Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OkayFreedom (Jacob Appelbaum)

Dmitri Vitaliev dmitri at vitaliev.info
Tue Oct 30 16:27:25 PDT 2012


Am going to branch out a little from the discourse between Jake and Eric
and present this list a recurring dilemma in my experience as a digsec
trainer and technology advisor -  the question of 'good enough' security
and what to recommend when others seek advice. Eric and I have had this
discussion many times before, albeit never in a public forum :)

I've always been on the side of open rather than proprietary code,
non-profit rather than corporate initiative, these choices a blend of
technical and moral reasoning. However it is often difficult to convey
my sentiment in a short time-frame to an activist who relies on
technology but has a poor understanding of how it fits together. If you
only get one chance to explain private VoIP communications, do you wring
your hands and talk about vulnerabilities in Skype or teach them how to
find a trustworthy SIP provider and configure an open source client with
ZRTP? I've done both and felt guilty (for different reasons) no matter
the choice.

Regarding service providers, I have more implicit trust in a RiseUp VPN
than a Steganos one - however the first choice may actually single out a
group of activists using VPNs to protect their identity and movements
from the local provider. The argument also holds for Tor, albeit the
ratio for activist:unscrupulous user on that network may be a good
enough excuse.

Now back to circumvention and to J vs E. We don't need an arrest to
label a service flawed-by-design. At the same time there will always be
fewer initiatives we do trust and they will likely be a little more
clunky (less sleek?) than their commercial equivalents. Do we just
present the facts and let the audience make up their own minds or do we
make a decision about their threat model for them and choose the path of
least resistance?

Dmitri Vitaliev

On 12-10-30 02:05 AM, liberationtech-request at lists.stanford.edu wrote:
> Message: 33
> Date: Mon, 29 Oct 2012 12:26:54 +0000
> From: Jacob Appelbaum <jacob at appelbaum.net>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] OkayFreedom
> Message-ID: <508E760E.4010302 at appelbaum.net>
> Content-Type: text/plain; charset=ISO-8859-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121031/4ff5a517/attachment.html>


More information about the liberationtech mailing list