FireChat was a tool for revolution, then disappeared(fromjason.xyz) |
FireChat was a tool for revolution, then disappeared(fromjason.xyz) |
And if not, it seems unrealistic to expect people to adopt / trust your alternative.
When I get to the phone number step, it briefly shows a captcha screen but then transitions to the phone number screen.
When I enter my phone number. Country code +47. I don’t get any sms at all.
When I switch to the sms app to see if an sms arrived (it didn’t), and I switch back to your app, the counter on the screen that is counting down to allow resending code resets to 00:59 although it was at like 00:30 when I switched away from the app.
When after waiting for another full minute and occasionally touching the screen to prevent it from locking I am presented with the following options when clicking “I didn’t get a code”:
- Contact NewNode Support
- Resend code
- Call me instead
- Cancel
I tried resend code. No code arrives still.
Great, now I have to wait another full minute with your app in focus before I can try another option.
After waiting another full minute, I click “call me instead”. No call comes.
The sign up process is surprisingly difficult and doesn't appear to be working.
The CAPTCHA is VERY thorough. I couldn't seem to get it to agree that I was human. When I finally solved it, the submit button is hidden (you have to scroll for some reason).
When I enter my phone number it prompts me to enter a code that never arrived. When I click "I didn't receive a code" the app sends me back to the CAPTCHA (lol). I complete the captcha again and request the code.
I went through this process three or four times before I gave up. This seems like an ongoing issue[1]
Does the app have many users? Any users?
The last blog post on the NewNode site was July of last year.
According to the App Store there has been three minor updates- 3, 9 and 12 months ago. No notes on the updates.
Does NewNode have a road map?
I couldn't find any write ups about the app anywhere. No press coverage.
So, why did FireChat close down?
Edit: I just completed 10 CAPTCHAs in a row.
The thing I see is that if you really want to make a huge P2P network, you need a reason to have the app installed for reasons other than P2P. The problem I've always seen with FireChat was that I'd never get anyone to talk to me and then when there was an emergency no one would be able to download. So we need to have the features built into something with more normal day-to-day utility.
[0] https://community.signalusers.org/t/signal-airdrop/37402
TLDR it is often harder to reuse
But it is not so. Phone numbers are controlled effectively by governments if needed, they are re-used, and they cheap-dirt in some countries (like, I could get SIM card in Serbia or Laos for about 1 Euro on the street).
About re-use: When I get new number in Serbia Is tarted to get a lot of SMSes and later WhatsApp messages about my debts, from very aggressive people. It was not scam, but this number only 3 months before that was used by some local guy who got into big troubles with loan sharks. They were Ok when I explained that I'm expat with SIM card bought in the newspaper stand, but I needed to explain it something like 50 times!
Sorry, but phone number is BAD ID and SMS is TERRIBLE 2FA / confirmation media.
If it could be shut off from one place like that, it doesn't sound very "decentralized". Anyway, are there significant obstacles to re-implementation?
Someone above mentioned an alternative that uses LoRa. That's nice but it sounds like the attraction of Firechat was that it used ordinary phones that everyone already has. LoRa by comparison is special hardware that is already a bit suspicious.
If you're willing to use special purpose radios and live with low bandwidth text communication, you can do quite a bit better than LoRa, such as with JS8CALL and HF radios. But, a sad "theorem" tells us that any communications medium will be beaten into carrying video....
This is an argument I've never been able to successfully make to anyone except a military colonel.
edit: How it works: https://briarproject.org/how-it-works/
The entire history of the internet is basically decentralized protocols being slowly transformed into corporate walled-gardens.
Wonder if anybody's got more info on what happened?
Several years ago (circa 2015) I was asked to build an app like FireChat by just the _oddest_ couple of guys I've ever met. They wanted an app where you could connect to other folks just by being near them. I never could get them to agree on what exactly the app was supposed to be beyond that.
The first gentleman was a VP-type for a large company. He insisted that the app (nicknamed "Pals" at the time) was for people with similar interests to find each other and connect based on just being near the same place at the same time.
