This looks like a great project. My only feedback is that in these types of situations, the tendency is for people to use the tools they already have. For the London riots that was BBM, for Tunisia and Egypt that was Facebook and Twitter.
This could be particularly problematic if you're targeting an internet blackout situation, because people will likely use the tools they have until they can't anymore, at which point it will be too late to download yours.
So you might think about positioning it differently, or coming up with an application for it that people will enjoy outside of a crisis situation, so that it will be one of those tools that people already have.
This is a great point. We were trying to figure out a way for people to first pass the app between devices locally so it could spread and be used in a situation where the internet was down, but we haven't figured anything out there yet. Maybe your idea of figuring out a use for it before that situation arises is a better idea.
I think the app itself should be installable through bluetooth.
if another user doesn't have this app installed,
the app should be able to transfer its apk package to the user via bluetooth.
The potential problem is that you've just described a malware author's dream.
I know it's probably an unpopular opinion, but I don't believe that we should be distributing APKs outside of the Play channels. It takes us back to the PC distribution model, with all of the associated security and usability problems.
Yeah exactly, and this seems to be the reason that android doesn't allow apks to be sent over Bluetooth, so we haven't really found a solution so far unless you count swapping SD cards.
Really? Perhaps you know more than I do, but Android "not allowing apks to be sent over Bluetooth" seems pretty unlikely to me.
It doesn't allow you to easily get at apks you've downloaded from the Play store, if that's what you mean, but I think that's just an anti-piracy measure. An apk you've downloaded from somewhere else is, as far as I can tell, just another file. I can't imagine why (or how!) it'd stop you from exchanging them, particularly if you have some sort of custom Bluetooth client.
Yeah if I remember correctly the built in Bluetooth file transfer actually won't send an apk, which was definitely surprising to us too. We could send it over our custom app, but that's the problem - what we're trying to send is the custom app itself.
I always send my apk via email, and my friends will install it. what's the problem with that?
apk is a file, just like jpeg, mp3. rename it to whatever you like and then transfer.
You'd have to check if the block is solely based on the extension. If so, what about disguising it in a videofile with instructions on how to set it up?
>You take a picture of a protest happening near your home.
Fearing a spread of the protest the government shuts down cellular and Internet access to most citizens.
You write a short message about the protest in SplinterNet and attach the picture.
When you next meet with your friends, you sync SplinterNet with them. They now have your photo and will spread it to their friends.
You also now have all their messages, which includes photos taken of protests happening in other parts of the country.
Any person who can reach a working Internet connection can post all of these photos to any sharing service or send directly to journalists to publicize.
This could become very popular in parts of India. I could see people using this share photos/songs with their friends.
How about a Twitter client that in a non-internet situation can just share locally and then when anyone gets internet access it auto-pushes the tweets out. Logistics / permissions are complicated I realize, but a 'layer' on top of Twitter would be ideal.
Or build a website that can account for geographical data, sending you only relatively close peoples messages in order 'store' and potentially transmit only the ones that are important.
The thing here is to have three or four really good fall back ways of sharing, overall I thing it's a really neat idea, and I'll start using it and sharing the concept/code as much as I can :)
I ask this from a fairly clueless, out-of-date perspective, but are the current Bluetooth stacks and implementations robust enough at this point to trust? (Aside from all the higher level stuff.)
P.S. I agree with what I think is the principle behind this -- I have for some time, with respect to freedom on the Internet and its like. That being that the only true security and reliability will come from owning and controlling the physical layer.
I also like that, unlike with autonomous wifi access points, the signal might be able to hide -- and move about -- within a larger sea of Bluetooth connectivity and at lower powers and therefore exploitable ranges. If I'm thinking about this at all correctly (I'm unsure).
What happens if we take this idea and instead encrypt the messages using PGP. If bluetooth wasn't so crazy on power consumption you could delivery peer to peer SMS's. It would probably take a while though for delivery to happen if you weren't walking around syncing with other nodes.
We are considering as a next step having signed messages so you know at least two messages came from the same person. We want to maintain anonymity to protect posters, but it'd be interesting to know that posts were at least coming from the same person. I'm not sure this is what you're talking about though, sounds like you're more meaning person to person private messaging right?
