1. 6

    I liked what Mikko Hyppönen, the CRO of F-Secure said: “please let me know if you have nothing to hide, that way I know I can’t trust you with my secrets”. We all have secrets, both our own, and those entrusted to us by our peers or clients, especially if you’re a teacher, police officer, doctor, lawyer, or a priest.

    We have business ideas we can’t yet patent, we all do humiliating things when we think we’re not being watched, we have political opinions that may governments and extremist groups would like to see us hang for, we have violated unnecessary laws and laws we didn’t know were illegal, we’ve all done unethical yet legal things we regret for the rest our our lives. Many people do ethically things that are illegal (think e.g. sexual minorities).

    These people who say they have nothing to hide, are mostly just trying to cope. They’re solving the privacy problems they can, intuitively, without thinking. They lock toilets, close curtains, whisper to their friends and protect their phone’s screen on public transport from a single stranger. They delete their browser history or use incognito mode, they select strong passwords and protect their credit card PIN.

    But when the surveillance becomes invisible, people stop caring, because it’s too much congnitive effort to track where data they collect of us, goes. So people resort to humor, they joke about ending up on a list. It doesn’t help the pessimistic attitude is fed both by people affected by the surveillance (who’ve become depressed), as well as sock puppets (who try to manage spread of strong encryption and privacy tools).

    Offering people secure tools for communication and browsing helps them a lot. Signal and Tor are some of the best tools we have. Offering them to people is the best way to help them. If the people react negatively to switching to safe alternatives, the best way to deal with them is unfortunately self-censorship. I.e. if you can only reach them via FB messenger, don’t say stuff you don’t want FB/FVEY to know. It also helps to get to know one’s peers a bit better before making the switch. Once the conversation gets more deep, you can bring up the subject of switching to more private platform.

    However, as the old Indian saying goes, you can’t wake up someone who’s pretending to be sleep. Don’t try to force other people to change, but try to realize these people are not willing to be very intimate part of your life, and if they are yet they refuse to switch, it might be time to take a step back.

    1. 2

      Unfortunately, implemented in client side JavaScript.


      1. 1

        Client-side Python actually! :)

        1. 1

          What could go wrong :).9(

      1. 1

        How is this different than Tox?

        1. 1

          I think a better question is how is it the same? httpss://www.cs.helsinki.fi/u/oottela/wiki/readme/overview.png

          1. 1

            I didn’t look in detail but they both seem to be using the Tor network to anonymize their traffic. Given that Tox already exists for a while now, I wonder what the motivations are for this project.

            1. 2

              Tox doesn’t anonymize, i.e. route via Tor by default, you need to install Tor separately, and manually edit the proxy settings to do that. You can mess up with your anonymity if you ever connect your Tox client to the network without Tor. Even then, Tox traffic will exit the Tor network via Tor exit node before connecting to the contact (who may or may not be using Tor).

              In comparison, TFC uses v3 Onion Services: you can’t run it without Tor, the traffic never exits the Tor network, and you don’t need to make any changes to proxy settings, so you know every TFC contact is always using Tor. You can’t accidentally reveal your IP-address.

              Given that Tox already exists for a while now, I wonder what the motivations are for this project.

              I came up with the concept on spring 2012, and started the project on July 2013, around the same time Tox started. The focus of TFC wasn’t anonymity back then, nor was it a goal for Tox. Tox was about p2p communication. TFC’s main focus is endpoint security (protection when your networked endpoint is hacked) which Tox doesn’t address in any way. Consider reading the project Readme to see what the project’s about before questioning the motives.

              1. 1

                Thanks @maqp. I was under the impression that Tox was in fact routing through Tor and I am clearly mistaken. Thanks for clarifying my lazy comment.

        1. 3

          Am I wrong when stating that onion traffic is watched over more heavily than non-onion traffic? Honestly, it’s never the message itself that is watched but the metadata (or so they say). In my opinion, as long as they get your metadata, and it still seems reasonably possible, nothing has really changed.

          1. 2

            Very curiously this is worded almost exactly the same as a comment in a hacker news post about TFC a year ago:

            Am I wrong in stating that onion traffic is watched more heavily than non onion traffic? And honestly it’s never the message itself that is watched but the metadata, or so they say. So as long as they get your metadata, and it still seems reasonably possible, nothing has really changed.

            The point of TFC is to hide metadata about who you talk to, when, and how much. It doesn’t hide the fact you use Tor, but using Tor isn’t inherently bad. Everyone from government employees to activists, from dissidents to journalists use Tor. Everyone who cares about privacy online should use Tor and a millions of people do.

            1. 2

              The whole point of tor is to hide metadata.

              That said, yes, it’s watched very carefully. I’d be quite surprised if (in practice) the NSA couldn’t tell what was going on. I’d also be quite surprised if any of the minor intelligence agencies could tell, though, and the NSA are reticent to use any intel they get via secret means.