Tell HN: WTF are you waiting for? Seriously?

> I think the most critical thing we could do is to make a small app that handles direct P2P communication.

Agreed. In order to actually solve the problems we face though, this p2p app needs to always encrypt messages -- even for indirect messaging. It needs to solve the authentication problem. And it needs to be opensource for perpetuity.

Forward secrecy ("I threw away the key") and repudiability ("You can't prove I sent that") would also be nice. OTR has these and I highly recommend reading the OTR papers [1] [2].

All in all this is a tall order. Heck, authentication alone is a tall order. The OTR Pidgin plugin has you enter a shared secret in order to authenticate a new buddy. I'm not sure this is ideal. Normal users will agree on that shared secret through an insecure channel like phone or text, or just use a guessable one, opening the door to a MITM attack at the most critical stage.

I'd rather see a web of trust [3] solution to the authentication problem. Bootstrapping the trust network is of necessity harder because it requires more careful interactions, usually f2f, but it does enjoy a viral property: the more users in the trust network, the easier it is to fill out your authenticated contacts list, since you'll be getting many of their identities through WoT introduction.

Maybe the existing GPG web of trust could be used as the base -- ie, offer import of GPG keys and trust database, or just reuse the GPG code straight up.

[1] http://www.cypherpunks.ca/otr/otr-wpes.pdf

[2] http://www.cypherpunks.ca/~iang/pubs/impauth.pdf

[3] http://en.wikipedia.org/wiki/Web_of_Trust

I think the holy grail of P2P networks will be when we have something like Bluetooth that has a significantly better range. So we can really exempt ourselves from private infrastructure.

These things are made, and then they fail due to lack of interest.

The problem is that these things solve a theoretical problem, not an actual need.

Doesn't such a validation system place a model for censoring in the very architecture of the system?

Retroshare?

Am thinking devoting our focus on such privacy-focused projects as :

Tent [ https://tent.io/ ] : the crypto-social network protocol

or

BitMessage [ https://github.com/Bitmessage ]: crypto-P2P message protocol

If more people can join these efforts (even as early adopters), it would do us all (the entire internet village) a great benefit in fighting back against the System.

writing indignant text on a website should the the first step for any endeavour!

This isn't about Technology.

This is about Government and organizing. Not to sit around and code. Its about organizing.

Emails don't have much effect. I used to email my representatives regularly, to no effect. I always just got an automated response presumably picked out from a set by keywords in my email, and the response was usually praising the thing I was writing to urge them to not support.

Written letters have greater impact, and actual phone calls have far more yet. I don't think recorded voice messages will have as much of an impact as actually calling and interacting with someone in their office. They can ignore recordings just as much as emails, but it's harder to ignore someone who is actually conversing with you, especially if there are many such people doing so.

stopwatching.us and others have put together a phone number you can call which will automatically connect you to your legislators and give you tips on the sorts of points to make. https://call.stopwatching.us/

I actually just commented about this same sort of thing. Except I think voice messages would be far more effective, and a rep would actually have to listen, whereas letters can be easily dismissed and thrown away. How about a website that utilizes the computer's mic and instantly sends the voice message to the rep? Wouldn't that be easier, cheaper, and more effective? (Of course, the scope of creating such as website would be much more difficult)

We have something like this in the UK, which works very well indeed: http://www.writetothem.com/ . May be worth copying their design as a starting point.

Sounds like a good idea—enabling the effectiveness of a mailed letter with the ease of an email. Most people don't seem willing to do more than an email to their members of Congress, so this may have real value.

And by the way, here's my idea I've been throwing around. It's just an idea and I'm not sure if it would even work or be worthwhile, but:

A decentralized personal information protocol. Instead of joining a social network or other online service and putting all your personal information into their database, you run your own server (either truly on your own server if you want the most privacy or through a hosting service for this protocol if you want ease of setup) that contains a certain set of information which services can request (but you must authorize, like with OAuth). Information generated within those services is then saved to your server rather than their own. Thus if you cancel your account, you have sole control of the data. If they don't allow you to cancel your account, you can just revoke their access to your server.

Problems:

- Trust: You can't trust everyone to not save their own copies of the data themselves. Perhaps this could be semi-solved by having a machine readable license agreement for your data that the services agree to by connecting to it, giving you the ability to sue if they violate those terms.

- Performance: Presumably there would be performance issues in something like a highly-interconnected social network if each person's data is on its own server. Some servers would be more reliable than others, too, leading to instability for the greater service using the data.

- Public exposure: If the services using your data are, for example, Facebook-like in nature, where a large amount of the data is publicly displayed anyway, there is nothing stopping anyone from scraping it off the public-facing webpage and archiving it.

I wonder if the same things that worked in Europe could be used in the US. Over here, we have a nascent network of professional activists (EDRI, DigiGes, laquadraturedunet) that monitor critical developments and coordinate the hacking, the public relations, the interactions with politicians and the feet on the ground. Having something like this is essential to be able to harness the public outrage fast enough to make a difference.

For instance, this network campaigned for a long time against ACTA, but not much was happening. Then all of a sudden there were mass protests in Poland (btw. thanks guys!) which, together with protests in other countries, helped the network to get heard by the people that matter in EU politics. This is how ACTA was killed.

From my perspective, it seems as if the US has some organizations that could help in this, if they would coordinate. I'm skeptical, however, if the way in which the US tech scene is organized might not be detrimental to the overall effort. To many people in it for the next big thing, to few people doing blinkenlights.

Does it matter just yet? Really?

What matters is the courage to actually stand up and say, I will do something.

Its time to organize and not just sit behind a damn computer. The time is NOW.

Will you organize? If we moved forward, would you help?

Really? Who said that and what backing do they have for such an sweeping statement?

Looking at the past 75 years, I'd say that technology has solved quite a lot of social problems. The impact of the washing machine alone, let alone the Pill, was absolutely huge.