Instead of only bashing tor, why not discuss the alternatives?

Tue Jul 19 10:19:01 PDT 2016

On Tue, Jul 19, 2016 at 8:42 AM Rayzer <rayzer at riseup.net> wrote:

>
> On 07/19/2016 02:12 AM, stef wrote:
> > On Tue, Jul 19, 2016 at 11:44:16AM +0300, Georgi Guninski wrote:
> >> Instead of only bashing tor, why not discuss the alternatives and move
> >> to something allegedly better?
> >>
> >> Certainly some advanced attack and/or backdoor will screw them all.
> >>
> >> For a start, I would like to know:
> >>
> >> 1. What are alternatives to tor (possibly with less functionality)?
> > from the top of my head:
> > dissent,
> > riffle,
> > i2p,
> > mixminion
> > pynchon-gate
> > percy++
> >
> >> 2. Is the alternative known to be in bed with shady stuff like TLAs?
> >> 3. Did they have braindamaged bugs (like debian's openssl memset())?
> >> 4. What is their security/anonymity bug history?
> >> 5. To what attacks they are known to be vulnerable?
> >> 6. To what attacks they are conjectured to be immune?
> >>
> >> As an aside, I heard critique of Riffle: MIT are allegedly in bed with
> >> USA. Don't know it this makes sense or not.
> >>
> > ---end quoted text---
> >
>
> dissent,
> riffle,
> i2p,
> mixminion
> pynchon-gate
> percy++
>
> NONE of these are intended for the same target audience as tor. IOW NONE
> of the above could CONCEIVABLY be used by a journalist or
> computer-illiterate dissident in Tanzania right NOW.
>

One (not really) counterexample, though for a very narrow use case is/was
NightWeb, which was an Android app that embedded I2P. Was somewhat easier
to set up than OrBot plus a browser, but unfortunately its author abandoned
it. Again, though, not actually the web, though email through Tor is not
exactly easy to use either. Speaking of which, there's also a standalone
Bote app. You can only send messages to other Bote users, but it's easier
to set up and probably more secure than Tor-based solutions due to the lack
of a central target, despite the concerns about I2P's security you mention
below.

And honestly, imho, I2P is probably just a compromises as tor, but it's
> so much more fucking obuscurant, to hide that possibility. I tried using
> it for a while. Fucking useless and continues to be so.
>

This continues to be my main concern about I2P. It hasn't had nearly the
attention Tor has. It could have gaping holes and we wouldn't necessarily
know about them, while any holes in Tor have to be subtle at this point,
opinions about Tor's funding & governance model notwithstanding.

> No one's mentioned Retroshare. It seems a likely candidate.
>

I keep meaning to spend more time looking at that. Thanks for the reminder.

>
> Rr
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3561 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20160719/c74654b7/attachment-0002.txt>