riseup.net likely compromised

As Ego pointed out

We forgot the consequences for whonix.org. Still need to change something here:

Email Overview

Good day,

Made additions regarding the “cannary situation”.

Have a nice day,

Ego

1 Like

@riseupnet and ffs, this has nothing to do with warrants or canaries. that’s why we end up not tweeting.

Maybe everyone’s better off with them not not tweeting if they keep spouting fucking obscure bird references every couple of days when its clearly a sensitive topic.

3 Likes

Good day,

I was thinking precisely the same thing when I read their last post…

Maybe, just maybe birds aren’t the best conversation piece, keeping in mind what meaning they are supposed to imply. I mean, to a degree I could understand why they are fixated on these animals. Birds have been a representation of freedom for centuries and they’ve prominently been a part of Riseups “brand identity” since the beginning of 2014 when birds were first incorporated into Riseup’s webpage and some of their logo’s. Making a “fun” reference thus isn’t incredibly unreasonable, IF their hasn’t just been confusion about their warrant canary, something integral to their operation commonly associated with birds.

The fact that someone at Riseup thought it was a good idea to start posting about listening “to the hummingbird” AFTER their warrant canary RAN OUT, is in the best case scenario one of the worst cases of timing I’ve ever seen. The fact that they still haven’t diffused the situation by talking openly about their “laid-back” approach to updating the canary and that they didn’t tweet about birds beforehand, when now it seems to be their only topic doesn’t even need to be mentioned at that case.

Adding to that, their (preemptive) response was neither polite, nor appropriate, as THEY THEMSELFES are responsilbe for the criticism leveled at them. Furthermore, their next tweet was even more worrisome to me:

since 1999 we have been doing a lot of work to keep everyone data safe according to the needs of our movements.

Well, yes, you certainly seem to have. Though, just being in “the business” for a long time doesn’t make you immune from criticism, mistakes, or NSL’s. And, not doing anything to improve the situation (like setting fixed times for canaries) certainly doesn’t make you look like people that have been doing this “since 1999”.

Adding to all of that and this is probably the most worrisome thing here, their canary hasn’t been updated for 153 days/5 months OR IN OTHER WORDS ALMOST HALF A BLOODY YEAR!!!

As someone who has a similar AGE TO THEIR SERVICE, even I know that that’s quite a problem.

I was actually unaware of the fact that they still didn’t fix their canary, as I only figured out now. There is no (positive) reason for it to be this outdated. In that intercept article they tweeted a few MONTHS AGO, they said that the only issue with updating the canary was thanksgiving and some bad planning. I have a hard time believing that in retrospective.

Have a nice day,

Ego

4 Likes

IIRC they made some twisted statement about the NSL question where they said there was something but not an NSL…

I think maybe its their way of doing publicity (the all publicity is good strategy) but they are dealing with a privacy conscious user base who thinks critically about these things and not mindless consumer idiots. No one is going to pour in donations to a service suspected of hiding serious problems. Thats about the dumbest thing they could have done. I am looking forward to some alternative decentralized mail solution that works with the internet.

3 Likes

A post was split to a new topic: Which e-mail provider is more adviseable, protonmail or lavabit reloaded?

Riseup’s official statement on the canary (Feb 16) Canary Statement - riseup.net

2 Likes

Good day,

So in the end, my speculation and cynicism was actually justified. Seeing how I wasn’t certain whether I did them injustice or not, that’s quite good to know.

Now this obviously means that, at least I, don’t consider them to be trustworthy in the future. They claim that they’d go out of their way, encrypting the mailbox, though not like Protonmail on the client side, nor like Lavabit in “Cautious or Paranoid mode” with the former being like Protonmail and the latter actually keeping even the encryption key on your system. You still would have to trust their server in the proposed configuration which after such an ordeal feels like a cruel joke, not a serious proposal to win back anyones trust.

But the cynical and quite frankly dangerous approach to winning back their users trust goes even deeper:

Q: Couldn’t the government just make you say that?

A: Forced speech is actually quite rare in the US legal context. It’s usually only in cases of consumer protection where the government has been successful in compelling speech (e.g. forced cigarette warnings). Nevertheless, no they aren’t forcing us to say anything.

ARE YOU TAKING THE BLEEPING PXSS?!?!

Call me a conspiracy theorist at this point but seeing how you’ve just admited to being served a gag order, saying “it is rare” is not reassuring.

Furthermore, they have been quite agressive when people called out that they might have been served a gag order.

If you recall, when people started calling it into question that A) their canary wasn’t getting renewed and B) they continuously made posts about birds, they posted this:

and ffs, this has nothing to do with warrants or canaries. that’s why we end up not tweeting.

In my opinion, that is not the way to talk to a community to which it is crucial to trust you. The security of journalists, activists and others relies on this trust and reacting like this, as I’ve said in the past is A) impolite and B) really terrible in retrospective, now that it has been proven that you actually got forced to cooperate with the FBI.

