www.nettime.org
Nettime mailing list archives

<nettime> Riseup canary digest
nettime's_custode on Sun, 27 Nov 2016 14:29:06 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Riseup canary digest


     [ digested  {AT}  nettime -- mod (tb) ] 


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

(1) Riseup canary
(2) RT (ex-"Russia Today"): "Missing ‘canary’ mail prompts alarm..."
(3) Riseup on Twitter
(4) Riseup tweets  2016-11-11:10:23 – 2016-11-23:13:36
(5) Center for a Stateless Society, "Riseup’s Canary Has Died"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(1) Riseup canary
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 


Riseup canary: < https://riseup.net/canary >
	
  - last updated 2016-Aug-16
  - "Riseup intends to update this report approximately once per quarter."

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(2) RT: "Missing ‘canary’ mail prompts alarm..."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

RT (originally "Russia Today")

  < https://www.rt.com/viral/368082-rise-up-canary-missing/ >

Missing ‘canary’ mail prompts alarm over security of RiseUp email service

 Home / Viral /
 
 Published time: 24 Nov, 2016 16:04

"...the site’s lack of an anticipated ‘canary’ update coupled with recent
cryptic tweets have sparked a debate among its users as to whether the
site has been gagged, hacked or worse.... User concern over RiseUp’s
security erupted when the website posted a series of cryptic tweets
earlier this week, leading users to believe the team haven’t just been
'lazy' with their updates but are instead warning users that something
is indeed amiss. 'It is possible that they are just being lazy or that
they simply haven’t updated it yet. None of that matters. The point of
the Canary is that if it is not updated in a timely fashion you stop
using the service. If they update the Canary later then you know you’re
good to go,' journalist Tim Pool told SubVerse. *** READ MORE: Lavabit
owner fears arrest for non-compliance after secret surveillance order
[Published time: 17 Aug, 2013 01:49] *** .... Other recent tweets from
the RiseUp account with hummingbird quotes and threats of a “revolution”
have convinced some avid fans that the site is trying to deliver a
warning. The messages have sent users into a confused digital
hysteria...."

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(3) Riseup on Twitter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Riseup on Twitter:

  < https://twitter.com/riseupnet > 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(4) Riseup tweets  2016-11-11:10:23 – 2016-11-23:13:36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Riseup tweets:

  < https://twitter.com/riseupnet/status/797142735283257345 ..

     riseup.net  {AT} riseupnet

     listen to the hummingbird, whose wings you cannot see, listen to the
     hummingbird, don't listen to me. #LeonardCohen

     RETWEETS 163 LIKES 173
     10:23 AM - 11 Nov 2016 	[four days after Leonard Cohn's death]

-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   - 

  < https://twitter.com/riseupnet/status/800815181190217729 >

     riseup.net  {AT} riseupnet

     we have no plans on pulling the plug
     https://riseup.net/en/about-us/policy/government-faq

       [[ screencap of FAQ "Will Riseup services last forever?" + A ]]

     RETWEETS 136 LIKES 126
     1:36 PM - 21 Nov 2016

-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   - 

  < https://twitter.com/riseupnet/status/801902121150869504 >

     riseup.net  {AT} riseupnet

     1. There is no need for panic.
     2. Our systems are fully under our control.
     3. We will provide additional information at a later date.

     RETWEETS 338 LIKES 296
     1:35 PM - 24 Nov 2016

-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   - 

  < https://twitter.com/riseupnet/status/801902265170673664 >

     riseup.net  {AT} riseupnet

     4. Our prior tweets did not have any hidden subtext.

     RETWEETS 147 LIKES 132
     1:36 PM - 24 Nov 2016

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(5) Center for a Stateless Society, "Riseup’s Canary Has Died"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

< https://c4ss.org/content/47015 >

The Center for a Stateless Society ("A Left Markey Anarchist Think Tank & Media Center")


Riseup’s Canary Has Died

William Gillis |  {AT} rechelon
November 23rd, 2016

UPDATE: Riseup has sent out a tweet asking people not to
panic, asserting that they still have full control over their
servers, and saying more information will come at some future
date. Their studious failure to refute having a gag order
basically certifies the existence of one. But again, don’t
panic. A gag order doesn’t mean their servers are
compromised. We have every reason to trust that Riseup would
rather pull the plug.