This is neat. But. If this took off, and was actually being used by people...
...and the authorities, or any other attacker, wanted to disrupt the system -- they could just put all sorts of devices in the area distributing an incredibly high volume of spammy messages. As you circulated and downloaded messages from other nearby devices over bluetooth -- the legit messages from good actors would be overwhelmed by the spam messages, taking up all your storage space and making it hard to notice the legit messages.
I was thinking about this, but then read this thread, and it occurs to me there may be some solution involving crypto, whitelisting certain signatures as 'known good actors', or even a web of trust thing. But yeah, that also could compromize the desired anonymity.
And it's also probably true not to bother designing for a hypothetical problem/attack, the actual problem/attack will be subtly different. Still, I see a lot of these systems that are _really neat_ tricks, but seem to me like they would break down if they actually became popular, they work only as neat tricks.
But yeah, I also really like the idea of private person-to-person (or person-to-known-group) encrypted messages -- they could even be distributed over participating third parties devices right? Author walks by person X, who's device picks it up but can't actually read it, and later hands it off to person Y, one of the intended recipients, who can read it. I'm not sure if that would end up actually being useful or not, but it would be NEAT.
[I'm the co-creator of this project] I think that because this is a "human network", you wouldn't get those kinds of problems. People won't be synching with random strangers in the street, they will be synching with people they know and trust. Data will spread via "six degrees of separation". Think of it is just a more convenient form of USB thumb-drive sneakernets.
I think PGP signing could be a great way to prove authorship on publicly available messages (in those cases where rather than anonymity one does want to definitively know who wrote a message).
EDIT:
If you are not already familiar with it, take a look at the PGP web of trust idea to get a better feel for the "proven authorship" use case. Some linux distros use PGP keys to prove authorship of software. http://en.wikipedia.org/wiki/Web_of_trust.
Considering the power consumption, bandwidth, etc., 802.11 Ad-hoc networks might be a great choice for this concept. Plus there's already OLSR[1] for handling multi-hop packets. Unfortunately currently mobile devices are only equipped with one 802.11 adapter and it can be either ad-hoc mode or Wifi-client at one time.
I was talking a little bit about this in a comment down below, but android just added adhoc wifi networking (in v4.1 maybe?) so it's not too widespread. iOS has had it for a while, but the app is currently android only, which seems to be the most appropriate OS for the project anyway.
Either way it'd be great to support it for those power reasons you mention and for how much faster it would be to sync.
The problem is that a wireless (802.11) interface can only join one SSID, and work in one of the modes (ad-hoc, wifi, AP) at one time. If like current phones on which there's only one wireless interface, when people are connected to Wifi, they won't be able to use ad-hoc.
I've been hoping there's a company coming out with a phone/tablet with two 802.11 interfaces, so I can stay on Wifi and at the same time join an ad-hoc network :-)
I'm not exactly sure how the adhoc stuff works on android but there's a specific api for it which is usually used for local gaming. In any case the use case for this app is that the Internet is shut down in your ___location so you probably don't want to connect to it anyway.
I'm not sure how far Android goes to sandbox you, but you might be able to write an app that runs in the background to detect/manage/switch-between network interfaces depending on what the intent of the user is at that moment. It'd be a handy little tool if it worked.
Bluetooth LE has very low energy (heh) consumption and a 50m range. A short walk in public should be enough to collect the most recent messages, if not just standing by a window on a busy street.
As an alternative, could just run your own little web server[1] on an Android device and use wireless tethering + WPA2 to allow local users to connect (or leave it open so people stumble upon it and use HTTPS). It would have a slightly larger range than bluetooth as well.
Still a cool little project the OP has there though and I'm sure they learned quite a bit while doing it.
Brilliant! But here's the thing - iPhone users can't accept files with other normal bluetooth users, except other Apple devices. So I suppose this app has found a way to overcome this limitation?
The app is Android only at the moment, so there's that, but also it actually doesn't use bluetooth file exchange, just connects via bluetooth and sends a data stream which can include encoded photos. Actually on iPhone it would be a little easier because P2P wifi connections have been standard for a few OS versions (they're new in Android), so the connection would be a little easier to establish and way faster.
