[guardian-dev] help

Xavier Lebrun lebrunxavier at gmail.com
Wed Apr 29 10:53:48 EDT 2015


unsubscribe me please


Le 29 avr. 2015 16:51, <guardian-dev-request at lists.mayfirst.org> a écrit :

> Send guardian-dev mailing list submissions to
>         guardian-dev at lists.mayfirst.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> or, via email, send a message with subject or body 'help' to
>         guardian-dev-request at lists.mayfirst.org
>
> You can reach the person managing the list at
>         guardian-dev-owner at lists.mayfirst.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of guardian-dev digest..."
>
>
> Today's Topics:
>
>    1. Methods for using anonymization tools (Marvin Arnold)
>    2. Re: Methods for using anonymization tools (Patrick Connolly)
>    3. Re: Methods for using anonymization tools (Tom Ritter)
>    4. Re: Methods for using anonymization tools (Marvin Arnold)
>    5. Re: Methods for using anonymization tools (Nathan of Guardian)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Apr 2015 13:03:22 -0500
> From: Marvin Arnold <marvin at gounplugged.co>
> To: guardian-dev at lists.mayfirst.org
> Subject: [guardian-dev] Methods for using anonymization tools
> Message-ID: <553FCB6A.8050502 at gounplugged.co>
> Content-Type: text/plain; charset=utf-8
>
> Hi all, I heard there may have already been some discussion on this
> topic but I haven't been able to find it in the archives.
>
> I'm interested in how to best use existing anonymization tools (Tor,
> I2P, etc) with client applications. The current approach requires users
> to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> separately. Even if there was no further configuration necessary, I
> believe this is a deal breaker for most people.
>
> Alternatives that I have heard mentioned include a) putting Orbot into
> every client that wants to use it, and b) some type of embedded library
> that makes sure only one Orbot instance is running per device. Of course
> both of these solutions risk using up a lot of data for users who may
> not have understood what they are downloading.
>
> This has led me to a thought that Tor (etc), regardless of how it is
> incorporated, may be overkill for some applications. Specifically, my
> friend and I have started working on a proof of concept text messaging
> app that will use a custom mixnet to send SMSs. It is likely to have
> higher latency and be more traceable than a Tor based implementation,
> but will also consume less data (we are interested in starting with the
> US where most plans include unlimited SMS), extend battery life, and be
> a single step installation.
>
> I'm very interested in hearing your thoughts about the best way to
> incorporate existing anonymization tools and the merit of our proposed
> approach of a custom mixnet implementation. Ultimately it is a question
> about how to best manage privacy, usability, and user expectations.
>
> Marvin
>
> --
> GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A
> http://gounplugged.co/marvinUnplugged.asc
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 28 Apr 2015 16:05:57 -0400
> From: Patrick Connolly <patrick.c.connolly at gmail.com>
> To: Marvin Arnold <marvin at gounplugged.co>
> Cc: Guardian Dev <guardian-dev at lists.mayfirst.org>
> Subject: Re: [guardian-dev] Methods for using anonymization tools
> Message-ID:
>         <
> CAFTjcWDxgt6V6mCV78EmCpPVyfsXiUFg+x-ogoAHj+8CF66uUQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Really interested in hearing more about this mixnet approach to sending
> SMS. Definitely overlaps with my current interests. Perhaps worth starting
> another thread, or feel free to reach out personally if you're interested
> in speaking.
>
> -patcon
>
>
> --------------------------------------------
> Q: Why is this email [hopefully] five sentences or less? | A:
> http://five.sentenc.es
>
> *NOTE* that my emails are delayed from arriving in my inbox until 9am
> daily. If urgent, please use another way of getting in touch.
> #slowwebmovement <http://www.musubimail.com/gmail_timer.html>
>
> On Tue, Apr 28, 2015 at 2:03 PM, Marvin Arnold <marvin at gounplugged.co>
> wrote:
>
> > Hi all, I heard there may have already been some discussion on this
> > topic but I haven't been able to find it in the archives.
> >
> > I'm interested in how to best use existing anonymization tools (Tor,
> > I2P, etc) with client applications. The current approach requires users
> > to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> > separately. Even if there was no further configuration necessary, I
> > believe this is a deal breaker for most people.
> >
> > Alternatives that I have heard mentioned include a) putting Orbot into
> > every client that wants to use it, and b) some type of embedded library
> > that makes sure only one Orbot instance is running per device. Of course
> > both of these solutions risk using up a lot of data for users who may
> > not have understood what they are downloading.
> >
> > This has led me to a thought that Tor (etc), regardless of how it is
> > incorporated, may be overkill for some applications. Specifically, my
> > friend and I have started working on a proof of concept text messaging
> > app that will use a custom mixnet to send SMSs. It is likely to have
> > higher latency and be more traceable than a Tor based implementation,
> > but will also consume less data (we are interested in starting with the
