On July 8th, 2014, members of the Cybrigade admin crew, as well as representatives of the Proledialers (call-centre workers, whose blog is hosted on espiv), went to the Panteion university premises. Their presence was enough to put the server back in operation.

The attempted silencing of hundreds of collectives that use the espiv infrastructure was averted. Certainly, this does not mean that similar attempts by either the authorities or private individuals cannot occur in the future.

Espiv is not owned by one administrative group, but rather is an infrastructure already used by a big part of the movement. Therefore, the struggle in defense of espiv server concerns us all. Faced with an attempted attack on struggles within the labour movement, on infrastructure of the antagonistic movement, on islets of freedom of expression and speech, solidarity is our weapon.

We support the new call by the Proledialers, for Monday the 14th of July at 9am in the office of the Labour Inspectorate located in 10, Agisilaou Street, Athens.

There is an urgent situation regarding espiv’s infrastructure inside the Panteion University (in Athens, where espiv server is located). Below is a first announcement by Cybrigade, espiv’s administrative collective, about the current shutdown of the server:

Today, Monday, July 7th, 2014, the rector of the Panteion University ordered that the espiv server be unplugged and put out of service. The pretext was an extrajudicial notice which was served to the university administration by the owner of the call-centre company OnLine Sales, by which the boss asks that a blog post which is allegedly defaming him be deleted and that the authors of the same post be named.

The specific blog post is as follows:

——

OnLine Sales: Employer continues to act arbitrarily; we call for a gathering at the Labour Inspectorate (Athens)

On June 6th, 2014 the boss also sacked the colleague E.T. because she refused to continue to work unpaid and overtime until she’d achieved the “sales targets” of the company. This requirement, as we have noted many times before, is a daily practice at this call center. However, in the case of the colleague E.T., the boss exceeded all limits, and assaulted her verbally and physically after she was asked to sign a document which stated that she would not make any financial or other claims to the company, but she expressed legitimate reservations.

*/ We remind that on Monday, June 16th, at 10am, the Labour Inspectorate (located in 10, Agisilaou Street, near Omonia, Athens) will examine the complaints of fellow workers I.K., E.D. and E.T.; this is why we invite every trade union, collective, neighbourhood assembly, and every single colleague to attend the meeting and support our female co-workers I.K. and E.D. in their struggle for reemployment, as well as E.T., who experienced this blatantly arbitrary employer behavior./*

More related posts on this topic can be found (in Greek) here https://espiv.net/proledialers1.html and here https://espiv.net/proledialers3.html”

——

Cybrigade, which already exists for six whole years, as administrative crew of the 6-year-old espiv server, informs all concerned that:

Espiv is an internet infrastructure dedicated to the antagonistic movement which stands against capitalism and hierarchy. On espiv, we do not just provide digital space for the expression and organization of individuals and collectives, but we also consider ourselves part of the global community that fights for digital rights, the inalienable right to privacy, interception-free communication, and freedom of expression. In espiv, we oppose in-principle the storage/recording of data identifying those involved in any communication that our server provides. Cybrigade has explicitly stated the following on espivblogs.net and espiv.net:

“The content of all pages on this domain (espiv.net) is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License. The administrative collective defends freedom of speech and expression, so in no event shall uploaded opinions or texts –which are solely the views expressed by their respective authors– be censored. Additional permissions to use this work, beyond those granted by the license that has been applied, may be listed on espiv.net.
Espiv does not store any data enabling identification of users, in any of its services. Data of visitors and users, such as IP addresses, are not registered on the server.”

In conclusion, Cybrigade chooses not to keep and, by extension, not to provide any kind of identification information (aka snitching) to any entity, and therefore neither to employers or other type of oppressors.

We will let you know of our next steps/actions.

On April 28th 2014 a representative of the brazilian Federal Public Prosecutor (the “Ministério Público Federal” — or just “MPF”) removed the hard disks from Saravá Group’s main server, taking down many services hosted by the group. In the negotiation with the Saravá Group, it was agreed that the MPF would only take the disks and leave the machine untouched.

In accordance with its letter of principles, Saravá Group protects all the data in its servers using cryptography. There is no access key in power of the State University of Campinas (Unicamp), so there is no way that the university can provide the data to whoever requires it. It is also worth noting that in Brazil there is no legal mechanism that enforces the Saravá Group to hand over the hard disks’ encryption keys. This way, with strong, properly implemented, free-software based and security-community recomended encryption, users’ data is not under the risk of being violated.

After the action and departure of the MPF from the university, we installed new disks on the server and in less than 2 hours it was back online. Some systems and services related to the old server are still offline, but they are being restored from remote backups. We will generate new encrypted connection certificates (HTTPS/SSL/TLS) as a preventive measure.

Saravá Group is an horizontal, nonprofit organization run by volunteers who maintain the group structure through donations. It is in behalf of providing access to secure tools that collaborate with articulation and organization of research groups, collectives and individuals, that Saravá offers its services for free, in an attempt to establish a cooperative and mutual aid relationship with groups, collectives and individuals that are part of its community and network.

