On Wed, Oct 23, 2019 at 08:14:13AM +0000, jim bell wrote:
On Tuesday, October 22, 2019, 11:42:04 PM PDT, Zenaan Harkness <zen@freedbms.net> wrote: On Tue, Oct 22, 2019 at 08:48:11PM +0000, jim bell wrote:
On Tuesday, October 22, 2019, 02:51:16 AM PDT, Zenaan Harkness <zen@freedbms.net> wrote:
...
I think seeking donations may be a little to soon, but I ABSOLUTELY INSIST that you hold the authority on this front!
I should have been clearer as to why I suggested contacting these organization. Obtaining funds is, of course, a good possibility, but even more important: We want to be able to demonstrate why the whole TOR arrangement is rotten and corrupt. Some of the organizations donating to TOR are merely carrying the Feds' water, but a few might not be. Put yourself in their place: Do they currently have an opportunity to support anonymized communication, other than TOR? If they don't, let's give it to them.
I am strongly with Juan on this one - we have yet to establish even whether we can "convince ourselves" that what we want to achieve is technically possible.
Yes, we need to address numerous issues; That's one reason I left that email for I2P. There are, no doubt, many other people who are considering this problem, this possible task.
Where does the hardware come from?
Here's a core thought that has been for me "I just assumed this was the aim" kinda thought: - A compelling system ought be flexible enough to cater for the majority of end users, and provide desired benefits (with whatever performance tradeoffs are necessary), "on demand" so to speak - or, as in part of the design of "what's possible" - different usage modalities. - When we look at the world's mobile phone users in aggregate, we have a very large sample space (statistically speaking), and IF we can reason mathematically about the various connectivity and performance issues of interest (latency, bandwidth, detectability of problems etc), then for a completely rando hypothetical, one could imagine say a coloured IQNets "security" bar and a slider: - the bar goes from Red to Green, where Red means "I am not connected to any known friends, don't do anything stupid" and Green might mean "I am connected to 7 friends of "some minimum meat space trust level" as well as have a private dark fibre back haul (perhaps a wifi link to a neighbour) - the slider might go from "do NOT allow any internet access, even at "high latency allowed" setting, unless I have N connections of type T, to "allow internet access, even if I'm not connected to any friend, I just wanna watch youtube at any cost". And the bittorrent paper speaks to incentivization, which rings "dang good idea where possible, let's think about that"; see: iqnets/doc/urls-papers_and_research.txt http://www.bittorrent.org/bittorrentecon.pdf Point being, if it's possible to incentivize natural and desired usage patterns, IQNets should be possible to go viral with no significant hardware "$$ outlay" required at all! - This may, or may not, be possible, but right now we just don't know.
How about the funding?
I have faith that if we can logically discuss and argue and reason to a sufficient extent, whereby at least a few of us believe "something useful should indeed by possible to implement, purely in software, and run on an average mobile phone", and if I and/or others at that point in time are NOT able to put the time in to coding and testing and that we really do need money for such, or if we do happen to need money for hardware, then money will be an eminently and readily solvable problem at that time. For now, I for example am living in Australia - best country in the world! I have sufficient if humble clothing and shelter, no shortage of food, and a laptop that despite being ~7 years old, is insanely powerful by standards of just a little over a decade ago. This is abundance of the first order by any historical standard, and for which I am personally grateful. And please note well: the sudden appearance of funding for say 1k small physical computers, would bring upon ourselves a completely unnecessary pressure to try and figure out how to use those computers, rather than to do what we need to do, at this stage, which is to reason about the problem space from a technical (programming, logical and mathematical) perspective. Such pressure would be literally counter productive.
What about the software? Who will handle the nodes?
See above. Ideally, an average human will want to run a node - Juan was right on point when he suggested "create a network to serve 'pirated' content" - that's kinda exactly what the CIA/NSA did with Tor, then promptly turned around and said "well, acshually, please don't torrent over our precious precious network, but hey, if you're bold enough, you might get away with downloading a bit of porn" - no they didn't actually say that, but that has kinda been actually said by them. <conspiratorial temple tap>Say no more, say no more.</>
But if the project is to happen, we should attempt to solve every part of the problem.
But, timing! We must be rational, as best we can, in every step we take. Do not put the cart before the horse.
And that other people may have already anticipated a portion of the solution.
