What is Reddit's opinion of
Riseup?
From 3.5 billion Reddit comments
➔ Riseup website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
Please update events to include death of the warrant canary at Julian's email provider, riseup.net:
Aug 16th: Last update of warrant canary at https://riseup.net/en/canary, Julian's e-mail provider. (Canary is now dead.)
Ich kapere mal deinen Kommentar (sorry!) um auf deren Spendenseiten aufmerksam zu machen: sich juristisch zu wehren kostet leider Geld. Macht euch bewusst, dass falls ihr über IBAN und co spendet, eure Daten spätestens bei der nächsten Razzia in die Hände der Polizei fallen werdet. Lest euch die Spendenseite durch.
Zwiebelfreunde: https://www.torservers.net/donate.html
RiseUp: https://riseup.net/donate
https://riseup.net/en/about-us/press/canary-statement
"After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people."
"We have taken action to ensure that Riseup never again has access to a user’s stored email in plaintext. Starting today, all new Riseup email accounts will feature personally encrypted storage on our servers, only accessible by you. In the near future, we will begin to migrate all existing accounts to use this new system"
Looks like the dead canary didn't have anything to do with Wikileaks.
https://riseup.net was apparently the email host for the account that administrated @WikiLeaks Twitter.
Every 3 months(ish), riseup posts a new announcement to the public that they haven't been asked by any feds to hand over private user data. They do this so that when they are compromised, and possibly under gag order not to tell, they can signal to the public that they are in trouble by simply not updating their canary.
Their canary is now 5(?) days overdue, and has been requested repeatedly on their twitter and contact pages. These concerns haven't even been addressed, which points to gag order. If that's the case, there's no way they can directly show the public they have been compromised. They just don't update their canary, as they can't be legally forced to.
Combine that with riseup's tweet here that references both birds and deception, and I think AT LEAST @WikiLeaks Twitter is in the hands of somebody else.
Das Riseup-Kollektiv ist eine autonome Körperschaft in Seattle mit Mitgliedern auf der ganzen Welt. Unser Ziele sind, beim Aufbau einer freien Gesellschaft zu helfen, eine Welt ohne Gier und mit Meinungsfreiheit, eine Welt ohne Unterdrückung oder Hierarchie, in der Macht gleichmäßig verteilt ist. Um dazu beizutragen, übernehmen wir Verantwortung für Kommunikations- und Computerresourcen für Alliierte in Kämpfen gegen Kapitalismus und andere Unterdrückungsformen.
- Wir schätzen und engagieren uns in Kämpfen für menschliche Befreiung, die ethische Behandlung von Tieren und ökologischer Nachhaltigkeit. Wir beteiligen uns im Kampf für Freiheit und Selbstbestimmung aller von Unterdrückung betroffenen Gruppen. Wir kämpfen gegen jede Form von Vorurteilen, Autoritarismus und Avantgardismus.
- Wir organisieren uns auf der Basis von Autonomie, gegenseitiger Hilfe, Ressourcen- und Wissensaustausch, sozialer Verteidigung, Befreiungsarbeit, Gemeinschaftsbildung und sicherer Kommunikation.
- Wir arbeiten an der Revolution für eine freie Gesellschaft im Hier und Jetzt durch alternative Kommunikationsinfrastruktur, die so gestaltet ist, dass sie das dominante System ersetzen kann.
- Wir bewerben soziale Teilhabe und demokratische Kontrolle über Informationen, Ideen, Technologie und Kommunikationsmittel.
- Wir bestärken Organisationen und Individuen, Technologie bei Befreiungskämpfen zu verwenden. Wir arbeiten an der gegenseitigen Unterstützung beim Überwinden der systematischen Unterdrückung, in deren Rahmen Technologie entwickelt und verwendet wird.
I guess grassroots organizing terrifies /r/degoogle?
It's like some of the folks here only want secure communication for the people that agree with them? Please try to take a step back from the Antifa moral panic and look at the work that Riseup's doing. They don't police their users, they ask them if they agree with their principles upon registration. You could easily use them for other purposes, not that I recommend it.
A lot of orgs in my neighborhood use Riseup services because they, like you, don't want to be subject to mass surveillance. They're pleasant people doing volunteer work that's useful to our community (and yes they are leftists who agree with Riseup's mission). They don't wear black and pick fights with white nationalists. They do mutual aid work and focus on addressing unmet needs surrounding them. Really scary, right? I would posit the majority of Riseup users probably don't do anything you'd find disagreeable. Think Food Not Bombs type of stuff.
Hell, the folks with Riseup volunteer their time & resources to keep this infrastructure alive and secure. I would love to see these services extended beyond the scope of Riseup's project, but they do have limited resources. Considering they're the ones that make that shit possible, I have no qualms with them setting boundaries as to what their services are used for. They won't host services for neo-nazis, you won't host services for Antifa, etc. There should be more collectives working with their model.
Their documentation on various security topics is top notch, and an excellent public resource if you care about secure communication. Especially if you want to learn to use encrypted email (with the GPG, Enignmail, Thunderbird stack).