This reminds me of my final year project :)
https://github.com/imarihantnahata/Bluetooth-Manager
We implemented DYMO routing protocol over Bluetooth for Android devices and then created Chat, Messaging and File Sharing services over the basic routing framework that we created.
Yes,we do open connections to multiple devices, 7 being the maximum limit of the Bluetooth stack. We also have a thread that runs every 10 seconds and checks the last time a message was send to a device. if the time is greater than 300 seconds then we used to disconnect that device so that new devices could add to the topology.
I see, so the use case here is real time messaging and chat? Like if there's a lot of people in a given area they care fire this up and talk? That sounds pretty awesome. We were going more for a slowly propagating P2P effect that might take days for a message to reach someone farther away, but I like the sound of what you've got there too.
No actually I don't think we do, but I'll check since that would obviously be a big problem. If you get a sec would you open an issue for us so we remember? Thanks for pointing this out.
This is such a cool project! I have it on my phone now, though I haven't had the chance to give transferring anything a shot.
Is there any possibility of eventually adding settings to do things like make the "delete all messages" button a one-press affair, instead of having to go through a confirmation? Those crucial couple of seconds could be the difference between securely deleting your info and giving it all up to Totalitarian Regime X.
This would be a great use for something like the chirp.io[1] protocol (data over audio). It would be much easier to use, compatible with all kinds of phones and devices, and messages could be broadcast over PA systems, radios, megaphones. Not practical for images though.
Messages and media with this system aren't sent by audio as the website and this description portray. They are uploaded to a bog-standard webserver, and the reference (URL) is sent with audio.
What's the point of that? Especially as this discussion has it's roots in an offline, censorship free communication system.
Why not create a P2P server that runs on something simple like a raspbery pi to provide supporting backbone for the network. They are cheap and small. This could make an awesome kickstarter project. Maybe make it like a keychain that wakes up every 5-15 minutes to update/broadcast messages
There is a project like that, in fact (full disclosure: I am the developer): https://github.com/danstaples/MediaGrid. I bet SplinterNet could integrate well with such a backbone network.
Will this promiscuously share with any other reachable running instance? Does that, combined with anonymity, create a risk that an adversary could distribute misinformation directly to protesters via this app?
No, for power reasons and the way that bluetooth works you have to expressly put the app in sync mode with someone nearby, which isn't ideal but is a good start. That being said anyone can post anything so there's certainly the option for adversaries to propagate their own information.
What happens when the cops find me with a phone full of pictures of them beating people up? I can imagine they may seek to remonstrate. Perhaps add a plausible deniability true-crypty bit?
There's actually a panic button in the app which resets to an innocuous set of stock photography. It's not perfect, but it's better than being caught in a situation that you're describing.
Is the "innocuous" photography configurable? It seems like if a cop finds a bunch of pictures that can't possibly have been taken near where the phone was found, by the person carrying it, they'll easily know something is off.
this is very cool!, last year we had a same idea. but we didn't finish it.
at first, we decided to build a microblog which relies on geolocation to find nearby blogs. but the content is actually hosted on a server.
but later, we had more and more ideas added to the project, it got too huge, we eventually gave up.
-authorities won't care msgs are anonymous and will assume you wrote them or know who did if your phone is seized, you will get rubber hosed anyways
-just having the app on your phone means guilty of dissent if arrested the erase function pretty useless. should camoflauge the app
-wandering around with bluetooth enabled while your adversary is a despotic regime with money to buy corporate intelligence contractor provided sophisticated malware and spyware is dangerous. hey here's my phone wide open for you to exploit even better, create spyware that jumps from phone to phone as we pass msgs you can create a virtual listening network to spy on the entire revolution
-intel can be changed by agents or censored before being passed on
to pass the app between devices could use nfc or wifi but that would also be dangerous to leave on all the time should agents get close enough to you and exploit your nfc to copy contacts or inject spyware, or wifi.
that said this is better than nothing which is the alternative
This could be particularly problematic if you're targeting an internet blackout situation, because people will likely use the tools they have until they can't anymore, at which point it will be too late to download yours.
So you might think about positioning it differently, or coming up with an application for it that people will enjoy outside of a crisis situation, so that it will be one of those tools that people already have.