[Noisebridge-discuss] Develop for Privacy Challenge

Moxie Marlinspike moxie at thoughtcrime.org
Tue Feb 8 04:11:32 UTC 2011 

On 02/07/2011 10:41 PM, Griffin Boyce wrote:
> On Mon, Feb 7, 2011 at 10:16 PM, Micah Lee <twopointfour at riseup.net> wrote:
>> I like the idea of doing something functional, like with crypto or proxy
>> servers or making a custom browser (lots of fun with javascript,
>> cookies, SSL, proxies). This also is probably really hard to do well though.
>>
> 
> Functional is good!  =)  Proxies have the issues of a single
> point-of-failure and privacy by policy.  Because Tor is a sponsor, I'd
> expect it to get a thumbs-down.  An all-in-one solution for Tor use,
> like Orbot but better, would be pretty amazing. =D

I work on a targeted anonymity system for Google called GoogleSharing,
which aims to provide anonymity for Google services which don't require
a login.  It has a much lower anonymity guarantee than Tor, but is fast
enough to use for all your day-to-day Google uses, and is mostly
designed to anonymize the "big picture."  Anyone can run a GoogleSharing
proxy, and you don't have to trust the GoogleSharing proxy operator not
to look at your searches (only that the proxy operator and Google will
not collude).

Right now there's no way to use it in the mobile environment (it's a
firefox addon), but it'd be sweet if someone had the time to drop the
Android webkit component into an Activity that did the GoogleSharing
magic as well.  Bundle that up with https-upgrade logic (just a bunch of
regexps), a socks proxy interface for Tor, and the torbutton logic, and
you've got a nice little privacy-enhancing browser.

>> I also like the idea of gathering as much info that systems give us
>> (like the phone OS, or the facebook API if you're logged in, etc) and
>> displaying it to the user so they know how much info they're leaking.
> 
> I really love this idea, because it's scary to see the amount of data
> you really put out there.  It could shock a lot of people, in a good
> way, and lead them to be more mindful.  The question there is how to
> pull it off...

The problem you're going to run into is that it's not really possible to
get in the middle of any of this communication on non-rooted devices.

- moxie

-- 
http://www.thoughtcrime.org

More information about the Noisebridge-discuss mailing list