All are welcome to think, thunk, put brain into gear, challenge, opppose, ack, nack and/or invite others to do so. This is where we're at right now, and for the foreseeable future. But, we're not even at something that could even be considered a design - sure a few basics of what we believe we need to achieve to improve on the status quo, but there are a lot of vectors to this problem space, and we've barely scratched the surface. Really!
This contemplation, design, challenge and re-design cycle may iterate for months, and may possibly either not conclude, or conclude with "we can't be sure we can relevantly improve the status quo".
We are doing what needs to be done, considering all parts of the problem. By contacting other people who may have been considering parts of the problem, we may be able to put together some puzzle-pieces. The I2P people may already have all the software necessary, or at least source-code that can be ported to a computer we might want to use.
Jim, all I can say is good luck, and perhaps consider whether there is any impatience driving you to act in certain ways before it is time, and thereby, quite possibly, causing real and unforeseen problems. I empathize, I really do. And we must begin as rationally as we can, from here, from right now, not from where we would like the world to be, but from where it is now. (E.g., we already know that there are 1 or 2 attempts, underway, to rewrite I2P to remove technical debt, and neither AFAI am aware, are even considering chaff fill.)
Of course enthusiasm is to be admired, but we must check ourselves appropriately, and Juan has voiced an important fundamental "check" in this instance, which I agree with (to repeat, "we don't even know what we're doing, nor whether we believe it's possible/ probable").
Well, before TOR actually existed for the first time, whether an anonymization network was "possible" was unknown. But we've long learned it is indeed possible. We are just trying to implement it a second time, in a different way.
But the folks who funded Tor sure didn't put in millions per year on unsound rationale! Have a read some of Dingledine's historicals that he shared, it's too long ago for me I'd have to go re-read all of TorProject.org, but it's relatively generous sharing, of a sort. I2P did implement an anonymization network, in a different way to Tor. I consider their work a rather successful prototype showing yet some core deficiencies, just as any next such coding shall most likely also be.
We have a major advantage in the fact that our intended network will likely be far more economical than TOR funding supports. This article shows that 2017 revenue for the TOR project is https://www.secureworldexpo.com/industry-news/tor-government-funding-numbers $4.2 million dollars.
What would a 6,000 node replacement for TOR cost? Multiply by one-time cost of about $80 for the node hardware, and that's about $480,000. If we could get a $20 monthly subsidy for Internet service for each node, that's $120,000 per month, or $1.44 million per year. About one third of TOR. (Such a subsidy would pay for an upgrade from a typical 40 Mbits/second node with limited monthly data, to a 1 Gigabit service with unlimited data. Many people would jump on the bandwagon just for this perk.)
But, and to echo Juan again, do we know that "a 6K node" phys net is even useful, or that we have something significantly "advanced in respect of today's status quo"?
I don't, it's just numbers at this point. But I want to get other people THINKING about what we are considering: What would it take to implement a competing, TOR-like system. How much money? What hardware? What software? Who would volunteer to host a node?
See above.
And the obvious answer is no, certainly not yet.
But that's why we must continue to talk, amongst ourselves, and with others at well.
I want to contact these organizations, more to establish the ones who would FAIL to help us. We can use such a list for fundraising. We can say, "These organizations supported TOR for an unknown reason, but when they were given the opportunity to fund a true competitor to TOR, they punted and wouldn't help us. Doesn't that tell you something about why they support(ed) TOR?
It may well be that every (or nearly all) org that has funded Tor, has been nothing but a conduit for the CIA. Tor is the CIA's pet project - as long as they control the directory authority nodes (thus the lynching of Jacob Applebaum) they have a tool where they have the upper hand over the entire world, where that tool is the only "useful in any practical sense of the word" tool of this type...
Perhaps, but let's find out, shall we? We have that as a working hypothesis, so how do we test it? I have a relatively easy solution: Contact all the former and current funders, and pitch another system, much cheaper than TOR's current costs. If they are indeed puppets of the CIA, they will likely refuse. (Or they will offer money, but on conditions we won't accept.) If SOME of them are not puppets, they will consider our plan. Maybe even provide some funding. Whatever the result, we will be able to use it (the money, or the information that they won't donate)to the benefit of our project.
See above - funding for hardware, and worse, purchase of hardware, would be completely deflating/ frustrating/ counter productive at this stage, in my opionion. And to get some data points on USGov vs Corporation funding of Tor? Again, completely unneeded at this point in time - and it only takes a few weeks, at any point in time that doing so might be useful.
