[tor-project] Future of Tor Messenger
meejah at meejah.ca
Sat Nov 4 17:39:41 UTC 2017
Georg Koppen <gk at torproject.org> writes:
> 1) It should not be a desktop-only application.
(I hope to not further derail this thread, but ...) Yes, I agree at
least thinking / planning for mobile users at the start is a good idea.
"In general", how likely do you think a "remote control"-style mobile
application would work for mobile users? What I mean by this is: the
"real" application runs somewhere (e.g. at home, or on a trusted
friend's machine) and presents some kind of RPC-style API/interface over
an Onion service -- the mobile application is then "just" a
remote-control GUI for this. Conceptually, this seems very similar to
how a lot of SaaS-type mobile applications already work (except you're
running the server-side software yourself on a trusted machine, only
available via Onion service).
Personally, I've been thinking of this more in the context of programs
like a BitCoin or Ethereum wallet/node, or a Tahoe-LAFS client -- where
they kind of really do need to be online 100% (approximately) of the
time to be most useful and often use a lot of data (or CPU). As in,
you're not going to keep ~150GB of bitcoin transactions on your phone.
For chat, this would have the advantage of being "always"-online (for
e.g. IRC this is important). This *might* have privacy advantages, too
(e.g. keeping metadata emanating from your home-machine slightly more
consistent, keeping a consistent traffic pattern to any chat-servers
like IRC or XMPP you're conncting to, etc).
Another advantage: the "remote control phone" piece would presumably
authenticate to your home machine via some keypair -- which can be
revoked easily (e.g. if the phone is lost or stolen). Ideally such an
application would keep *zero* data on the phone, and re-sync any
relevant state the next time it connects via the Onion service.
BUT I don't know if this would actually be a "thing that might work" for
mobile users. Obviously, it's not-great for mobile users who don't have
any other computing devices. Are there statistics on this sort of thing?
(e.g. what % of mobile-users have a computing device somewhere else on
More information about the tor-project