Very useful. Thank you.
On 16/10/13 18:45, Mike Gogulski wrote:
> fyi
>
>
> -------- Original Message -------- Subject: Re: [liberationtech]
> RiseUp Date: Wed, 16 Oct 2013 08:22:38 +0200 From: Eugen Leitl
> <eugen@???> To: cypherpunks@???,
> info@???, zs-p2p@???
>
>
>
> ----- Forwarded message from elijah <elijah@???> -----
>
> Date: Tue, 15 Oct 2013 15:47:15 -0700 From: elijah
> <elijah@???> To: liberationtech
> <liberationtech@???> Subject: Re: [liberationtech]
> RiseUp Message-ID: <525DC5F3.8010604@???> User-Agent:
> Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101
> Thunderbird/24.0 Reply-To: liberationtech
> <liberationtech@???>
>
> On 10/15/2013 03:07 PM, Yosem Companys wrote:
>
>> If you have any thoughts about Riseup, whether
>> security/privacy-related or otherwise, I'd love to hear them.
>
> I think I am the only person from the Riseup collective who is
> subscribed to liberationtech, so I will reply, although what
> follows is not an official position or response from the
> collective.
>
> We started when it was impossible to get even simple IMAP service
> that was affordable. Very early on, it became apparent that one of
> the primary issue facing our constituency (social justice
> activists) was the rapid rise in abusive surveillance by states and
> corporations.
>
> Riseup does the best it can with antiquated 20th century
> technology. Without getting into any details, we do the best that
> can be done, particularly when both sender and recipient are using
> email from one of service providers we have special encrypted
> transport arrangements with. Admittedly, the best we can do is not
> that great. And, of course, our webmail offering is laughably
> horrible.
>
> Riseup is not really a "US email provider". The great majority of
> our users live outside the United States, and email is just one of
> many services we provide.
>
> There has been much discussion on the internets about the fact
> that Riseup is located in the US, and what possible country would
> provide the best "jurisdictional arbitrage". Before the Lavabit
> case, the US actually looked pretty good: servers in the US are not
> required to retain any customer data or logs whatsoever. The
> prospect of some shady legal justification for requiring a provider
> to supply the government with their private TLS keys seems to upend
> everything I have read or been told about US jurisprudence.
> Unfortunately, no consensus has emerged regarding any place better
> than the US for servers, despite notable bombast the the contrary.
>
> As a co-founder of Riseup, my personal goal at the moment is to
> destroy Riseup as we know it, and replace it with something that is
> based on 21st century technology [1]. My hope is that this
> transition can happen smoothly, without undo hardship on the
> users.
>
> As evidence by the recent traffic on this list, many people are
> loudly proclaiming that email can never be secure and it must be
> abandoned. I have already written why I feel that this is both
> incredibly irresponsible and technically false. There is an
> important distinction between mass surveillance and being
> individually targeted by the NSA. The former is an existential
> threat to democracy and the latter is extremely difficult to
> protect against.
>
> It is, however, entirely possible to layer a very high degree of
> confidentially, integrity, authentication, and un-mappability onto
> email if we allow for opportunistic upgrades to enhanced protocols.
> For example, we should be able to achieve email with asynchronous
> forward secrecy that is also protected against meta-data analysis
> (even from a compromised provider), but it is going to take work
> (and money) to get there. Yes, in the long run, we should all just
> run pond [2], but in the long run we are all dead.
>
> -elijah
>
> [1] https://leap.se/email [2] https://pond.imperialviolet.org/
>
>
>
> _______________________________________________ unSYSTEM mailing
> list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
- --
Abolish the NSA