On Thu, Jan 9, 2014 at 9:58 PM, James A. Donald <[email protected]> wrote:
> On Mon, Dec 30, 2013 at 12:34 AM, ianG <[email protected]> wrote: > >> So sad. I have a clue and don't trust Skype. But I can't for the life of >> me migrate my friends off of it. It's as addictive as crack. It's just >> better than the alternatives. >> > > Anything that is as good as skype is going to allow contact tracing, that > this person talks to that person. > I think the challenge with building a new phone system is that the existing phone systems are already amazing. Skype filled a void for cheap long distance. But now that that void is filled, and you can call anybody in the world from your phone easily (unlimited nationwide plans are common, and Skype covers the rest of the world), it'll be very difficult for any new voice service to take root. But I could imagine it happening if: 1) It's backwards compatible with the current voice services (eg, you can call anybody with it, and they can call you, regardless of whether you use the service) 2) It offers tangible value to you even if the person you're calling isn't using it 3) It offers tangible value to you even if the people calling you don't use it 4) Those values increase as the number of people who use it increases 5) It automatically advertises itself With these, then you can fully adopt this service -- without any downsides -- and gain value from it regardless of whether anybody else does. Furthermore, the value increases as the network size increases, so you have an incentive to encourage others to use it. As for what that service might be, that's a tall bar. But I could imagine protection against dragnet-style government surveillance being compelling to a certain demographic. As for how that might work, that's tough. But imagine a new VoIP client like the old Skype (eg, P2P with a distributed relay service for NATs/firewalls), except truly encrypted. That would be pretty straightforward to do: the audio/video codecs are pretty refined, and there are great P2P libraries ready to go. The problem is: nobody is using is, so you have no reason to use it either. But what if everybody registered their "real" phone number with some DHT, and then coupled this app with a collection of VoIP->POTS (Plain Old Telephone System) gateways. So when I type in your phone number, first it checks to see if I can use this secure system, and contacts you directly via VoIP. But if you aren't in the system, it just calls you via a POTS gateway. Ok, so now we're backwards compatible, but it still doesn't really give me any advantage if nobody else is using it. So what if rather than just using one VoIP gateway, there were hundred, scattered across every area code, and every network. Then when I call you, if I can't use my truly secure VoIP connection, instead it just routes you through one of hundreds of random gateways. Voila -- we both get protection from dragnet collection of metadata (the NSA just sees that someone called you through one of these many gateways, without knowing it's me) *even though* you don't use the system. Next, every time I call someone through this system and it falls back on the POTS gateway, it plays a message saying something like "This line is only partially secured; install XXXX app to get fully secured. Connecting..." Now every user who uses this thing is automatically advertising what it is to recipients. The more it's used, the more it grows. Indeed, you could also couple it with SMS such that the first time anybody calls a new number, it texts a link to that number explaining what it is and linking to an app download. Ok, so now we have a system that is backwards compatible, breaks the "chicken and the egg" dilemma by offering value "out of the box" even to a single user, and automatically promotes itself. But what about incoming calls? How can I get the benefit of anonymity, but still give you a number that you can reliably call to get me? This one is a lot harder. One approach would be to let me generate new phone numbers on the fly, such that I can give out different numbers to everyone and they all go back to me. Again, anybody who calls these numbers with POTS would get connected to me transparently via the VoIP gateway (and might hear the marketing message / receive the SMS), and anybody who calls inside the system gets me directly. A problem with this is there are only so many phone numbers, and they cost money. So a different approach might be to just maintain like a hundred numbers, each of which has an "extension". So I give you a number like (XXX) XXX-XXX x XXXX -- it's a bit of a pain to use extensions, but it gives the same effect. Then tie this with a Gmail plugin that auto-randomizes your phone number in emails you send out (so you enter your own phone number, and it provisions/randomizes before delivery), and maybe something that just provisions a bunch of random numbers and prints out business cards to make it easy to deliver. Oh, and all this could work for SMS as well. Anyway, something like this might allow individuals to "opt in" to a new secure platform, without needing to "opt out" from the real world. -david
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