Popular provider of web tools for activists and anarchists
and backbone of much infrastructure for internet freedom,
Riseup.net has almost certainly been issued a gag order by
the US government.

Riseup regularly updates a canary located here certifying
that they haven’t received a gag order, court orders or the
like. That canary has gone dead (ie has not been updated). In
addition just before it expired Riseup posted a tweet with
Cohen lyrics “listen to the hummingbird, whose wings you
cannot see, listen to the hummingbird, don’t listen to me”
and a tweet saying “we have no plans on pulling the plug”
with a screencap of the segment of their FAQ that says they’d
rather pull the plug on services than comply with
surveillance. Of course this entry in their FAQ also says you
should back up email in preparation for such a shutdown.

My read is that Riseup is complying with the gag order while
fighting the surveillance demanded in court. Riseup is made
up of long-time anarchist activists who would feel obliged to
go to prison rather than collaborate in snitching out others.
However there is a small chance someone could crack from
threats of decades in prison. Additionally there’s a much
more substantive chance that regardless of their optimism
Riseup may soon be forced to close everything down.

This is an incredibly unfortunate development given the
Riseup collective’s longstanding role for many activists and
radicals in providing email, listservs, VPNs, and assorted
tools like Etherpad. However this should serve as a stark
wakeup call about the dangers of relying on centralized
services. The last decade has seen a collapse of the once
varied and widely networked internet into a number of
centralized services (like Facebook and Gmail, but also
Riseup and Signal).

If you currently use Riseup you shouldn’t panic, but there
are a number of productive steps you can take:

1) Backup all your emails on your Riseup account locally.
This may require you to (install and) connect Thunderbird to
your email account rather than just using the webmail through
your browser. See this array of options for backing up while
using IMAP.  (Additionally it’s a good idea to enable full
disk encryption or separately encrypt your email back up. The
EFF has guides for full disk encryption for Windows. For Macs
see this. Ubuntu, Linux Mint and several other Linux variants
provide full disk encryption as an option when first
installing the operating system.)

2) Get another email address that you can use as a fallback.
Resist.ca is based out of Canada (which doesn’t do you much
good but at least some). Protonmail is based in Switzerland,
although be a bit suspicious about the “encryption” claims
they make, there are problems. There are many other email
providers. Gandi is popular. Time to shop around or — if
you’re a confident sysadmin — roll up your sleeves and run
your own email server.

3) Set up another listserv with another provider if your
group currently uses riseup for listservs. Resist.ca runs
listservs.

4) You can set up email forwarding with Riseup. Either to
pipe emails to your Riseup account to your new account or
pipe emails to your new account to Riseup (if say you want to
start popularizing a new email address but continue primarily
answering through Riseup for the time being).

5) Remember that while some providers may encrypt emails once
received on their server, all email is basically sent
unencrypted between servers and often stored unencrypted.
Every email is a postcard, readable by nearly everyone.
Unless you and the person you’re corresponding with use PGP.
So use PGP. It can be daunting to set up and to get a handle
on using (the user interface is infamously non intuitive),
however PGP is very useful and provides a good baseline.
Email is a federated (moderately decentralized) protocol in
wide use that will thus be one of the last services shut down
by authoritarians (unlike encryption services that use
centralized servers like Signal). The EFF has good guides to
setting up PGP for Linux, Windows, and Mac. And Micah Lee has
a good overview of it.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime {AT} kein.org
#   {AT} nettime_bot tweets mail w/ sender unless #ANON is in Subject: