Signal – Private Messenger for iOS

Signal provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.- Signal uses your normal phone number to make and receive calls, so you don’t need yet another identifier.- Signal calls are encrypted end-to-end, but function just like you’re used to.- Free and Open Source, enabling anyone to verify its security by auditing the code.- Uses wifi or data, not your plan’s voice minutes.

via Signal – Private Messenger on the App Store on iTunes.

jlund/streisand · GitHub

An interesting new project to try on a Raspberry Pi:

Streisand sets up a new server running L2TP/IPsec, OpenSSH, OpenVPN, Shadowsocks, Stunnel, and a Tor bridge. It also generates custom configuration instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, or fellow activists.

via jlund/streisand · GitHub.

Diversity Talk at HopeX

On Sunday 20 July 2014 I gave a talk at the HopeX conference in New York. This is the integral text:To see it back, go here:

So what can we conclude after more then a year of Snowden revelations? Snowden coudn’t have more clear in his speech yesterday: everything we do is recorded.

We are all fucked. And we, the tech savy people, the ones that eat python for breakfast, the ones who can hack their way out of an iron vault buried 4 miles deep in the Utah desert are fucked most of all because not only do we have endowed ourselves with some extra responsibilitites. We have to save ourselves ánd we have to save the world. We have to save our favourite pizza baker, our doctor and our mom. We have to save them to save ourselves.

My name is Douwe Schmidt, I work for hosting provider Greenhost and in monthly crypto parties I try to teach random people digital safety at the Amsterdam Public Library. I also try to stay on top of the latest news in the tech community. I read my libtech, (never posted to it tough), go to the European hacker camps and have a tor relay on my rapsberry pi at home. But I can’t even hack my way out of a paper bag.

And a year after Snowden I am more and more unsure if any of this stuff I do makes any sense. If I look at the amount of hoops and loops I have to jump through to notch up my digital security even a tiny bit, never knowing if it is enough… how on earth are my favourite pizza baker, my docter or my mom ever gonna defend themselves against the claws of mass-surveillance?

I know some of you have answers. Many of you have many answers. They involve a great deal of the same abbriviation lingo we know from the leaks. We just have to use OTR over TLS with PFS and use TOR to exhange our PGP. Right?

Wrong. Or no, right. We have to do exactly that. That shit rocks and I love it. But we, I mean literally we in this room, are not enough. We have to OTR over TLS with PFS to order pizza, we have to use TOR to order medicine and we, for sure like hell have to PGP with our mom. We have to get these tools to them to make sure we can be safe. If they are not gonna use it, we are gonna stand out like a sore thumb as the only ones using encryption on a decent level.

We need to diversify.

Because we have to make sure the tools we make can be used by our bakers, docters and moms. Could it be that most of the tools we make are not being used because we deisgned them for ourselves and our friends? When was the last time you let your little brother try the code, or asked your grandma to fire up your program? For the ones running mailservers: when did you last use your webmail that 80% of your users use?

We need userled design. The ones who are going to use the programs must be part of the design and development process from the start. We need to know who these people are who are gonna use our code to safe lives on the other side of the earth. Many of us don’t have the research budgets of google and facebook to get an exact profile of the whimps and wishes of our users. So we have to meet face-to-face with them to learn what they need. We need to be part of their struggles and know their stories.

We need to diversify

Because there is not one solution.
There are people who say we need technical solutions. There are people who say we need political solutions. They are both wrong. We need both. Just making a new app with extra crypto won’t solve anything if your politics is down the drain.

But only Political solutions won’t work either. Ella Saita very rightly pointed out in her talk at the Noisy Square at OHM that once a method or policy is in place, it will not leave again. As she said: “The NSA did very politely in 1975 turn off their telegram surveillance program. It had never in their entire history produced anything useful. So that’s our one example of a technological capability being rolled back. So, so much for history.”

Further more, you have a national problem here. And once again, this is a straight quote from Ella: “the NSA taps every politician’s email, and even anybody who might become a politician. They tap their phones, they tap their email, Partially they do this for national security reasons: they need to know if those people have sold out to somebody or any number of justifications. But it also means that they have all the dirt on all the politicians. Now, how easy do you think it is to keep a politician bought if their career can be destroyed at any moment? How well do you think their long term policy will is going to be when they know that if they stand up too much they just get destroyed.”

We need to diversify to fight the political battle internationally. I am sorry to say, but I have more faith in the Germany, Poland, the Netherlands and more faith in Brazil in this regard then in the US. But we’ll need the help of you here to keep our politicians in check. So you have a place to hide. We need international coalitions and show the US through international pressure that they are backwards and destroying not only businesess, but freedom at large.

