[liberationtech] Why Skype (real-time) is losing out to WeChat (async)

Mon Dec 24 21:24:19 PST 2012

Maxim, I believe your assumptions are based on living in the west.
I live in a more or less accessible part of rural Thailand, but I have
friends who have to climb a hill periodically to get the SMS messages
waiting for them, have an old phone because they got it as a present from
the bank, etc. Even I (slick, geeky city boy in local standards) have a
nexus 1, and if I had money for something better, I'd spend it on something
else.

I find Nathan's observation that push-to-talk is gaining popularity (at
least in 99% of the world :) ) quite reassurring, because it means that if
you build it they WILL come (and that wasn't intuitive to me before reading
his observation).

I have an idea (inspired by http://0bin.net/faq/ and its weird "threat
model") for end to end crypto with zero software on the receiving end.
Maybe it's a stupid idea, but at least it should be easy to implement :)

By default it's just security-thru-obscurity, but a user can "upgrade" it
to "real security" by giving a damn.
The app records the sound,and uploads it to a Tahoe-LAFS grid (this can be
a "freemium" service maintained by the operator).
We now have a URL that is both a pointer to the data and a session-key.
To send the URL we use the phone's "share" mechanism: the user can choose
various plaintext or encypted options from other apps already installed on
the user's phone. sms (can be securetext), xmpp (can be gibberbot), email
(can be apg), etc.

True. If you don't give a damn and choose plaintext, a powerful and
determined adversary can monitor your audio, but at least it protects the
storage operator from demands to monitor the conversations (the
"0bin.netmotivation") and adds some background noise to the system.

Such an app shouldn't be marketed with "crypto-hype" but simply as a
"yousendit clone" (I'm not even sure whether "WE can't spy on you" is a
selling point for the "facebook generation"). The service should gain
traction because it's simple/literacy-not-required/etc.
Once it exists - activists can be told that using it WISELY (sharing the
url via a secure channel) is [pretty] secure.

Does this idea make sense, or is its lightness too unbearable? :)

Cheers,
The Dod

On Mon, Dec 24, 2012 at 6:25 PM, Maxim Kammerer <mk at dee.su> wrote:

> On Mon, Dec 24, 2012 at 8:10 AM, Nathan of Guardian
> <nathan at guardianproject.info> wrote:
> > Why is a text messaging/push-to-talk model winning out over
> > an instant messaging/VoIP model, in places like Africa and Asia,
> > regardless of known increased risk and decreased privacy and safety?
>
> I think that the reason is simple and obvious: society shifts to
> preferring more impersonal communication. Same reason that teenagers
> prefer texting to talking on phone, and hanging out to dating.
>
> > Other than the typical "users are dumb" answer,
>
> Users (on average) are not dumb, but they are irrational and lazy,
> like people in general. So they will do what's most straightforward
> (insecure communications, web apps). I am guilty of the same, but at
> least I don't care (most of the time) if I am under surveillance. When
> I do, I have the tools I trust (see signature). But the reason I am
> aware of the dangers is relevant experience, not propaganda. That's
> why firms hire “red teams” — execs are forced to stop irrationally
> dismissing intrusion dangers after being shown how it is done on their
> turf.
>
> What follows is that for an anarchist group of activists / regular
> people, you probably cannot do much. If a group forms an
> orders-following hierarchy, it's a different thing — you only need to
> convince the leaders.
>
> > Why Skype/real-time is losing
>
> Opinions wrt. your hypotheses below:
>
> > 1) Noticeable impact on mobile battery life if left logged in all the
> > time (holding open sockets to multiple servers? less efficient use of
> push?)
>
> No, unless the difference is drastic.
>
> > 2) Real-time, full duplex communications requires constant, decent
> > bandwidth; degradation is very noticeable, especially with video
>
> Doubt it.
>
> > 3) App is very large (a good amount of native code), and a bit laggy
> > during login and contacts lookup
>
> No. Just a reason to buy faster devices with more memory.
>
> > 4) Old and tired (aka not shiny) perception of brand; too much push of
> > "pay" services
>
> No. (Don't see people throwing out their iPhones just yet.)
>
> > 5) Requires "new" username and password (aka not based on existing phone
> > number), and lookup/adding of new contacts
>
> No.
>
> > 6) US/EU based super-nodes may increase latency issues; vs China/Asia
> > based servers
>
> People shift to impersonal communication everywhere, not just in Asia.
>
> > Why WeChat (and WhatsApp, Kakao, etc) async are winning
> >
> > 1) Push-to-talk voice negates nearly all bandwidth, throughput and
> > latency issues of mobile.
>
> Doubt that's the reason.
>
> > 2) Push-to-talk is better than instant messaging for low literacy,
> > mixed-written language communities; The "bootstrap" process for Skype is
> > very text heavy still
>
> Push-to-talk is an alternative to interactive calls, not IM.
>
> > 3) Apps feel more lightweight both from size, and from network stack
> > (mostly just using HTTPS with some push mechanism)
>
> No.
>
> > 5) Shiny, new hotness, with fun themes, personalization, and focus on
> "free"
>
> Unless WeChat are the first to think about those things, no.
>
> > 6) Picture, video, file sharing made very easy - aka a first order
> > operation, not a secondary feature; chats are a seamless mix of media
>
> Doubt it.
>
> > 7) Persistent, group chat/messaging works very well (since its just
> > async/store and forward, its very easy to send many-to-many)
>
> Maybe.
>
> > 8) Identity often based on existing phone number, so signup is easy, and
> > messaging to existing contacts is seamless
>
> I think there are many similar services that do that.
>
> > 9) More viral - you can message people not on the service, and they will
> > be spammed to sign up for the service
>
> LOL, no.
>
> > Is my thinking headed in the right direction?
>
> I think that you are missing key societal changes that drive the new
> offerings.
>
> > Should we try to turn Gibberbot into a more-secure
> > WhatsApp/WeChat clone?
>
> You can try, but I doubt that anyone except a minority of security
> enthusiasts will use it instead of established solutions.
>
> Best regards,
> Maxim
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121225/8f916db6/attachment.html>