Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
The content of the communication should be direct in 90% of cases though - not going through Google's servers at all. Granted the Google Voice plugin is a bit of an enigma at this point - not yet based on libjingle or webrtc yet in my understanding. It should migrate though, at which point it will be just as open source as Jitsi. Passing that 10% through Google servers is definitely an issue though, and that'll be 100% with 3 or more on a call. The alternative is to set up your own TURN, STUN, and XMPP servers though. -Adam On Friday, December 21, 2012, Jacob Appelbaum wrote: Adam Fisk: I'm not entirely clear on why this is advantageous versus say Google Hangouts. You're likely using Google Talk servers in both cases, which is the central point of control no matter what. What am I missing Andrew? I trust Google's encryption more than I do Jitsi's, and my pretty darn thorough walk through the Jitsi code (granted years ago now) was a pretty frightening experience -- not security-wise but just code wise. If you're trusting Google for your account/relationship data, you're not *also* trusting them with the content of the communication when OTR and/or ZRTP are used. Did you find problems with the OTR or ZRTP crypto? Most code is terrible - I consider it an improvement over Skype which likely also has terrible code but we can't even inspect it to learn that fact. Rather, we just learn that they wiretap and fuck people over by reading their policy documents; generally far too late, I might add. All the best, Jake -Adam On Fri, Dec 21, 2012 at 11:29 PM, liberationt...@lewman.usjavascript:; wrote: On Fri, 21 Dec 2012 06:52:35 -0800 Brian Conley bri...@smallworldnews.tv javascript:; wrote: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Here's a single data point, extrapolate at your peril, I use Jitsi, https://jitsi.org/. I use jitsi daily for all my phone calls, text chats, and video chats. It's not as slick as Skype, yet. It's just a piece of software, you need to setup your own chat or voip accounts. It works with gchat, facebook, aol, msn, etc. It just works. It's effectively the open source version of skype. It's the same UI and functionality across operating systems (windows, macs, linux, bsds). I've watched non-tech people figure it out in 10 minutes and start chatting/calling, etc. I have zrtp-encrypted video and voice chats with people around the world. I can share my screen so others can see what I'm doing. For zrtp-encryption and screen sharing, all parties have to use jitsi. And OTR-wrapped text chat works well so far with any client on the other end. It's still a work in progress, much like Skype was when it was first released, but it's functional and gets out of the way so you can communicate. My $0.02. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Sent from Gmail Mobile -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
I sympathize with your frustration about Google and other companies' unwillingness to talk about their interception capabilities. In the particular case of Hangouts, it seems clear that the Hangout data is encrypted only between the user and Google, and not end-to-end. That doesn't appear to be the case, Seth. See: https://developers.google.com/talk/call_signaling#Encryption -- Adam pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Supports, but doesn't mean uses for default! SRTP also supports NULL CIPHER... -- Jerzy Łogiewa -- jerz...@interia.eu On Dec 28, 2012, at 6:14 PM, Adam Fisk wrote: I sympathize with your frustration about Google and other companies' unwillingness to talk about their interception capabilities. In the particular case of Hangouts, it seems clear that the Hangout data is encrypted only between the user and Google, and not end-to-end. That doesn't appear to be the case, Seth. See: https://developers.google.com/talk/call_signaling#Encryption -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Fri, Dec 28, 2012 at 11:14 AM, Adam Fisk a...@littleshoot.org wrote: I sympathize with your frustration about Google and other companies' unwillingness to talk about their interception capabilities. In the particular case of Hangouts, it seems clear that the Hangout data is encrypted only between the user and Google, and not end-to-end. That doesn't appear to be the case, Seth. See: https://developers.google.com/talk/call_signaling#Encryption To clarify, it would be possible for Google to actively MITM the connection, but the media should be encrypted. Note this would be an active attack on two levels -- first Google swapping in its own keys but then also swapping in it's own IPs in most cases (non group calls and cases where NATs can be traversed) to ensure the media actually passes through it's servers in order to eavesdrop on it. Certainly possible I suppose, but fairly involved. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Fri, Dec 28, 2012 at 11:47 AM, Jerzy Łogiewa jerz...@interia.eu wrote: Supports, but doesn't mean uses for default! SRTP also supports NULL CIPHER... Right -- ideally one of us would fire up Wireshark to check the defaults. -Adam -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Fri, Dec 21, 2012 at 03:48:15PM -0500, m...@markbelinsky.com wrote 8.9K bytes in 0 lines about: : glad that Andrew, you've had some successes! I'm curious what combo you : were using it with? It's very much a work in progress, yes. I use debian. I've used it with others on windows xp, windows 7, osx 10.x, and other linuxes. : with ostel.me if you're interested. No video just yet. And group : communication... well that's not p2p so not just yet. It's p2p2p. The group communication could be p2p, or just distributed. This is how skype used to work with nodes and supernodes. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Fri, Dec 21, 2012 at 09:03:02AM -0800, bri...@smallworldnews.tv wrote 5.5K bytes in 0 lines about: : So I guess I'd say, who is going to fund a competitor to skype built on : jitsi? Without a. Convenient easy to use GUI b. Sexy advocates and adopters : and c. A marketing plan you aren't going to compete with Skype, Google : Hangout, etc. My guess would be the people behind jitsi, http://bluejimp.com/ and their partners, https://jitsi.org/index.php/Main/Partners ippi.fr worked pretty well, until they demanded a copy of my passport to continue service. : If security and privacy experts and developers are serious about broad : adoption of their tools and not just building a closed club of : cryptoexperts shouting fire! We have to work this out. I'm pretty busy Conversely, as I continue to work with global law enforcement, a shocking amount of crime still happens over the public telephone network. Even with its lack of encryption, centralized data collection, and lawful intercept, criminal organizations are still successfully coordinating, planning, and growing over this 100+ year old technology and networks. And for all of the fancy tools, analysis, and skills, law enforcement is still one step behind the criminals simply using the public phone networks. It's the 1% of criminals which use things like skype, tor, cryptocat, i2p, google hangouts, etc. And even then, they screw up and get caught because their ego grows larger than their skills. And to take a super-unpopular stance, empirical evidence says use of skype isn't the problem. Take Syria as an example, the problem is OSX and Windows on the laptops because that's what the Syrian state malware attacks. From a resource perspective, the Assad regime is being economically smart. Rather than trying to attack some cryptosystem and glean data from traffic analysis, just attack the end user and get all the data before it enters the cryptosystem. This is likely the same analysis the German's used. Rather than trying to crack skype, they got state-sponsored malware to crack the operating system and get the data before it enters skype. Vietnam approached the skype-problem by using parabolic microphones outside the houses of suspected activists. Solving the analog problem (voice, keystroke sound analysis, electrical grid background noise, etc) and user security weaknesses (Oh look, an attachment! Let's load it up!) is probably a better place for solutions than yet another crypto-system. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Jitsi looks like promising tool, but video chat always crash my mac. Even preference for video setting! -- Jerzy Łogiewa -- jerz...@interia.eu On Dec 21, 2012, at 8:23 PM, KheOps wrote: We have tried to push Jitsi forward as a replacement to Skype, notably with Syrian people. In the first tries we did, it appeared really not easy to use from Syria, mainly because of the poor bandwidth there which seemed to prevent video calls to work correctly and NAT issues. We however haven't had time to dig more in Jitsi settings, and I wonder if someone had a good URL for documentation/tutorial? Thank you :) KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Skype is a problem, hands down. But people will continue to use it, particularly in situations they see as nonthreatening (rightly and wrongly) because it is convenient and maintains weight in the marketplace. This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? B On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Hi everyone :) Le 21/12/2012 17:29, liberationt...@lewman.us a écrit : On Fri, 21 Dec 2012 06:52:35 -0800 Brian Conley bri...@smallworldnews.tv wrote: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Here's a single data point, extrapolate at your peril, I use Jitsi, https://jitsi.org/. We have tried to push Jitsi forward as a replacement to Skype, notably with Syrian people. In the first tries we did, it appeared really not easy to use from Syria, mainly because of the poor bandwidth there which seemed to prevent video calls to work correctly and NAT issues. We however haven't had time to dig more in Jitsi settings, and I wonder if someone had a good URL for documentation/tutorial? Thank you :) KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