They continue:

Q: Why didn’t you update your canary?

A: In the Winter of 2016, the canary was not updated on time. The canary was so broad that any attempt to issue a new one would be a violation of a gag order related to an investigation into a DDoS extortion ring and ransomware operation. This is not desirable, because if any one of a number of minor things happen, it signals to users that a major thing has happened.

Are you doing this on purpose? Are you trying to get me as fired up as possible by making these kinds of statements? Because this is not something you should take lightly and I for one evidently passed the point of being polite about this some time ago.

But let’s deconstruct this for a second. First, they state that “The canary was so broad that any attempt to issue a new one would be a violation of a gag order”. Yes, so?

THAT IS THE PURPOSE OF THE CANARY! The way this statement has been made, it seems like you might actually believe that the canary you youself set up in this way actually was to restrictive for law enforcement to make requests while keeping it up. But that’s what the canary actually is supposed to do. Are you sure you are in the correct business?!

Their continuation with “it signals to users that a major thing has happened.” is even more ridiculous.

So a running FBI investigation on a service like your isn’t what we should consider “a major thing”?! WHAT CONSTITUTES AS A MAJOR THING?! The Great Old One Cthulhu comming over to take your servers away? What did you think would happen when the FBI knocks? What did you think you needed a canary for if not for this exact case?

Q: Why does the new Canary not mention gag orders, FISA court orders, National Security Letters, etc?

A: Our initial Canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason. The current Canary is limited to significant events that could compromise the security of Riseup users.

I have no words.

Just this: The fact that you now genuinely feel convident in telling your users that you can assess what is and isn’t a “important risk” terrifies me.

Riseup.net you are so much worse in this regard than I could have ever imagined when I made my previous posts, which were mainly based on a reasonable amount of speculation and analysis of your reactions. In my last post, I gave you the benefit of doubt that you simply lack someone to properly communicate in your team, now, I sadly stand corrected.

I honestly wanted to be proven wrong on this. Or at least see them take proper meassures after this has come out. They didn’t.

Have a nice day,

Ego

2 Likes

we have not disclosed any private encryption keys, and we have not been forced to modify our system to allow access or information leakage to a third party.

[INAL and nitpicking] doesn’t this open a backdoor by having an operative become a riseup member. Then technically it would be no longer a third party?

2 Likes

Touché.

These “Riseup” People have quite a strange kind of Humor :
from the about page :

All your data, including your mail, is stored by riseup.net in encrypted form

from the Canary Statement

We have taken action to ensure that Riseup never again has access to a user’s stored email in plaintext.

They are just a bad Joke maybe the “Riseup Birds” got the Bird Flu :stuck_out_tongue:

+1 to everything Ego said

  1. They don’t know how to use a canary.
  2. They get defensive about their stupidity and moralize it thru and thru.
  3. They continue insulting our intelligence by proposing some worthless server-side encryption scheme.

Roses are red
Violets are blue

Nobody’s going to jail just for you.

That’s why the only answer is privacy by design not policy.

2 Likes

Might be a good idea to change this now and also the “@riseup.net” email address on the help page, “Free Support for Whonix”, if no longer in use.

Also, has anyone noticed the sigaint addresses, “http://sigaintevyh2rzvw.onion” and “https://www.sigaint.org/” have been unreachable for a few days now?

I can confirm that Sigaint is down
If you only need to receive Emails :
https://anonbox.net/
http://grrmailb3fxpjbwm.onion
these might be sufficient. (Maybe we should add 24h Emails to the Email wiki @HulaHoop @Patrick)

Ephemeral inboxes are very limited. Lets stick to alternative fully functional services or better yet alternatives.

Wow Ego, it sounds like you were denied a riseup account once and have a lot of anger about that! You are reading way too much into what they said. It is pretty simple, but you are complicating it unnecessarily. There wasn’t a FBI investigation into Riseup (your words), they received a warrant from the FBI for specific user’s emails.The two are very different.

I’ve been a Riseup user for almost 8 years now. I’ve followed them closely, they have been the only trustworthy organization out there that I felt comfortable putting my email on their servers. They have always done the right thing, and after this incident, I trust them more, especially now that my email will be encrypted there (they already encrypted their drives, but now nobody in their organization can see the emails).

They had a warrant canary, they got a warrant, they didn’t update the canary (they could have lied and just updated it, kudos to them). They realized the canary was making people worry when they didn’t need to worry, so they tried to reassure people without breaking the gag order. Because I have trusted Riseup for a really long time I was reassured by that. I believed, and I still believe, that if the issue was something to worry about, Riseup would have acted very differently.

Now that they have clarified things, it seems pretty obvious, they didn’t update the canary because they got warrants for people who were abusing their systems, and they didn’t want to lie about their warrant canary. They would have been better off to lie about the canary, but I prefer honesty and their integrity is why I’ve continued to trust them.

