[guardian-dev] Methods for using anonymization tools

Marvin Arnold marvin at gounplugged.co
Tue Apr 28 14:03:22 EDT 2015

Hi all, I heard there may have already been some discussion on this
topic but I haven't been able to find it in the archives.

I'm interested in how to best use existing anonymization tools (Tor,
I2P, etc) with client applications. The current approach requires users
to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
separately. Even if there was no further configuration necessary, I
believe this is a deal breaker for most people.

Alternatives that I have heard mentioned include a) putting Orbot into
every client that wants to use it, and b) some type of embedded library
that makes sure only one Orbot instance is running per device. Of course
both of these solutions risk using up a lot of data for users who may
not have understood what they are downloading.

This has led me to a thought that Tor (etc), regardless of how it is
incorporated, may be overkill for some applications. Specifically, my
friend and I have started working on a proof of concept text messaging
app that will use a custom mixnet to send SMSs. It is likely to have
higher latency and be more traceable than a Tor based implementation,
but will also consume less data (we are interested in starting with the
US where most plans include unlimited SMS), extend battery life, and be
a single step installation.

I'm very interested in hearing your thoughts about the best way to
incorporate existing anonymization tools and the merit of our proposed
approach of a custom mixnet implementation. Ultimately it is a question
about how to best manage privacy, usability, and user expectations.


GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A

More information about the guardian-dev mailing list