On Mon, Oct 21, 2013 at 10:25:48AM -0700, Yosem Companys wrote: > The most ambitious product launch is uProxy, a new Web browser > extension that uses peer-to-peer technology to let people around the > world provide each other with a trusted Internet connection.
It's a shame that designs like this still blur the line so much between "censorship-resistant transport" and "proxy back-end." If these folks have a cool "we use xmpp through google's servers to reach the proxy" transport, wouldn't it be even better if they publish that part, in a modular way, so other tools (like vpn providers, or Tor) can reuse that transport if they want to get its properties? And in the other direction, if their users want some more security properties on the proxy side, wouldn't it be better if their volunteers could choose to glue this transport onto some other back-end (like vpn providers, or Tor)? We've been making great progress lately in the academic world at having researchers split the problem so the transport can focus on being hard to block and then the proxy side can focus on providing whatever security properties it wants. In the Tor world we call it pluggable transports, but the engineers here will recognize the term 'modularity'. > ?It?s completely encrypted and there?s > no way for the government to detect what?s happening because it just > looks like voice traffic or chat traffic. Can somebody remind me of the State Dept quote, long ago, about Haystack? That was a different guy though right? And surely this time they're doing it right, with a comprehensive design document and threat model, open source, etc before the publicity splash? To aim for a more productive tone, I'd like to echo what Eric said but with a crucially different slant: the more *reuable and testable components*, the merrier. The key is to grow the space in terms of how we understand what works, what doesn't work anymore (or never did), and what options we have for making mash-ups of these components. Otherwise it's just yet another brief flame with its big publicity push, no well-written code behind it, no change to our understanding of how to solve the problem / what problems to solve, and no re-usable parts left behind. --Roger -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.