Hi Everyone- First off, apologies for the radio silence. My libtech reading has decreased in direct proportion to the volume of traffic, which seems in turn to have increased in direct proportion to my personal volume of work, so I'm a bit late to the game. To provide some context, over at Brave New Software we're still primarily focused on Lantern<https://www.getlantern.org>and have been rolling out a series of 1.0.0 beta releases we would greatly appreciate everyone's feedback on. We've been trying hard to improve our documentation, and all of our code is of course open source<https://github.com/getlantern/lantern> with an ever improving body of more detailed documentation<https://github.com/getlantern/lantern/wiki> we're in the process of migrating <https://github.com/getlantern/lantern-docs>.
That said, we have been involved with UProxy <https://uproxy.org/> since the earliest stages and have written some of the code, but with the University of Washington and Google Ideas really doing the heavy lifting. We do, however, strongly believe in the potential of WebRTC to provide both interesting cover traffic as well as usability improvements that come as a result of reusing technology already built into the browser. One of the primary goals of both Lantern and UProxy is to build solutions that can scale to a large number of users without incurring unsustainable costs, and allowing ordinary users to provide access easily is a huge part of that effort. Another really vital aspect to both Lantern and UProxy is blocking resistance, and particularly the idea that trust networks are a promising path forward in that regard. I think we're seeing this now with private Tor networks where bridges are distributed through trusted contacts, and that's exactly what we're after with both Lantern and UProxy. I will say that I completely agree with both the criticisms on some of the messaging and with the security approach (which applies to both uproxy and Lantern), and I'll elaborate on that. At BNS we have not controlled any of the messaging, but as you said Roger, the following: > It's completely encrypted and there's > no way for the government to detect what?s happening because it just > looks like voice traffic or chat traffic. is a gross overstatement. I'm personally of the belief that the above is simply not possible or at the very least extremely hard and unsolved, as I think we've discussed a bit in person with regard to the efforts to disguise Tor traffic as Skype traffic. I'm not sure I've ever said this directly, but I'll say now publicly that you're one of the technologists I personally hold in the highest possible regard, and I always welcome any criticisms you may have. You've also given Lantern really valuable advice from its earliest days, which I really appreciate. The above quote I think is an unfortunate combination of a limited understanding of the technology and conversation with a reporter who will pick the juiciest sound bites, but it's clearly incorrect and just dangerous. I also quickly wanted to also acknowledge Sascha's excellent point about trust network mapping: > I would be more concerned with adversary externaly > observing the connections, seeing that a group of people from within > country X are connecting to the same ip in country Y , thus relating > those people in that group as sharing a node in a social graph, so to > each other, while they might not have seen them as related before.. This is a concern that was discussed at some length yesterday at the Google Ideas Summit, and it's a really astute observation others have also made, most recently at CTS in Berlin. With Lantern it's considerably less of an issue because Lantern uses Kaleidoscope<https://github.com/getlantern/kaleidoscope> to also share connections of contacts who are not direct friends, in Lantern's case up to four degrees away. While that raises its own concerns in terms of proxying through essentially total strangers (again with blocking resistance as the goal), it does mitigate against social network mapping attacks. In both the UProxy and Lantern cases, however, there is more thought and research to be done, as it's not immediately obvious how significant it is that two people know the same person, particularly when that person is inherently living in another country that is uncensored. That is by no means an effort to dismiss the critique but rather an observation that the conclusions to draw aren't obvious at least to me. On a final note, I just want to say I truly believe we're all after the same ultimate goals of freedom of expression and speech around the world. That may sound naive, but that's truly something I'm personally passionate about. At Brave New Software we not only welcome but strongly encourage critique and criticism of our work, and we deeply thank anyone willing to take the time and to do the work to do so. For us I think that aspect of work is a vital component. For so many of us on this list who are in the trenches in this long term fight to build an Internet that's inherently less susceptible to corruption and that inherently preserves freedom of speech and freedom from control, the amount of work required to build those systems well is staggering and sometime overwhelming. As a result I would simply submit a plea that we take the work seriously and not engage in frivolous debate or endless argument. We simply don't have time and can't afford to operate inefficiently as a community. I see us all as collaborators working towards the same ultimate goals, or at least close enough ultimate goals that we can team up for a good while, and it's truly a privilege to be a part of it all. Thanks so much. -Adam On Tue, Oct 22, 2013 at 2:58 PM, Collin Anderson <[email protected]>wrote: > > On Tue, Oct 22, 2013 at 1:36 AM, Roger Dingledine <[email protected]> wrote: > >> That was a different guy though right? And surely this time >> they're doing it right, with a comprehensive design document and threat >> model, open source, etc before the publicity splash? >> > > Sort of, but I think these challenges about Google or Jared Cohen's > involvements with either are a bit immaterial -- particularly given the > development chain and that I believe it will be open source at the time of > actual use. My understanding is that uProxy simply opens a SOCKS connection > to relay traffic with your G+/XMPP peer through WebRTC; it is not exactly > reinventing the Internet or circumvention. Anyway, uProxy is developed by > University of Washington and Brave New Software (Lantern), hence the > "seeded by Google Ideas" note. The developers seemed to be kicking around > thoughts on the next stage of transport, so it would be a prime time to > bother them about pluggable transports. > > Adam is probably on Libtech, but I have CC'ed him just in case because it > would probably be more useful to talk about Lantern right now than have > things derail. > > -- > *Collin David Anderson* > averysmallbird.com | @cda | Washington, D.C. > -- -- Adam pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