Check out the warrant canary for riseup.net. Note the date: previously updated every 90 days, the canary has not been updated since August 2016. This is widely taken to mean that riseup has been served a subpoena by a secret intelligence court.
http://www.zdnet.com/article/encrypted-email-provider-riseup-misses-warrant-canary-deadline/
Edit: in case anyone's interested, Reddit's warrant canary came down in March 2016. The assumption is that Reddit has been served.
There is truth to that unfortunately. Judging from the current events taking place around the world it's safe to say Governments are abolishing privacy. We do have the right to privacy however most people don't understand laws and how they work. So when they get "caught" ( I use that word lightly ) they don't know their rights or how to defend themselves. I just hope the owner of the Dark Market had a team of lawyers assembled and ready to go for if this day came. And boy did it.
It is important to follow privacy activists on social media to learn about the laws, how they affect you and how to defend yourself. It also keeps you up to date with changing laws. You may even come across a digital privacy lawyer that you may want to save their contact deets into your phone for down the road. Yes, Privacy Lawyers are a thing.
In todays age having a good lawyer on your side is like having an assassin on your side.
There are organizations our there fighting tooth and nail for the privacy of their citizens. (EFF) Electronic Frontier Foundation is a famous one. eff.org Riseup.net is another good site to check out if you value your privacy. It's these organization s that make a difference in the world when it comes to privacy and they need our support to make it happen.
Also as a top-level for people who rightly ignore mod sticky abuse:
>If you want to create an org in your own community, riseup.net provides free email, mailing lists, document sharing, and so on for direct action groups! If you don't want to create one yourself, consider throwing them some cash to keep the lights on!
They are not 'due' on the first day of a new quarter though, they are due at some point throughout the quarter.
I will copy and paste their own words on this -
>Riseup intends to update this report approximately once per quarter.
Note the once per quarter, not once per the start of every quarter.
That can be found here https://riseup.net/en/canary
I didn't know about this tweet until a couple of days ago, and it seems like a lot of people here also missed it. To me, this is basically 100% confirmation that they have been served with a gag order, and that they didn't just forget to update their canary.
I don't know why you have to get nasty. We're adults here, calm down.
August 16, 2016 was 97 days ago
A quarter is 90 days long. (Are you going to demand a link for that too?)
So it's officially overdue.
It doesn't really matter what language you use to build onion sites. Just use what ever you are comfortable with. Just make sure that your server is hardened, that you aren't leaking identifying information through your server configuration, phpinfo() or error logs. You can run the entire server inside of a Whonix Virtual Machine for extra protection against identity leaks..
Riseup has a guide about best practices for hosting an onion site.
Voting isn't really super useful as far as ushering anarchy in, though it can still be helpful for ameliorating conditions in the short term. One main strategy in the present moment is to build up our own independent organizations and infrastructures, things like community farms, mutual aid networks, community self defense organizations, and really just fulfilling the socially useful things currently done by oppressive bodies without being oppressive.
Need to work for your shitty boss to live? Mutual aid and community farms have you covered! Hate the pigs but like how they occasionally stop nazis from hatecriming you? We'll cover it without being pieces of shit who uphold the status quo! Want the privacy that comes with a VPN but don't want a collaborator on your phone? Riseup.net's VPN has you covered, and they also provide email services! Want a house but don't want to feed a landlord their fifth yacht? Find some squats!
Building bottom-up community controlled alternatives to infrastructure is a huge part of what we do, as well as ambitious protests and occupation movements like the ZADs in France and various other occupy movements. If we grow anarchy in the cracks in the pavement, then eventually we can break it apart and have a lush forest in its place.
"Firefox" didn't donate anything to anyone. Mozilla donated $100 000 to RiseUp, an open source project that provides secure email/VPN/etc to political activists (and anyone else who wants to use it).
It's about the missing update of risup's canary. Riseup is the alleged mailprovider of WL's twitter account.
The thing is:
- On one hand there is no exact due date for the release of the new canary, except that it's released quarterly.
- On the other hand they usually released a new canary when people asked for it after a quarter year, but there's no action been taken so far, which is suspicious (but still no evidence IMO).
Liberapay already exists as a Patreon-alternative. The bigger issue there is network effects, and getting users.
The problem with online tools is paying for the server costs, etc., but for VPS hosting RiseUp has done it.
For payment processing, it's a tricky (and international) industry which would require a lot of starting capital, and again there are very large network effects.
Pretty much this.
OP, read up on hosting an onion site here: https://riseup.net/en/security/network-security/tor/onionservices-best-practices
You don’t want to host a server at home because it’s directly linked to you. Your IP address (if leaked) can geolocate you or your ISP can see a large amount of tor traffic from your connection.
indeed, thats why I dont understand it. But if the "C" really stands for "Canary" (https://riseup.net/en/canary) then that is ment as another hint that WikiLeaks is in enemy hands, right?
it looks like the twitter accounts are under some order to prevent them from posting information (remember the "HELP HIM") which means WL staff still control the WL account and JA controls the cat account, but both cant speak freely. (in this theory)
I'm not used to using twitter, so when I go to their page and click on tweets & replies is that the entirety of tweets they reply to?
If so it doesn't look like they respond to many tweets usually (Although I do admit there are on occasion a day or two where they are more active)
They said they would release a Canary report once per quarter, not once per 90 days. They released one April 10th, that covered the 2nd quarter. Then August 16th which covers the 3rd quarter , they have until December 31st to post for the 4th Quarter. (next year 1st Jan is the start of the 1st quarter again)
>But they are saying they are not shutting down. They are saying this because of mass inquiries.
