First of all, congratulations on a through proposal! A few comments inline.
On Sun, Mar 12, 2017 at 4:25 PM, iry <[email protected]> wrote: > a) Download sources > The download process for Lantern is not as easy as one may expect, > especially for users in censored area. The official website of Lantern > has been blocked by at least Chinese authority, making it hard for one > without any other usable censorship circumvention tools to get a Lantern > . > Another trusted sources to download a binary Lantern software without > the help of any other censorship circumvention tools is its Github > download sources [21]. However, this is not widely-known by people, > especially for the first-time users since there is instruction for them > to know about it. > Considering the facts above, people who want to get a Lantern software > themselves may accidentally download it from untrusted sources and > install it without doing any verification, which may lead to a > compromise of the entire system. Given that there has already been some > malwares that pretend to being legal censorship circumvention tools > which secretly infect the victims’ computers [22], it is vital important > to download it from trusted sources. > b) Verification > It is reasonable to assume that most users will not do the verification > themselves. This can be shown in a current report. Tor Browser is a > privacy-oriented software, its users are expected to have a higher > awareness of security. However, there are still one out third users who > do not download the signature of it [23]. Therefore, we should provide a > mechanism that automatically do the verification rather than expect > users do it themselves. The same problems would still apply, but would instead apply to obtaining and bootstrapping trust in your copy of Qubes. If this is a problem you really wish to solve, simply providing trust via signed qubes templates is not sufficient. > B. Privacy > ... > By placing > Lantern in an independent qube, it will not be able to collect the local > user behaviors that happen in other qubes. I think claiming this is somewhat misleading unless you also also enforce that the traffic within is somehow also protected independently. > C. Usability > Apart from the reason that user may mess the qube up when downloading > and configuring Lantern-Gateway manually themselves, another important > reason that the Lantern-Gateway should handle the downloading and > configuration process automatically is because it will greatly improve > the usability of Lantern-Gateway. Regardless of the fact that the user > may not be acknowledge enough to follow an instruction to configure a > Lantern-Gateway, helping users to do the tasks mentioned above > automatically will also save a large amount of time for users. This > feature can be especially useful when users would like to set up several > Lantern-Gateways quickly. > According to the document of Lantern on Whonix wiki: “From the > beginning of version 3.0, Lantern implemented a bandwidth limitation of > 800 MB/ month. When the bandwidth limit is reached, the connection is > slowed down and Free users are prompted to upgrade to Lantern Pro. > Specifically, the connection will be slowed down to approximately > 20KB/s, making Lantern kind of unusable. On the other hand, considering > the payment methods Lantern company offers, it is merely impossible for > one to pay for Lantern Pro without damaging his/her privacy or/and > anonymity. An easy way to circumvent the problem describing above is to > set up a new VM and install a new Lantern application in it” [24]. That > is to say, it is predictable that a Lantern-Gateway user will have to > reinstall the Lantern-Gateway after a period of time. Therefore, it is > of importance to make the installation process as quick and simple as > possible. Running the server-side infrastructure to forward traffic has associated costs, and perhaps those running them somehow rely on income from Lantern Pro in order to cover those costs? I think it would be wise to at least start a discussion with them about this rather than taking an adversarial approach towards Brave New Software right from the start. Finally, (making the assumption that Iry Koon may not be your IRL identity) On Sun, Mar 12, 2017 at 2:12 PM, iry <[email protected]> wrote: > Hi everyone! > > I am Iry. Be aware that Google will likely want to de-pseudonymize you at least in order to pay you, and possibly also for transparency/legal/tax/whatever reasons. If this is a concern, I would strongly suggest discussing this with the GSoC administrative staff well in advance of the relevant deadlines. Regards, Jean-Philippe -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_B8Rnk926qq3srwZdnsZM%3D0ee3ENU3Hrx%3DXHVQ2rjNcEw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