On Dec 21, 2012 2:24 PM, KheOps khe...@ceops.eu wrote: Hi everyone :) Le 21/12/2012 17:29, liberationt...@lewman.us a écrit : On Fri, 21 Dec 2012 06:52:35 -0800 Brian Conley bri...@smallworldnews.tv wrote: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Here's a single data point, extrapolate at your peril, I use Jitsi, https://jitsi.org/. We have tried to push Jitsi forward as a replacement to Skype, notably with Syrian people. In the first tries we did, it appeared really not easy to use from Syria, mainly because of the poor bandwidth there which seemed to prevent video calls to work correctly and NAT issues. This is exactly the reason to use Google hangout. I have been traveling in the MENA region the last few weeks, often relying on a local 3g connection to maintain daily contact with my family. As I was paying per mb/GB of data, I kept a close eye on the transfer. Its completely unscientific, but Google hangout seems to use a fraction of the bandwidth as skype (1/10th?!) So there is a serious discussion to have here, no? If gmail is acceptable for anyone not concerned with US government or allies as an adversary, why not Google hangout? B We however haven't had time to dig more in Jitsi settings, and I wonder if someone had a good URL for documentation/tutorial? Thank you :) KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
While Jitsi is fantastically cross-platform, I've not found it to be particularly reliable depending on the operating system and service. I'm glad that Andrew, you've had some successes! I'm curious what combo you were using it with? At Guardian Project we've been investigating the opportunities for secure and encrypted voice and video, as well as working towards developing an open protocol for it, plus determining how it can work on an appropriate client. You can find some of our initial review of available platforms on our wiki https://guardianproject.info/wiki/OSTN or try p2p encrypted voice with ostel.me if you're interested. No video just yet. And group communication... well that's not p2p so not just yet. But Brian, I prefer Google Hangout to Goohke Hangout still. ~Mark --* @mbelinsky https://twitter.com/mbelinsky | markbelinsky.comhttps://markbelinsky.com| phone: +1-347-466-9327 | skype: markontheline * On Fri, Dec 21, 2012 at 3:06 PM, Danny O'Brien dobr...@cpj.org wrote: On Fri, Dec 21, 2012 at 07:26:44PM +0200, Nadim Kobeissi wrote: On Fri, Dec 21, 2012 at 6:56 PM, Nathan of Guardian nat...@guardianproject.info wrote: On 2012-12-21 20:22, Brian Conley wrote: This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? I personally can't wait for Cryptocat A/V edition! Nadim, hurry up please. :) I hear this a lot — that's a 2014 goal if there ever was one. Somebody was asking why do (at risk) groups use Skype, and it's worth underlining out a couple of reasons, beyond convenient, ubiquitous, multi-platform audio-video chat. * Permanent, multi-user chat rooms. This is what makes Cryptocat such a useful addition: there was a long period where activists didn't have a known alternative to this feature that didn't fail badly (IRC over SSL? Hard to set up, and what if one person doesn't encrypt? etc), especially combined with: * Live audio-visual contact as a form of authentication. The most comprehensible threat for online text conversations is that you're just not talking to the right person/people. I think it's important to bear this in mind because sometimes the discussion around Skype revolves around one-on-one videochat, and that doesn't seem to be the dominant use in my conversations with at-risk users. d. +n -- Unsubscribe, change to digest, or change password at: https:// mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