Agreed
The hummingbird post, while I can't prove anything, I believe is due to their online persona's being from the bird family - https://riseup.net/en/about-us#meet-the-collective
As you say, it's a tribute post.
Thank you so much for the reply though, I can see how anyone could see things that way but taking it all at face value , it appears as if there's nothing to worry about.. yet.
EDIT: Sincere thanks for not only expressing your opinion but providing information to go along with it, I enjoy taking a look at things that are more than suspicion.
If you want to create an org in your own community, riseup.net provides free email, mailing lists, document sharing, and so on for direct action groups! If you don't want to create one yourself, consider throwing them some cash to keep the lights on!
Sorry, I didn't read the edit in time. Here's the full explanation about the FBI investigation that prompted them to completely review their mail service.
Riseup is a volunteer-run collective providing secure email account, email list, VPN, online chat, and other online services. Its mission is to support liberatory social change via fighting social control and mass surveillance through distribution of secure tools. https://riseup.net/ https://en.wikipedia.org/wiki/Riseup
https://www.reddit.com/r/WhereIsAssange/comments/5d9tzd/why_you_should_pay_close_attenton_to_riseupnets/ > Riseup.net is the email provider for the official email account of @Wikileaks on Twitter.
> tl:dr - If Riseup's warrant canary is not there next month, or has been tampered with, its a good indication that @Wikileaks is compromised.
The Riseup Red VPN service supports OpenVPN so it’ll work on mobiles.
https://riseup.net/en/vpn/vpn-red/ios
While I trust them, I’ve found their VPN to be slow and the organisation is too US-centric.
Pros and cons. Riseup is free. If it’s working for you and fits your threat model then have a look at the above link.
+1 /u/darkjokesmodsaregay1 don't mix VPNs and Tor. Just use tor.
I personally recommend using riseup.net but you will need an invitation from an existing user. One account can have many aliases. I advise setting filters in your mail client to check the from->to pairs match what you expect. I.e. If you sign up to Reddit with hpjba6c52[@]riseup.net, then you get mail from anyone other than Reddit, you know your Reddit email address has been revealed/leaked. If it gets spam. You can remove the alias and update your email address on Reddit.
You should be using an hkps server, such as hkps://hkps.pool.sks-keyservers.net. You can read more about best practices here:
https://riseup.net/en/security/message-security/openpgp/best-practices
if you use PGP with 2048 bits, it's very unlikely they'll be able to read it for at least 10 years.
However, keep in mind that most things encrypted with public-key cryptography(PGP, OTR, HTTPS) will be readable in 20-30 years, and they are definitely archiving it for later use. Whether your communication will be relevant years from now is something to take into consideration when deciding how to do it.
>Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
Here have some sauce. https://blog.mozilla.org/blog/2017/10/03/mozilla-awards-half-million-open-source-projects/ The actual group they donate to is called Riseup. You can find more on them here: https://riseup.net/
I don't know, RiseUp is pretty up front about their political views. Their About Us page spells it out pretty clearly.
They feel strongly that ideas such as capitalism are dangerous and unfair, and have chosen to fight against them.
https://riseup.net/en/about-us
> ... We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression...
While RiseUp and AntiFa are not the same, they do share similar goals and AntiFa does make use of their platform.
Most people's objection is they feel it is a kind of bait and switch situation.
I like the firefox browser so I donate money to see if get improved and progress. Meanwhile Mozilla takes that money and some of ends up in the hands of people who I may not agree with.
RiseUp is free to pursue any political agenda they wish, just as we are free to disagree and not donate to them.
Safari, per default, blocks third-party cookies to protect the user's privacy.
Since Chrome is made by Google, an advertisement company, it obviously doesn't care about privacy and allows all cookies by default.
https://riseup.net/en/security/network-security/better-web-browsing/browser-score-card
That's my most likely guess with the limited information you provided.
No, it means any software properly configured to use the Tor service can use it regardless of Tor Browser being closed. Installing Tor as a service doesn't itself cause traffic to be routed through Tor, it just keeps Tor alive and available for programs to use even if Tor Browser itself is closed.
To route traffic through the Tor service, you would need to configure your program to use that Tor service as a proxy. For example, I configure my instant message app, Pidgin, to route its traffic to 127.0.0.1:9050 via SOCKS5 and its connections are routed through the Tor service I setup in the steps shown in the article.
If you want all system traffic routed through Tor automatically, that's a separate problem with a different solution required, depending on what your needs are. Using a Tails Live CD is the most obvious solution. Some people prefer to use a router configured to use Tor, so that all outbound traffic from the LAN routes through Tor. There are other solutions; the best one depends on your adversarial/threat model and what your software and OS requirements are, etc.
That discussion is outside the scope of that article, however.
>This is a timing that you're making up, which never existed.
Oh really?
https://riseup.net/en/canary
>Riseup intends to update this report approximately once per quarter.
I repeat for emphasis "Riseup intends to update this report approximately once per quarter."
That's their own choice of wording not mine. They didn't say once quarterly, once every 90 or so days, once whenever someone tweets to us. Once PER quarter. Then you look at their Canary posting history & indeed see they post one per every quarter.
