[guardian-dev] Methods for using anonymization tools

Marvin Arnold marvin at gounplugged.co
Wed Apr 29 18:25:39 EDT 2015

On 29/04/15 09:23, Nathan of Guardian wrote:
> On Tue, Apr 28, 2015, at 02:03 PM, Marvin Arnold wrote:
>> I'm interested in how to best use existing anonymization tools (Tor,
>> I2P, etc) with client applications. The current approach requires users
>> to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc)
>> separately. Even if there was no further configuration necessary, I
>> believe this is a deal breaker for most people.
> I've been hearing the idea that it is "too hard for people to install
> another app" argument for a very long time. Yet, if you look at the
> habits of most smartphone users, you will see that many people are happy
> to install an app, if it benefits them in some new way, and especially
> if it is free. That is why many users, typical outside of the U.S., use
> multiple messaging apps to reach different groups of users or friends.

The thing is that many people don't see the benefit in
anonymity/privacy/etc. We are asking them to take two steps for
something they may not even be convinced about.

> The idea that installing Orbot, or any core service type app, is too
> hard is just not something I agree with. We have had well over 5 million
> downloads of Orbot, and while that is not 50 million, it is something.
> Additionally, if we had some network effect feature in the app, say
> allowing Orbot users to share files with each other over hidden
> services, then I think we could easily see a 10x growth in the next
> year.

5 million downloads is awesome and I agree that huge growth is around
the corner. But as a community, what are we honestly trying to achieve?
In the short term, do we plan to compete with industry leaders
(WhatsApp/Hangout/etc) or are our initiatives admittedly the first steps
in a longer journey?

These are certainly questions that all FOSS projects face, but I think
the nature of mass surveillance makes widespread adoption of solutions
particularly pressing.

Some users will certainly download two apps but not all of them. Other
than my gut feeling and anecdotal experiences at cryptoparties/etc, I'm
not sure how to quantify which actions are deal breakers for the
mainstream user. I believe the onus is on us to minimize switching costs
wherever possible.

>> Alternatives that I have heard mentioned include a) putting Orbot into
>> every client that wants to use it, and b) some type of embedded library
>> that makes sure only one Orbot instance is running per device. Of course
>> both of these solutions risk using up a lot of data for users who may
>> not have understood what they are downloading.
> Tor is directly built into ChatSecure and Onion Browser on the iOS side,
> since that is a requirement of how that platform works (no long live
> background services).
> Now it is true that Tor can add a decent amount of overhead to your
> traffic, and that is something to take seriously, and make sure the user
> understands.
>> This has led me to a thought that Tor (etc), regardless of how it is
>> incorporated, may be overkill for some applications. Specifically, my
>> friend and I have started working on a proof of concept text messaging
>> app that will use a custom mixnet to send SMSs. It is likely to have
>> higher latency and be more traceable than a Tor based implementation,
>> but will also consume less data (we are interested in starting with the
>> US where most plans include unlimited SMS), extend battery life, and be
>> a single step installation.
> Regardless of what I have said before this, I do think this is a great
> idea to explore!
>> I'm very interested in hearing your thoughts about the best way to
>> incorporate existing anonymization tools and the merit of our proposed
>> approach of a custom mixnet implementation. Ultimately it is a question
>> about how to best manage privacy, usability, and user expectations.
> One of the benefits of using Tor, or any general
> anonymity/circumvention/onion-routing system, is that your traffic is in
> the mix with all the other traffic, and that is all in the mix with all
> mobile IP traffic. SMS on the other hand, is one of the most surveilled
> and filtered mediums, and so I am somewhat concerned about using it as a
> transport for anonymity.

Very true! Not to mention that the proposed implementation is impossible
on iPhone and therefore counter to the concept of mass appeal.

> Thanks for sharing!
> +n
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org

GPG key fingerprint = 52FD 362D 2E8D 11AB A931  06A1 D055 781A 7DC9 949A

More information about the guardian-dev mailing list