Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Privacy, data protection questions

Andrew Haeg aohaeg at
Wed Mar 27 09:39:17 PDT 2013

Hi Brian, Rich: Thanks for engaging me (and one another) here. I take no
umbrage at Rich's line of argumentation. In fact, having been a lurker and
occasional poster here for several months now, I am well aware there are
(as Rich put it) "paranoid clueful paranoid diligent (did I mention
paranoid?) geeks" in our midst and expected a passionate response of some
kind. If I were easily put off by criticism, I wouldn't be doing this.

But I will say that while I'm not deeply technical, I'm acutely aware of
what I don't know. Which is why, for now, we're avoiding many of the
pitfalls you point out. Right now, we're building solely for SMS and voice
delivery of simple surveys, and aggregating that data to build profiles of
respondents. Nothing need be installed on the phone.

I will bookmark this thread as we start to think about smartphone apps, but
for all the reasons you raise, it may be a non-starter in places with
nosey, repressive regimes.

The privacy questions I have right now have to do with partitioning the DB
in such a way that a malevolent hacker, or personal info digger, couldn't
crack into our system and in one fell swoop make off with a trove of mobile
#'s + the personal info of the person connected to that number.

Whoever I bring on as CTO/technical co-founder I will expect to shape these

I appreciate the feedback.

- Andrew

On Mon, Mar 25, 2013 at 12:57 PM, Brian Conley <brianc at>wrote:

> Rich,
> Mostly I'm taking issue with your nonconstructive demeanor. I've not seen
> you take the Guardian Project to task for trying to solve some of the same
> problems. I've not seen you take Tor project or Whisper Systems to task.
> You have essentially shat on someone's head who is taking a risk by being
> open and asking for feedback.
> As this is a LIST that numerous people have mentioned is beneficial to
> them as a "place for discussion" one might expect common courtesy to
> prevail. I know that is not the general tendency on the internet, where
> trolls abound.
> Perhaps we could all try to be a bit less trollish, and perhaps more
> "gnomish."  I would present Steve Weis' critical, yet cordial response to
> Crypho on another thread as a good example:
> "Hi Yiorgis. The "ways of asserting the authenticity of served
> [JavaScript]" always reduce to trusted code executing on the client. You
> need to trust whatever is authenticating the served application. You can't
> get around it.
> This approach always ends up with either trusting the service or running
> client-side code. The former is a perfectly fine business model and the
> standard for almost all web apps, but you can't make the claim that "the
> government and our staff cannot access your data". It's simply not true,
> and not just because there might be incidental bugs you're working on
> fixing. It's fundamentally untrue.
> I appreciate the challenge you are trying to tackle and understand that
> delivering client-side code across all browsers and platforms is a
> non-starter for an early startup. If it were an easy problem, we wouldn't
> be having this discussion. I wish you luck in solving it."
> Regards,
> Brian
> On Mon, Mar 25, 2013 at 5:52 AM, Rich Kulawiec <rsk at> wrote:
>> On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote:
>> > Nose to the grindstone Andrew. Use Rich's email to remind you this is
>> hard,
>> > but its still worth doing.
>> I've read this multiple times and I still have no idea how your remarks
>> relate to what I wrote in re the (in)security of smartphones, the
>> resulting pervasive malware epidemic and the subsequent serious
>> architectural problems for application developers, including but not
>> limited to this one.  ("serious architectural problems" == "you're
>> building on enemy territory, this probably won't end well")
>> Neither coffee nor scotch (both applied liberally) have yielded any
>> enlightenment, so I must now ask: Whiskey Tango Foxtrot, Over?
>> ---rsk
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at companys at or changing your settings at
> --
> Brian Conley
> Director, Small World News
> m: 646.285.2046
> Skype: brianjoelconley
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list