On Mon, Dec 04, 2006 at 12:18:25PM +0800, John Kimble wrote: > Thanks for sharing - Psiphon certainly seems promising, for people > with specific trust models (rather different from Tor users) and want > to use a hassle-free encrypted proxy. They have very prominent > sponsors too -- wonder if those sponsors will be interested in Tor as > well? ;-) The problem with saying "rather different from Tor users" is that it conflates Tor technology and infrastructure with the particular use of the Tor network that the Tor developers want to highlight. It turns out that Tor is actually a general-purpose tool that can be used to allow a multitude of different requirements. Perhaps the two uses most commonly cited by the Tor developers are anonymity from the remote endpoint (so that the server (or client in the case of hidden services) cannot tell who you are) and anonymity from the network (so that network observers cannot tell who is talking to whom). However, Tor can be used for other purposes as well. For example, consider the perspective access network, which can provide access to services that might happen to be visible from some servers in the Tor network, but not all. http://afs.eecs.harvard.edu/~goodell/blossom/ Users might not necessarily care about anonymity; their primary concern would be accessing (or providing access to) otherwise inaccessible content or services. Similarly, Tor can actually be used to implement Psiphon without changing the Tor code base. If my understanding is correct, a simple web proxy front-end and some controller code would be all that is needed. It seems to me that creating a separate code base for Psiphon would be redundant, not to mention ultimately dangerous by fragmenting the set of available tools intended to achieve similar purposes, leading to confusion and inconsistent or unexpected security properties. I think that many of the security properties desired by Tor and Psiphon are the same.
Attachment:
signature.asc
Description: Digital signature