FD mailing list died. Time for new one (or something better!)

coderman coderman at gmail.com
Thu Mar 20 13:52:49 PDT 2014

On Thu, Mar 20, 2014 at 9:55 AM, coderman <coderman at gmail.com> wrote:
> ...

as some earlier experiments on ad-hoc usability observations,

win desktop user with technical ability able to download and verify
signatures on TBB within ~6m, including pubkey and digest based
verification.  bootstrapping and verifying correct Tor use in the
browser to a check site consumed another 4min.

downloading pidgin with otr and configuring to use ccc.de with
encryption, create new account on server yes, enable OTR, generate key
and note fingerprint, set settings to always enforce OTR and don't log
OTR chats (if not already defaulted to don't save) consumed another

in total, 16min to bootstrap private end-to-end messaging over Tor
anonymity network.  not bad!  bridge and obfuscated proxy support now
also as easy (mostly :)


for mobile space, the experience with a different guinea pig was
similar with Orbot and ChatSecure(Gibberbot), ~10-15min to provision
new client.


configuring hidden services securely is where things currently fall
apart, as I have not been able to walk a new user through this process
without significant difficulties and confusion.  this is essentially
on par with encrypted email using the usual suspects, which i also
could not successfully walk a new user through without significant
difficulties and configurations prone to silent catastrophic failures
to encrypt.


this is why xmpp with otr is called out for consistent usability and
availability benefits over standard email or listserv (on osx, win,
*nix, android, ios, windows phone, ?)

as for how long to deploy?  time an ansible playbook the definitive
answer.  till then!
  [ more than a cypherpunk hacker day, less than a cypherpunk hacker
month... probably. ]

More information about the cypherpunks mailing list