We thank all for the solidarity.

Saravá Group
————–
link : https://www.sarava.org/en/node/109

Last week, a serious security hole was discovered and corrected in the OpenSSL, the open-source cryptography library which is used to secure encrypted internet connections.

Ever since, the various different operating systems and software have issued security updates. (See more: heartbleed, eff)

The said security hole existed for over two years and affected a very large number of systems and services on the internet.

All this time, it is possible that malicious hackers (see e-cops) knew of the vulnerability and took advantage of the situation.

This is why we upgraded to the latest version of the OpenSSL and we changed our SSL certificates.

Make sure that you connect to our services with the correct certificates by checking the SHA1 fingerprints.

To verify the SHA1 fingerprints on HTTPS secure pages, you go to the address bar where a padlock icon can be seen on the left, you press the padlock, and then you select “more information…” and press the button “view certificate”.

For *.espiv.net addresses you should be viewing:

SHA1 Fingerprint=6D:C3:AE:C1:ED:64:32:17:DB:B3:14:FE:B2:C3:01:D3:16:E6:6C:84

For *.espivblogs.net addresses you should be viewing:

SHA1 Fingerprint=AE:A1:20:C0:1C:8E:87:BD:3A:B1:2A:77:2A:3A:02:59:FE:70:0E:93

The next necessary step for everyone is to change all of their passwords for all espiv services. This means you should change passwords on emails, websites, forums, blogs, etc. — on any HTTPS page.

1) Phishing Emails / Spam

Lately some emails may show up in your Inbox, supposedly coming from the Espiv crew, asking the users to enter a webpage and put their passwords there… We repeat it one more time: DO NOT GIVE OUT YOUR PASSWORDS TO ANYONE! You must not reveal your email passwords under any circumstances; not even to the espiv.net group.

The only fields where you should fill in the passwords to your email account are just the two webmail of espiv.net: https://mail.espiv.net & https://webmail.espiv.net — both are found on exclusively secure pages (https), and do NOT generate a notification pop-up of your browser whenever you visit them. Apart from those two sites, please ignore any other webpage that asks you to log in to “espiv.net” email: do not open or click on it!

Besides, the Espiv crew sends alerts and newsletters on various topics only through info(at)espiv.net, and will NEVER ask you to give out your passwords! Any other messages that appear as “espiv.net” have nothing to do with espiv.net; they are spam emails. It’s always useful to report such malicious messages back to us…

2) Upgrades to Pages: SMF Forums & Joomla
Moderators who see upgrade notifications in their forums are kindly
requested to go ahead with the upgrade. Whoever encounters a problem
during this process, may email the Espiv crew at support(at)espiv.net, so
that we sort it out together. The same applies for those who maintain
their page in Joomla.
Latest versions are:
for SMF 1.1 -> 1.1.19
for SMF 2.0 => 2.0.7
for Joomla 2.5 => 2.5.19
for Joomla 3 => 3.2.3
so you should be using the latest corresponding version after the upgrades.

3) Dear users and moderators of mailing lists in espiv.net …
We the espiv.net group decided to remove the archive from mailing lists,
to save us some resources. All of the emails sent to a list can be found
in this archive file — emails which already exist in your Inbox, as
long as you are subscribed to that mailing list. Also, many mailing lists
are not public, thus the existence of a centralized record of all the
messages in a list may pose a risk to the privacy of people involved in
it.

So, the archive files of all mailing lists will be deleted from the
espiv.net server two weeks after sending this notification.

There is a way to save the existing record of your list (however it must
already exist in the Inbox of a member, as previously mentioned). It will
take a few steps to download and view the archive file, and you will need
email client software, such as Mozilla Thunderbird,
mozilla.org/thunderbird.

– In Thunderbird, you should create a new account, preferably the email
account with which you are already subscribed to the mailing list.
– Visit https://lists.espiv.net/cgi-bin/mailman/private/mylist typing the
name of your mailing list instead of *mylist*. Log in.
– Install the add-on for Mozilla Firefox:
https://addons.mozilla.org/en-US/firefox/addon/201
– After the installation you should see an icon like a box, which is the
Manager of the add-on. Click and then click on *+* in order to add url.
– Enter the address
https://lists.espiv.net/cgi-bin/mailman/private/mylist.mbox/mylist.mbox
typing again the name of your mailing list instead of *mylist*.
– Save the file mylist.mbox somewhere on your disk. This is the archive
file of your list.
– Go to Thunderbird and install the add-on:
https://addons.mozilla.org/en-US/thunderbird/addon/importexporttools
– Do right click on our Local Folders, create a new folder and give it the
appropriate name to host the archive file of your list.
– Do right-click on this folder and go to: ImportExportTools > Import mbox
file > Import directly one or more mbox files. Find the mbox that you
downloaded previously.

There you go! The emails from your list should now appear in this folder.