perhaps partially
> because we've been around for 12 years and have a lot of history
> with social movements.
*** History is how trust grows within networks. I completely agree
with the importance of that factor in choosing to cooperate (use that
network) or defect.
> Issues of trust
*** Many factors come into play when you have to make a choice: among
them, ignorance, emulation, and necessity (or the feeling of it) can
put a lot of people in danger. Cooperate-first is a common strategy
that's rewarding when it works, and, in that case, can be devastating
when it fails. But you can't avoid people "feeling lucky".
How to raise awareness of relevant information in a noisy, saturated,
but distributed environment, so that it reaches the right people when
they need it?
For example, one of the most visible resources on using VPN services
does not mention Riseup.
(the following are hints to evaluate the danger, not in any case a
statement that the software is insecure.)
Steganos Software, the maker of OkayFreedom, is a German company, and
has been around since 1996.
As a Microsoft Partner, Steganos makes software for running on
Microsoft's proprietary operating system as administrator.
The OkayFreedom proprietary client program is available for download
on major (commercial) software providers.
It allows to "invite friends" by providing their email address,
Facebook or Twitter accounts, in order to get "bonus traffic"
(otherwise limited to 1GB per month in the gratis version). So,
there's an incentive to go viral in order to augment the transmission
capacity, which can help explain its popularity.
In case of the user's device is confiscated by the police, usage of
the software is not deniable.
(disclaimer: I'm not a lawyer, so take the following with a mountain
Article 5.1 of the Terms of Service seems to provide legal ground
for Iran to sue Steganos Software, and forbid Iranians from further
using the service, but that remains to be seen in a German court.
The Terms of Service of OkayFreedom state that they restrict "the
usage of OkayFreedom in any way that violates valid laws or
regulations." It does not mention anything about jurisdiction, so the
Iranian government could theoretically sue Steganos Software in
Germany and eventually obtain some user data (email if transmitted) if
so compelled by a German court of law--unlikely, but not excluded.
In another point, users are held responsible for any damage they might
cause to any third party while using the service: if Iran sues the
company, and wins, the company can in turn sue its users according to
the terms of their license agreement.
How the company identifies the client for legal purpose, etc., remains
unclear: it could be a unique client identifier, and what data is
linked to that is unknown...
P.S.: I shamelessly say https://help.riseup.net/en/donate
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the liberationtech