So sad. I have a clue and don't trust Skype. But I can't for the life of me migrate my friends off of it. It's as addictive as crack. It's just better than the alternatives.
Anything that is as good as skype is going to allow contact tracing, that this person talks to that person.
Red herring-ish, but if you want to get your friends off Skype, don't wait for the golden solution. Pick something good-enough and use that. I've had moderate success migrating people to Jitsi. Similar ease of use once set up, and they now allow jit.si account creation within the application (under the XMPP option). Obviously not genuinely P2P. The only semi-viable alternative I can think of that *is* P2P, but have not yet tried, is VoiP in Retroshare. However, as I suggested in another thread, I'm not convinced Retroshare is up to the hard-crypto standard some people here might demand. That is, it'll block virtually everyone, but not the real fascists. Back on topic, I'm not sure that it's possible to achieve low-latency and endpoint obfuscation for something that requires streaming like VoiP. Tor is already pushing the boundaries of low-latency mixing with an asynchronous protocol that doesn't *require* perfect synchrony, such as would be required of VoiP. So you might have to sacrifice obfuscation of *who* you're talking to in order to achieve security across the wire, or trust third parties such as VPNs or friend-to-friend connections (Retroshare model) to provide lots of bandwidth. On 11/01/14 08:29, grarpamp wrote:
On Fri, Jan 10, 2014 at 12:58 AM, James A. Donald <jamesd@echeque.com> wrote:
On Mon, Dec 30, 2013 at 12:34 AM, ianG <iang@iang.org> wrote:
So sad. I have a clue and don't trust Skype. But I can't for the life of me migrate my friends off of it. It's as addictive as crack. It's just better than the alternatives.
Anything that is as good as skype is going to allow contact tracing, that this person talks to that person.
No... we are specifically talking about developing decentralized solutions here, so that that centralized lookup authority context and risk goes away.
Yes... a low latency non-fixed-length non-chaffed network will still have some characteristic risks... timing, etc. Yet likely nowhere near the order of the above centralized issues.
But it does not have to allow mass interception (the original skype did not allow mass interception), and it does not have to allow undetectable interception, which the original skype did allow.
That is just designing good applied crypto in the former, which nullifies the latter.