Newsletter February 2017

Hey everybody and happy new year!

In cybrigade (the administrative group behind espiv.net & squat.gr) we constantly try to communicate every change and improvements we make to our services, along with helpful instructions on how to use them.
Lately, we’ve kind of neglected that, but we promise hope to come back.

With that in mind, read the newsletters that we send and provide us with feedback/questions/suggestions (to support@espiv.net); this will surely benefit us all.

[Table of contents]

0. Newsletters available in Mailbox
1. Mailing lists without administrators
2. Mailing lists and Yahoo emails
3. Mail quotas
4. Auto redirect webmail to onion service when using Tor Browser
5. Participation in events in Larissa and Volos, Greece

Newsletters available in Mailbox

Those of you who use our email service, might have noticed a new directory showing up in your maildir named “Public->Newsletters”.
Inside that directory you can find most of the newsletters we’ve been sending over the previous couple of years, so that everyone, even newcomers, can read and benefit from them.
Those who haven’t done it already, please spend a few minutes to read them. You’ll surely find interesting stuff…

Mailing lists without administrators

There have been several occasions lately, where mailing lists’ administrator email accounts are not in use any more.
The most common reason for that is either an unavailable email account (one that is closed or disabled) or an email account that is rejecting new incoming emails, due to a full mailbox.
As a result we can no longer communicate with those lists’ administrators, and can’t confirm any changes requested by the rest list members.
Mailing list members/administrators that don’t know whether their administrator account is active or don’t know who administrates their list, should contact us immediately.
Lists without an active administrator email account, will be deactivated.
If a mailing list is no longer needed, an *administrator* of the list may contact us and prompt us to delete it.

Mailing Lists and yahoo emails

Proper adjustments have been made to our mail server and mailing list software to make espiv lists able to receive emails from yahoo email accounts again.
All mailing lists have been set to change their “From:” address to mailing list’s email address when an email originates from yahoo domains.
Even though we don’t recommend changing these settings, any mailing list administrators that want to, they should probably read the relative link below before proceeding to changes.

Links:
https://wiki.list.org/DEV/DMARC

Mail quotas

Last August we started forcing mail quotas (hard email disk-space limits) for all email users, following our previous announcements.
We’d like to remind you that mail quota is 300Mb, no exceptions made.
You can find instructions on how to regularly cleanup your mailbox in the link below.

Links:
https://espiv.net/en/2016/09/17/tips-pws-na-katharisete-to-mailbox/

Auto redirect webmail to onion service when using Tor Browser

For some time now, we automatically redirect all users who are visiting https://mail.espiv.net/ through Tor (e.g. TorBrowser), to our webmail’s Onion Service (http://5sn2hxofsu6b55lo.onion) for more online protection.
You can find more info about espiv’s onion services in our website on the links below.

Links:
https://tor.eff.org/projects/torbrowser.html.en
http://5sn2hxofsu6b55lo.onion
https://espiv.net/en/yphresies/onion-services-tor/

Participation in events in Larissa and Volos, Greece

Last November we joined two events in Larisa and Volos, Greece as there was the birthday  fest of “Ntougrou Squat” in Larisa and because we were also invited by comrades of “Termita Squat” in Volos, to present the latest leaflet we published, named “On decentralization and other daemons”.
The communication we had was very fruitful and it wasn’t just confined to presentations (and beers).
Various other topics were discussed, like the course of internet activist infrastructures (historical flashback), the importance of releasing ourselves from commercial providers while trying to have activist communications, issues around security and privacy, the structure, ways of operation and decision taking of cybrigade and more.
The most important part though was that we finally met with each other and (hopefully) made more clear that cybrigade is not just an alternative provider of digital services but a collective that was born and strengthened in the radical and anti-authoritarian movement, and (is trying) to offer back to it.

Thanks a lot for the invitation, comrades! Cheers to next events!

