On Tue, Apr 28, 2015, at 02:03 PM, Marvin Arnold wrote: > I'm interested in how to best use existing anonymization tools (Tor, > I2P, etc) with client applications. The current approach requires users > to install the anonymizer (Orbot, etc) + the client (Chat Secure, etc) > separately. Even if there was no further configuration necessary, I > believe this is a deal breaker for most people.
I've been hearing the idea that it is "too hard for people to install another app" argument for a very long time. Yet, if you look at the habits of most smartphone users, you will see that many people are happy to install an app, if it benefits them in some new way, and especially if it is free. That is why many users, typical outside of the U.S., use multiple messaging apps to reach different groups of users or friends. The idea that installing Orbot, or any core service type app, is too hard is just not something I agree with. We have had well over 5 million downloads of Orbot, and while that is not 50 million, it is something. Additionally, if we had some network effect feature in the app, say allowing Orbot users to share files with each other over hidden services, then I think we could easily see a 10x growth in the next year. > Alternatives that I have heard mentioned include a) putting Orbot into > every client that wants to use it, and b) some type of embedded library > that makes sure only one Orbot instance is running per device. Of course > both of these solutions risk using up a lot of data for users who may > not have understood what they are downloading. Tor is directly built into ChatSecure and Onion Browser on the iOS side, since that is a requirement of how that platform works (no long live background services). Now it is true that Tor can add a decent amount of overhead to your traffic, and that is something to take seriously, and make sure the user understands. > This has led me to a thought that Tor (etc), regardless of how it is > incorporated, may be overkill for some applications. Specifically, my > friend and I have started working on a proof of concept text messaging > app that will use a custom mixnet to send SMSs. It is likely to have > higher latency and be more traceable than a Tor based implementation, > but will also consume less data (we are interested in starting with the > US where most plans include unlimited SMS), extend battery life, and be > a single step installation. Regardless of what I have said before this, I do think this is a great idea to explore! > I'm very interested in hearing your thoughts about the best way to > incorporate existing anonymization tools and the merit of our proposed > approach of a custom mixnet implementation. Ultimately it is a question > about how to best manage privacy, usability, and user expectations. One of the benefits of using Tor, or any general anonymity/circumvention/onion-routing system, is that your traffic is in the mix with all the other traffic, and that is all in the mix with all mobile IP traffic. SMS on the other hand, is one of the most surveilled and filtered mediums, and so I am somewhat concerned about using it as a transport for anonymity. Thanks for sharing! +n _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
