[guardian-dev] Methods for using anonymization tools

Marvin Arnold marvin at gounplugged.co
Wed Apr 29 09:56:43 EDT 2015 

Thanks for letting me know about Ibis, Tom. It looks really cool. I'll
put up a mailing list soon for anybody interested in learning more about
my project. For the moment, you can follow the very young code here
<https://github.com/gounplugged/UnpluggedDroid>.

But I didn't mean to hijack my own thread. Still very interested in
hearing general thoughts about the issue. I'm particularly interested in
hearing the opinions that disagree with the main premise and don't
believe the current state of anonymization creates many barriers for users.

Marvin

On 28/04/15 21:54, Tom Ritter wrote:
> On 28 April 2015 at 13:03, Marvin Arnold <marvin at gounplugged.co> wrote:
>> Hi all, I heard there may have already been some discussion on this
>> topic but I haven't been able to find it in the archives.
>>
>> I'm interested in how to best use existing anonymization tools (Tor,
>> I2P, etc) with client applications. The current approach requires users
>> to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
>> separately. Even if there was no further configuration necessary, I
>> believe this is a deal breaker for most people.
>>
>> Alternatives that I have heard mentioned include a) putting Orbot into
>> every client that wants to use it, and b) some type of embedded library
>> that makes sure only one Orbot instance is running per device. Of course
>> both of these solutions risk using up a lot of data for users who may
>> not have understood what they are downloading.
>>
>> This has led me to a thought that Tor (etc), regardless of how it is
>> incorporated, may be overkill for some applications. Specifically, my
>> friend and I have started working on a proof of concept text messaging
>> app that will use a custom mixnet to send SMSs. It is likely to have
>> higher latency and be more traceable than a Tor based implementation,
>> but will also consume less data (we are interested in starting with the
>> US where most plans include unlimited SMS), extend battery life, and be
>> a single step installation.
>>
>> I'm very interested in hearing your thoughts about the best way to
>> incorporate existing anonymization tools and the merit of our proposed
>> approach of a custom mixnet implementation. Ultimately it is a question
>> about how to best manage privacy, usability, and user expectations.
> 
> 
> Well, you outline a number of reasonable complaints with the state of
> installation of anonymity tools and lack of reuse - but I don't really
> see how your approach improves upon it.  =)
> 
> As far as a micro-optimized mixnet, I would suggest looking at Ibis,
> which was designed for twitter (which in turn was designed for SMS.)
> https://ibis.uwaterloo.ca/
> 
> Those criticisms/suggestions given, it sounds like a very cool
> project, and I would like to subscribe to your newsletter! =)
> 
> -tom
> 

-- 
GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A
http://gounplugged.co/marvinUnplugged.asc

More information about the guardian-dev mailing list