We need diversity.

Because we are circle jerking in an echo chamber.
Here is a shout out to Moxie Marlinspike, you are making great stuff like chatsecure and redphone. But two weeks ago you found it nessecary to call out on twitter and asking peple not to fund cryptocat for Android but instead fund your project. Moxies work is great and I understand he believes it is the best thing around. He might even be right at that. But to think that it is good to have just one cryptoapp, and not multiple is beyond me. Anyone with some basic understandig of biology know what monoculture can mean in a time of crisis. We need many different tools, aimed at many different people. We need to make sure not everyone dies when one heart bleeds.

We need diversity.

Because we are going to die. And that I mean literally. We need coders doing journalism, we need journalists coding, we need activists, docters, laywers, teachers, civil servants and the pr0n business understanding their jobs will become impossible without security and privacy. We need the entire society or else we are small. We are going to be targeted hunted and smoked out of our mancaves. Like XKCD says; we are going to be drugged and beaten with a $5,- crank and the 4096bit RSA encryption will not stand up for us.

We need to diversify and open up our communities to LGBTQ community, the syrian fighters, artists, academics and mexicans trying to defend themselves against the drug cartels. We need to understand their struggles to empower them. And they are ready. They want to. A recent call for academic papers to mathematicians on the NSA resulted in submissions carrying titles like: “Mathematicians Should Sever Ties with the NSA” and “Dear NSA: Long-Term Security Depends on Freedom” and “The NSA Back Door to NIST”.

This year every mayor art-academie in The Netherlands had students graduating with art works dealing with privacy, surveillance and technology. Syrians fighting both ISIS and Assad want and need Mesh networks. And pizza bakers want to know how to have a TOR hidden service delivery service accepting bitcoin. They are ready to take our knowledge and craftsmanship global.

Now it is our task to be ready and make sure we can welcome all their ideas, cultures and insight with open arms.

Thank you.

10 ultimate tips to no longer be ashamed to open the terminal in public

From Relearn 2014


Introduce yourself

echo I am `whoami`. It is `date` and we are on $HOST, in the directory `pwd` | espeak
echo I am `whoami`. It is `date` and we are on $HOST, in the directory `pwd`
or, on OS X:
echo I am `whoami`. It is `date` and we are on $HOST, in the directory `pwd` | say

What time is it in Sao Paulo at 18:47 in Brussels?

TZ=America/Sao_Paulo date “+%F %R (%Z%z)” -d ‘TZ=”Europe/Brussels” 18:47’

Get the alphabetical list of words in a text

cat text.txt | tr ” ” “n” | sort | uniq

Do a cadavre exquis of several texts

cat a.txt b.txt c.txt > abc.txt

Make a top 5 of your fattest files

ls -l -S *.* | head -5

Create an animated gif of system icons

convert /usr/share/pixmaps/*.{png,xpm} /tmp/animated.gif

Make a randomized playlist of a sound sytem and listen relax

find /usr/share/sounds/ -type f | shuf > /tmp/playlist.list && mplayer -playlist /tmp/playlist.list

Make a parody of Wikipedia

wget -k -O /tmp/o.html && sed -i “s/w+ing/schtroumpfing/gi” /tmp/o.html

Make a poem out of your computer memory

sudo dd if=/dev/mem 2> /dev/null | cat | strings | shuf | head

Rank the commands by popularity

history | awk ‘{print $2}’ | sort | uniq -c | sort -rn | head

Seda Gürses lashes out to Activist tech

The current distance between those who organise their activism to develop “technical infrastructures” and those who bring their struggles to these infrastructures is remarkable. The paradoxical consequences can be baffling: radical activists organize and sustain themselves using “free” technical services provided by Fortune 500 companies. At the same time, “alternative tech practices”, like the Free Software Community, are sustained by a select visionary and male few, proposing crypto with 9-lives as the minimum infrastructure for any political undertaking.

via by Seda Gürses.

Apple protecting its customers

Word has it todaythat anyone going to the Tor website is tracked by the NSA after that. So if you clicked that link, you’re now a high value target for the NSA.

Just by coincidence I past the Apple store in Amsterdam today to ask for a new battery for my laptop. Out of curiosity I tried to acces my own server over SSH, the tor website and the Tails website. (Tails is a operating system you can download and run from a USB stick providing some of the best anonymity tools available today)

I guess that Apple really looks after its customers and doesn’t want them to get in trouble because it was all blocked… I made a quick screen cast of this tiny experiment.

Joy and angriness aside… what does todays revelation mean for all the people I advised to download Tor at the Privacy Cafe?