[guardian-dev] Open, Onion and Off-the-Record == O3? Ozone?
Patrick Connolly
patrick.c.connolly at gmail.com
Wed Nov 4 14:13:34 EST 2015
As an aside, perhaps the specs behind the brand are not so important, but
rather what is most important is that Guardian Project has trust, and is
providing it's recommendation/logo/name to some other product. As a normal
user, if I trust a brand for organic certification, I don't care exactly
what criteria its meeting -- that can change over time -- I just know that
I recognize the logo on lots of things, and trust that it's certified by
the group that's gained my trust.
So I like Ozone because it can mean some sort of "OOO" abbreviation at
first, but that can also be de-emphasized later without ditching the brand
recognition and logo or whatever.
My 2 cents :)
--------------------------------------------
Q: Why is this email [hopefully] five sentences or less? | A:
http://five.sentenc.es
*NOTE* that my emails are delayed from arriving in my inbox until 9am
daily. If urgent, please use another way of getting in touch.
#slowwebmovement <http://www.musubimail.com/gmail_timer.html>
On Wed, Nov 4, 2015 at 10:02 AM, Greg Troxel <gdt at ir.bbn.com> wrote:
>
> Nathan of Guardian <nathan at guardianproject.info> writes:
>
> > Perhaps "Off the record" can be broadened to mean, no logging, no
> > metadata, no plaintext?
>
> OTR as we know it is about the e2e crypto between users, which is
> totally separate from whether the server logs user registrations. And
> one can be ensured by the endpoints, and the other can't be. So I think
> blurring these ideas is not helpful, in the spirit of simplifying as far
> as possibel but further.
>
> > As for requiring Onion, I am on the fence about it, but increasingly I
> > am leaning towards that any service that claims privacy preserving
> > principles should at least try to support Onion routing at some layer.
> > With Ostel, we could have worked harder to support the SIP signaling via
> > Tor and modify client apps to use TCP based SIP media sessions.
>
> I completely agree. I have actually been reluctant to turn on an ostel
> client by default because of not being clear about promises not to log.
> While that indicates my tinfoilhat level, I think concerns over logging
> IP address history and call partners are much less common than concerns
> about logging the content of conversations.
>
> > Mumble is another interesting case. Plumble for Android supports an open
> > protocol that anyone can run a server for, works completely over Orbot
> > with one tap, and the client doesn't log, and the server can be setup
> > not to. However it does not support end to end encryption. Is that O3
> > worthy?
>
> Definitely not. For O3 I think you need all three.
>
> I was trying to make the point that "O [server promises not to log] O"
> is a lesser property that is still useful to talk about, not that it's
> as good.
>
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20151104/be8c4fa9/attachment.html>
More information about the guardian-dev
mailing list