> > US where most plans include unlimited SMS), extend battery life, and be
> > a single step installation.
> >
> > I'm very interested in hearing your thoughts about the best way to
> > incorporate existing anonymization tools and the merit of our proposed
> > approach of a custom mixnet implementation. Ultimately it is a question
> > about how to best manage privacy, usability, and user expectations.
> >
> > Marvin
> >
> > --
> > GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A
> > http://gounplugged.co/marvinUnplugged.asc
> > _______________________________________________
> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> > To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150428/74b0426e/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Tue, 28 Apr 2015 21:54:16 -0500
> From: Tom Ritter <tom at ritter.vg>
> To: Marvin Arnold <marvin at gounplugged.co>
> Cc: guardian-dev <guardian-dev at lists.mayfirst.org>
> Subject: Re: [guardian-dev] Methods for using anonymization tools
> Message-ID:
>         <
> CA+cU71nHfT4E3UHd52dja3xnWtfFKBT0tS-mjeGxLTOFd9W1kw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 28 April 2015 at 13:03, Marvin Arnold <marvin at gounplugged.co> wrote:
> > Hi all, I heard there may have already been some discussion on this
> > topic but I haven't been able to find it in the archives.
> >
> > I'm interested in how to best use existing anonymization tools (Tor,
> > I2P, etc) with client applications. The current approach requires users
> > to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> > separately. Even if there was no further configuration necessary, I
> > believe this is a deal breaker for most people.
> >
> > Alternatives that I have heard mentioned include a) putting Orbot into
> > every client that wants to use it, and b) some type of embedded library
> > that makes sure only one Orbot instance is running per device. Of course
> > both of these solutions risk using up a lot of data for users who may
> > not have understood what they are downloading.
> >
> > This has led me to a thought that Tor (etc), regardless of how it is
> > incorporated, may be overkill for some applications. Specifically, my
> > friend and I have started working on a proof of concept text messaging
> > app that will use a custom mixnet to send SMSs. It is likely to have
> > higher latency and be more traceable than a Tor based implementation,
> > but will also consume less data (we are interested in starting with the
> > US where most plans include unlimited SMS), extend battery life, and be
> > a single step installation.
> >
> > I'm very interested in hearing your thoughts about the best way to
> > incorporate existing anonymization tools and the merit of our proposed
> > approach of a custom mixnet implementation. Ultimately it is a question
> > about how to best manage privacy, usability, and user expectations.
>
>
> Well, you outline a number of reasonable complaints with the state of
> installation of anonymity tools and lack of reuse - but I don't really
> see how your approach improves upon it.  =)
>
> As far as a micro-optimized mixnet, I would suggest looking at Ibis,
> which was designed for twitter (which in turn was designed for SMS.)
> https://ibis.uwaterloo.ca/
>
> Those criticisms/suggestions given, it sounds like a very cool
> project, and I would like to subscribe to your newsletter! =)
>
> -tom
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 29 Apr 2015 08:56:43 -0500
> From: Marvin Arnold <marvin at gounplugged.co>
> To: Tom Ritter <tom at ritter.vg>
> Cc: guardian-dev <guardian-dev at lists.mayfirst.org>
> Subject: Re: [guardian-dev] Methods for using anonymization tools
> Message-ID: <5540E31B.7050004 at gounplugged.co>
> Content-Type: text/plain; charset=windows-1252
>
> Thanks for letting me know about Ibis, Tom. It looks really cool. I'll
> put up a mailing list soon for anybody interested in learning more about
> my project. For the moment, you can follow the very young code here
> <https://github.com/gounplugged/UnpluggedDroid>.
>
> But I didn't mean to hijack my own thread. Still very interested in
> hearing general thoughts about the issue. I'm particularly interested in
> hearing the opinions that disagree with the main premise and don't
> believe the current state of anonymization creates many barriers for users.
>
> Marvin
>
> On 28/04/15 21:54, Tom Ritter wrote:
> > On 28 April 2015 at 13:03, Marvin Arnold <marvin at gounplugged.co> wrote:
> >> Hi all, I heard there may have already been some discussion on this
> >> topic but I haven't been able to find it in the archives.
> >>
> >> I'm interested in how to best use existing anonymization tools (Tor,
> >> I2P, etc) with client applications. The current approach requires users
> >> to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> >> separately. Even if there was no further configuration necessary, I
> >> believe this is a deal breaker for most people.
> >>
> >> Alternatives that I have heard mentioned include a) putting Orbot into
> >> every client that wants to use it, and b) some type of embedded library
> >> that makes sure only one Orbot instance is running per device. Of course
> >> both of these solutions risk using up a lot of data for users who may
> >> not have understood what they are downloading.
> >>
> >> This has led me to a thought that Tor (etc), regardless of how it is
> >> incorporated, may be overkill for some applications. Specifically, my
> >> friend and I have started working on a proof of concept text messaging
> >> app that will use a custom mixnet to send SMSs. It is likely to have
> >> higher latency and be more traceable than a Tor based implementation,
> >> but will also consume less data (we are interested in starting with the
> >> US where most plans include unlimited SMS), extend battery life, and be
> >> a single step installation.
> >>
> >> I'm very interested in hearing your thoughts about the best way to
> >> incorporate existing anonymization tools and the merit of our proposed
> >> approach of a custom mixnet implementation. Ultimately it is a question
> >> about how to best manage privacy, usability, and user expectations.
> >
> >
> > Well, you outline a number of reasonable complaints with the state of
> > installation of anonymity tools and lack of reuse - but I don't really
> > see how your approach improves upon it.  =)
> >
> > As far as a micro-optimized mixnet, I would suggest looking at Ibis,
> > which was designed for twitter (which in turn was designed for SMS.)
> > https://ibis.uwaterloo.ca/
> >
> > Those criticisms/suggestions given, it sounds like a very cool
> > project, and I would like to subscribe to your newsletter! =)
> >
> > -tom
> >
>
> --
> GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A
> http://gounplugged.co/marvinUnplugged.asc
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 29 Apr 2015 10:23:33 -0400
> From: Nathan of Guardian <nathan at guardianproject.info>
> To: guardian-dev at lists.mayfirst.org
> Subject: Re: [guardian-dev] Methods for using anonymization tools
> Message-ID:
>         <1430317413.3471661.260184101.07801787 at webmail.messagingengine.com
> >
> Content-Type: text/plain
>
>
> On Tue, Apr 28, 2015, at 02:03 PM, Marvin Arnold wrote:
> > I'm interested in how to best use existing anonymization tools (Tor,
> > I2P, etc) with client applications. The current approach requires users
> > to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> > separately. Even if there was no further configuration necessary, I
> > believe this is a deal breaker for most people.
>
> I've been hearing the idea that it is "too hard for people to install
> another app" argument for a very long time. Yet, if you look at the
> habits of most smartphone users, you will see that many people are happy
> to install an app, if it benefits them in some new way, and especially
> if it is free. That is why many users, typical outside of the U.S., use
> multiple messaging apps to reach different groups of users or friends.
>
> The idea that installing Orbot, or any core service type app, is too
> hard is just not something I agree with. We have had well over 5 million
> downloads of Orbot, and while that is not 50 million, it is something.
> Additionally, if we had some network effect feature in the app, say
> allowing Orbot users to share files with each other over hidden
> services, then I think we could easily see a 10x growth in the next
> year.
>
> > Alternatives that I have heard mentioned include a) putting Orbot into
> > every client that wants to use it, and b) some type of embedded library
> > that makes sure only one Orbot instance is running per device. Of course
> > both of these solutions risk using up a lot of data for users who may
> > not have understood what they are downloading.
>
> Tor is directly built into ChatSecure and Onion Browser on the iOS side,
> since that is a requirement of how that platform works (no long live
> background services).
>
> Now it is true that Tor can add a decent amount of overhead to your
> traffic, and that is something to take seriously, and make sure the user
> understands.
>
> > This has led me to a thought that Tor (etc), regardless of how it is
> > incorporated, may be overkill for some applications. Specifically, my
> > friend and I have started working on a proof of concept text messaging
> > app that will use a custom mixnet to send SMSs. It is likely to have
> > higher latency and be more traceable than a Tor based implementation,
> > but will also consume less data (we are interested in starting with the
> > US where most plans include unlimited SMS), extend battery life, and be
> > a single step installation.
>
> Regardless of what I have said before this, I do think this is a great
> idea to explore!
>
> > I'm very interested in hearing your thoughts about the best way to
> > incorporate existing anonymization tools and the merit of our proposed
> > approach of a custom mixnet implementation. Ultimately it is a question
> > about how to best manage privacy, usability, and user expectations.
>
> One of the benefits of using Tor, or any general
> anonymity/circumvention/onion-routing system, is that your traffic is in
> the mix with all the other traffic, and that is all in the mix with all
> mobile IP traffic. SMS on the other hand, is one of the most surveilled
> and filtered mediums, and so I am somewhat concerned about using it as a
> transport for anonymity.
>
> Thanks for sharing!
>
> +n
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> guardian-dev mailing list
> guardian-dev at lists.mayfirst.org
> https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
>
> ------------------------------
>
> End of guardian-dev Digest, Vol 58, Issue 27
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150429/d7830b01/attachment-0001.html>


More information about the guardian-dev mailing list