Hi all, i would like to notice that in those "internet freedom space" there's a missing component in the communication security landscape, that's the ability to interoperate between "Web" and "Mobile" for communication security technologies.
The user have only those two platform, a browser and a mobile phone with downloadable apps. Everything else requiring to install an application over a desktop computer is IMHO destinated to be a total failure. So, if that's a valid assumption, we need focus on having "internet freedom technologies" working on a web browser and as mobile phone apps, being interoperable among them Everything else is IMHO a waste of time and money. Let me identify 3 major area where those kind of stuff should apply: *Realtime Instant Messaging:** *Web Browsers support, trough CryptoCat, realtime instant messaging with OTR Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime instant messaging with OTR The GAP is: The technologies are not "interoperating by default" but they could and should do it, by default. *Voice:** *Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications. Mobile Clients now speak ZRTP for encrypted communications. The GAP is: We need Mobile Clients that interoperate with Web Browsers trough WebRTC, within a federated telephony system. *Asyncronous Instant Messaging:** *That's a major issue, because there's no easy end-to-end encryption standard handling asyncronous messaging with PFS (SMS-like experience), and each vendor is going with it's own custom implementation. RedPhone used it's own approach: https://whispersystems.org/blog/asynchronous-security/ Silentcircle used it's own approach: https://business.silentcircle.com/scimp-protocol/ There's not event an interoperable and standard way to do secure Asyncronous instant messaging (SMS or skype like experience), with end to end encryption and forward secrecy. The only "standard" alternative is to use email with OpenPGP, but without any kind of "forward secrecy" The GAP is: We need to first research and agree on an IETF standard for that technology, then have it implemented over Mobile phones and Web Browsers. I hope this short analysis would trigger a discussion and/or a brainstorming by our ecosystem player on which could be some priority to work on, looking for a challenging interoperability between a Web Browsers and Mobile phones. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.