In your resources section - you're not drawing a direct comparison but do note model shortcomings. No worries there.. I'm trying to understand what your design is in the context of your opening email to the list:
"military grade encryption and no authority can have any control over it. one design goal behind it was actually to make it resilient towards government imposed censorship and filtering" Which is why I brought up I2P's existing stack for example. I'll leave it be, I'm not trying to stir you up. I'm just trying to understand the decisions made in that statement's context. Cheers, -Ali On Fri, Jun 28, 2013 at 4:19 AM, Alireza Mahdian <alireza.mahd...@gmail.com> wrote: > MyZone is not addressing the same issues as Tor and I2P. I have never > compared them to MyZone in any part of my thesis. I was also never critical > of those systems as they are not relevant to what MyZone tries to achieve > with the exception of Diaspora which is not a peer to peer application and > requires its users to set up their own servers. I also specifically point > out the security limitations of our approach in section 7.3. If the CA is > compromised then the security of all users is jeopardized as for any PKI. > Even if the CA is attacked (DDoS attack not a private key hijacking) the > existing users are not affected since the public key of the CA is already > shipped with the software. > > On Jun 28, 2013, at 1:56 AM, Ali-Reza Anghaie <a...@packetknife.com> wrote: > > Thank you - I read your comments on Diaspora, Tor, I2P, etc. and > through section 4.2.2 (Adversary Model) of your thesis. I find it > curious that some of the issues you're critical of in those systems > you've actually implemented into your own design (e.g. you do have a > central server/trust dependency with the CA). I may go back and > continue reading 5 later as I'm interested in how you implement your > CA model (4.2.1 / 6.1). My questions of the earlier sections probably > would only be addressed further in the thesis. Until next time - good > luck. Cheers, -Ali > > > On Fri, Jun 28, 2013 at 3:37 AM, Alireza Mahdian > <alireza.mahd...@gmail.com> wrote: > > First of all anonymity is not a goal here. I have to be clear on that. A > structure similar to I2P or Tor that uses overlay network would be very > inefficient due to network delays). as for using a Jetty stack we chose Java > as the language to implement this software in order to have a platform > independent application in one code base and at it is also supported on > Android as we are developing an smartphone app as well. Using Java has saved > us a lot of time getting this app ready for different platforms. The jetty > is a lightweight Java based web server that also installs on android so > seemed like a good choice to use to serve the UIs and we chose to use web > interface to implement the UIs as it feels more like common social networks > like facebook and google+ also future UI enhancements are easier on a web > app. as for the user, they are not even aware that a web server is being run > on their computer as no installation or configuration has been done by the > user. they only run the MyZone launcher and it opens up the browser loading > their feed page. We have considered a lot of user feedbacks when we designed > MyZone. this software has a somewhat complex design and there are so many > small details involved as well so if you have any further questions > regarding our design choices I would like to refer you to > http://joinmyzone.com/Thesis.pdf > > On Jun 28, 2013, at 1:17 AM, Ali-Reza Anghaie <a...@packetknife.com> wrote: > > *nod* Yeah, that's was the hint I got.. but the bits about relay > servers, registration, etc. Lets set those aside. > > How do you ~intend~ for this to behave in the wild? Every single > client w/ a Jetty stack? And - given that footprint - why not start > within a framework like I2P? (I'm not recommending anything, I'm > trying to understand without going too far off-kilter.) > > -Ali > > > On Fri, Jun 28, 2013 at 3:09 AM, Alireza Mahdian > <alireza.mahd...@gmail.com> wrote: > > those are all to protect our organization (CU Boulder) from any liability. > also the contents that can be shared on this social network can be pretty > much anything and since we can't control or monitor any of the contents > being shared we had to have a strict terms of use agreement just to be clear > that if the terms of use agreement is violated we are not gonna be liable. > > On Jun 28, 2013, at 1:06 AM, Ali-Reza Anghaie <a...@packetknife.com> wrote: > > I had similar confusion when I first started poking around - couldn't > find a proper LICENSE file and then the ToUs including things that > read an awful lot like Facebook instead of a distrubuted > privacy-centric system. > > Including: > > --- > a. You will not provide any false personal information on MyZone, or > create an account for anyone other than yourself without permission. > > b. You will not create more than one personal profile. > --- > > My guess is this is because of the Uni affiliation right now.. > > Architecture right now I'm not going to comment on. Going to > reconsider past biases first.. -Ali > > > On Fri, Jun 28, 2013 at 2:59 AM, Alireza Mahdian > <alireza.mahd...@gmail.com> wrote: > > this is to prevent modifications that would render it as a malware. I > haven't signed the code yet so I am just protecting myself from such > liabilities. > > On Jun 28, 2013, at 12:51 AM, John Sullivan <jo...@fsf.org> wrote: > > I like the idea, so I was checking it out. I was confused by this > statement in the download terms: > > Since MyZone Client Application is open source, you will not change any > part of MyZone’s code without the written approval of MyZone’s copyright > owner Alireza Mahdian reached at (alireza.mahdian at colorado dot edu). > > > Can you explain what you mean? Usually, something called "open source" > can be modified without any additional written approval. > > -john > > -- > John Sullivan | Executive Director, Free Software Foundation > GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS > > Do you use free software? Donate to join the FSF and support freedom at > <http://www.fsf.org/register_form?referrer=8096>. > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Alireza Mahdian > Department of Computer Science > University of Colorado at Boulder > Email: alireza.mahd...@gmail.com > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Alireza Mahdian > Department of Computer Science > University of Colorado at Boulder > Email: alireza.mahd...@gmail.com > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Alireza Mahdian > Department of Computer Science > University of Colorado at Boulder > Email: alireza.mahd...@gmail.com > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Alireza Mahdian > Department of Computer Science > University of Colorado at Boulder > Email: alireza.mahd...@gmail.com > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
