That was probably just commemorating Leonard Cohen's death, and the certificate fingerprints were probably just removed because they switched to Let's Encrypt for those domains. But you never know.
What good is a warrant canary if it's also used for whimsy or commercial speech? If they don't take it seriously enough for people know what it means then their system isn't worth using to start with.
That's the problem with canaries, though. By definition, they exist for situations where the canary-owner can't offer positive evidence for compromised security.
I don't particularly think Riseup is in that position, but unless someone actively says "don't worry about our lack of a canary, we took it down for $REASONS and all is well", negative evidence is all you can react to.
Okay, that's telling, but the canary on its own seems to be valid still - it's from August 16, 2016, and they say it should be 'updated approximately once per quarter'
If I were a scary government type and took control of riseup.net, that is exactly the thing I would post to twitter if I couldn't compel them to update the canary.
Your comment is a distraction, not a contribution. People came here to discuss whether a warrant canary had died, not to hear you trot out security 101 cliches.
While obviously this is not about preventing you from "getting email", you might not have received everything. You should consider the service compromised.
If you're doing any kind of radical political work --- left or right --- and are worried about the attention you're going to attract, don't use things like RISEUP.NET. You shouldn't be running mailing lists at all. You shouldn't be using Jabber and asking all your peers to enable encryption. These are fundamentally unsafe services, and the idea that they can be provided safely just by paying attention to network security is terribly misleading.
In the universe of possible media in which to conduct discussions with a group of peers, there may be none less safe than SMTP email mailing lists. Keep secrets off mailing lists. Never use mailing lists for secrets. Assume your mailing lists are public. Nobody is going to deploy a mailing list security solution that will ever be adequate against state-level adversaries. Any site claiming to keep political activists secure that offers mailing lists should be viewed with suspicion, because "don't use mailing lists" is close to the only thing that messaging security people agree about.
I remember clearly a Tunisian opposition party was using a RISEUP mailing list around 2006 to spread its articles, political statements, etc... (When they were banned before the revolution of 2011).
Not all politicians can/know how to operate anything more complex than an email account.
Wow, so you operated mail and IRC servers for use by dissidents pre-2011? I would definitely attend a talk about that! A blog post would be amazing too.
I see, that's great to hear. I don't live in Tunisia, so I'm not familiar with the Tunisian tech scene. Judging by your Twitter feed, it seems to be really active, which is awesome!
Nothing that impressive, I was just a bystander, I had a bot that logged IRC conversations on certain rooms and I subscribed to a number of mailing lists.
I just need to find the time to filter that data and publish something.
We in the XMPP community work hard to make "Jabber" secure. Forward secrecy, federation and client scoring, carefully constructed extensions. But without end-to-end encryption like PGP or something, you're open to attack. There are some really neat specs that work on making this more transparent and better, but yes, you can't just blindly use someone else's service and go "it's secure."
While you are not lying, and mailing lists should be avoided if you want to share secrets, most of the times you need a mailing lists not to do that, but to simplify communications.
At least in the global south, most of radical activists groups have strong "no-internet policies" for any type of secret, and no cellphones ones for their work. They have learned with their own history what they can or can't do, learned how to deal with IRL infiltration, and even learned how to communicate without any kind of contact or even agreements between groups. To survive and act against dictatorships or invading armies is not easy, they had to be smart.
But still, because travelling is expensive and networking today is a need for some of those groups or collectives, they can communicate with each other talking about their resolutions or activities, which are not secret (as I already said, it's assumed there can be a IRL infiltrate) but they are also not public.
You can see SMTP and mailing lists as a huge security risk, and they are, it's just not very common to see people that assume the opposite around here.
Also, sometimes, some activists can deliberately use a mailing list as a public expression channel because it is important that these things can be eared by everybody.
I see it as sticking posters in the street. There is no reasons to use Facebook or Google Groups for most of the Riseup (public) Lists users, not because they want something secret and hidden, but because they don't want to play with some companies rules and appreciate to be a part of a network run by volunteers more than to use profitable fake-free services.
Because it makes sense, not because it is more or less secure.
Don't use things like RISEUP.NET. You shouldn't be running mailing lists at all. You shouldn't be using Jabber and asking all your peers to enable encryption.
Instead of looking for anti-authoritarian services to hide from authoritarian government services you should probably blend in with the fish like Mao said:
> The guerrilla must move amongst the people as a fish swims in the sea.
It's better to create false identities that are seemingly legit and fully fleshed out, for example: with back stories, and utilize regular services as a normal person would. The key is disconnecting your own identity from the false one. Rather than trusting your security to a 3rd party service that makes a name for themselves on helping people trying to hide their identity, thereby attracting scrutiny.
