Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Any project missing on the updated map of a "GNU Internet" ?

Jonathan Wilkes jancsika at
Mon Oct 5 10:37:50 PDT 2015

Glad to see you finally removed Oneswarm. :)

I personally find your chart difficult to read.  Nevertheless, I have a suggestionthat I believe would improve its quality for a general audience:

You really need a color that means "available and widely-used".
You can probably just ask the respective devs whether their software is widely-used, andthey'll give you an honest answer.  However as a shortcut just ask:
1) Do the devs of other projects use this software as a point of reference?For example, Joanna (Qubes) and Patrick (Whonix) have both written publiclyabout TAILS (as has pretty much every other serious security expert).  Thatdoesn't mean one should necessarily use it, but it does mean the user hasa better chance of understanding the benefits and costs of using that pieceof software.
2) Is the software usable by non-technical people?  If not it's less likelyto have a lot of users.
As an example-- Gnunet filesharing may technically be "available", but I haven'tused it successfully nor heard of a single person using it successfully.  (I evenasked on their irc and nobody there used it.)  TAILS, for better or worse, _is_anonymity on the web/net.  It's misleading to use the same color for those twopieces of software.

     On Monday, October 5, 2015 10:51 AM, carlo von lynX <lynX at> wrote:

 On Mon, Oct 05, 2015 at 04:17:05PM +0200, Lluís Batlle i Rossell wrote:
> Well, we don't have build farms for ARM, so it is common for people to
> build all there, for example. Following upstream means building more than
> gentoo, because the dependencies are totally explicit at any point.

Oh, good to know. On the other hand it should be safe to randomly use
prebuilt binaries because all binaries are reproducible, so a malevolent
provider cannot know in advance which packages will be checked for
reproducibility... yes?

> As for the rest of your advices, I'm quite aware about the uses of
> leaked metadata, the problems of xmpp, etc. :) I quite follow the project.
> I just wanted to help have more pieces in the map - I do not consider
> them a final solution.

Yes, none of the things on the map solve the entire puzzle. There's
plenty of redundancy while at the same time there isn't a complete
stack ready to go, let alone several.

> Maybe you could mention also somewhere that modern PGP thing (which is pgp at
> the end): It just came to mind.

There are several stop-gap opportunistic approaches to key retrieval
around.. pEp, LEAP. I think we should be leveraging the social graph
for key acquisition instead, with a private distributed implementation
like GNS for example. You use it like an address book and your social
network guarantees that you picked the correct public key, without
any state authority knowing anything.

  E-mail is public! Talk to me in private using encryption:
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: Unsubscribe, change to digest, or change password by emailing moderator at companys at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list