I’m offering this too: internships at our research lab that are related to privacy and security. Feel free to mail me or DM me on the forum. You can have a look at my profile on the university website, for some context. I’d be especially delighted to have someone work on (privacy-related components of) Whisperfish, but anything privacy-related on SailfishOS is a welcome proposal, and we can think together of something.
I think it would make a good project, but it should also fit the research lab, which it would not by a lot in my case
I’m thinking mostly in Whisperfish context here, but for instance using Tor with context aware sockets for sealed sending would make a great topic, although that’s probably also a master’s thesis.
I’ve stopped using whisperfish. It’s not usable. Sorry to be blunt. As for tor, it’s a false sense of security. Given the concentration of nodes here abouts (germany), I consider it to be a fish bowel. Every tor user I accomodate (ie. increase the timeouts on web services because of the lag on the tor network), INCREASES the likelyhood that they generate traffic that makes my hidden service less hidden. It’s not even funny how cat and mouse it is.
I understand. There’s a reason I still label this as beta. It is not usable if you’re not willing to put time into reporting and debugging some issues. Given the technical debt that we are working through (and catching up on), the complexity of Signal itself (which we are catching up on), and the fact that we have to build our own ecosystem of support libraries (unlike Telegram with TDlib), this is probably one of the more complex applications that are being written for SailfishOS. We’re closing in on 0.6.0, and I would urge you to take a look again when we reach that point.
I agree on most of what you say here. However, there are very specific use cases where a Tor-style access to a network is useful, and the sealed sender socket is very probably one of them. These are one-shot, anonymous, unidentified sockets that are accessed per-recipient. Mapping those sockets on single-use Tor circuits should quite effectively help to totally hide your endpoint from Signal.
At least, in theory. Part of such an endeavour would be the evaluation in practice, which is something we can actually try out, thanks to Whisperfish.
I may do so to help with the engineering. But, since it’s in rust, which I abhor, I can’t really help that much. I follow the announcements, but since I bailed, most people have just stopped talking to me, which is quite ok
I gather this is research. In any case, hiding from signal, since they have your phone number (and they still have mine!) is a bit, well, you tell me? Sounds like it serves no purpose for the Signal case? But I can imagine a use case.
In any case, I’m grateful for any academic feedback, on keypeer.org, too Although it’s still so rough that it’s probably not worth the time.
Just to bump this because there isn’t much time left for the next application round, I’ve cleaned up the structure of the site some and would ask people to comment on Introduction ( keypeer.org/introduction.md at main · poetaster/keypeer.org · GitHub ) Currently there is a bunch of discussion going on in tickets, but that could be moved to the discussions in the repo. Thanks!
Hello @poetaster and all members of this project. This looks really fantastic from my point of view. I’ve proposed a PR correcting some typos and asking some questions.
If I’ve time before this evening, I’ll try to read the call also to re-read the proposal with it in mind.
And just to add more stress to my post-employment life (!) https://prototypefund.de/ is opening up the next round for grant proposals next week. That’s restricted to people living in Germany, I believe.
Apologies, I did not have time to comment a lot on this. I am switching jobs and interviewing takes a lot of time, plus travel. Nonetheless, I skimmed through your proposal and it looked very cool. I hope you get funded! Keep us posted.
Since another round of NLnet grant was opened (NGI0), i think it would be nice to gather here some ideas that can be funded. Next deadline is August 1st. In addition, I stumped upon a video where NLnet themself want to support Sailfish (36C3 - NGI Zero: A treasure trove of IT innovation - Invidious - 58:50).
At the Sailmates association we started collecting ideas that could be funded: Issues - boards - Codeberg.org but would be great if others here have additional ideas.
To make it easier for applying (the Sailmates association being able to apply if you don’t wish to do so as an individual) I recommend answering the following questions, just like those bug reports to Jolla:
project name
description of the whole project and expected outcomes
how would the grant budget be used ? (max budget 50k€)
comparison with historical similar efforts
technical challenges one might face
ecosystem of the project (how to engage with relevant actors and promote outcomes)
BTW, maybe @hildon can change the title and remove the “deadlines soon” since it’s a cycle and if projects are not funded this time they might get it next time.
There is yet another opening from NLnet / NGI, which this time is targeting ethical mobile software. Deadline to apply is Apr 1st at 12:00 CET.
I think this is really spot on to fund further development of any open Sailfish component or application! The call mentions F-Droid and some open Android components, but this is by no means excluding other efforts, and I think one could easily make the case for Sailfish.
Conditions are as usual, in principle maximum €50,000 per project, with the possibility to scale it up later on. They also offer the possibility of applying with several small projects coordinated under the umbrella of a larger effort.
Personally, I think this is a cool opportunity to send a little swarm of applications and try to revive Sailfish a bit, which seems to be languishing.
