On 19 January 2014 08:51, carlo von lynX <[email protected]>wrote:
> On Sat, Jan 18, 2014 at 01:52:07AM +0700, Uncle Zzzen wrote: > > In that case, we shouldn't trust anything unless it's [hopefully] > > hostile-player-proof P2P, then we're back to "confiscate the hard drive" > > times. > > There's one acceptable compromise left.. the one that the Tor > architecture employs... dumb relays that do useful work and > have no idea either they are doing or who they are doing it for. > As I've been hearing from I2P advocates: TOR's a road I2P is a place. If a VPS is a risk, you can only trust a PC inside a residence (not sufficient, but mandatory). TOR has hidden services but (from what I've heard) it's less optimized in their architecture. What they do is take you somewhere, but there's nowhere to go. It's all in the cloud and the cloud is poisoned. P2P is the silver lining, it can live with netsplits, and as we've seen from Egypt to BART, netsplits are the future :( > > I presume Mr Schneier is right saying that if the nation state actor > is after *your* device, then the likelihood is high it will find its > way in (especially if you use a collaborating operating system). This > threat model only worries me if it could be applied against entire > nations in a warfare situation, which it might. > I think the only winning strategy here is if nations (EU, Brasil, etc.) would plan develop from scratch a standard for a "snoop-free" home computer, where all hardware and software available on repositories. Can also be things like freedombox, set top box, etc. If you have millions of those all over your country, you level the playground. If other nations take your designs and "capitalize on your intelectual property", even better. Each Chinese family that installs such a box, throws away an appliance that had backdoors by their own gov and/or other enemies of yours. Best is if they ban this and it becomes popular :) Yes, RetroShare has HTML-compatible rich text everywhere, but no actual > web browser. We were considering something similar for secushare, too. > It's a pattern. Recover the spirit of the web and throw away the > cancerogenous parts. > I'm happy to hear this. > Yes, ever since the mid 90s.. but you probably never heard of them or > of the fact they support this feature. ;-) > > Depends on what you mean by "this feature". I didn't look closely, but I believe I could (and gladly would) kick uzbl around into - say - a syndie reader (if they had python API - that is :) ). The next level of "this feature" (if we don't want js) is to extend the 90s html with some standard modern set of widgets. For exmple: you decide that bootstrap (including all the data-* attributes that are later read by js) is the standard. You ignore the JS, but the menus would still work. Doesn't have to be bootstrap, but should be something that has a community developing themes etc. Do you know about such repositories? A higher level would be to develop a scripting language (perhaps a not-necessarily-compatible subset of js, so that things like onclick="this.select()" would work). It should include a barebones minimum, but I'm not sure what it means: Does that include ajax? What should the protocol for ajax be? How can we build it so that there can't be XSS/CSRF? etc. Do you know about such repositories? The highest level of "this feature" would be if this "Mock JS" could have full WebRTC functionality ;) Thanks
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