So please I implore you, how is any of that being made up by me? This isn't about perceptions or insinuations, they literally through their own wording said how they will post their Canary reports. It can't get clearer than that.
The article (Which no member of Riseup has admitted to) holds no merit for either side of any argument as it is, anyone can claim they spoke to anyone representing Riseup or Wikileaks or JA. But as it can't be proven it should be taken with a huge pinch of salt.
All this information is out there, publicly available and always has been. There's absolutely no reason besides laziness or deliberately choosing not to, for not knowing the facts about this.
Sadly no, I wish ! It would've helped cement my thoughts on this.
If you'd prefer to look at it for yourself? https://riseup.net/en/about-us#meet-the-collective
If not here's the list they have there ;
>Black-collared Jay (Cyanolyca armillata)
Cedar Waxwing (Bombycilla cedrorum)
Eurasian Blue Tit (Cyanistes caeruleus)
Greater Roadrunner (Geococcyx californianus)
Feral Rock Pigeon (Columba livia)
Rook (Corvus frugilegus)
Snow Owl (Bubo scandiacus)
Sunbird (Nectarinia asiatica)
Tufted Puffin (Fratercula cirrhata)
Arara (Ara macao)
Blue-footed Booby (Sula nebouxii)
Catbird (Dumetella carolinensis, small bird of the thornbushes)
Gadfly Petrel (Pterodroma)
Starling (Sturnus Vulgaris)
> August 16, 2016 was 97 days ago
Irrefutable facts:
- Riseup has ignored questions about this.
- Previously they have been responsive.
- Until they clarify, there is no reason for anyone to assume that they haven't been given an NSA letter.
> August 16, 2016 was 97 days ago
Irrefutable facts:
- Riseup has ignored questions about this.
- Previously they have been responsive.
- Until they clarify, there is no reason for anyone to assume that they haven't been given an NSA letter.
It is no where near 600$ a month, more like 5 - 20$. And there are even many free ones.
For 600$ you could get a nice dedi, with unlimited bandwidth. Or even a decent one with unlimited for a year.
If you want web services infrastructure, Riseup.net is a great anarchist tech collective that offers a lot of handy things for activists. If you want free access to scientific papers, spread the word that scientific papers are often pre-published on arxiv.org, and if you want to find data that's been collected but is kept private, hackthissite.org might be a handy resource for you to use. For legal purposes that last one is a joke.
The passion you have for this topic is inspiring. Good luck in your future endeavors! Hopefully these resources help.
It's a whole thing. Generally the idea is that you encrypt the email once just before you send it and it stays encrypted. The email provider (and everyone else really except who it is for) have no chance to see it.
if protonmail is out of your threat model (you should be able to use it without verification but yes you need JS)
I've never used it but I remember it doesn't require JS to login and has lots of built in security features to it
might be worth a peek
edit: I believe CalyxOS uses it in some capacity. I remember it having function with Tor but idk. i think you're going to have a hard time finding both web based encryption, and js off. looks like they recommend device encryption. not sure what sort of encryption you want you from your OP.
I think you can use Riseup for this, but you'd need an account and an invite. They support onion addresses for all of their domains.
https://riseup.net/en/email/settings/smtp#why-should-i-use-riseupnets-outgoing-mail-server
Here, on the other hand, is a privacy policy that's actually good: https://riseup.net/en/privacy-policy#information-we-collect-and-retain
Why? Because it doesn't collect shit, so there is no point in writing a philosophical treatise...
Not that the issue you raise isn't a concern, but it's smaller than you imply. Though it's also happened in New York back in 2012. I think it would mainly be something to worry about wrt their collaboration services, when information requires storing, while their VPNs and email are relatively secure.
https://riseup.net/en/security/network-security/tor/onionservices-best-practices
​
Please share widely.
The Riseup Collective is an autonomous body based in Seattle with collective members world wide. They're the kind of people I would personally trust with my life, but keep in mind that lots of their users are politically active, often in groups that are targeted by the state security apparatus.
So, pick your poison. I'd say Riseup itself ist trustworthy, but it might also be a more interesting target for the government.
Here's a handy guide from Riseup.
The SRA organization uses a server in Switzerland, I'll try and find out who provides that. Apparently Wichita SRA uses Linode.
Looks like the authorities were going after riseup email information, based on this riseup.net blog post.
Perhaps the authorities thought it would take too much time to go through the US authorities.
This is NOT the first time riseup.net email info has been the subject of government interest. The US government served riseup an NSL and gag order about a year ago to seek info on criminal activity.
In that case, riseup fought hard, but had to give in to govt demands in the end because it would be too costly ($ and jail time) to resist. Riseup wrote an explanation after the gag order was lifted:
>After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization). The first concerned the public contact address for an international DDoS extortion ring. The second concerned an account using ransomware to extort money from people.
Whoops, my bad. I haven't used their services in a while. You used to be able to write a couple sentences about why you needed the account like "I'm an anarchist and I don't want my government to spy on me." Here's a list of some other radical hosts to choose from: https://riseup.net/en/security/resources/radical-servers
it's under the same cert obviously, same domain and all. I can get to it just fine but only by proxying through my home computer, lmao.
