Hey,
Your postings on this subject are interesting, it seems you know about what

your are talking about.
What should be your summary global advice for creating an hosting offshore

corporation/foundation to help human right watchers and activists, say as eg

Greenpeace, hrw.org , tibetans, chinesse/asian free speech/democacy activists,

and the like?.

If we are able to provide these communities with strong

privacy-security-enhanced turnkey hosting services, individials, corporations,

foundations will become also interested to adhere (or to order, if we go on

business)our hosting system(s) and services...
There are other considerations to implement in the hosting servers and

customers PC's to help against Big Brother(s), as it's the software (and OS):

Here OpenBSD can help a lot as the OS of choice, but it requires yet a lot of

implementations and tricky configurations.

To be implemented: Fully encryption of the OS boxes (a-la drivecrypt /

compusec), also encrypting (eventually on fake video-music file containers for

stegaqnography?) the users space via OTF-like (truecrypt?) encryption,

including one or more layers of denial plausibility with fake/honey-pots areas

if server maintainers or hosted customers are eventually forced (or hacked) to

reveal their pass keys.

The hoster company should never be able to decrypt the hosted customers

content, its their matter and their privacy.
A new kind of "secure&private" hosting standard should be created, e.g  to

force the use of only strong SSL for browsing and e-mail/webmail, and allowing

only gpg protected communications on specific or aproved-verified secured

pre-configured software clients.

And networking ONLY on gateways as tor, i2p, mixminion, jap, freenet or

similar systems.

And etc etc...

I can't understand why everyone still gives their websites on (weak/cleartext)

http, instead of using strong https that should be the standard. Most if not

all of the current PC boxes and bandwiths allow this, or not?. Why is https

only used for banking, order former and the like, and not for everything?
All this seems a lot of job (we all are working on that), but once done it can

set up a new standard(s) for data and communications privacy ( a new standard

that can/should have its own brand name) not only for individuals but also for

corporations (industrial and commercial secrets theft causes billions loses),

govs.
We believe that this is an essential feature for a fair world and to reach a

new degree of civilization, justice, equity and fraternity (if we can avoid to

extinguish the humanity in the meantime): Information and association of the

masses is a very powerful power.

If and when you can freely communicate with everyone at the last desert

village inhabitants in deep Africa, if and when a global worldwide individual

can learn, know, opine and vote, then there will be a new kind of planet lobby

from the masses against any ill-minded government, corporation, money or

justice laws that can change the world in decades.

And there are enough goods and resources in earth for all to leave in peace;

someone is tricking us the wrong way.

Here the OLPC (one laptop per children, wifi connected and solar/handcrank

powered) is a good step (we are working also on an OpenBSD based version suite

to fit on these as an alternate of the standard software (probably

bigbro-dirty as not-privacy secured at all) .
Of course, a super-secure information/communication/privacy system will help

also criminals and ill-minded likes, but we must fight against them not at the

price of losing our freespeech nor robbing the freespeech (nor the planet) of

our childs, that are the real owners of the world.
macintoshzoom

---------------------------------------------------------------

On Wed, 18 Jun 2008 13:29:29 +0000

list-obsd-misc@pwns.ms wrote:
> > But if ISP's must have blackbox on their interfaces (hello FBI),than you

can't

quoted text
> > trust your local hosting company even if they are very friendly ;-)

>

> Cisco prefers a blueish-black color. Juniper boxes tend to be white and

blue.

quoted text
>

> In most Western countries there are many ISPs; if many of them were forced

to have, in secret, black boxes on their networks, it would soon be public

that that is occuring.

quoted text
>

> Providers are, in many cases, being forced to allow, unmonitored, snooping

by their governments - read up on CALEA. Hardware based routing platforms will

be able to handle only a very small amount of traffic, the CPUs that are used

in them tend to be very slow and even the fastest CPUs can route only a tiny

amount of the traffic modern hardware-based routers can.

quoted text
>

> So, if the government wants to monitor YOU specifically, or occasionally

monitor everyone, they might be able to do it via CALEA.

quoted text
>

> If I wished to monitor a large amount of peoples traffic (not all - that's

not technically feasible), I would try and use passive taps with the

cooperation of major transit providers. If I was on a smaller budget, then I

would just do that with some major telcos.  The NSA appears to have decided to

use a hybrid approach. If I had very large amounts of money that I am willing

to spend (well, government has lots of money, and it's not theirs, so why

would they mind spending it?) I would do the same with cable providers (not

the coax kind).

quoted text
>

> I would definitely try and avoid small ISPs and IXPs - high maintenance,

high whining and very difficult to perform surveillance using them

clandestinely. Laying a submarine cable is far more expensive than starting an

ISP or IXP.

quoted text
>

> So, basically, you are being paranoid about the wrong things.

[demime 1.01d removed an attachment of type application/pgp-signature]