[PET] anonymous messaging via vibe?
jonathan.anderson at cl.cam.ac.uk
Tue Oct 18 10:06:43 BST 2011
Since anyone nearby (or, more precisely, anyone who *says* they're nearby) can read a vibe, it's certainly not private.
As for anonymity, the best-case scenario is probably that the app uses TLS to talk to a central message server which behaves a little bit like a mix. In this scenario, everybody can read the vibes and observe approximate timing, and the telco can do traffic analysis, so "anonymity" depends mostly on how identifying your messages are and how mixey the mix is (I suspect, not very mixey). On the other hand, since the developers aren't talking about security at all, they're probably just sending cleartext over your 3G connection, so the telco knows exactly who said what, and can link it to your IMSI, Visa number, billing address...
Something more appropriate for protests would use one (or several) of the other radios in the phone to distribute local messages... the trade-offs between speed of dissemination and security are interesting. You might want to send a message like "the march is starting!" in plaintext via all media, to spread quickly, whereas "my thoughts about why this protest is important, and what you should do" are probably not as time-sensitive, and probably more security-sensitive (since they identifiy you as a leader). I'm not aware of a system like this; it would be very cool. A Git-like distributed Twitter would solve the first problem, but I'm not sure about the second.
Research Student, Security Group
University of Cambridge
+44 (1223) 763747
jonathan.anderson at cl.cam.ac.uk
On 14 Oct 2011, at 11:12, Seda Guerses wrote:
> anybody know anything about what the developers of vibe mean when they say "vibe sends anonymous messages"? is there something more reasonable out there currently?
> The mobile app 'Vibe' that lets its users broadcast anonymous messages* to
> those nearby* has become an organizing tool of the Occupy Wall Street
> "It is anonymous, but that's not to say someone with access, a phone company
> or the police, isn?t listening in on what?s being posted,? creator Hazem
> Sayed said. "We just don't collect any information around the people who are
> posting or require them to give us their phone number."
> Vibe download page:
> *Occupy the Web Hackathon*
>> From http://www.eventbrite.com/event/2325537746/efbnen :
> There's a movement growing across this country. Thousands of people are
> saying that they've had enough of Wall St, DC, and an economy that only
> works for 1% of us.
> To support and expand this movement, we're organizing a last minute
> hackathon. *Our goal is to get a room full of programmers, designers,
> artists and anyone else who's interested, all working on hacks and tools to
> make the movement stronger. *
> We'll kick things off Friday night with some overviews of whats happening
> and form teams. We'll finish Saturday evening with presentations.
> Few other notes:
> - To keep things grounded, we're reaching out to various occupations
> across the country to get a wishlist of what they'd like built. We'll also
> have a few folks from various campaigns and organizations there to give you
> more insight in what will be useful.
> - There's no prize money here. This is being organized by a group of
> volunteers. But, at the end of the day on Saturday, we'll have presentations
> and vote on an audience favorite.
> - We're doing this fast and with not a lot of resources. If you'd like to
> help out, please contact us at occupyhack at gmail.com. We could use help
> with promoting the event and logistics during the day.
> - If you've got an API or dataset that you think could be helpful, please
> contact us at occupyhack at gmail.com. If you'd like to sponsor the event,
> we'd love to hear from you too ;)
> Ground Rules:
> - Everything made should be open source
> - No black hat (ie we're hacking to support #occupywallst, not hacking
> Wall St ;)
> PET mailing list
> PET at lists.links.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the PET