Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Stop using public IRC networks

Aymeric Vitte vitteaymeric at gmail.com
Wed Nov 18 07:21:48 PST 2015



Le 17/11/2015 21:38, carlo von lynX a écrit :
> *** Where can we go to have a private chat?
> 
> In a post-Snowden world, where can we go to quietly idle and occasionally chat like we have done for decades? In our opinion there are two answers. On isolated servers, if you have a reason to trust the server, or on a distributed chat system. Unfortunately the latter are still in dire conditions. See the secushare comparison for that.
> 
> It should go without saying that using any commercial offering such as Whatsapp or Facebook is likely worse than using an IRC network. Maybe Telegram chatrooms are at least safe from the Western authorities.. so for once it is somebody else snooping on you.
> 
> 
> P.S. Aymeric: liked your last post, just not finding time!

Thanks, so please let me give briefly some more details, this is not a
vague idea, thinking about it since some time but now things are
changing and we know how to make a browser instance work in background
(not sure it can fit for all cases but at last the Web is getting
there), eliminating the absurd limitation of letting the browser open
all the time to use such apps.

The Tor network is thousands of nodes, the bittorrent network is hundred
of millions of peers, browsers are billions.

Other networks are growing like bitcoin and even if bitcoin's features
are not designed to protect privacy/anonymity it appears difficult to trace.

Then different systems are trying to mix those different networks for
privacy/anonymity purposes or propose their own solution, whether
centralized, whether a mix of centralization/decentralization, whether
proprietary or open source, without being fully convincing so far (your
secushare method is part of the good means to evaluate this), and each
solution needs a specific installation/sw on a specific platform/device
with the associated risks and complication for the users, in addition
really secured solutions are usually completely unusable by normal people.

The idea is to use the most widely spread unified/standard system (not
platform/device dependent), ie browsers, and define an architecture that
would allow any solution to work on top of it, without requiring
specific installation or skills to use it.

A base for this could be the Peersm architecture for peers (browsers)
communication connected to each others via the Tor protocol using
WebRTC, and Peersm's extended peer discovery/introduction system (WebRTC
DHT), adding to the current specs a long term peer ID management system,
all this making extremely difficult to trace/identify the users and what
they are exchanging, or just impossible if the network grows, impossible
to control and block, servers would only be used to bootstrap the process.

Then it would be possible to add on top of this any apps for file
sharing (like Peersm again with its specific content discovery system),
chat, messages, crypto currency, social networking.

But as mentionned previously (the browsing paradox), this can be
extended, so another idea is to allow the browsers not to proxy only to
URLs but to proxy to interfaces (such as WebSockets, XHR and WebRTC) and
why not to exit directly to the networks (ie maybe for example bypass in
some cases the same origine policy limitation of XHR to send requests to
the networks, this one is hypothetical so don't focus on it).

This would allow to implement things such as uProxy, Tor nodes inside
browsers, anonymous browsing, and other apps mentionned above, each app
could work in background when applicable not depending on whether the
browser is open or not.

Of course this is not trivial and numerous aspects must be
studied/defined, but I hope it's clear that the usual "insecure
browsers" and "insecure js" arguments do not apply here, even if it must
be properly addressed, will try to get some financing for this, open to
proposals too.

-- 
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms



More information about the liberationtech mailing list