On Tue, Feb 03, 2015 at 02:22:33PM +0100, Ralph Meijer wrote: > I think everyone in our community knows that XMPP, as currently > designed, has no simple mechanism to obscure who's communicating with > whom. Going into more detail, federation as in e-mail or XMPP has this > problem in both extremes: if everyone is running their own server > (instead of a cloud service that could be compromised by a government > agency), the number of people associated with such a server is likely to > be low, making it easier to find out who's behind it.
Thanks for the ack, Ralph. > However, that is just one threat model, one that someone may or may not > find important enough to fix. Efforts to address other threat models > (like secrecy of messages themselves) are not suddenly worthless if you > can't hide who's communicating. Also, documenting current practise still > seems a great idea, to me. The problem here is that far too many people are investing time in the old communications model, be it applying crypto to SMTP or XMPP. And yet should one day, against the odds of disinterest or distraction, an actually functional distributed communications network arise, serving a better job at both messaging and social networking than even the cloud systems, how much does it matter, that SMTP or XMPP are safe from the perspective of some lesser threat models? It reminds me a bit of all the effort that went into digital fax technology. With my ISDN router came the ability to send fax directly from the word processor and to receive fax in text form thanks to automatic OCR. Yet, all the world switched to e-mail anyway. Why should they stick to a fax system even if it was fully integrated into the computing experience? Also, what lesser threat models can make sense? The exercise of democracy depends on constitutional freedoms like Secrecy of Correspondence and Freedom of Association (= metadata protection). With technology that has within only twenty years turned all democratic populations on Earth into fully surveillable and predictable populace, can there be any more important threat model? What's the use for a Syrian dissident that Google is on her side if in ten years later all her activity data can be handed over to the then possibly pro-Western government of Syria? I know these people are better served with something now than too late, but that's what they already have. The next thing they need is something that defends metadata - the foundation for forming a political opposition, the essential capacity of renewal of democracy. If we leave metadata up for grabs, we are co-responsible for a slippery slope towards global dismantlement of democracies. It doesn't take any evil conspiracies - it's the technology enabling and leading the way to hell. That's why I suggest you should not spend further years trying to get at so-called low-hanging fruit which each time ends up not hanging low at all (multi-end OTR is such a case) while there are new paradigms of Internet technology out there, waiting to be fleshed out and given a chance to protect humanity from itself. That stuff needs people like you. -- E-mail is public! Talk to me in private using Tor. torify telnet loupsycedyglgamf.onion DON'T SEND ME irc://loupsycedyglgamf.onion:67/lynX PRIVATE EMAIL http://loupsycedyglgamf.onion/LynX/ OR FACEBOOGLE