As a result of the continuing Snowden revelations that continue to trickle out, we learn about more capabilities the NSA has and more threats we need to worry about. We’ve started referring to these as our “Snowden homework”, because they require a lot of study and thinking about how it affects Riseup. We are keeping on top of things and making adjustments to our crypto, our processes, and our infrastructure to work to be protected against these new threats. In many cases they were threats we were already theoretically worried about, but now we know the threat is more real and urgent.
Imagine you just found out a member of your project is actually a police informant. What project resources do they have access to? How will your group go about locking them out and protecting yourself? Is there any one person who could bring your project to a halt because they are the only one with certain passwords, access to mailing lists, or databases? Is there anyone who has access to a lot of data who doesn’t need it? (Which isn’t to say they are suspicious, but that a good security practice is limiting access only to people who need the information.)
Are there any changes you could make right now that would make an informant less of a problem?
For sure, this kind of thing seldom happens, but the more prepared we are, the stronger our group will be, and the more trust there can be between the members of the group.
Around 2,000 of you haven’t changed your password in 7 years, and will soon be getting an email from us informing you that you have to change it due to updates in our system. First, thanks for using Riseup for so long! Second, what? Seven years? Really? Everyone should be changing their passwords way more regularly.
Thanks to everyone out there who’s already donated to Riseup! For everyone else who has a little extra, we’ve been hearing some amazing reports that when people donate to Riseup they are filled with a pleasant and satisfying feeling that can last for weeks. Try it! https://riseup.net/donate