A - I n f o s
a multi-lingual news service by, for, and about anarchists **

News in all languages
Last 40 posts (Homepage) Last two weeks' posts

The last 100 posts, according to language
Castellano_ Deutsch_ Nederlands_ English_ Français_ Italiano_ Polski_ Português_ Russkyi_ Suomi_ Svenska_ Türkçe_ The.Supplement
First few lines of all posts of last 24 hours || of past 30 days | of 2002 | of 2003 | of 2004 | of 2005

Syndication Of A-Infos - including RDF | How to Syndicate A-Infos
Subscribe to the a-infos newsgroups
{Info on A-Infos}

(en) Italy, Update - ARUBA-POSTALPOLICE 1 / PRIVACY 0: what happened [it]

Date Thu, 23 Jun 2005 17:28:45 +0300

The cryptographic services offered by the Autistici/Inventati server,
housed in the Aruba web farm, have been compromised on 15th June 2004.
We discovered the fact on 21st June 2005. One year later.
One year ago the authorities (i.e. the postal police), during the
investigation that led to the suspension of an email account
(croceneraanarchica-at-inventati.org), shut down our server without any
notice, and copied the keys necessary for the decryption of the webmail.
Since then, they potentially had access to all the data on the disks,
including sensible information about our users. This happened with the
collaboration of Aruba, our provider.

When we noticed that the server was unreachable we repeatedly called the
Aruba web farm, asking for an explanation. They made up silly excuses
about technical problems, deciding that their clients, their contracts
and the rights of our users weren't worth a single phone call to the
server legal owners. They lied and totally disrespected even the most
basic rights and the privacy of those utilising their services..

Our presence and that of our lawyers would have been a guarantee that
they could obtain the information they needed without violating the
privacy of all the people who use our cryptographic services. We could
and we would have been able to warn and protect our users.

We always suspected that they weren't trustworthy, both on a personal
and technical basis. The very low level of the service they offered
sadly accustomed us to the silly excuses they made up for technical
problems. Unfortunately at that time we had no alternatives. The server
had to be housed and none of the possible solution we found offered more
guarantees neither on user privacy respect nor even on fulfillment of
their own contractual duties. We relied on Aruba and we made a mistake.

What happened is very serious and we don't want to hide behind unlikely
perspectives of revenge. It will be a hard struggle. A battle that we
will fight on every possibile level, including the halls of justice.

Our constant paranoia in dealing with personal data, aiming to protect
our users data, wasn't enough. We lacked resources and an we
incautiously and unreasonably trusted the laws protecting privacy.

We shut down our safe cryptography services since they cannot be
considered safe any more. We will shortly stop the mail service too. We
will, as soon as possible, reactivate all the services on a new server,
cleaned and sanitized, hosted by a different provider.

But this won't, of course, be enough. It's clear that against such an
enduring effort aiming at the systematic violation of Internet users'
privacy we must reconsider the meaning and the strategies of our

Aware of our potential weaknesses, we've been working on a completely
new version of our whole infrastructure, trying to rise the level of
protection of our users' privacy. Soon, we hope before summer's end, we
will disclose all the technical details, hoping that they will clarify
the effort required to build infrastructures which could protect what
should be considered - at least in theory - as a part of the basic

What we hope everyone will learn from what happened is that privacy
can't be appointed to anyone but ourselves. There's no political
structure or technical instrument that can guarantee your privacy.

We are, one more time, asking and suggesting everyone to use strong
encryption instruments (i.e. pgp/gpg) for the protection of both mail
and data on personal computers. And to use common sense for everything
else. We can only guarantee that we will continue to do everything we
can to protect the privacy of your and our communications and your and
our freedom of speech.

June 22, 2005. Autistici/Inventati Collective

Forwarded from:

* inventati/autistici project is an antiauthoritarian
anticapitalist initiative
A-infos-en mailing list

A-Infos Information Center