I'm betting they set up their cite using some leftwing resources from like, https://riseup.net/, which are objectively good, but there might be a few uni students whose universities will be filtering out certs signed by free CAs (like Let'sEncrypt).
"Mozilla Awards Over Half a Million to Open Source Projects"
One of those projects is RiseUp. RiseUp does IT opsec, hosting, etc.. for "allies engaged in struggles against capitalism and other forms of oppression"
aka antifa
Last I looked at their site they were doing work for Antifa in Chicago, Portland, Sacramento, Atlanta, Pittsburgh, & Northern California.
> Thank you for your extensive responses!! I really appreciate this, and wish more developers are like this!
That's very nice to hear :D
> ...would a warrant canary help?
As I understand it, the legal area around warrant canaries is still somewhat grey. This article mentions that National Security Letters have been ruled unconstitutional in the United States, but that ruling is currently under appeal.
I'm not sure of the status of equivalent state interference in France. In any case, I'm not sure it's reasonable to lean on a legal loophole to protect ourselves from a state apparatus that isn't operating entirely within its own laws. If they can compel us to implement a backdoor in the software, or compel us to get out of the way while they implement it themselves, I don't see what would keep them from also compelling us to provide the keys to sign a warrant canary.
Besides this, accidents happen, and it would be unfortunate if a catastrophic hardware failure and loss of signing keys resulted in us getting a bad reputation.
In the case of Riseup's warrant canary, they have updated their policy after significant confusion:
> Our initial Canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason. The current Canary is limited to significant events that could compromise the security of Riseup users.
So, I don't have a definite answer here, but I think we'd need to talk to some lawyers who have experience with this kind of thing in France. If any such individuals read this and have any advice, I'd greatly appreciate it.
Okay... their 'Lists' service requires it be of a "progressive, radical, or revolutionary nature". There's an "or" there, but I highly doubt they allow radicals from other ideologies on their platform. They usually aren't particularly compatible with each other.
Their email service says they'll terminate you if you "contribute to the harm and abuse of other people". Very vague wording. I bet they have their own Ancom idea of what "harm" and "abuse" are.
Their terms of service says they don't monitor or control the content transmitted through their services. Seems like their opponents could use it under the radar at the very least.
They also get a bit more specific about disallowed activities, you can't distribute material that 'creates violence or sexual assault' against people. (I presume ATMs and Starbucks windows are fair game.)
Maybe because the only free email services are just as bad as Facebook. I'm not sure about that, but I managed to get an invite code for https://riseup.net/ because I was tired of requiring to use google's web login, complete with javascript, to login even with an email client.
With that being said, regardless of email server policies, all the ones I've used (so basically gmail and riseup) can be accessed and encrypted with your own email client, so I don't know.
Riseup has encrypted mailboxes too. (see https://riseup.net/en/about-us/press/canary-statement )
SMTP can run over TLS and so it is encrypted - see RFC 3207, RFC 2595. That depends on all servers/clients involved using it of course.
Technically, mail not encrypted with PGP could be read by anyone with control of the boxes handling it by writing a rouge mail server, dumping memory, etc. There's probably moments when message rest on disk, unencrypted. But saying "stmp is plain text, so it's insecure" is out of date since most big providers now enable encrypted SMTP (source: https://www.facebook.com/notes/protect-the-graph/massive-growth-in-smtp-starttls-deployment/1491049534468526/ )
EDIT: also, imo most users of email use webmail, which goes over encrypted https
If the canary is dead the site is compromised. It is a pretty obvious security measure. The canary is dead. Don't trust it till it is live again. Directly from Canary page "If the statement is not updated in a timely fashion, users may infer that the canary statement may no longer be true." https://riseup.net/en/canary
> Popular provider of web tools for activists and anarchists and backbone of much infrastructure for internet freedom, Riseup.net has almost certainly been issued a gag order by the US government. > > Riseup regularly updates a canary located here certifying that they haven’t received a gag order, court orders or the like. That canary has gone dead (ie has not been updated). In addition just before it expired Riseup posted a tweet with Cohen lyrics “listen to the hummingbird, whose wings you cannot see, listen to the hummingbird, don’t listen to me” and a tweet saying “we have no plans on pulling the plug” with a screencap of the segment of their FAQ that says they’d rather pull the plug on services than comply with surveillance. > > ... > > UPDATE: Riseup has sent out a tweet asking people not to panic, asserting that they still have full control over their servers, and saying more information will come at some future date. Their studious failure to refute having a gag order basically certifies the existence of one. But again, don’t panic. A gag order doesn’t mean their servers are compromised. We have every reason to trust that Riseup would rather pull the plug.
https://twitter.com/riseupnet/status/800815181190217729
> riseup.net
> @riseupnet
> we have no plans on pulling the plug https://riseup.net/en/about-us/policy/government-faq
> 9:36 PM - 21 Nov 2016
> Will Riseup services last forever?
> While we are committed to doing everything in our power to protect the data of social movements and activists, short of extended incarceration, we would rather pull the plug than submit to repressive surveillance by any government. We would be really sad to see Riseup go, but if we are forced to, we would rather it go away than to betray your trust and compromise the activist community. With this in mind, you should be sure you are prepared in case something does happen, such as downloading and archive your email on your own computer!
