Search Mailing List Archives
[liberationtech] Need some advice re: online secure communications platform for a survivors group
kristin at huridocs.org
Tue Jul 12 11:04:01 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Perhaps a good balance would be to set up a closed email discussion list
with a host you trust who has strong privacy guarantees as Miles
recommended (Greenhost can provide you with Mailman, or Electric Embers
has a great security reputation). And for sharing files you could use
something like OwnCloud that you can host yourself, or host with someone
It doesn't get much more simple than an email discussion list, but you
may need to figure out how to verify people are who they say they are,
for the sake of privacy.
On 7/11/16 12:32 PM, Miles Fidelman wrote:
> That may be - though some of the PGP solutions are pretty close to one-click install these days.
The old Napster never seemed to phase anybody. Maybe, whomever is
organizing the group needs to spend a little time picking a system and
writing up a how-to-install checklist.
> The reality is that anything that's not encrypted tends to get indexed
by google - so, if privacy is a concern (as the OP indicated), then any
standard email list, probably including a google group, is problematic -
at the very least one has to pay very close attention to configuration,
and better to not have an archive (hard to do with google groups).
> At the very least, go with a service that has registration and strong
privacy guarantees, or maybe set up a Wordpress or Drupal instance, with
access limited to registered users. Point and click on wordpress.com or
> Miles Fidelman
> On 7/11/16 11:26 AM, Steve Weis wrote:
>> Hello Miles. I think your suggestions are not practical for an ad hoc
group of sexual assault survivors. You're talking about them using PGP,
downloading open source clients, or using untested blockchain systems. I
think for a random group of people, all of these will fail in practice
due to poor usability and platform incompatibility. I think there is
little benefit to using a P2P system in this case.
>> Their threat model is against their abusers and potentially media,
bloggers, or trolls who pick up on the story. It's not against hosted
services like Google or the NSA.
>> You want something dead simple that works on every platform and
managed by an organization with their own security team. I suggested
Google Apps because it's battle-tested, easy, and in this use case,
free. Yes, Google would see this survivors' group data. They also see a
enterprise data -- even from competitors -- that is much more valuable
>> On Mon, Jul 11, 2016 at 5:09 AM Miles Fidelman
<mfidelman at meetinghouse.net <mailto:mfidelman at meetinghouse.net>> wrote:
>> Personally, I'd recommend staying away from any kind of hosting
>> - stick with a peer-to-peer system designed for privacy.
>> One, really simple notion would be to simply use encrypted email,
>> perhaps over a list server. It's a pain, but straightforward. It
>> however expose group membership, in the form of email addresses.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech