<div>I'm new to this guys, but with a name like RiseUp that trys to operate beyond the level of Government interference, you are asking for it; I mean, its a direct challenge if you ask me, and I'm sure that those who are interested in this sort of work would make an organization like that thier newest and very best friend until they got thier balls in a nice glass jar in the show case on the wall. I just want to be left alone.</div> <div> </div> <div>What is the signature.asc? I'm not only ignorant but a little slow. Try to use small words and pictures if possible. Thanks.<BR><BR><B><I>Teddy Smith <teddks@gmail.com></I></B> wrote:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">> (Full Disclosure: I know some people involved in Riseup Labs, etc.)<BR>> <BR>> Riseup goes out of their way to not log data. They maintain patches to<BR>> free software programs[0] to ensure that their software
isn't logging.<BR>> In addition, they contribute these patches back to the community.<BR>> Because they do not log, that means that short of a specific wiretap,<BR>> there isn't data for someone to fetch from their machines.<BR>> <BR>> Furthermore, I think it's out of line for you to say that Riseup is<BR>> compromised. Riseup has some really talented administrators and many of<BR>> them are active in the free software community.<BR>> <BR>> Obviously, no one is perfect and everyone can be compromised when<BR>> specific resources can be allocated. I still object to you promoting the<BR>> idea that they're compromised. Do you have any specific proof of this?<BR>> Or are you just speculating that they're a high value target and thus<BR>> they are clearly owned? If that's the case, it's pretty hilarious to<BR>> imagine that Riseup is of greater value to an attacker than all of Gmail.<BR>> <BR>> While it's true that you might be
lost in the noise when you generally<BR>> use Gmail, your mail is scanned for content and context as part of their<BR>> normal service. When you do arouse suspicion (either internally or<BR>> externally), Google isn't going to fight a subpoena or a gag order;<BR>> Riseup most certainly will. And they're proactive (see that bit about<BR>> not logging in the first place) about their fighting.<BR>> <BR>> I disagree. I think that if you're sending encrypted email, you still<BR>> have a massively unknown quantity with gmail or other commercial email<BR>> providers. Riseup also uses a lot of disk crypto and while it's<BR>> imperfect[1], it's probably going to help if they decide to take a stand<BR>> or if the search is illegal.<BR>> <BR>> Regards,<BR>> Jacob<BR>> <BR>> [0] http://riseuplabs.org/privacy/<BR>> [1] http://citp.princeton.edu/memory/<BR><BR>If riseup was owned, it wouldn't be by a hacker. It would be owned at
a<BR>level that no lack of logging, disk crypto, or participation in the<BR>community would help. It would be owned by a tap on the wire, a gag<BR>order, and the "keys to the castle" for everything else.<BR><BR>I don't wish to impugn the riseup team in any way. I think they're doing<BR>a great job, and doing something that's very needed for the activist<BR>community. I'm sure they've got enough security on it to bar out just<BR>about anything.<BR><BR>But I'm also sure they have lives that they care about, and I'm also<BR>sure that if it came down to them handing things over to the FBI or<BR>being caught up in the green scare, they'd do the self-preserving thing.<BR>It's what anyone would do, and it's what I expect of them. I'm sure<BR>they'd try to fight it however they could, but again, they aren't<BR>exactly blending into the crowd. Their favicon is a red/black star, they<BR>link to other radical sites, they provide email list to groups that are<BR>probably on terror
watchlists. They're most certainly in a spotlight, if<BR>they aren't already wiretapped or subpoenaed. <BR><BR>Sure, they may try to fight. But will they really go to prison so that<BR>my email can be unread? They won't be going up for privacy, they'll be<BR>seen by the masses of America as supporters of "eco-terror" or whatever<BR>demon is the label of the day. And if they fight, they won't be fighting<BR>for the 1st amendment, they'll be fighting against the PATRIOT act. Not<BR>to mention that they've got limited resources, and can only keep up for<BR>so long.<BR><BR>Again, don't get me wrong. The riseup team are all (probably, as I don't<BR>know them) great people, and they're certainly providing a needed<BR>service. But I don't expect them to take a bullet for me.<BR><BR>I would think that a gmail account, sending PGP-encrypted messages,<BR>would be sufficiently under the radar. If sending PGP alone flags you,<BR>then it could easily be steg'd into a picture. But on
Riseup, you're<BR>well on the radar to begin with, and that's troubling to me. Unless we<BR>get into "can <YOUR Aliens Grey or NSA Illuminati, MJ12, of choice><BR>crack PGP", that should keep you safe from context scanning (and when I<BR>mentioned sending only encrypted messages, I was speaking of PGP, to be<BR>clear).<BR><BR>In short, I think Riseup is great, but I would love it a lot more if the<BR>server had protection from the legal kind of compromising, possibly<BR>through Tor as a hidden service. I wouldn't advocate using Riseup<BR>because they profess to having good admin practices; admins can be<BR>changed quite transparently for users, and you don't know if the Riseup<BR>team is really running the show. Gmail can't context-scan encrypted or<BR>steg'd email.<BR><BR>>use off the record [0] or something equivalent for private<BR>>conversations! you get clear indication of state (private/not<BR>>private) and it was designed for end to end
privacy.<BR>><BR>>(just my personal opinion :)<BR><BR>I advocate OTR every chance I get. It's really great: it's deniable,<BR>it's authenticating, and it's available on all major (free or not) OS's.<BR>It's fantastic, IMHO.<BR></BLOCKQUOTE><BR><p>