That being said there are ways to use encryption services in a way to protect your communication but the bar for doing so is very high and most people will either make mistakes or get lazy. Fortunately services like Whatsapp and to a lesser extant Signal are so popular that you could easily blend in using them, while still having high-quality data encryption. Although they both use phone phone numbers for authentication and the device itself is always a weak-link which is why the identity part is so critical.
thegrugq posted an article a long time ago about how CIA agents in Lebanon [1] got caught because they used burner phones in a way that was unlike the way anyone else used cell phones, if I remember correctly: they were turned off the device most of the time except to make a few calls to other phones that were similarly not used often - not in the way normal people make calls. So anyone in control of the mobile operators would be able to ID potential evasive behaviour an zero-in on those devices/people for extra scrutiny.
That type of behavioural analysis that applies to real life can even more easily give you away in the digital world. Which is why it's important to not stand out from the crowd by using services like Riseup when your entire goal is privacy.
Yes I linked to the current certs in the post text. The issue is with the domains that were deleted in the commit (also linked) which no longer appear in these links.
Black, labs, and a few others have their own certificate that no longer can be verified with fingerprints, since Oct 22nd.
From top of their page: "
Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
"
I remember it being used a lot by radical leftist (mostly anarcho-*) groups when I was at university. But even then it was basically assumed that riseup was infiltrated or a honeypot run by the feds.
I hadn't heard of it either until just now. I remember when Reddit removed their warrant canary. I barely even use it now. For most people I bet it didn't matter. I have a feeling with mission of Riseup, this will have a much larger impact on their userbase .. the ones who are aware of this.
I'll bet they placed bets on how quickly people would stop caring once it left the front page. That plus their usage of Moat display analytics tags on the homepage, and pushing for people's email addresses should be a clear telegraph of where they want to take the site.
I'm also curious about the security of things like RES.
Imagine if your office live-broadcasted nearly everything. From the corridors, reception area, to the opening of physical mail. The PR and generally more "public" email addresses could be transparent as well.
This means when the NSL arrives, it will be seen by the world.
They certainly are real letters, though you're right in that they might be hand delivered by an official process server. Either that, or just mailed with a return receipt and signature required.
But in every company I've worked for mail is signed for by whoever and, if it's addressed to an executive, delivered to a secretary who reads it and decides what to do it.
Given the requirement for secrecy, there is zero chance that an NSL will be treated in this way. And it won't be served by a random process server. Most likely it will be served by an NSA employee, in a discreet situation of their choosing.
A NSL is a legal document that originates from the DOJ (via the FBI) that requires no judicial approval. Nevertheless it is a legal document. The NSA does not participate, authorize, approve, initiate, or distribute NSLs.
I am highly skeptical of any claim that an email provider is more private than other providers. E-mail is fundamentally not secure and not private, unless you enhance it with PGP, which requires you to, of course, have something you want private.
Most people don't encrypt because they're not scared enough. It usually takes some time before their wordlview is repeatedly shattered enough that encryption is the only choice they have.
> Authentication security: Do they use 2 factor or other tech?
Sorry for sniping this specific one, but 2FA is (more often than not), security theater. It gives the illusion of security like how TSA baggage check is a big dance of scanning, pat-downs, and key ceremonies.
For context, consider Yahoo Mail, where emails are read by intelligence agencies before the user even gets them. Does my 2FA help here? Probably not.
I can understand that 2FA does have its uses, but frequently I'm seeing it being used like those 'Secured by Comodo SSL' with a picture of a shield to make a would-be shopper feel like the transaction is more secure. It can be theater.
That's like arguing that an airbag is safety theater because it doesn't prevent drowning if you drive off of a bridge.
MFA is used to prevent a third-party who has access to your credentials from being able to login as you and, in the case of U2F, to prevent a successful phishing attempt from compromising your account.
MFA offers no, and never has been billed as, protection against a subverted server or an attacker who can decrypt or tamper with traffic on the wire.
Security is a large, complicated problem. There will never be a single measure which protects against every threat.
It doesn't help a system-level adversary, but it does help prevent trivial takeovers by malicious actors attempting to get access to your email as a vector to compromise other services.
To summarize, 2FA does not prevent email reading if the provider doesn't, however it does help prevent run of the mill takeovers, especially if you've reused a password somewhere.
Security is all about defense in depth, it's worth keeping in mind that 2FA is an important step there, but by no means the only one.
If you aren't encrypting+signing a message, you've already decided that security requirements of that particular message is minimal.
It seems like you're just ignoring HackUser's argument that security is a degree.
Securing against low-level hackers and intrusions increases security, even if it doesn't stop the NSA. It also doesn't stop the CIA from physically spying on you.
