On Thu, Mar 20, 2014 at 9:55 AM, coderman <coderman@gmail.com> wrote:
...
as some earlier experiments on ad-hoc usability observations, win desktop user with technical ability able to download and verify signatures on TBB within ~6m, including pubkey and digest based verification. bootstrapping and verifying correct Tor use in the browser to a check site consumed another 4min. downloading pidgin with otr and configuring to use ccc.de with encryption, create new account on server yes, enable OTR, generate key and note fingerprint, set settings to always enforce OTR and don't log OTR chats (if not already defaulted to don't save) consumed another 6min. in total, 16min to bootstrap private end-to-end messaging over Tor anonymity network. not bad! bridge and obfuscated proxy support now also as easy (mostly :) --- for mobile space, the experience with a different guinea pig was similar with Orbot and ChatSecure(Gibberbot), ~10-15min to provision new client. --- configuring hidden services securely is where things currently fall apart, as I have not been able to walk a new user through this process without significant difficulties and confusion. this is essentially on par with encrypted email using the usual suspects, which i also could not successfully walk a new user through without significant difficulties and configurations prone to silent catastrophic failures to encrypt. --- this is why xmpp with otr is called out for consistent usability and availability benefits over standard email or listserv (on osx, win, *nix, android, ios, windows phone, ?) as for how long to deploy? time an ansible playbook the definitive answer. till then! [ more than a cypherpunk hacker day, less than a cypherpunk hacker month... probably. ]