Links:
https://www.kinimatorama.net/event/74323
https://www.kinimatorama.net/event/74983
https://espiv.net/2016/04/13/apokentrwsh-internetikwn-ypodomwn/

Cybrigade,
your beloved administrative collective of espiv.net and squat.gr

Published
Categorized as , news

Newsletter February 2016

Greetings everyone,

following our last newsletter, we would like to inform you that after the merge of squat.gr and espiv.net[1], there is the possibility to choose whichever domain you wish between the two (squat.gr or espivblogs.net) when composing a hosting request to create a blog. For the time being though you cannot create squat.gr mails and mailing lists.

[Mixed content]

For some time now, the browsers have been blocking what is called “mixed content”, namely when there is http element (say a picture) on an https page, and it is a common problem on the web. To get around this problem one has to link a picture without explicitly defining the protocol (https or http), thus letting the browser/visitor choose how it is going to download and display the picture.

For example, src=”http://mysite.espivblogs.net/files/2015/10/mypicture.jpg” must become src=”//mysite.espivblogs.net/files/2015/10/mypicture.jpg” This way, when one visits http://mysite.espivblogs.net/ they will be given the .jpg with http, while when they visit https://mysite.espivblogs.net/ they will be given https. Easy!
It is our immediate goal to turn all of the blogs into https only and stop having a mixed content problem.

[Keeping public web content online]

We, the collective managing espiv.net/squat.gr, have mentioned in the past that our day-to-day operations include some house-keeping for our servers: bringing down inactive services or/and software that we cannot support. However, when it comes to the web blogs we host, it is our conviction and our suggestion that these blogs’ content stays available online , even if the groups that originally created them have disbanded. It is important to us -and we believe beneficial for the history of the radical movement aswell- that those are accessible as an archive.

[files.espiv.net as a hidden service]

The files.espiv.net service (file sharing) is also available via tor hidden service at the address z7zbg7sxhxfergpo.onion (entering via tor browser). We remind you that the access code is “espiv”. It is better to use that service when you wish to exchange large files, instead of burdening the available space on your mailbox aswell as the one of your comrades [2]. That’s even more important if you are using a mail account hosted with radical/alternative servers, where the disk quotas are limited (i.e. for espiv it’s 100mb). That way you make the administrators’ work easier (and you get rid of their nagging 😉 ).

[Service requests coming from cooperatives (legal entities)]

All the requests concerning new services are reviewed by members of our collective, according to the hosting terms that we have set: https://espiv.net/terms_of_service/ . One of the things that we request is that each mail/blog/list is not related to reasonings involving profit. We have received many times requests from entities legally founded as “workers’ cooperative”, self-managed marketplaces, or fair-trade networks and various similar projects to which we gave a negative response.

It is widely acknowledged that these projects operations does include profit, despite the different character that they might want to give to the production procedure. At espiv, we have agreed and request that the services that we freely provide not to be related to any kind of profit. This should not be considered as a holistic approach of our collective against this kind of projects. And it is not necessarily binding for the choices/opinions of each and every espiv member. On the contrary, it is the product of minimum agreements, that outlines the operation of espiv. We shall also state that it’s a collective attempt to break down the chain of money in human interactions.

[Safe use of emails]

Email security depends on the following factors:

Where emails are stored

What form they are in / who can read them

How emails travel through the internet

a)Using thunderbird or webmail doesn’t change something at this point. Do you trust the group that manages the server? The company that hosts it?

b)It is almost certain that the emails you receive are not encrypted (with GPG). In other words they travel in plaintext through the internet. This means that the admin group of the server can read them. This also means that a malicious third party that compromises the server, will be able to read the emails aswell. Are the disks of the server encrypted? If the police or the employees of the hosting company confiscate the server’s disks, will they be able to read their content? Webmail cannot add any type of security on these questions.

c)How do you connect to mailserver? Do you use encrypted connection TLS? In other words is the transport between the email client and the remote server encrypted? If not then any person in-between will be able to view your password and your emails as they are being downloaded to the email client. If you wish to use webmail you should be using HTTPS to connect to you email provider website.