Securing yourself against low-level hackers and intrusions is not security theater. For most people, these are the most frequent and direct threats.
I would also argue that over-securing yourself is security theater. It's the same as overselling insurance products to people whose risk profile doesn't match the product. If you're not making security decisions based on the profile of risks you encounter, then you're engaging in theater to make yourself feel better.
> Sorry for sniping this specific one, but 2FA is (more often than not), security theater.
This is a completely wrong statement. It helps prevents compromise from non-system-level attackers. Telling a user that 2FA is "security theater" is doing far more harm than good.
> E-mail is fundamentally not secure and not private, unless you enhance it with PGP, which requires you to, of course, have something you want private.
That's not true. A friend and I use GPG just to use GPG. You don't have to want to keep something private, just like you don't need to be doing illegal things to want curtains on your house.
Thanks for clarifying. I have to remember this quote:
"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged"
What I mean is that I can decide to not encrypt and have my emails under public scrutiny, but as I said, most people are not scared enough because it doesn't happen on their watch.
It doesn't matter what the content is, or how non-libelous - if it's encrypted with PGP, it's private.
I would add that Riseup don't claim to be the best on security or privacy.
> Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
This is what they claim on their homepage[1]. Tools built by people who believe in a certain philosophy for people working on "liberatory social change".
They try to operate and control their tools. They don't claim that they are "the-most-secure-email-provider".
They claim to work on what they call "Network Security"[2] (traffic encrypting and providing services outside of the tracking bubble), and define other fields of security ("Human Security", "Device Security", "Message Security"), that the user can improve himself by education. They provide means of education for this.
This is an alternative. Gmail is maybe more "secure", or maybe not, but don't claim these kind of social changes. Gmail is "free" and commercial. Riseup is not free and volunteer-run.
I was running my own e-mail server for a while before I finally got around to generating/publishing a PGP key. It's a pretty simple process, but also an incredibly complicated process for the uninitiated.
Confusing update IMHO. Could be read as reassurance. Could also be read as being threatened with incarceration and being forced to keep the site up. or a reminder to archive stuff immediately because of impending shutdown.
Not really sure what to make of it, other than they have obviously heard the concerns and /not/ updated the canary.
Not really my area of expertise, but it strikes me as completely clear.
The canary hasn't been updated and the tweet implicitly acknowledges that they are aware of the concerns that people have about the overdue update. I can only think of two reasons to do this. 1. get some publicity or 2. for whatever reason they are unable to update the canary and are unable to say why. Personally, I doubt it's reason 1.
But why say they have no plans to shut down and link directly to the part of their FAQ where they say they will shut down if they are under government surveillance? Why not just tweet something like "We have heard your concerns" or something similar
The purpose of the hyperbole, I'd assume, is to make one ask the same questions you're asking. In the philosophical sense: if we have to ask, we already have our answer.
If you care enough to post canaries, shouldn't you also care enough to just close shop instead of subtly telling your users to stop using your services?
But they could order them to give them access to administer their servers, with acts of sabotage being punishable. There's no reason you should assume that the people running RiseUp right now are the same people that ran it a week ago.
Even if you shut down immediately (more on that in a moment), you can't wipe your storage and The State can still look through that
And if it is an ongoing investigation, shutting down immediately may be very difficult. Unless you can make a compelling case that you were already doing so for whatever reason, it is a very clear textbook case of obstruction of justice/interfering with an ongoing investigation.
Or at least care enough to update them more than once a quarter... worse than useless, since those Unspeakable Agencies will have had their fill of information by then. And then the canary dies and people panic into moving their hosting to 'stay private'.
which means either they haven't received anything, in which case why not update the canary. That the orders were very limited in scope and they think they could keep operating safely. Or that they have been ordered not to shut down. Ambiguous tweet is ambiguous, though it's telling that they made it and still did not update the canary.
Before the most recent update, it was updated April 10th. So 121 days between updates. At the same rate, it would be updated next around December 21st. But yeah that is a strange tweet, and lack of tweets since is also strange.
Do you have a trust path between you and that key? If not, that message is normal, but you have no in-band way of knowing whether it's a valid signature from the right key or a valid signature from a fake key. However, if you have some trustworthy source that that's the right fingerprint, then you know it's a valid signature from the right key.
I love how this conversation devolved into pedantry, honestly. Worry about the a/an usage, don't address the root issue, why don't you. Yup: programmers are grammar nazis.
Speaking for myself, this was brought to my attention in the context of a developing story about WikiLeaks being under duress or Julian Assange missing, who has not sent direct communication let alone signed communication for around a month now.
Yep that doesn't look too good. Iirc there was more reasonable discussion on r/bitcoin. They have used the blockchain in the past, I will say that.
