Yes! I’ll document what I’ve done so far on two applications and post it when I have a moment.
There are again new deadlines approaching. See: NLnet; Open call for funding
I’m interested in taking any open component of the Linux/Mer stack SFOS is using and hardening it (e.g. verifying formally that it has no bugs).
Any ideas of some small and critical libraries that could be good to get going with this?
Thanks for the reminder. I only have really (really) rough notes up, but I’ll see if I can get some work done on: https://keypeer.org/ That was the application idea I ran out of time on.
It’s still so bare Maybe a DM to start ? Thanks!
GitHub - poetaster/keypeer.org: This is the repository of the keypeer project website. now contains the sources for the website. Anyone who has some time to elaborate on the skeletal ideas contained here, take a look at about.md … thanks in advance!
I’m offering this too: internships at our research lab that are related to privacy and security. Feel free to mail me or DM me on the forum. You can have a look at my profile on the university website, for some context. I’d be especially delighted to have someone work on (privacy-related components of) Whisperfish, but anything privacy-related on SailfishOS is a welcome proposal, and we can think together of something.
I think it would make a good project, but it should also fit the research lab, which it would not by a lot in my case
I’m thinking mostly in Whisperfish context here, but for instance using Tor with context aware sockets for sealed sending would make a great topic, although that’s probably also a master’s thesis.
I’ve stopped using whisperfish. It’s not usable. Sorry to be blunt. As for tor, it’s a false sense of security. Given the concentration of nodes here abouts (germany), I consider it to be a fish bowel. Every tor user I accomodate (ie. increase the timeouts on web services because of the lag on the tor network), INCREASES the likelyhood that they generate traffic that makes my hidden service less hidden. It’s not even funny how cat and mouse it is.
I understand. There’s a reason I still label this as beta. It is not usable if you’re not willing to put time into reporting and debugging some issues. Given the technical debt that we are working through (and catching up on), the complexity of Signal itself (which we are catching up on), and the fact that we have to build our own ecosystem of support libraries (unlike Telegram with TDlib), this is probably one of the more complex applications that are being written for SailfishOS. We’re closing in on 0.6.0, and I would urge you to take a look again when we reach that point.
I agree on most of what you say here. However, there are very specific use cases where a Tor-style access to a network is useful, and the sealed sender socket is very probably one of them. These are one-shot, anonymous, unidentified sockets that are accessed per-recipient. Mapping those sockets on single-use Tor circuits should quite effectively help to totally hide your endpoint from Signal.
At least, in theory. Part of such an endeavour would be the evaluation in practice, which is something we can actually try out, thanks to Whisperfish.
I may do so to help with the engineering. But, since it’s in rust, which I abhor, I can’t really help that much. I follow the announcements, but since I bailed, most people have just stopped talking to me, which is quite ok
I gather this is research. In any case, hiding from signal, since they have your phone number (and they still have mine!) is a bit, well, you tell me? Sounds like it serves no purpose for the Signal case? But I can imagine a use case.
In any case, I’m grateful for any academic feedback, on keypeer.org, too Although it’s still so rough that it’s probably not worth the time.
The purpose is to unlink sender from receiver, also at IP-level. Phone numbers is another topic, and there too I imagine thesis topics and internships
If you ever feel like it’s less rough, this looks like something I would love to play with. Feel free to DM me, even without internship intentions
I’ll polish it up and let you know when it’s ‘up to snuff’, so to speak Thanks!
To balance the feedback: I am quite happy with Whisperfish and always looking forward for its improvements. It is usable - at least by a light user
PS: and back to the original topic - EU development grants. Have to give constructive feedback regarding keypeer.org .
Just to bump this because there isn’t much time left for the next application round, I’ve cleaned up the structure of the site some and would ask people to comment on Introduction ( keypeer.org/introduction.md at main · poetaster/keypeer.org · GitHub ) Currently there is a bunch of discussion going on in tickets, but that could be moved to the discussions in the repo. Thanks!
The ‘we’re finalizing this’ draft of the application to NLnet is currently at: keypeer.org/nl.md at main · poetaster/keypeer.org · GitHub if anyone has time / means to comment. We’re applying at: NLnet; Apply for a grant under the NGI Zero Entrust Theme call. @hildon I know it’s not your interest area, per se, but feedback would be welcome!
Hello @poetaster and all members of this project. This looks really fantastic from my point of view. I’ve proposed a PR correcting some typos and asking some questions.
If I’ve time before this evening, I’ll try to read the call also to re-read the proposal with it in mind.
So far it’s been @rinigus, the Sailmates and myself working on the proposal.But I’ll be very happy to add you!
Well thanks, but you’ve done guys, all the job. I’ve simply re-read and corrected some typos. But I wish the best for the initiative !
Reminding me to fix typos albeit humiliating is important Thanks!
Well, later on, I read in the call that « our reviewers don’t care about spelling errors » after all ; D