The second partner was a well-known lawyer in my city. When I mentioned their app sounds like a dating app, this guy says to the first man, "SEE! It's a dating app." And then he proceeds to tell me (in graphic detail) his proposed strategy to build a dating app that would tell you where the other person is when you go to meet them in person. He essentially wanted to be able to spy on them to see if the person matched their online description or not before committing to the date.
I thought the idea, while clever, was also super creepy but offered to build it for them. I thought if they pivoted to something like large-scale live events they might have something. Imagine going to a sporting event and having a group chat with everyone else at the stadium. Great way to make new friends/contacts to hang out with later.
They hired a marketing firm to build it instead, and last I heard they had given up on the idea. I guess the only good that really came out of it was that I had a lawyer to call when I had to go to traffic court a few years later. Turns out he was actually pretty good at his job.
This kind of system needs a dedicated or at least 'open' device with adequate hardware to support wireless mesh networks.
I would love to see something like this, because we (even, or rather, especially; Western countries) currently have no decentralized fallback for emergency communication. If the electric grid and cellphone network go... most people don't even have AM radios at this point.
It seems like you're talking about two related but ultimately distinct concerns, i.e. reliance against infrastructure failures and reliance against organizational failures.
Having an overall culture/goal of decentralization, can inform decisions on multiple levels/concerns (infra, energy, org). Basically, if I'm trying to be resilient to infra problems, it won't be that much effort in changing the design to also be resilient from centralized control.
It seem Stas has since then started clostra.com The fireside chat messenger just rebranded. https://www.newnode.com/download.
I love a good conspiracy but shows little evidence.
> In 2014, after Hong Kong protesters demonstrated to the world how effective a tool it was, news blogs quickly pointed out that FireChat messages were not secure. By 2015, Open Garden updated the app to include end-to-end encryption,
I never used it, but remember the hype. It didn't get there by not working.
This type of service needs Apple and Google support to go anywhere, given how restricted access to radio hardware and background processing is on iOS and Android, and they're clearly not interested.
Apple has even rolled back AirDrop functionality, supposedly because of people receiving unwanted photos (which I don't doubt happened, but changing the defaut could address that – just outright removing the option to receive from anybody seems wrong).
There's absolutely no reason we shouldn't at least have a P2P Wi-Fi based chat client preinstalled on every iOS and Android phone, with a default of being able to message only known contacts. I mean, even the Nintendo DS could do it in 2004!
The text mentions an anodyne "for business reasons", so that should leave the door wide open for any conspiracy theories ;)
It seems very nice.
This seems needlessly conspiratorial. Apps and companies disappear all the time and it's usually for boring reasons.
That said, I am curious to hear more about the offline messaging. If it only is able to exchange when the two people who are trying to communicate with eachother are directly nearby it isn't so much a mesh network, right? A mesh network would be able to route across other nodes to get to its destination. Does Briar do that? The "How it works" page doesn't really seem to answer much, so I am assuming not.
Beyond that though, at this point for protests (in the US at least), the suggested opsec is to leave your phone at home.
Briar actually does set up a meshnet for groups and forums, so long as people are contacts of each other. See the diagram here: https://briarproject.org/img/howitworks3(mobile).svg
I continue to be frustrated by having to use the plane's satellite internet connection (not always free) to message somebody sitting two rows away from me, so this would be great.
At rallies, masked, sun glasses, baseball hat and a couple of shirts
Anyhow, a combination of the two is likely best. It won't really help though, "back in the day" every movement had a few police informants in the mix. There's less of that now with electronic monitoring, and 24x7 tracking, but a totalitarian state likely has more of that mix.
Heck a bunch of crooks tried to rob my house, and were caught not only due to having their phones on them, but ALSO due to sending SMS messages about houses they were examining "This house looks empty!", but also because they dropped a phone outside my house, when fleeing when the alarm went off... and the phone wasn't even locked!
Just imagine in a police state. I think a lot of revolutions get stopped before conspirators even get to the "protect our comms" point.
a super power I wish I had.
Stochastic terror and the stochastic coup work great precisely because there are no clear unambiguous two-way communication trails between the instigator and the accomplices; just a lot of "wouldn't it be great if somebody did something". Fell apart afterwards because there was no further planning.
https://en.wikipedia.org/wiki/Qatari_involvement_in_higher_e...
