[liberationtech] [SPAM:###] Re: Google Unveils Tools to Access Web From Repressive Countries | TIME.com

[Adam Fisk]

Hi Everyone-

First off, apologies for the radio silence. My libtech reading has
decreased in direct proportion to the volume of traffic, which seems in
turn to have increased in direct proportion to my personal volume of work,
so I'm a bit late to the game. To provide some context, over at Brave New
Software we're still primarily focused on
Lantern<https://www.getlantern.org>and have been rolling out a series
of 1.0.0 beta releases we would greatly
appreciate everyone's feedback on. We've been trying hard to improve our
documentation, and all of our code is of course open
source<https://github.com/getlantern/lantern> with
an ever improving body of more detailed
documentation<https://github.com/getlantern/lantern/wiki> we're
in the process of migrating <https://github.com/getlantern/lantern-docs>.

That said, we have been involved with UProxy <https://uproxy.org/> since
the earliest stages and have written some of the code, but with the
University of Washington and Google Ideas really doing the heavy lifting.
We do, however, strongly believe in the potential of WebRTC to provide both
interesting cover traffic as well as usability improvements that come as a
result of reusing technology already built into the browser. One of the
primary goals of both Lantern and UProxy is to build solutions that can
scale to a large number of users without incurring unsustainable costs, and
allowing ordinary users to provide access easily is a huge part of that
effort. Another really vital aspect to both Lantern and UProxy is blocking
resistance, and particularly the idea that trust networks are a promising
path forward in that regard. I think we're seeing this now with private Tor
networks where bridges are distributed through trusted contacts, and that's
exactly what we're after with both Lantern and UProxy.

I will say that I completely agree with both the criticisms on some of the
messaging and with the security approach (which applies to both uproxy and
Lantern), and I'll elaborate on that. At BNS we have not controlled any of
the messaging, but as you said Roger, the following:

> It's completely encrypted and there's
> no way for the government to detect what?s happening because it just
> looks like voice traffic or chat traffic.

is a gross overstatement. I'm personally of the belief that the above is
simply not possible or at the very least extremely hard and unsolved, as I
think we've discussed a bit in person with regard to the efforts to
disguise Tor traffic as Skype traffic. I'm not sure I've ever said this
directly, but I'll say now publicly that you're one of the technologists I
personally hold in the highest possible regard, and I always welcome any
criticisms you may have. You've also given Lantern really valuable advice
from its earliest days, which I really appreciate. The above quote I think
is an unfortunate combination of a limited understanding of the technology
and conversation with a reporter who will pick the juiciest sound bites,
but it's clearly incorrect and just dangerous.

I also quickly wanted to also acknowledge Sascha's excellent point about
trust network mapping:

> I would be more concerned with adversary externaly
> observing the connections, seeing that a group of people from within
> country X are connecting to the same ip in country Y , thus relating
> those people in that group as sharing a node in a social graph, so to
> each other, while they might not have seen them as related before..

This is a concern that was discussed at some length yesterday at the Google
Ideas Summit, and it's a really astute observation others have also made,
most recently at CTS in Berlin. With Lantern it's considerably less of an
issue because Lantern uses
Kaleidoscope<https://github.com/getlantern/kaleidoscope> to
also share connections of contacts who are not direct friends, in Lantern's
case up to four degrees away. While that raises its own concerns in terms
of proxying through essentially total strangers (again with blocking
resistance as the goal), it does mitigate against social network mapping
attacks. In both the UProxy and Lantern cases, however, there is more
thought and research to be done, as it's not immediately obvious how
significant it is that two people know the same person, particularly when
that person is inherently living in another country that is uncensored.
That is by no means an effort to dismiss the critique but rather an
observation that the conclusions to draw aren't obvious at least to me.

On a final note, I just want to say I truly believe we're all after the
same ultimate goals of freedom of expression and speech around the world.
That may sound naive, but that's truly something I'm personally passionate
about. At Brave New Software we not only welcome but strongly encourage
critique and criticism of our work, and we deeply thank anyone willing to
take the time and to do the work to do so. For us I think that aspect of
work is a vital component. For so many of us on this list who are in the
trenches in this long term fight to build an Internet that's inherently
less susceptible to corruption and that inherently preserves freedom of
speech and freedom from control, the amount of work required to build those
systems well is staggering and sometime overwhelming. As a result I would
simply submit a plea that we take the work seriously and not engage in
frivolous debate or endless argument. We simply don't have time and can't
afford to operate inefficiently as a community. I see us all as
collaborators working towards the same ultimate goals, or at least close
enough ultimate goals that we can team up for a good while, and it's truly
a privilege to be a part of it all.

Thanks so much.

-Adam




On Tue, Oct 22, 2013 at 2:58 PM, Collin Anderson
<collin at averysmallbird.com>wrote:

>
> On Tue, Oct 22, 2013 at 1:36 AM, Roger Dingledine <arma at mit.edu> wrote:
>
>> That was a different guy though right? And surely this time
>> they're doing it right, with a comprehensive design document and threat
>> model, open source, etc before the publicity splash?
>>
>
> Sort of, but I think these challenges about Google or Jared Cohen's
> involvements with either are a bit immaterial -- particularly given the
> development chain and that I believe it will be open source at the time of
> actual use. My understanding is that uProxy simply opens a SOCKS connection
> to relay traffic with your G+/XMPP peer through WebRTC; it is not exactly
> reinventing the Internet or circumvention. Anyway, uProxy is developed by
> University of Washington and Brave New Software (Lantern), hence the
> "seeded by Google Ideas" note. The developers seemed to be kicking around
> thoughts on the next stage of transport, so it would be a prime time to
> bother them about pluggable transports.
>
> Adam is probably on Libtech, but I have CC'ed him just in case because it
> would probably be more useful to talk about Lantern right now than have
> things derail.
>
> --
> *Collin David Anderson*
> averysmallbird.com | @cda | Washington, D.C.
>



-- 
--
Adam
pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131022/ff215be3/attachment.html>