Without trying to turn this thread into a full "Where is Assange?" discussion, for me I just can't imagine why he has not sent communication since mid October, now long after the election, especially since the chorus is now strong enough that their Twitter has to say "everyone relax." He usually sees a lot of visitors, and they have access to millions of dollars, so he certainly has various ways to connect to the Internet just to say "I'm fine."
Without trying to turn this into a full "Where is Assange?" discussion, unless the conspiracy against Assange involves compromising such disparate actors as Ecuadorean embassy staff and prosecutor, the Swedish prosecutor, his own legal team, Wikileaks staff posting press releases in his name, Pamela Anderson and John Pilger, all of whom have communicated with him since his supposed disappearance, it's probably safe to assume that he has other priorities than sending a signed "I'm fine" message, particularly since it's already been documented that his preferred method of internet access was cut.
Yes, I know there are a few people who have said "He is fine, trust us", but it would take all of 2 seconds for him to send a message himself, a picture, a video clip, stand by the window, or go on the balcony, and there has now been a very long, uncharacteristic time window where he has not done this. He has many means of communication, regularly has visitors, and has a very legitimate reason for doing it (to silence all the people who are concerned, constantly Tweeting at them, calling to cease donations, etc.) - so the fact he hasn't is worthy of our suspicion.
EDIT - I really did mean "didn't want to start full discussion", because there apparently is a whole lot more circumstantial evidence, including regarding some of the people you mentioned (like some members of his legal team being barred entry), but seriously, I'm going to leave the fullness of that discussion for Reddit, and think anyone who is interested in it should take it up there.
To be honest, people that aren't going to be convinced that an in-depth video interview John Pilger asserts was made on October 30th or an abundance of statements from all parties about two days worth of formal interviews over the court case that's dogged him for a while aren't going to be convinced by a quick video of him saying "I aten't dead yet", or probably even a keysigned message.
There are an abundance of pretty straightforward hypotheses consistent with the known facts(e.g. "Assange isn't feeling fine because he's still angry and/or paranoid about his preferred internet connection being taken away", "Assange feels this story is good publicity, relative to other kinds of publicity he's getting at the moment") but of course these aren't the ones being discussed on "Where is Assange?" subreddits.
Sorry, but c'mon, that entire subreddit would disappear overnight if Julian gave just one, basic proof of well being. The majority of the 12,000 (and fast growing) are not conspiracy people, they just have a very simple request for a PGP message, a picture, a video, a public appearance, anything.
Again, I encourage the debate of circumstantial evidence on Reddit instead of here, but Julian does not say anything to indicate recency (pre mid October) in the Pilger interview, otherwise that would have probably ended the subreddit. And it's ambiguous to what extend Julian was involved in the recent posing of questions to the Ecuadorian prosecutor by the Swedish prosecutor (just the 1, without Assange's lawyers). Again, Julian just needs to take a quick minute and say "I'm fine," and that community would disappear.
it's well known that his internet is cut off. I think if somebody was sending communications with his signing key while he is known to be unable to communicate, that would be the real problem.
He usually sees a lot of visitors, and the organization has access to millions of dollars, so he certainly has various methods available to him to say "I'm fine." They can't physically "cut him off" the Internet, but they can demand that he pause the election-related PR he was doing. They asked him to not interfere in the election, specifically.
However, the election has been over for some time. Even if they could, I doubt the Ecuadorian Embassy would forbid him from sending a basic message, picture, clip to verify he is OK, especially since pressure has been on them for a while now about his well being.
Granted. You're right that this is bizarre. I'm posting a proof-of-life of myself because Julian Assange is unable to, and I'm trying to get the word out. It's not just a selfie -- It's proof that I'm alive.
Basically I'm pretty much freaking out at the moment because it appears that Julian has been disappeared, and I'm doing whatever I can to try and spread awareness about this issue.
Previously, there were people on HN who were sympathetic to WikiLeaks and their cause, and this appears to be changing.
Depends on how you're reading it in your head.
If you read "Freedom of Information Act", then it's "a FOIA" but if you read "Eff Oo Aai Aay", it's "an FOIA"
For the abbreviation,"an FOIA" is correct. For the term "a Freedom of Information act" is correct. Its based on the sounds, not the word being abbreviated.
I would cringe when I would hear pronounced acronyms like "sequel" and "scuzzy" (SQL and SCSI) back in college; some acronyms simply aren't meant to be pronounced as words, especially if the pronounced word gave an uninformed listener the wrong impression. "Eww, why does my computer need to be scuzzy??"
> It was initially called “Structured English Query Language” (SEQUEL) and pronounced “sequel”, though it later had to have its name shortened to “Structured Query Language” (SQL) due to trademark issues.