There are still holes of course, connecting only to contacts limits the spread of messages but ensures you don't leak too much information if your device is compromised
Recall that it is public information that USAID created a Twitter clone called Zunzuneo to be used in Cuba. It's not out of the realm of possibility that they have also made some "secure" chat app.
https://hachyderm.io/@josephcox@infosec.exchange/11232112693...
It's also possible to receive non spread-spectrum signals below the noise floor, if you can observe it over longer time and get additional "processing gain" that way
Additionally, it is a bad idea to use spread spectrum as a means of concealment because if the adversary is physically near enough, your signal will show up above the noise floor. Due to the inverse square law etc, you have a narrow zone of enough power to be received by your remote recipient, but not enough power for closer adversaries to detect you. You are also reliant on the unlikely situation of an adversary without more advanced RF hardware with lower noise receivers.
First, as a definition, below the noise floor means that the power of my signal at any given time is smaller than the power of the ambient noise in my channel, and usually this implies that you're only interested in a particular segment of frequency spectrum (e.g. within the 10MHz band centered at 1.8GHz). If we were doing a simple frequency-shift keying or amplitude-modulated signal, once the noise power exceeds the signal power, there is basically no hope of recovering anything useful, as those are both demodulation schemes that rely upon obtaining instantaneous estimates of the frequency or amplitude of the signal of interest.
However, spread-spectrum methods make a time/frequency tradeoff, where the signal of interest is "spread" across multiple points in time and frequency. A very simple example of this is to say "if I want to transmit a 1, instead of transmitting one cycle of a sinusoid at 18.GHz, I will transmit 10 cycles". Then, at the decoder stage, you average across 10 cycles of your carrier in order to detect whether a signal was sent or not. By doing this averaging across time, you get a 10x gain versus the noise which is expected to cancel itself out as often as not.
True spread-spectrum techniques are more advanced than this, they actually use wave shapes that are more complicated than just a sinusoid to make it easier to detect when they start and stop (whereas with a sinusoid there's a fair amount of ambiguity if you shift one period to the left or right) but the fundamental idea of averaging across time is the same.
Through this mechanism we are able to rescue out signals from far below the noise floor, although it reduces your maximum transmission rate. When dealing with digital radio systems we can even rescue out signals from below our quantization floor, although not too much lower, as eventually you lose the ability to average out a signal that is fluctuating by significantly less than a single bit.
Whenever I talk about making tradeoffs in transmission speed to aid in reception, I am reminded of the ELF systems in submarines [0]. While they did not use spread-spectrum techniques, (they just jumped between two frequencies, 76Hz and 80Hz) they still correlated across time to boost up their effective SNR. [0] https://en.wikipedia.org/wiki/Communication_with_submarines#...
> If the RSSI is below the noise floor, it is impossible to demodulate the signal. However, LoRa can demodulate signals that are below the noise floor.
Where is a link to the timeline?
hence why you either go GPLv3 or don't bother calling it open source.
Financing open-source projects is hard because anybody can take them and build stuff on top of them to sell at a way higher margin (or they are restrictive i.e. AGPL so nobody builds anything on top of them)
Only well-financed major open source projects are the ones that existed at critical points of time where no strong proprietary alternative with abundant features existed (e.g. Linux kernel, GCC, Apache Web Server) or the ones that are created by major companies as part of their infrastructure and released as a way to shape markets (e.g. Kubernetes, Chromium, PyTorch, React, .NET Core) for the worse or the better.
[1] https://en.m.wikipedia.org/wiki/Timeline_of_the_2019%E2%80%9...
But, at least in the country I live in, this is excessive for a typical protest burner.
There are so many links in that chain that need to line up, from the manufacturer keeping track of it to the distribution system to keep track of what batch goes where to the vendor keeping track of what phone IMEI is sold when or to who. Even if all those link up you need to get at the video within the rotation time for their video storage or link to their financial transaction data.
I would not be surprised if it is still as easy to evade as shown in the show (and as easy to get wrong).