I don't have anything against Riseup in particular, but it's making me sad to see that there are still smart people who are passionate about email security, are based in the US, and are saying "you should just trust us to ignore the secret court orders that legally require us to spy on you without telling you about it".
The world changed already. Take the energy that you're currently putting into making promises that you can't keep and work on something with a defensible security model instead.
edit: I also believe they were complicit in ousting several of their users who allegedly used their service for illicit reasons a while back when they were competing with hushmail, safemail, and the lot. This is from memory, and I have no proof to back it up. Grain of salt and all that
Last I checked, it is not a requirement that you keep logs in the US, and that is exactly what they don't do.
Regarding that server seizure... they seized one server that was used for virtual hosting of another group's mixmaster and when it was returned they immediately quarantined it and did not use it.
citation needed about the outing, otherwise its just FUD
Last I checked, you can at any time be requested by the US government to do exactly that: to keep logs or give them access.
My point is that they are on the radar, it's a matter of when not if they get an order to start keeping logs or an agency deems it okay to seize their hardware again.
If someone is using your service and is suspected to be committing a crime through it, as a provider you can be subpoenaed to be reasonably complicit in an investigation on said individual. That can involve keeping temporary logs, contact information, message content, or being placed under total network surveillance without notice.
Or they can just seize the servers again and you can hope _everything_ is secured on the provider's end.
The site's premise is a honeypot for just the kind of people the government would like to keep an eye on.
Men in suits can still come up and demand complete collaboration and silence XOR Guantanamo, so nothing specially secure here. Also not sure why they need thousands of dollars for a high-end server + "consultant", can't they start a proof of concept in a VM with limited (invite) accounts? sorry for the negativity
Because they are the largest non-profit mailing list provider outside of universities and are struggling under the load. They dont need a proof of concept, they've been proving their concept since 1999.
2. P2P software for distributing content across a mesh network between the multiple servers (e.g. Gnunet & Freenet). Distributed Filesystems also work:
The VPN is nice although. I wish STOMP was used more instead of PYSC. I still love IRC. It would also be awesome if they had a mini USENET, that would sell me over to volunteer.
Do keep in mind (and please respect) Riseup's policy [1]. Riseup does not respect:
* Support for capitalism, domination, or hierarchy.
From what I've seen here at Hacker News, many contributors are quite outspoken neo liberals that are more interested in venture capital than hacking and actively "support capitalism".
13 comments
[ 3.7 ms ] story [ 45.8 ms ] threadThe world changed already. Take the energy that you're currently putting into making promises that you can't keep and work on something with a defensible security model instead.
They are one of the forces driving a project for a encrypted e-mail system: https://leap.se/en/home
They also issued a call to arms asking for volunteers on the project not so long ago.
It's been little over a year since the FBI seized their servers. https://www.eff.org/deeplinks/2012/04/may-firstriseup-server...
edit: I also believe they were complicit in ousting several of their users who allegedly used their service for illicit reasons a while back when they were competing with hushmail, safemail, and the lot. This is from memory, and I have no proof to back it up. Grain of salt and all that
Regarding that server seizure... they seized one server that was used for virtual hosting of another group's mixmaster and when it was returned they immediately quarantined it and did not use it.
citation needed about the outing, otherwise its just FUD
My point is that they are on the radar, it's a matter of when not if they get an order to start keeping logs or an agency deems it okay to seize their hardware again.
Also, https://www.riseup.net/en/riseup-and-government-faq
Or they can just seize the servers again and you can hope _everything_ is secured on the provider's end.
The site's premise is a honeypot for just the kind of people the government would like to keep an eye on.
1 CDN or mirror service to lessen the load. There are free ones:
https://en.wikipedia.org/wiki/Content_delivery_network#Notab...
2. P2P software for distributing content across a mesh network between the multiple servers (e.g. Gnunet & Freenet). Distributed Filesystems also work:
https://en.wikipedia.org/wiki/Comparison_of_distributed_file...
3. Other communication than Jabber. Proper recommended secure channels are SILC, OTR, and now Beta secushare:
https://en.wikipedia.org/wiki/SILC_%28protocol%29
https://en.wikipedia.org/wiki/Off-the-record_messaging
http://secushare.org/
The VPN is nice although. I wish STOMP was used more instead of PYSC. I still love IRC. It would also be awesome if they had a mini USENET, that would sell me over to volunteer.
SILC and OTR? The former being a unmaintained nightmare, and the later something that is client related and not something they would "implement"?
* Support for capitalism, domination, or hierarchy.
From what I've seen here at Hacker News, many contributors are quite outspoken neo liberals that are more interested in venture capital than hacking and actively "support capitalism".
[1] https://user.riseup.net/forms/new_user/policy