They already encrypted their drives, and use SSL, and don’t log IP addresses, being able to encrypt the stored mail is pretty great. I’m betting that it was not an easy thing to do with so many users.

goldstein: there is a difference between disk encryption, and what they implemented. those statements aren’t contradictory, they’ve taken additional steps to improve what they already had.

Good day,

I can see why you’d say that and I’m sorry if I was a bit aggressive in the way I made my statement.

That being said, I’d like to say that for the record, I never attempted to get an account at Riseup. I simply was of the opinion, that in regards to the laws, Riseup’s location in the United States made it by design unfit for me, considering their systems non open nature.

So no, I don’t hold a personal grudge against Riseup and I’d like to think that even if they had denied me an account in the past, I wouldn’t think of them any less because of this. I’m a lot of things, but petty is not one of them.

I’m sorry but while those two are different things, they are still intertwined with one another. A warrant is a tool, used in an investigation. The two are different, strictly speaking, but were a warrant, there an investigation according to US law. Warrants are a part of Criminal investigations and as such, a warrant means, that an investigation at Riseup took place.

But lets just quote Riseup on that front:

The canary was so broad that any attempt to issue a new one would be a violation of a gag order related to an investigation into a DDoS extortion ring and ransomware operation.

So I don’t really see what your argument is based on this aspect.

That is great in my eyes, more power to you then. However, if I may then justify my previous rage by making clear why I “lost it” regarding their reply: I can obviously not make judgements based on posts, so it is impossible for me to tell how necessary the anonymity is for you. Because there are people, who depend on services like Riseup to stay secure and protect them for a variety of reasons. Especially journalists depend on such services in a massive way. These are people who cannot afford that their traffic and mails gets accessed without them being aware of it.

These are the people that cannot just “trust” Riseup, as trusting something, even if you have a long positive experience with it can put you, as well as informants in danger.

I have admiration for what Riseup has been doing for more than a decade and have very high respect because of it. However, because of what they have to do, I would and could never trust them. Or any other provider like Protonmail or Lavabit. Thing is, that because I have respect in them, I was so disappointed in their reply. I presumed that they’d say that the canary “worked as intended” when it, according to them, didn’t.

Changing the canary now feels like fixing an issue, which wasn’t one.

I actually gave Riseup the benefit of the doubt of simply being bad at communication and not having someone to properly handle social media in a previous post, because part of me wanted this to be a simply misunderstanding.

I’m sorry but not lying shouldn’t be considered something positive regarding the things they do. It should be the bare minimum standard for doing what they do.

Thing is, the canaries purpose is to make people worry and consider securing what can be secured. At a service like Riseup, it should be there to inform journalists and other users in a subtle way that maybe they should consider telling their contacts to “not whistleblow” for the time being. It is there to tell human rights activists that maybe they aren’t as safe as they’d want to be at the moment.

In regards to the people who need the services by Riseup to be 100% secure, it is better to be safe, than sorry.

I really doubt that. If they’d lied, would many people stay with them? Not everyone can afford to put as much trust in them as you apparently can so lying would not just be awful, it would also be stupid from a publicity perspective.

Either way, it is great to see that you have so much faith in Riseup and I wouldn’t want to change that. Like said my (over)reaction mainly came from me considering who really could suffer from any kind of inconsistencies on part of Riseup.

Have a nice day,

Ego

“Riseup did nothing wrong” meme
Funny how you defend them , you really seem to like them, to blindly believe what they say.
I wouldn’t trust a service that worked with some agency and then attack anyone questioning their Canary , this Time they gave out Informations related “only” to “bad guys”, next Time you might be the bad Guy (the Government decides this, not Screwup.net), they should scrap their Canary because it’s worthless…but hey at least they are “honest” lol

It should be a trustless Setup without people to pressure with Jail, until then it’s not even worth it to consider it secure…

While its true the FBI was interested in user emails not the admins running things, there is no need for the passive aggressive tone.

Whether they do the right thing or not (depending on who’s opinion?) is besides the point. Only technical means to enforce privacy is what matters. The rest is meaningless. Promises can be broken, people can be threatened or bought off, central servers are huge targets for hacking. Centralized services are just bad.

Also you are deceived if you think the new server side encryption is anything besides PR. If the user doesn’t hold they key then the contents can be silently recovered and handed to a third party. Simple.

Before this incident they were disorganized and failed to update their canary on time. People had to nudge them to get them to do it. So when this happened no one knew if they were being negligent or if something was going on.

Also when people were alarmed at their bird related tweets they misleadingly denied in a direct way that they’ve been contacted by LE. A bare-faced lie.

They’ve clarified that they protect privacy based on their personal discretion not as an absolute principle. They lied about the canary see what I’ve written above.

The “technical” protections are toothless drivel. See above.

1 Like