Thanks for the note Jillian, and I fully admit I have a tendency to be bit overly optimistic about these things and perhaps have too much faith in the ability of corporations to ultimately be productive partners. There's an inherent misalignment of incentives that is problematic outside of the individuals involved. I think your skepticism is essential and all of our continued vigilance warranted. That said, I know the rest of the uProxy team itself is aware and even wary of these issues, so I think you're right to point out that painting all of Google Ideas with the same brush is dangerous. I only know a tiny sliver of Google Ideas well, and that's the uProxy team, but I can certainly attest to the uProxy team's recognition of the complexity involved from a larger political perspective and even from the perspective of Google's involvement.
The only ultimate hedges here are structural, of course, and I think it will help a great deal when the uProxy GitHub repository is opened up to the public. I want to emphasize again that the University of Washington and Google Ideas really did the heavy lifting on uProxy, with the BNS not contributing as much as we'd like primarily because we've had our hands full with Lantern. That's also not an effort to distance ourselves from it but rather an effort to give credit where credit is due. Working off an open source repository, however, uProxy has the advantage of a really strong team of highly skilled engineers with input from other parts of Google including engineers with more of a security focus as well as from the highly skilled team over at UW. I think the open source nature of the project really tips the scales here and makes Google participation unquestionably a net positive in that they're able to pour resources into promising technology that everyone in the community can scrutinize. I think the non-technical aspects are where things have the potential to derail, but I'm hopeful we can all help prevent that. That's the report from my window on the world. -Adam On Thu, Oct 24, 2013 at 8:00 AM, Jillian C. York <jilliancy...@gmail.com>wrote: > Thanks Adam, > > I appreciate your note, and I'm glad to hear what you have to say. > > Forgive me, but I don't agree with you that everyone at Google Ideas > shares our goals. Look into some of the other work that Jared Cohen does > and it becomes apparent that for him and his ilk, human rights concerns > only exist within dictatorships, not democracies. Some of his colleagues > have put people I know directly at risk, and that I cannot forgive easily. > > So while I'm glad to see that Lantern is behind this, I'm deeply > disappointed to see Cohen's involvement. > > Best, > Jillian > > > On Tue, Oct 22, 2013 at 11:44 PM, Adam Fisk <af...@bravenewsoftware.org>wrote: > >> Hi Everyone- >> >> First off, apologies for the radio silence. My libtech reading has >> decreased in direct proportion to the volume of traffic, which seems in >> turn to have increased in direct proportion to my personal volume of work, >> so I'm a bit late to the game. To provide some context, over at Brave New >> Software we're still primarily focused on >> Lantern<https://www.getlantern.org>and have been rolling out a series of >> 1.0.0 beta releases we would greatly >> appreciate everyone's feedback on. We've been trying hard to improve our >> documentation, and all of our code is of course open >> source<https://github.com/getlantern/lantern> with >> an ever improving body of more detailed >> documentation<https://github.com/getlantern/lantern/wiki> we're >> in the process of migrating <https://github.com/getlantern/lantern-docs> >> . >> >> That said, we have been involved with UProxy <https://uproxy.org/> since >> the earliest stages and have written some of the code, but with the >> University of Washington and Google Ideas really doing the heavy lifting. >> We do, however, strongly believe in the potential of WebRTC to provide both >> interesting cover traffic as well as usability improvements that come as a >> result of reusing technology already built into the browser. One of the >> primary goals of both Lantern and UProxy is to build solutions that can >> scale to a large number of users without incurring unsustainable costs, and >> allowing ordinary users to provide access easily is a huge part of that >> effort. Another really vital aspect to both Lantern and UProxy is blocking >> resistance, and particularly the idea that trust networks are a promising >> path forward in that regard. I think we're seeing this now with private Tor >> networks where bridges are distributed through trusted contacts, and that's >> exactly what we're after with both Lantern and UProxy. >> >> I will say that I completely agree with both the criticisms on some of >> the messaging and with the security approach (which applies to both uproxy >> and Lantern), and I'll elaborate on that. At BNS we have not controlled any >> of the messaging, but as you said Roger, the following: >> >> > It's completely encrypted and there's >> > no way for the government to detect what?s happening because it just >> > looks like voice traffic or chat traffic. >> >> is a gross overstatement. I'm personally of the belief that the above is >> simply not possible or at the very least extremely hard and unsolved, as I >> think we've discussed a bit in person with regard to the efforts to >> disguise Tor traffic as Skype traffic. I'm not sure I've