At espiv we use roundcube for webmail but we encourage the users to use email clients like Thunderbird and download their emails locally on their computer. We also encourage the use of public key encryption and Tor for anonymity.

At espiv we put effort into keeping the emails that we host as secure as possible. We use full disk encryption, we manage the machines by ourselves, machines that are located in trusted places. We enforce encrypted connections with TLS is mandatory and we verify the encrypted communication between our server and other radical providers (Riseup, Autistici, aktivix, etc.). Especially when it comes to webmail, we are using different means to lock down and isolate the web application from the rest of our systems, since web applications are usually vulnerable.

[1] [https://espiv.net/2015/12/09/ta-squat-espiv-upo-koini-diaxeiristikh-omada/ ]
[2] instructions for that service:
go here https://files.espiv.net/
you will be asked for a password, you type “espiv”, click the browse button and you select your file from where you saved it.
once it has loaded, click the share button and you will be presented with a url address. Copy that and send it to your contacts.

your beloved radical tech collective of espiv.net and squat.gr

Published
Categorized as , news

How do I migrate my joomla site to espivblogs?

The migration of the content of a Joomla site becomes fairly easy by using the “FG Joomla to WordPress” plugin. The requested steps are the following:
    
  1. We activate the “FG Joomla to WordPress” plugin.
  1. On the Dashboard of espivblogs we click Tools → Import → Joomla(FG). If we don’t have a blog in espiv, we make a request through the hosting form https://espiv.net/form/
We need the following data from the site’s config :
    
    
$user= ‘$dbusername’; Username
$password= ‘$dbpassword’; Password
$db= ‘$db_name’; Database
public$dbprefix = ‘$dbprefix_’; Joomla Table Prefix** 
 
  0.3. After we have filled in all of the above data, we click on “test connection” to make sure that everything is correct and that we can connect to the joomla base. If everything turns out ok, we move on to the following import,
  
  0.4. After we have carefully read and chosen the options that we want for the content import, we click the related option.
   – The import can run as many times as we wish. There is also the choice of clearing the content before running again, so we can try more than once, however the transfer takes some time, especially if we have chosen for it to clear the content beforehand. If during the transfer you get an “error” page, refresh. It will have to load again.
   – For any occurring problems, we check here first: https://wordpress.org/plugins/fg-joomla-to-wordpress/faq/
     Also, you should pay attention to the description of the transfer here https://wordpress.org/plugins/fg-joomla-to-wordpress/
     If we don’t come across a solution, we inform espiv via the bug report form (https://espiv.net/bug_report/ ) or via email at support@espiv.net
  
  0.5. If we are finished with the content transfer, we are done. We deactivate the plugin so that the data from the old base won’t be saved.
       If there was a joomla domain that we would like to maintain, we inform espiv as stated above, to make the necessary changes and delete the old joomla site.
       
When it comes to the appearance of the site, it will obviously be different and you will have to dedicate some time to organizing the menu and the categories, and you will probably be able to choose a theme similar to what you had in mind.
On the farm, we are the ones who make the additional installations of plugins and themes, and if you come to need something that is not already installed, you contact us.
**Note: It is preferable that espiv fills in the data for joomla sites that it already hosts. If the joomla site is on another provider, you will need to request/have the above data in order to proceed.
Published
Categorized as Joomla, howtos

squat.gr and espiv.net under same administration collective

espiv.net and squat.gr are now under the same administration collective. Both groups were always in close communication exchanging knowledge/expertise and were both supporting each other by technical means. Besides the geographical adjacency, we, “people” from both groups, share the same political values, placing ourselves into the competitive/antiauthoritarian/anticapitalist movement.

Recently, we decided to unify our infrastructures due to reduced people dynamics in one of the projects. From now on, a unified administration collective, cybrigade (espiv), will be responsible for both projects. At the moment, basic services that we are offering will remain as-is. However, terms of services will change to the ones set by espiv.net (https://espiv.net/terms_of_service/). Technical Maintenance has already started and upon completion, new blog users will be able to select which one of the two domains would prefer for their blogs.

