On Tue, Jul 19, 2016 at 8:42 AM Rayzer <[1]rayzer@riseup.net> wrote:

     On 07/19/2016 02:12 AM, stef wrote:
     > On Tue, Jul 19, 2016 at 11:44:16AM +0300, Georgi Guninski wrote:
     >> Instead of only bashing tor, why not discuss the alternatives and
     move
     >> to something allegedly better?
     >>
     >> Certainly some advanced attack and/or backdoor will screw them
     all.
     >>
     >> For a start, I would like to know:
     >>
     >> 1. What are alternatives to tor (possibly with less
     functionality)?
     > from the top of my head:
     > dissent,
     > riffle,
     > i2p,
     > mixminion
     > pynchon-gate
     > percy++
     >
     >> 2. Is the alternative known to be in bed with shady stuff like
     TLAs?
     >> 3. Did they have braindamaged bugs (like debian's openssl
     memset())?
     >> 4. What is their security/anonymity bug history?
     >> 5. To what attacks they are known to be vulnerable?
     >> 6. To what attacks they are conjectured to be immune?
     >>
     >> As an aside, I heard critique of Riffle: MIT are allegedly in bed
     with
     >> USA. Don't know it this makes sense or not.
     >>
     > ---end quoted text---
     >
     dissent,
     riffle,
     i2p,
     mixminion
     pynchon-gate
     percy++
     NONE of these are intended for the same target audience as tor. IOW
     NONE
     of the above could CONCEIVABLY be used by a journalist or
     computer-illiterate dissident in Tanzania right NOW.

   One (not really) counterexample, though for a very narrow use case
   is/was NightWeb, which was an Android app that embedded I2P. Was
   somewhat easier to set up than OrBot plus a browser, but unfortunately
   its author abandoned it. Again, though, not actually the web, though
   email through Tor is not exactly easy to use either. Speaking of which,
   there's also a standalone Bote app. You can only send messages to other
   Bote users, but it's easier to set up and probably more secure than
   Tor-based solutions due to the lack of a central target, despite the
   concerns about I2P's security you mention below.

     And honestly, imho, I2P is probably just a compromises as tor, but
     it's
     so much more fucking obuscurant, to hide that possibility. I tried
     using
     it for a while. Fucking useless and continues to be so.

   This continues to be my main concern about I2P. It hasn't had nearly
   the attention Tor has. It could have gaping holes and we wouldn't
   necessarily know about them, while any holes in Tor have to be subtle
   at this point, opinions about Tor's funding & governance model
   notwithstanding.

     No one's mentioned Retroshare. It seems a likely candidate.

   I keep meaning to spend more time looking at that. Thanks for the
   reminder.

     Rr

References

   1. mailto:rayzer@riseup.net