ever said this >> directly, but I'll say now publicly that you're one of the technologists I >> personally hold in the highest possible regard, and I always welcome any >> criticisms you may have. You've also given Lantern really valuable advice >> from its earliest days, which I really appreciate. The above quote I think >> is an unfortunate combination of a limited understanding of the technology >> and conversation with a reporter who will pick the juiciest sound bites, >> but it's clearly incorrect and just dangerous. >> >> I also quickly wanted to also acknowledge Sascha's excellent point about >> trust network mapping: >> >> > I would be more concerned with adversary externaly >> > observing the connections, seeing that a group of people from within >> > country X are connecting to the same ip in country Y , thus relating >> > those people in that group as sharing a node in a social graph, so to >> > each other, while they might not have seen them as related before.. >> >> This is a concern that was discussed at some length yesterday at the >> Google Ideas Summit, and it's a really astute observation others have also >> made, most recently at CTS in Berlin. With Lantern it's considerably less >> of an issue because Lantern uses >> Kaleidoscope<https://github.com/getlantern/kaleidoscope> to >> also share connections of contacts who are not direct friends, in Lantern's >> case up to four degrees away. While that raises its own concerns in terms >> of proxying through essentially total strangers (again with blocking >> resistance as the goal), it does mitigate against social network mapping >> attacks. In both the UProxy and Lantern cases, however, there is more >> thought and research to be done, as it's not immediately obvious how >> significant it is that two people know the same person, particularly when >> that person is inherently living in another country that is uncensored. >> That is by no means an effort to dismiss the critique but rather an >> observation that the conclusions to draw aren't obvious at least to me. >> >> On a final note, I just want to say I truly believe we're all after the >> same ultimate goals of freedom of expression and speech around the world. >> That may sound naive, but that's truly something I'm personally passionate >> about. At Brave New Software we not only welcome but strongly encourage >> critique and criticism of our work, and we deeply thank anyone willing to >> take the time and to do the work to do so. For us I think that aspect of >> work is a vital component. For so many of us on this list who are in the >> trenches in this long term fight to build an Internet that's inherently >> less susceptible to corruption and that inherently preserves freedom of >> speech and freedom from control, the amount of work required to build those >> systems well is staggering and sometime overwhelming. As a result I would >> simply submit a plea that we take the work seriously and not engage in >> frivolous debate or endless argument. We simply don't have time and can't >> afford to operate inefficiently as a community. I see us all as >> collaborators working towards the same ultimate goals, or at least close >> enough ultimate goals that we can team up for a good while, and it's truly >> a privilege to be a part of it all. >> >> Thanks so much. >> >> -Adam >> >> >> >> >> On Tue, Oct 22, 2013 at 2:58 PM, Collin Anderson < >> col...@averysmallbird.com> wrote: >> >>> >>> On Tue, Oct 22, 2013 at 1:36 AM, Roger Dingledine <a...@mit.edu> wrote: >>> >>>> That was a different guy though right? And surely this time >>>> they're doing it right, with a comprehensive design document and threat >>>> model, open source, etc before the publicity splash? >>>> >>> >>> Sort of, but I think these challenges about Google or Jared Cohen's >>> involvements with either are a bit immaterial -- particularly given the >>> development chain and that I believe it will be open source at the time of >>> actual use. My understanding is that uProxy simply opens a SOCKS connection >>> to relay traffic with your G+/XMPP peer through WebRTC; it is not exactly >>> reinventing the Internet or circumvention. Anyway, uProxy is developed by >>> University of Washington and Brave New Software (Lantern), hence the >>> "seeded by Google Ideas" note. The developers seemed to be kicking around >>> thoughts on the next stage of transport, so it would be a prime time to >>> bother them about pluggable transports. >>> >>> Adam is probably on Libtech, but I have CC'ed him just in case because >>> it would probably be more useful to talk about Lantern right now than have >>> things derail. >>> >>> -- >>> *Collin David Anderson* >>> averysmallbird.com | @cda | Washington, D.C. >>> >> >> >> >> -- >> -- >> Adam >> pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89 >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> compa...@stanford.edu. >> > > > > -- > *Note: *I am slowly extricating myself from Gmail. Please change your > address books to: jilliancy...@riseup.net or jill...@eff.org. > > US: +1-857-891-4244 | NL: +31-657086088 > site: jilliancyork.com <http://jilliancyork.com/>* | * > twitter: @jilliancyork* * > > "We must not be afraid of dreaming the seemingly impossible if we want the > seemingly impossible to become a reality" - *Vaclav Havel* > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- -- Adam pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
