Tor at the Heart: Riseup.net
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Riseup.net was started back in 1999 after the WTO protests in Seattle. They provide online communication tools, including email, chat, file uploads and collaborative platforms for people and groups working on liberatory social change. Riseup is a project to create democratic alternatives and to practice self-determination through the control of secure means of communication.
The Riseup collective is made up of many "birds" who believe it is vital that essential communication infrastructure be controlled by movement organizations and not by corporations or governments.
They strive to keep mail as secure and private as possible. They do not log your IP address. (Most services keep detailed records of every machine that connects to their servers. Riseup only keeps information that cannot be used to uniquely identify your machine). All of your data, including your mail, is stored by riseup.net in encrypted form. They work hard to keep their servers secure and well defended against any malicious attack. They do not share any of their user data with anyone. They actively fight all attempts to subpoena or otherwise acquire any user information or logs. They do not read, search, or process any of your incoming or outgoing mail, other than by automatic means to protect you from viruses and spam or when directed to do so by you when troubleshooting.
Some of the Riseup birds work tirelessly on building secure email infrastructure, one of them runs longclaw, one of our amazing directory authorities, and all of them are dedicated to building a better Internet—and thus, incidentally, a better world. Oh, and they also run two fast Tor exit nodes, wagtail and pipit.
We also can't thank them enough for writing this Onion Service Best Practices Guide, helping countless users and services around the Internet to be more secure, and truly making everyone not part of a DarkWeb but rather a SecureWeb (tm).
We hope we can continue this close relationship with Riseup. So many Tor users around the world depend on them for protection. Please visit our bird friends at Riseup and support their critical work!
Thank you for reading, and soon enjoy not being in 2016 anymore! :)
Thanks so much for highlighting the critical role played by Riseup in promoting democracy around the world!
As a Riseup user myself, I know how vital this resource is for activists and political dissidents everywhere--- and how strained are their coffers, so I hope Tor users who use this blog will request an account and donate to help pay for the Riseup servers.
Maybe I missed something, but did you fail to mention the fact that Tails Project extensively uses Riseup Labs for bug tracking and development collaborations?
The Tails version of Tor Browser includes a bookmark to the Riseup webmail server, which possibly should point to the onion rather than the https link. One important point about Riseup webmail: if both sender and recipient have accounts at riseup.net and do not forward emails to accounts elsewhere, it is believed that emails between them should never leave the Riseup servers at all, which could make it much harder for attackers to snoop on metadata (e.g. for traffic analysis, social networking analysis) without risking breaking into the network. This could be an enormous advantage for reporters communicating with sources, especially in cases when other communication modes are not available.
Further, since the Riseup sysadmins try to run a secure ship, even sophisticated state sponsored attackers may acknowledge that any attempts to break into the Riseup network may be noticed, or even worse for them, their malware may be captured, reverse engineered, and published with attribution! This stands in contrast to commercial providers, where security is a low priority (even worse, some commercial webmail providers claim but do not attempt to provide high security).
I hope a Riseup representative can comment on concerns among Riseup users about the fact that the warrant canary
has not been recently updated. This should be updated "approximately" every 3 months but not updated since Aug 2016. To be sure, such concerns have been expressed before, and on those occasions the canary was eventually updated, with no explanation for the delay.
However, a few months ago, the Riseup blog tweeted a reassurance which was oddly worded "no *activists* are at risk", leading to concern that Riseup has possibly been hit with an NSL or some other USG procedure accompanied by a gag order, or perhaps even that Riseup sysadmins are "operating under duress". Some replies to user emails have also been strangely worded. My latest information (some weeks old) seemed to suggest that Riseup was seeking legal advice about something, and hoping to say more after talking with their lawyers.
Micah Lee, a tech advisor to EFF and The Intercept, wrote about the rumors two weeks ago in this story at The Intercept:
Something Happened to Activist Email Provider Riseup, but It Hasn’t Been Compromised
29 Nov 2016
@ The Intercept: please make sure your reporters's GPG keys as published at The Intercept have not expired! And reporters, please check your Riseup account inboxes. With great caution, since some users report receiving suspected phishing emails.
Regardless of the rumors, as far as I know, Riseup is one of the very few webmail providers which is likely to at least try to fight any NSL or other attempt to exploit "counterterrorism" legislation to harass political dissidents, environmentalists, scientists, technologists, journalists, social justice activists, anti-drug cartel bloggers, and many others who use Riseup.