We believe that it’s crucial to develop autonomous (hosting) infrastructures to boost communication and expression. It’s a matter of culture, organization model and technical perfection that those infras remain decentralized. We are setting this both as a challenge and as a necessity; the development of those  infrastructures will “embrace” and expand the “work” of squat.gr and espiv.net.

We do not oversee that this coalition of espiv and squat forces, may seem as a small step backwards on the path of decentralization and that is why, we are publicly emphasizing the importance of developing new similar activities. Finally, we hope that our move will not act as a deterrent to those objectives but instead promote them.

Your favorite administration collective of espiv.net and squat.gr

Published
Categorized as news

October 2015 Newsletter

Hello to everyone!

-New espiv.net webpage-

As you may already have seen, our site espiv.net has been upgraded. Our new webpage is now also hosted on espivblogs multisite, alongside the vast majority of groups hosted on the server. This transfer was deemed necessary for technical upgrade reasons, and is part of our overall effort to move all of our websites into espivblogs multisite. This effort concerns both new blogs and many of the older ones hosted outside of multisite. The basic features of our site remain the same.

You can submit a request for services in the same way as before: through the Join Espiv form (see Hosting). You can use the Bug Report form (see Contact) if you’d like to report any malfunction/remark on our new webpage. Please contact us via the same Bug Report form regarding problems/remarks/questions or any suggestion you might have related to espiv.net services.

For issues unrelated to espiv.net services (general communication purposes), please contact us via the Contact form.

-New secure connection certificates for espiv.net and espivblogs.net-

Espiv.net are using secure communication protocols (TLS) in all of its services. The certificates issued for these services come with an expiration date, thus renewal is required.

As of July 5th2015, all espiv services use the newly issued certificates; two wildcard certificates are being used: one for espiv.net domain and one for espivblogs.net domain.

Please make sure you are using only secure communication protocols (such as HTTPS) with the following certificate fingerprints:

espivblogs.net

SHA256Fingerprint
B6:EE:9A:3E:9D:41:68:C9:06:FF:CA:85:0A:1E:7E:36:11:7F:DE:35:E0:37:A3:C7:E8:DF:A1:7C:43:2B:B6:DE

SHA1Fingerprint
9D:64:5B:B0:4A:99:BE:34:CB:FF:8E:FC:89:80:2C:DE:45:3B:74:67

espiv.net

SHA256Fingerprint
C3:A6:30:4E:AC:61:C2:6E:73:BF:48:5B:D2:51:5B:EB:21:A2:96:8B:7C:19:4D:0E:88:16:65:40:E1:BD:85:F4

SHA1Fingerprint
6C:32:01:E8:A5:9B:BC:F0:ED:C1:46:8B:3B:16:0F:69:D8:8E:78:39

Modifications are currently active on all websites, blogs, webmail, email, mailing lists and forums that are administrated by espiv.

-Hosting requests to espiv-

Espiv is an antagonistic infrastructure. Terms for being hosted in the server can be found here: https://espiv.net/en/terms_of_service.

Our only criterion for providing our services to you is your acceptance of these Hosting Terms.

When you fill in the Join Espiv form (see Hosting) to request hosting services, we ask that you submit an active email account, as it is for us the only way to verify that this account belongs to specific users, once a service is activated. For example, if you need initialization (reset) of password at some point, or some other problem occurs, we will use your initial contact email. So, it is important that this email account belongs to the same users.

It is understandable that, in case you lose access to this backup email, you will not be able to retrieve your password. Additionally, if a malicious person gains access to your backup email, they will have the possibility to request password initialization of an espiv.net email or service. In these cases, espiv.net administration collective will not be able to help you.

-Creation of new Discussion Forums (SMF) postponed indefinitely-

As you may already know, since October 2014 we no longer provide the possibility of creating Discussion Forums (SMF) at espiv.net. Unfortunately, for the time being, there doesn’t seem to be a secure and centralized mode for administrating forum software, which is essential for us to continue to support it with our current resources. Besides, the space occupied by forums on the server has greatly exceeded the limit we had set for this particular service.

