Riseup provides products to facilitate secure communications, including use of strong encryption, anonymizing services, and minimal data retention, which aimed at individuals and non-profit and activist groups. Riseup's two most popular features are secure, privacy-focused email and mailing list management services. The email service is available through IMAP, POP3, and a web or shell interface. The web interface is a variant of Roundcube or SquirrelMail. Riseup VPN does not log the user's IP address, unlike most other VPNs. In 2012, discussing an attack against a Microsoft-developed authentication scheme that makes it trivial to break the encryption used by hundreds of anonymity and security services, Moxie Marlinspike, who unveiled the attack, said VPN services offered by riseup.net, for example, selected a 21-character password on behalf of the user that used a combination of 96 different numbers, symbols, and upper- and lower-case letters to withstand such attacks.
Controversies
In 2011 Riseup was said to be the only one of several subpoenaed groups to resist subpoenas related to 2008 Bash Back protests. In 2014 the Google I/O conference was disrupted by protests. The protest outside was led by Fletes and Erin McElroy from Riseup.net and the Anti-Eviction Mapping Project. In 2014, Riseup Network was one of several claimants against GCHQ in international court. Devin Theriot-Orr of Riseup.net said, "People have a fundamental right to communicate with each other free from pervasive government surveillance. The right to communicate, and the ability to choose to do so secretly, is essential to the open exchange of ideas which is a cornerstone of a free society." In December 2014, a judge in Spain partially justified prolonging the detention of seven alleged anarchist activists by citing their use of "extreme security measures" such as Riseup email, which has been criticized by the Electronic Frontier Foundation. In mid-November 2016, an unexplained stealth error appeared in Riseup's warrant canary page, and they did not respond to requests to update the canary, leading some to believe the collective was the target of a gag order. On February 16, 2017, the Riseup collective revealed their failure to update the canary was due to two sealed warrants from the FBI, which made it impossible to legally update their canary. The two sealed warrants concerned a public contact of an International distributed denial-of-service attack extortion ring and an account using ransomware to extort people financially. The decision to release user information has been criticized in the hacker community. The canary has since been updated, but no longer states the absence of gag orders.