Remember, a very successful project would result if ...
My friend, now -that- is an assumption. You know what they say when we assume.
... we can subsidize 1000 nodes, at a subsidy of $50/node, with the node-holders financing the Internet service costs. $50,000. If we cannot find ANY donors, from TOR's current and past donor list, that tells us something!
But knowing that data point (and what it tells us) actually does not help us - it may help as a marketing data point if someone wants to sell IQNets nodes as black boxes - possibly - but that is not compelling at all, to me, certainly not now, and my intention is to help design something that is compelling for an average modern human, and that can run on an average modern mobile phone at the least. Certain use cases may happen to benefit with permanent hardware - those possible black boxes - but damn, we're nowhere near knowing if, how, for what use cases, hw specs required, etc...
[snip]
I am certainly willing to participate, but I question whether I should be seen, by publicity, as "The Head Guy". I could just as easily be "One of many".
Not to worry - it's (far) too early to put ourselves in boxes as far as I'm concerned - I believe that it will be 4 to 6 months, bare minimum, just for us to analyze the problem space, and the relevant papers (current thoughts) on this space.
And at -that- point it might even make sense to code up a few actual tests, if we come to e.g. conclusions such as "well, since we've apparently satisfied ourselves in apparent logic that ABC should theoretically work but we're Not Sure (TM)(C)(R), at least we can whip up a test platform and eliminate variable XYZ" - but even this may not be possible - we may never reach the point of sufficient confidence. We may well, but we may not.
I am hoping that this I2P has the software down, and can port it to whatever hardware we'd like to use, or it is already ported to an acceptable selection of SBC's.
We know that's not the case. See above - I2P has demonstrated core deficiencies. At least, I2P is not sufficient in the general sense at least. You might have a specific use case (or 2 or 3), for which I2P is satisfactory, but even if you do (and I am not, at all, convinced of this) you might want to think about who would even bother to run your "black box I2P hardware nodes", even if they were free to run and with internet access subsidized, and considering all this, is your plan still sound... I shouldn't have to say it but I will - no doubt there are a goodly 10k CIA agents more than ready and willing to pretend to be "freedom motivated citizens" willing to receive your black boxes and run them, literally, from their homes. Me thinks you're not paranoid enough. Just some thoughts, Jim.
Again, I appreciate your support. But let's also find other people with less-tarnished reputations.
Here's my point - your reputation is only tainted in the eyes of those who don't care for facts, and who heed rumours.
Unfortunately, we may want to get the assistance of some of those people. Let's NOT think of this as being "Jim Bell's Project". It's nothing that thousands of people haven't thought about, perhaps only fleetingly, but nobody has yet put the pieces together. I merely repeated these people's wish.
Put another way is an old saying from some anon somewhere:
The things that matter, matter to those who matter; and the rest, simply don't matter. Anon.
Yes, the mob occasionally becomes relevant, but mostly in life we want to establish as quickly as possible whether those who cross our paths are actually worth our time of day at all!
And to that end, a few simple challenge questions are almost all that's ever needed to put an ignorant and plucky reporter or wanna be, in their place:
> "So did you check the facts?"
>[And of course, if they did not contact you directly, personally, they obviously never checked the facts, did they?]
And that, brother Jim, is what I call a firetrucking knockout :D
Wear that feather proudly! :)
That said - your job is not to be who you think I (or anyone else) want you to be - you job is to be you, which may entail a little self discovery of who you are - you've got some serious events and years under yer belt, so that's a fair bit of discovery, eh ;)
Real men gotta be alpha.
You need help, you ask!
I am personally only getting going on this, because of you, to support you personally. I wanted to get going years ago, and really wanted to handle other things a bit more for the next year, but we're outta time, and you called, so here I am, answering your call! My own contributions may be insufficient, but by the grace of our Creator, it's what I have to offer. I am in service.
Do not let me down by failing to hold your own authority, with dignity, and firmly.
Peace,
Okay, let's hear more ideas from other people, as well. Jim Bell
| | | | | |
|
| | | | 4 Sources of Income: Who Pays to Keep the Tor Browser Going?
Bruce Sussman
Tor browser receives government funding. How much does the U.S. government pay Tor each year? What are the Tor s... |
|
|