[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Instead of only bashing tor, why not discuss the alternatives?

On Tue, Jul 19, 2016 at 8:42 AM Rayzer <rayzer@riseup.net> wrote:

On 07/19/2016 02:12 AM, stef wrote:
> On Tue, Jul 19, 2016 at 11:44:16AM +0300, Georgi Guninski wrote:
>> Instead of only bashing tor, why not discuss the alternatives and move
>> to something allegedly better?
>> Certainly some advanced attack and/or backdoor will screw them all.
>> For a start, I would like to know:
>> 1. What are alternatives to tor (possibly with less functionality)?
> from the top of my head:
> dissent,
> riffle,
> i2p,
> mixminion
> pynchon-gate
> percy++
>> 2. Is the alternative known to be in bed with shady stuff like TLAs?
>> 3. Did they have braindamaged bugs (like debian's openssl memset())?
>> 4. What is their security/anonymity bug history?
>> 5. To what attacks they are known to be vulnerable?
>> 6. To what attacks they are conjectured to be immune?
>> As an aside, I heard critique of Riffle: MIT are allegedly in bed with
>> USA. Don't know it this makes sense or not.
> ---end quoted text---


NONE of these are intended for the same target audience as tor. IOW NONE
of the above could CONCEIVABLY be used by a journalist or
computer-illiterate dissident in Tanzania right NOW.

One (not really) counterexample, though for a very narrow use case is/was NightWeb, which was an Android app that embedded I2P. Was somewhat easier to set up than OrBot plus a browser, but unfortunately its author abandoned it. Again, though, not actually the web, though email through Tor is not exactly easy to use either. Speaking of which, there's also a standalone Bote app. You can only send messages to other Bote users, but it's easier to set up and probably more secure than Tor-based solutions due to the lack of a central target, despite the concerns about I2P's security you mention below.

And honestly, imho, I2P is probably just a compromises as tor, but it's
so much more fucking obuscurant, to hide that possibility. I tried using
it for a while. Fucking useless and continues to be so.

This continues to be my main concern about I2P. It hasn't had nearly the attention Tor has. It could have gaping holes and we wouldn't necessarily know about them, while any holes in Tor have to be subtle at this point, opinions about Tor's funding & governance model notwithstanding.
No one's mentioned Retroshare. It seems a likely candidate.

I keep meaning to spend more time looking at that. Thanks for the reminder.