He must already have been busted, if he's using and an Yahoo account that was created before 2012. And he/and you should use secure and private emailing services instead (as follows).
- Mailfence (Free, based in Belgium, True end-to-end encryption with Digital Signatures)
- Riseup (Free - with invite, based in US, end-to-end encryption)
- Tutanota (Free, based in Germany, end-to-end encryption)
- ...
However, concerning your bet - try spear phishing attack using SET, and if it doesn't work - then simply attack his machine using a Armitage (a GUI-based variant of metasploit) to try different exploits which if worked can allow you to install a keylogger in his machine.
Or else since you already have an access to his machine, then simply install a keylogger (secretly) and monitor the logs to get his yahoo credentials.
From https://riseup.net/en/security/message-security/openpgp/best-practices#dont-rely-on-the-key-id :
> You should probably at least set keyid-format 0xlong and with-fingerprint gpg options (put them in ~/.gnupg/gpg.conf) to increase the Key ID display size to 64-bit under regular use, and to always display the fingerprint.
might be 125days left but riseup vpn is free and unlimited make sure you download it from https://riseup.net/en and not some random youtuber and it includes a netherlands server so you can pirate your heart out
Hi. My name is Lukasz Scislowski and I am from Poland. I was looking for alternative secure email services.
I found the website https://riseup.net/ and I am interested in their services. To set up an account, I need an Invite Code that can only be generated by the RiseUp user.
Can anyone help me and invite me to RiseUp ??
Please help me with this problem.
My e-mail:
Regards
Lukasz
For the VPN, I recommend Riseup VPN, since that is free and open source.
I don't recommend installing it using Snap because it is slow, use the package installation instead.
Alright, if u don’t want to give sources, I’ll give sources:
https://riseup.net/en/about-us/policy/tos
https://riseup.net/en/about-us/politics
https://pramen.io/en/2020/06/interview-with-riseup-tech-collective/
Personally encrypted email storage Your e-mails are encrypted individually on our servers, and can only be unlocked and read using your password. This means that Riseup does not have the ability to read your stored emails. Encryption of incoming email is automatic, and only when you login does the mail become decrypted so it can be read. This takes place on the server, which then becomes temporarily trusted while you are authenticated. Because of this feature, your password is critical to your data. If you lose your password, and recovery code, you will not be able to access your account, nor will anyone be able to decrypt your emails. For technical details, see the TREES project.
I am not sure what you don’t understand about this. Riseup cannot see what you are doing, so even if you did something against their “principles,” they wouldn’t know.
I'm thinking it's queued in alphabetical order for emails. Like gmail is G, I use riseup.net which would be R.
or perhaps is alphabetical for 1st letter in email mine would be P.
https://riseup.net/ Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications
That's misleading. Please check your facts and consider correcting your comment. https://riseup.net/about-us/press/canary-statement
At the least, you should recommend a better email provider for people to use instead
No. A canary indicates that there is a GAG ORDER in court, not that they are compromised
There was a gag order, on a very specific warrant (for two accounts that had nothing to do with activism and were breaking their terms of service anyway). This meant their "canary" was down for a little while
As soon as the gag order was lifted, the canary was put back up. They made a statement about it here - https://riseup.net/about-us/press/canary-statement . If you dont trust that statement, you have no reason to trust the original canary in the first place
They also increased the use of encryption afterwards, and store almost no user data whatsoever, making warrants mostly useless in any case
Compared to protonmail, which has a proven track record of collaborating with law enforcement, riseup is the best option out there
I'm sure plenty of people will try to spread fear, uncertainty, and doubt over this. But I have never seen any criticism of riseup that wasnt either misleading, or no worse than any other email provider.
While I still use riseup and consider them relatively safe there was an issue with their warrant canary back in 2016-17. The canary was not updated for some sometime, ultimately they released this statement
https://riseup.net/en/about-us/press/canary-statement
For those who don’t know a warrant canary is, think canary in the coal mine. It’s a page that the riseup and other secure communications platform set up. It is supposed to be updated at regular intervals. Should they be served a subpoena and gag order is in place they simply don’t update the canary. This way they can signal they are comprised without violating the gag orderZ
>Do not use Nord man, use Windscribe, it's free and it's way easier to install.
I've heard good things about Winscribe, but it is not free. Also, I would never trust a free VPN unless I knew exactly who was behind it. Most free VPNs make their money by somehow spying on you (e.g. selling your data).
The only free VPNs that you should ever trust are the ones managed by a privacy advocacy organization. The only ones I know are Calyx VPN and Riseup VPN. They are slow compared to their commercial counterparts. VPNs is one of those things where you do want to pay money.
I think riseup.net (The group behind developing Tails and TOR) is a much better privacy forward alternative. There's also systemli.org and some similar providers.
OP,
Ignore
Keep up the convo in dm.
I have several Riseup accounts.
I'll never be able to prove it but I do donate to all these privacy companies I mention in my posts. They rock.
Don't trust me though. Verify them first. All open source software
I'll get you your code OP. Stay in touch.
I don't think i2p is going to be the best solution for you to download torrents, is that the only reason you want it?
You'd be better off just using a VPN for torrents, Riseup VPN is free and has a pretty good privacy policy.
