On Wed, Nov 4, 2015, at 09:27 AM, Greg Troxel wrote: > > Nathan of Guardian <[email protected]> writes: > > > Thus I came up with the basic combination of "Open", "Onion" and > > "Off-the-record", as the three important aspects to teach, consider, > > evangelize for messaging apps. > > > > Perhaps, calling it Ozone, is too clever, but just using the phrase > > "Open, Onion and Off-the-Record" is an easy meme that could stick? > > I am not sure what your target audience is. For regular folks, the > notion that they will associate the brand Ozone with a set of security > properties seems like way too much of a stretch. Open, Onion and > Off-the-Record is longer, but aside from onion gives the right > impression. So if all the projects that meet that use that in headilnes > on websites, and guardianproject hassles/shames anyone that's using it > falsely, it could become a branding phrase. > > I don't want to hijack your thread about an unrelated issue, but I > wonder how related it is. If there isn't onion, then servers can keep > track of users' IP addresss over time. Sometimes protocols don't have > the onion property, but are still better than the alternatives, > e.g. ostel. In these cases, there's a another property which is the > server promising not to keep logs (which I realize is lame compared to > cryptographically ensuring privacy), even of registration history. I'm > not sure if you want to have a name for this to have a second-tier brand > for open, promises-to-forget-metadata, off-the-record. I of course > realize my specific middle-name suggestion is not ok.
Great feedback! Perhaps "Off the record" can be broadened to mean, no logging, no metadata, no plaintext? As for requiring Onion, I am on the fence about it, but increasingly I am leaning towards that any service that claims privacy preserving principles should at least try to support Onion routing at some layer. With Ostel, we could have worked harder to support the SIP signaling via Tor and modify client apps to use TCP based SIP media sessions. Mumble is another interesting case. Plumble for Android supports an open protocol that anyone can run a server for, works completely over Orbot with one tap, and the client doesn't log, and the server can be setup not to. However it does not support end to end encryption. Is that O3 worthy? -- Nathan of Guardian [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
