Secure Storage and File-Sharing for Freedom Fighters

From IFF Wiki
Jump to: navigation, search
Secure Storage and File-Sharing for Freedom Fighters
Presenter(s) Chris Wood, Liz Steininger, Brian Warner
Title(s)
Organization(s) Least Authority
Project(s) Tahoe-LAFS, Gridsync
Country(ies)
Social media
2017 theme Tools & Technology

We’ll host a conversation about the various tools, technologies, and practices for secure storage and file-sharing for internet freedom supporters. This will include a casual discussion of participants’ present needs and practices, a group-led assessment of currently available options and their shortcomings, and a brainstorm of what we want to see in future offerings. There are two goals: 1) to give attendees a better sense of their current and future options, and 2) to identify commonalities in needs among participants in order to get a better idea of where tools should be moving in this space. We would be happy to have others join us in hosting this conversation.

Format Conversation
Target Groups
Length 1 hour
Skill Level Novice
Language English


Session Outputs

Next Steps

Additional Notes

Relevant Resources

Contributors

Potential Tools

(also see https://en.wikipedia.org/wiki/Comparison_of_file_hosting_services)

  • Dropbox
  • Google Docs
  • Etherpad
  • Owncloud/NextCloud
  • Onionshare
  • SpiderOak
  • Tresorit (like Dropbox but encrypted)
  • Zettabox
  • Box.net
  • Bitsync (from Bittorrent)
  • SyncThing
  • Sparkleshare
  • Tahoe-LAFS
  • IPFS
  • Storj
  • rsync.net
  • casebox (for lawyers)
  • sandstorm.io
  • peerio
  • keybase
  • FramaForm
  • Maadix.net
  • Martus
  • duplicati

Features

  • Form input (e.g. google docs)
  • collaborative editing
  • file sharing
  • backup
  • publishing
  • versioning / conflict resolution
  • censorship tolerance
  • looks mainstream (don't have obvious crypto apps installed on your phone)
  • deniability
  • selective access
  • predictable security properties, predictable behavior

Tradeoffs

  • ACLs (access control lists) vs server-sees-everything
  • self-hosted vs reliability
  • client-side encryption vs web access
  • low bandwidth
  • centralized

some use cases

  • JFK lawyers: volunteer legal help for noncitizen detainees
    • new volunteers arrive at airport, want to help
    • need to record intake info / notes on victims, share with back-office legal staff
    • data is sensitive, must not be gathered in one place where it could be stolen
    • currently using a big google docs spreadsheet, want something better
    • ideally the JFK-side lawyer can drop an intake record into a write-only directory, where back-office staff can read it (but nobody at the airport)
  • Panama Papers investigations, collaborative story editing
    • need to exchange draft stories, notes, sensitive docs
  • panic 5-minute-warning leave-the-country
    • want to quickly erase everything and pick up a cloud copy later

Wishlist

  • client-side encrypted
  • open-source, audited
  • server runs in different (user-choosable) jurisdiction
  • easy to use
  • install anywhere: phones, computers, servers
  • clear policy/process for deletion: removing an item should really remove it, not leave parts visible to forensics