I'm assuming, with very little context here thanks to your description, that you're trying to verify a link/onion because that's one of the main uses of PGP nowadays. So, with that said, I'm going to assume you are not sure how to go about it. You can find a guide here that will help you understand and stop you from guessing what to do. This guide will help you verify links correctly.
Once you know how to verify links, you can then copy the /mirrors.txt from the website into a file. Or, simply copy/paste into Kleopatra's notepad and tap "Decrypt/verify." This verifies the onion's PGP-signed message. You will be greeted with "Good Signature from ..." If you don't, it's a strong indicator of compromise. It means the owner of the phishing website has altered the contents of the inside of the message and that's not going to get through.
To verify files, you can follow the same process for verifying a link. Just copy paste the contents against the PGP signature signed with their public key.
This site is run by Riseup, your friendly autonomous tech collective since 1999
Additionally, as of March 2017, the storage for all new accounts is personally encrypted. Riseup is unable to read any of the stored content for these accounts. Any user with an account created prior to March 2017 may opt-in to personally encrypted storage.
Don't forget disroot.org and riseup.net
Both allow you to End to End Encrypt your email on the client side and require no real information or phone numbers.
Riseup VPN is a free to use service.
They operate through donations and they have previously been breached but that is the reality when underfunded and undersupported.
They are not-so-great.
- They do not encrypt the data at rest per-user with the user's own keys like ProtonMail as far as I know.
- They have a mailing list, and that apparently makes them unable to add a proper DMARC policy. As a result, anyone can spoof an email at any @riseup.net address, and the email would show up as a legitimate email on most recipient mail servers.
Til jer andre antimyndighedsekstremister derude, og jeg siger andre fordi jeg kan forestille at jeg som revolutionær socialist nok bliver anset således: Gem jeres gamle computere med forældet arkitektur, lær linux og gem gerne forskellige versioner af distributioner på cd. Om inden længe vil næsten al masseproduceret elektronik have backdoors og blackboxes.
Hvis i ønsker privat kommunikation om 10-15 år vil gammel bras være guld værd.
Hvis i vil lære mere om at sikre jeres devices, og tage skridt for jeres egen ret til privatliv, så kan jeg anbefale
https://riseup.net/en/security
Massere af gode begyndervenlige guides.
Use VPN. i recommend riseup.net vpn.Iif you are looking for a free one. If u rich.... use norvpn.com or just use Real-Debrid (paid) for $5 per month. I use riseup VPN and it is pretty good. But I watch only in 1080p because of lag..... VPN does not make lag go away when you put it in 4k. Real-Debrid does reduce lag.
> Riseup
Yeah, that was to be expected. I'd be more surprised if Riseup did differently.
Also, "only Riseup has the keys to decrypt the data"
while Proton has a weird stance on having access to the mailbox decryption key: "Your password is used to decrypt your emails and other data. Proton does not have access to it. If you forget your password, you will lose the ability to read your existing emails and access saved data. " But it seems there are technicalities to retrieve the encryption key from previous password or something. If LEA come with a previous password, they could technically get access to the mailbox content with a caveat according to account settings.
Tuta only has a recovery key system, if I get it right.
To add to this, it might be a good practice that, when you create your key pair, you follow the steps outlined here. https://riseup.net/en/security/message-security/openpgp/gpg-best-practices
Remember that your key pair is only as secure as you make it. Use a strong pass phrase and use the max available bits of encryption (you can hack this to be higher than 4096 but it's non-trivial). 4096 bit RSA is fine for the foreseeable future.
Keep your secret key separate and non-accessible by third parties. You can keep your secret key on a version control system like GitHub of you have set a strong password before you upload it and the repo is private and non-shared. It's considered best to keep it on a secure drive or in a USB key, encrypted with a similarly strong pass phrase that you never allow anybody access. Then simply keep it in a safe.
I created a key pair with strong encryption, stripped my secret key, exported the public key and then re-imported the key pair so the client shows it has the secret key but it isn't accessible without putting my USB key in. This is paranoia. You don't need to copy this setup to be secure. Your OPSEC needs/threat model may differ. I don't know.
You really should be able to trust PGP using default (3072 RSA, separate signing and encryption subkeys, etc.) settings in your client or the terminal CLI. Just keep your software up-to-date and use strong pass phrases and that's it.
Key notes: * No, you don't need a comment in your key material. * Yes, keep an encrypted, off-site backup of your key pair. * Keep your signing key offline and only upload one key at a time. * Keep your primary key entirely offline. (Easier than it sounds.) * Only use your primary key for certification (and possibly signing). * Have a separate subkey for encryption. * Have a separate subkey for signing.
Encrypt all the things.
RiseUp also runs private email! https://riseup.net/en/email
They require an invite from an existing member to sign up, and actively terminate accounts giving out signup links to internet strangers. What I recommend is asking your friends in your local leftist organization if anyone can hook you up with an invite code.
Use the RiseUp VPN and quit shilling for corporations who log your IP and will gladly cooperate with authorities. Nord and Proton my ass. As a bonus RiseUp is run by communists and is donation-based, so instead of giving your money to another fucking company that exists solely to make a profit, give some cash to your friendly autonomous tech collective. https://riseup.net/en/vpn
Here's a list of places you can go to which offer free services like the ones hosted at Riseup. I can't give any invite codes out because of spamming. But there are plenty options out there like Autistic/Inventati and Disroot. They cater to decentralized movements and organizations. You might have to make a case for your usage of Riseup if you go to their IRC server and ask for an invite. But it's nothing personal, it's just a risk of spamming and other "black sheep".
i used a free one
https://riseup.net/en/vpn#download-riseupvpn
though be aware that its not fast, but it allows you to access BDO, at least in our part..
