what to install on a secure communication device
I'm looking to build a list for reasonably secure (no snake oil) ways to communicate (search, store, etc.). My ad hoc list so far is: Pidgin/OTR cables Jitsi Tor YaCy RetroShare TorChat Tahoe LAFS GnuNet No doubt I'm missing a lot. Any further suggestions?
On Sat, Aug 31, 2013 at 4:47 AM, Eugen Leitl <eugen@leitl.org> wrote:
I'm looking to build a list for reasonably secure (no snake oil) ways to communicate (search, store, etc.). My ad hoc list so far is:
Pidgin/OTR cables Jitsi Tor YaCy RetroShare TorChat Tahoe LAFS GnuNet
No doubt I'm missing a lot. Any further suggestions?
TrueCrypt-encrypted data saved on microSD cards sent over sneakernet, optionally hidden in a hollow bootheel? Small amounts of sensitive data stored in innocuous-seeming formats through steganography (eg, http://www.jjtc.com/Steganography/tools.html ), made publicly available? Thank you for your time, -- DataPacRat "Then again, I could be wrong."
Jitsi does OTR too, though it's a little weird to set up. A small team I work with is using SparkleShare, which you can set up to use an SSH tunnel as a connection proxy and even make sshd listen over a hidden service, so that's pretty cool though a bit of an esoteric process for your unaware teammates. I still use PGP email (actually more over the last 4 months) and Thunderbird and Enigmail still work on all platforms. -lee On Sat, Aug 31, 2013 at 4:47 AM, Eugen Leitl <eugen@leitl.org> wrote:
I'm looking to build a list for reasonably secure (no snake oil) ways to communicate (search, store, etc.). My ad hoc list so far is:
Pidgin/OTR cables Jitsi Tor YaCy RetroShare TorChat Tahoe LAFS GnuNet
No doubt I'm missing a lot. Any further suggestions?
On Sat, 2013-08-31 at 10:47 +0200, Eugen Leitl wrote:
I'm looking to build a list for reasonably secure (no snake oil) ways to communicate (search, store, etc.). My ad hoc list so far is:
Pidgin/OTR
OTR is good, but libpurple is a "rat's nest of zero days" according to many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's better though. Maybe irssi+otr?
cables
Is there really enough peer review of this system for it to be useful?
GnuNet
I think this is redundant with Retroshare -- but I'd probably prefer GNUnet over RetroShare. GNUnet does f2f and p2p, and is developed by really smart people with a great track record.
No doubt I'm missing a lot. Any further suggestions?
* Freenet -- also redundant with GNUnet, but better suited to censorship-proof storage. * Any async voice/video? Probably way easier to secure than real-time. What's the endgame for this? Just a webpage with a list of stuff on it? A livecd with stuff on it? With or without redundancy? -- Sent from Ubuntu
Ted Smith wrote:
Pidgin/OTR
OTR is good, but libpurple is a "rat's nest of zero days" according to many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's better though. Maybe irssi+otr?
libpurple may be a "rat's nest of zero days", but irssi+otr is a nightmare to get working properly. I've given up on it, and I've started using mcabber+otr instead. bitlbee+otr might be a better choice, and might provide the same network access as libpurple, with irssi as the interface. However, I can't comment as to the usability of such a configuration.
On Mon, 2013-09-02 at 12:37 -0230, Damian Gerow wrote:
Ted Smith wrote:
Pidgin/OTR
OTR is good, but libpurple is a "rat's nest of zero days" according to many (notably Jacob Applebaum), so I think I'd avoid it. Not sure what's better though. Maybe irssi+otr?
libpurple may be a "rat's nest of zero days", but irssi+otr is a nightmare to get working properly. I've given up on it, and I've started using mcabber+otr instead.
bitlbee+otr might be a better choice, and might provide the same network access as libpurple, with irssi as the interface. However, I can't comment as to the usability of such a configuration.
Last I looked, Bitlbee used an in-tree fork of an ancient version of libpurple for its protocol support. That may have changed since. /Nick
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/01/2013 05:44 PM, Ted Smith wrote:
cables Is there really enough peer review of this system for it to be useful?
I am uncertain. That the last time the codebase was updated was nine months ago (https://github.com/mkdesu/cables) is somewhat concerning.
What's the endgame for this? Just a webpage with a list of stuff on it? A livecd with stuff on it? With or without redundancy?
More toolkits being passed around and trained on? - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Where does the flame go when it is blown out? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIl+9EACgkQO9j/K4B7F8HigwCguvOwzwREj6sLHFp3gddfh9uv kWAAoMjWX7ChBfsuW7zEZ2YsRGxnjpVp =GCc5 -----END PGP SIGNATURE-----
On Tue, 2013-09-03 at 11:10 -0400, The Doctor wrote:
What's the endgame for this? Just a webpage with a list of stuff on it? A livecd with stuff on it? With or without redundancy?
More toolkits being passed around and trained on?
I'm just curious; it does make what I'd recommend somewhat different. For example, you could pick one of each of these things, and build a Live CD that would have all of them (a TAILS variant, maybe). Then it'd be easy to download and use that for non-technical users (I have known several non-technical activists that have used TAILS, and switched from using encrypted laptops to TAILS). If you wanted a wiki for similar reasons, you'd also not want redundancy. But, if you wanted a wiki for the cypherpunks community, you'd want the redundancy, in order to get people to evaluate each of them. -- Sent from Ubuntu
participants (7)
-
Damian Gerow -
DataPacRat -
Eugen Leitl -
Lee Azzarello -
Nick -
Ted Smith -
The Doctor