As a result, and mainly because of these two facts, the creation of new forums has been postponed indefinitely.

There are other collectives (outside of Greece) that provide similar services. Please have a look at the list of radical tech collectives and their services: https://we.riseup.net/yellowpages/services.

-Proper use of espiv services-

Already at previous newsletters, we have highlighted the significance of secure use of our services. It is equally important for the viability of our project that users preserve resources. The hard disk space is a relatively expensive resource for our servers. Also, the less data/emails we store on the servers of providers we use, the better for the security and privacy of the individual or collective that uses an email/forum. Please find out how to download/back up your emails to a local drive. You may also read: https://espiv.net/en/2014/09/13/newsletter-σεπτέμβρης-2014

It should be taken into account that an infrastructure like espiv does not have “unlimited” resources, as some commercial providers do, and that their overuse by registered users may hinder activation of new users in the future.

We ask you to check the space occupied on our server by the services you are using (mainly email accounts and forums), and try to stay within the recommended limits.It is strongly advised that you store your email and forum data locally.

If you need to share a file, it is preferable to use our file sharing service offered at https://files.espiv.net. You can upload up to 400MB of files, which are automatically deleted after a maximum of one month. The upload password to files.espiv.net is: espiv

We recommend everyone to use espiv services through Tor: https://espiv.net/en/yphresies/onion-services-tor

-Email account and data retention policy-

We want to summarily remind you of our email account and data retention policy in espiv.net:

– Spam/Trash are automatically deleted after 21 days.

– Email accounts are deactivated after 6 months without login.

– Email accounts, whose users have not contacted us for reactivation, are *deleted* after 12 months without login.

More here: https://espiv.net/en/yphresies/politiki-diatirisis-dedomenwn-kai-logariasmwn-mail

-New service of encrypted mailing list-

We have launched a new service that is very similar to a fully encrypted mailing list (technically called “re-mailer with encryption capabilities”). To join such a mailing list, you must necessarily have a GPG key. As member of this type of mailing list you will have your own GPG key, and the list itself will have such a key as well.

To send an email to such a mailing list, you need to send a message encrypted with the list’s public key and signed with your own key. The mailing list will verify the signature of the email generated with the user’s key, decrypt the email text and then encrypt it again separately for each of the rest of emails/GPG keys in the mailing list.

The mailing list is administrated by one or more moderators, who are responsible of adding/removing members and their keys in/from the list.

The benefits of using such a mailing list are many:

I. The original sender of an email is not shown in the headers or body of an email unless someone decrypts the email sent through the mailing list. This makes it much more difficult for a third party to find out who the members of a list are.

II. Because of the fact that every email has to be signed by the member’s key before being sent to the mailing list, it is impossible for a third party to use the “From:”address of a member of the list and send a fake email to the list. Members of such a mailing list are sure of the sender’s identity once they see an email sent to their list, something particularly useful for closed user groups.

III. Since the sender and the content of emails are encrypted, even if someone gets access to a user’s mailbox on a server, they will not be able to read these emails unless they ALSO gain access to the decryption key located on the user’s computer, but ALSO to the decryption password known exclusively by the user.

IV. No one (except moderators of the service) has access to the private key of the mailing list; that is, if a member leaves the group, they can no longer have access to the list and read the emails; moreover, there’s no need to change the key of the list just because a member has left the mailing list.

V. The particular software, but also the setup process we’ve chosen, has made it possible to remove a great many headers that could reveal personal information of users (IP, mail client, etc.). Every such list tries, as much as possible, to protect the anonymity of its members from people that are _not_ members of the list, such as mail server moderators.

We suggest you find out how Public Key Cryptography and Gnu Privacy Guard work.

If you are interested in using this service, please contact us at support[at]espiv.net

espiv.net administration collective

Published
Categorized as , news