Search Mailing List Archives
sayhar at gmail.com
Fri Oct 18 10:53:11 PDT 2013
As Elijah wrote, the point of riseup is to serve a specific constituency.
The point is not to help the general public encrypt their email.
On Oct 18, 2013 1:30 PM, "Jonathan Wilkes" <jancsika at yahoo.com> wrote:
> On 10/15/2013 06:47 PM, elijah wrote:
>> On 10/15/2013 03:07 PM, Yosem Companys wrote:
>> If you have any thoughts about Riseup, whether
>>> security/privacy-related or otherwise, I'd love to hear them.
>> I think I am the only person from the Riseup collective who is
>> subscribed to liberationtech, so I will reply, although what follows is
>> not an official position or response from the collective.
>> We started when it was impossible to get even simple IMAP service that
>> was affordable. Very early on, it became apparent that one of the
>> primary issue facing our constituency (social justice activists) was the
>> rapid rise in abusive surveillance by states and corporations.
>> Riseup does the best it can with antiquated 20th century technology.
>> Without getting into any details, we do the best that can be done,
>> particularly when both sender and recipient are using email from one of
>> service providers we have special encrypted transport arrangements with.
>> Admittedly, the best we can do is not that great. And, of course, our
>> webmail offering is laughably horrible.
>> Riseup is not really a "US email provider". The great majority of our
>> users live outside the United States, and email is just one of many
>> services we provide.
>> There has been much discussion on the internets about the fact that
>> Riseup is located in the US, and what possible country would provide the
>> best "jurisdictional arbitrage". Before the Lavabit case, the US
>> actually looked pretty good: servers in the US are not required to
>> retain any customer data or logs whatsoever. The prospect of some shady
>> legal justification for requiring a provider to supply the government
>> with their private TLS keys seems to upend everything I have read or
>> been told about US jurisprudence. Unfortunately, no consensus has
>> emerged regarding any place better than the US for servers, despite
>> notable bombast the the contrary.
>> As a co-founder of Riseup, my personal goal at the moment is to destroy
>> Riseup as we know it, and replace it with something that is based on
>> 21st century technology . My hope is that this transition can happen
>> smoothly, without undo hardship on the users.
>> As evidence by the recent traffic on this list, many people are loudly
>> proclaiming that email can never be secure and it must be abandoned. I
>> have already written why I feel that this is both incredibly
>> irresponsible and technically false. There is an important distinction
>> between mass surveillance and being individually targeted by the NSA.
>> The former is an existential threat to democracy and the latter is
>> extremely difficult to protect against.
>> It is, however, entirely possible to layer a very high degree of
>> confidentially, integrity, authentication, and un-mappability onto email
>> if we allow for opportunistic upgrades to enhanced protocols. For
>> example, we should be able to achieve email with asynchronous forward
>> secrecy that is also protected against meta-data analysis (even from a
>> compromised provider), but it is going to take work (and money) to get
>> there. Yes, in the long run, we should all just run pond , but in the
>> long run we are all dead.
> The first thing you should do is remove the social contract from your
> registration page. It's creepy and (should be) completely at odds with
> from using our service to talk about the following things in confidence
> with others...")
> Furthermore, every single bullet point is ambiguous and would be
> subject to a flame war if I posted them here. That is, they are so
> wide open that people could reasonably take an opposing view for
> any or all of them, in good faith or bad.
> Personally, I agree with Riseup's position on those bullet points
> (assuming I understand them the same as you). But I disagree
> with requiring people to answer them if they want to try to be
> safer when they use the internet.
> Essentially, a requirement to click such a button is asking people to
> lie to themselves in order to use your service. Even the Pope and
> the military have seen fit to stop making people do that.
>>  https://leap.se/email
>>  https://pond.imperialviolet.**org/ <https://pond.imperialviolet.org/>
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/**
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech