[guardian-dev] Methods for using anonymization tools

Patrick Connolly patrick.c.connolly at gmail.com
Wed Apr 29 12:26:23 EDT 2015


fwiw I know at least one user in #guardianproject (Pwnna
<https://github.com/pwnna>, I believe) has expressed interest in
integrating Orbot (and Orwall?) into the core android OS and its system
menus. Last I heard, they were considering whether a project that some of
us are working on (Mission Impossible Android
<http://github.com/mission-impossible-android/mission-impossible-android>)
might serve as a launching point for their own OS tweaks.

I personally would like to see something like the above-mentioned
embedding, complemented by an Orwall UX more like "NoRoot Firewall", where
attempts from third-party apps to access the internet result in a
notification on first attempt, and you can choose how to treat that app's
future attempts (block, allow via tor, or allow around tor). Still might be
more noise than ideal, but definitely an improvement.


--------------------------------------------
Q: Why is this email [hopefully] five sentences or less? | A:
http://five.sentenc.es

*NOTE* that my emails are delayed from arriving in my inbox until 9am
daily. If urgent, please use another way of getting in touch.
#slowwebmovement <http://www.musubimail.com/gmail_timer.html>

On Wed, Apr 29, 2015 at 9:56 AM, Marvin Arnold <marvin at gounplugged.co>
wrote:

> Thanks for letting me know about Ibis, Tom. It looks really cool. I'll
> put up a mailing list soon for anybody interested in learning more about
> my project. For the moment, you can follow the very young code here
> <https://github.com/gounplugged/UnpluggedDroid>.
>
> But I didn't mean to hijack my own thread. Still very interested in
> hearing general thoughts about the issue. I'm particularly interested in
> hearing the opinions that disagree with the main premise and don't
> believe the current state of anonymization creates many barriers for users.
>
> Marvin
>
> On 28/04/15 21:54, Tom Ritter wrote:
> > On 28 April 2015 at 13:03, Marvin Arnold <marvin at gounplugged.co> wrote:
> >> Hi all, I heard there may have already been some discussion on this
> >> topic but I haven't been able to find it in the archives.
> >>
> >> I'm interested in how to best use existing anonymization tools (Tor,
> >> I2P, etc) with client applications. The current approach requires users
> >> to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
> >> separately. Even if there was no further configuration necessary, I
> >> believe this is a deal breaker for most people.
> >>
> >> Alternatives that I have heard mentioned include a) putting Orbot into
> >> every client that wants to use it, and b) some type of embedded library
> >> that makes sure only one Orbot instance is running per device. Of course
> >> both of these solutions risk using up a lot of data for users who may
> >> not have understood what they are downloading.
> >>
> >> This has led me to a thought that Tor (etc), regardless of how it is
> >> incorporated, may be overkill for some applications. Specifically, my
> >> friend and I have started working on a proof of concept text messaging
> >> app that will use a custom mixnet to send SMSs. It is likely to have
> >> higher latency and be more traceable than a Tor based implementation,
> >> but will also consume less data (we are interested in starting with the
> >> US where most plans include unlimited SMS), extend battery life, and be
> >> a single step installation.
> >>
> >> I'm very interested in hearing your thoughts about the best way to
> >> incorporate existing anonymization tools and the merit of our proposed
> >> approach of a custom mixnet implementation. Ultimately it is a question
> >> about how to best manage privacy, usability, and user expectations.
> >
> >
> > Well, you outline a number of reasonable complaints with the state of
> > installation of anonymity tools and lack of reuse - but I don't really
> > see how your approach improves upon it.  =)
> >
> > As far as a micro-optimized mixnet, I would suggest looking at Ibis,
> > which was designed for twitter (which in turn was designed for SMS.)
> > https://ibis.uwaterloo.ca/
> >
> > Those criticisms/suggestions given, it sounds like a very cool
> > project, and I would like to subscribe to your newsletter! =)
> >
> > -tom
> >
>
> --
> GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A
> http://gounplugged.co/marvinUnplugged.asc
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150429/1494cbd7/attachment.html>


More information about the guardian-dev mailing list