And we don't know either why this happend. Yesterday we were playing just fine without a VPN..
There are a number of reasons. First of all, tech companies can expect a certain standard practice from other tech companies - that is, keep people at their computers for as long as possible. Bosses will often go out of their ways to get food and supplies for workers if it keeps them tapping away without taking breaks. Co-ops are less likely to do this on the whole.
There's also the matter of prioritizing investors over workers. Co-ops, simply, don't really do that. In the tech sector, however, meeting all shareholder demands is a big thing. This is why even well-off co-operatives like Valve are still very hierarchical at the upper management level, because there's a heavy expectation for you to fulfill investors' demands. If you fail to do this, in a market as competitive as technology, you're going to crash and burn. This is part of what leads to a lot of crunch culture.
Without getting too much into founder culture and all that, there's just a lot of factors that make it hard for co-operatives to make breakthroughs into tech. But voluntary collectives have done fantastically due to not having any investors to speak of or deadlines to meet, groups like riseup.net have become a standard for journalists and activists alike for their web services. If they asked for payment to use their products, or had shareholders to please, they would almost certainly have to offer worse services.
This guide is quite good: https://riseup.net/en/security/network-security/tor/onionservices-best-practices also you could simply block all non-tor traffic (to lower the chance of your original ip being leaked) and only allow tor traffic (Corridor is a good example at doing this (But I'm not sure if it really works without Qubes or even is much useful)) and of course you would need to do package manager updates over tor then
Thanks so much.
I haven't heard of RiseUp before but, from a cursory search, it looks like they do just what I like.
Will install it and check it out.
For anyone else interested -- https://riseup.net/en/vpn
Thanks so much.
I haven't heard of RiseUp before but, from a cursory search, it looks like they do just what I like.
Will install it and check it out.
For anyone else interested -- https://riseup.net/en/vpn
Thanks so much.
I haven't heard of RiseUp before but, from a cursory search, it looks like they do just what I like.
Will install it and check it out.
For anyone else interested -- https://riseup.net/en/vpn
And btw, for anyone wanting info about choosing the right VPN, I just found this on Reddit. Absolutely excellent information that covers every possible question.
I haven't worked with it a lot since I changed it to xfce as I ran into a couple of glitches with the Pro Dark theme. During installation one is supposed to set their popup transparency to almost invisible. I did — not realizing it would affect most of my menus to the point where I could hardly read them.
A couple of friends needed me to help them with a bottle of rum, so hopefully today I can find where I left off in the project and continue. But just from the little I've worked with it, it seems a little faster. I use Evolution (available in your package manager) and it seemed to respond much quicker.
You may also check Disroot and RiseUp - activists maintaining their own services
Disroot is the most complete with 18 services (mail, call, chat, Nexcloud, project, ...) and has an Android app on F-Droid
It's ran by the rise up collective which is an anarchist collective based in Seattle and I think they're pretty trust worthy, they've stood strong against subpoenas of other radicals before, they have a canary to let people know if they're compromised, and they store as little data as possible which for the VPN is literally none and what they have to in order to function is encrypted. They did once cooperate with FBI warrants and gave them the contents of a ransomware group's email to avoid jail time and the whole thing being shutdown which is sus but I think they ultimately made the right call in that situation.
Riseup, but not an email provider. Thunderbird are the recommended email client also have their own TOR Onion Services. But I don't know the limit of aliases, it seems like unlimited. Does anyone know ?
Rose City Antifa, John Brown gun club, Socialist rifle association
Further, there is a website called riseup.net that does communication for various antifa groups across the country.
>You can create an account with a fake sms number
...So? i don't think that's an excuse to ask for sms number
https://riseup.net they offer a v3 .onion (secure) address, but you have to get invited.
There is some. Think riseup.net. Some socialist/social-democratic sponsorship of FLOSS projects, etc.
Riseup is pretty woketarded though. Check out their COC.
>We want a safe space for people of all
>socioeconomic backgrounds
The very existence of extreme wealth threatens the safety and security of the working class.
>religions
Many religious sects seek to violently eliminate other religious groups or irreligious people. All of the major mainstream interpretations of the Abrahamic religions see nonbelievers as sinners worthy of damnation and unworthy of salvation. They aren't compatible with each other. Protecting the safety of one threatens the safety of others.
>Language which is unwelcoming—whether or not it rises to the level of harassment—is also discouraged. Much exclusionary behavior takes the form of microaggressions—subtle put-downs which may be unconsciously delivered. Regardless of intent, microaggressions can have a significant negative impact on our community.
I find HR-safe language pretty unwelcoming. Moreover, the standards for "safe", "inoffensive" language shifts every month. Complying with this requires throwing even the wokest most PC writing in the memory hole after sufficient time passes.
I think this is a great model.
I think riseup (and maybe others) do something like this. But I think there is still a lot of room in the space.
Are you interested in working with other people to make something like this happen?