I'm not entirely clear on why this is advantageous versus say Google Hangouts. You're likely using Google Talk servers in both cases, which is the central point of control no matter what. What am I missing Andrew? I trust Google's encryption more than I do Jitsi's, and my pretty darn thorough walk through the Jitsi code (granted years ago now) was a pretty frightening experience -- not security-wise but just code wise. -Adam On Fri, Dec 21, 2012 at 11:29 PM, liberationt...@lewman.us wrote: On Fri, 21 Dec 2012 06:52:35 -0800 Brian Conley bri...@smallworldnews.tv wrote: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Here's a single data point, extrapolate at your peril, I use Jitsi, https://jitsi.org/. I use jitsi daily for all my phone calls, text chats, and video chats. It's not as slick as Skype, yet. It's just a piece of software, you need to setup your own chat or voip accounts. It works with gchat, facebook, aol, msn, etc. It just works. It's effectively the open source version of skype. It's the same UI and functionality across operating systems (windows, macs, linux, bsds). I've watched non-tech people figure it out in 10 minutes and start chatting/calling, etc. I have zrtp-encrypted video and voice chats with people around the world. I can share my screen so others can see what I'm doing. For zrtp-encryption and screen sharing, all parties have to use jitsi. And OTR-wrapped text chat works well so far with any client on the other end. It's still a work in progress, much like Skype was when it was first released, but it's functional and gets out of the way so you can communicate. My $0.02. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Adam Fisk http://www.littleshoot.org | http://adamfisk.wordpress.com | http://twitter.com/adamfisk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Brian Conley: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Jitsi? Skype is a problem, hands down. But people will continue to use it, particularly in situations they see as nonthreatening (rightly and wrongly) because it is convenient and maintains weight in the marketplace. People will continue to use it as long as this community and others accepts it as a reasonable tool. It isn't a reasonable tool and we should warn people not to use it. We should rather encourage them to use open and standard protocol, as well as to use FLOSS implementations. This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? Jitsi is likely better for a lot of stuff. It is written in Java (yay no programmer introduced buffer overflows, boo java, boo java), it has OTR for chatting and ZRTP for VoIP calls. It does this with standard jabber/xmpp accounts. Users can download it over HTTPS and I believe the cert may be pinned now in Google Chrome. It isn't perfect but if I had to choose between it and Skype, I guess I'd not have a lot of trouble making the choice of using Jitsi. All the best, Jake B On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Thanks Jacob, How do you consider Adams concerns about Jitsi? Brian On Dec 21, 2012 8:24 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Brian Conley: So I guess the question is, is there a more/similarly convenient video/audio chatting tool that can be advocated as a standard? Jitsi? Skype is a problem, hands down. But people will continue to use it, particularly in situations they see as nonthreatening (rightly and wrongly) because it is convenient and maintains weight in the marketplace. People will continue to use it as long as this community and others accepts it as a reasonable tool. It isn't a reasonable tool and we should warn people not to use it. We should rather encourage them to use open and standard protocol, as well as to use FLOSS implementations. This is a long way of asking, is Goohke Hangout functionally better? Is anything else? Or, how do we get someone to develop a convenient p2p chatting tool that is also pleasurable to use? Jitsi is likely better for a lot of stuff. It is written in Java (yay no programmer introduced buffer overflows, boo java, boo java), it has OTR for chatting and ZRTP for VoIP calls. It does this with standard jabber/xmpp accounts. Users can download it over HTTPS and I believe the cert may be pinned now in Google Chrome. It isn't perfect but if I had to choose between it and Skype, I guess I'd not have a lot of trouble making the choice of using Jitsi. All the best, Jake B On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Hi, In light of the recent thread on journalism, I wanted to share this link about Skype: https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve With 250 million monthly connected users, Skype is one of the most popular services for making phone calls as well as chatting over the Internet. If you have friends, family or business contacts abroad, chances are you are using Skype to keep in contact. Having said that, you are probably not aware that all your phone calls and text chats can be monitored by the censorship authorities in China. And if you are aware, chances are that you do not consent to such surveillence. Microsoft, however, assumes that you do consent, as expressed in their Privacy Policy: Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech