
Lulzlabs AirChat: Free Communications For Everyone.  - jamesbritt
https://github.com/lulzlabs/AirChat
======
jgrahamc
As a radio amateur may I say... ugh. Most amateur radio licenses prohibit
encrypted communications. And for good reason: the ham bands are a shared
resource, they are not there for private conversations.

Here's the relevant regulation in the UK license: "11(2) The Licensee shall
only address Messages to other Amateurs or to the stations of those Amateurs
and shall not encrypt these Messages for the purpose of rendering the Message
unintelligible to other radio spectrum users."

The idea, in the AirChat proposal, that institutions like the FCC, OFCOM, etc.
are 'evil' because they regulate spectrum is ridiculous. The only reason we
can communicate successfully on radio is because someone is regulating who
gets to use what and how. The AirChat proposal mentions using the Yaesu
FT-897D for test transmissions. That's a ham radio operating in the specific
bands licensed for hams to use. So, these guys are (a) breaking the law (which
they don't care about) and (b) messing things up for other radio users.

~~~
eternalban
> ... shared resource ..

I don't understand this. Roads are a common resource but (so far) we're not
forced to ride only in buses. Also, one can have a conversation in a 'cryptic'
language, or is that prohibited as well ? :)

~~~
jgrahamc
Yes, one can have a conversation using 'cryptic' language. For example, it's
common to hear Q-codes used
([http://en.wikipedia.org/wiki/Q_code);](http://en.wikipedia.org/wiki/Q_code\);)
they are cryptic unless you know what they are. They are not, however, secret.

I fail to understand your analogy about buses and cars.

Amateur radio is about amateurs learning about, improving and using radio. It
is not about private conversations. If you allow encryption on the amateur
bands then you are de facto excluding others. Part of the joy of amateur radio
is picking a transmission out of the air, listening to it or 'decoding' (not
in the cryptographic sense) the transmission scheme used.

I would suggest that Lulzlabs people look at not using an amateur radio band.
There are unlicensed bands that they could use for this purpose. e.g.
[http://en.wikipedia.org/wiki/ISM_band](http://en.wikipedia.org/wiki/ISM_band)

------
fredsted
The source file is a big mess, 4chan slang everywhere, twitter authentication
code, rss reader code (WTF? Why?), random commented code, "nones" and "yeah"
strings instead of booleans, random HTML scattered everywhere, I could go on.

This just seems silly and insecure. Noone in their right mind would use this
for any kind of serious secure communication. Personally I'd wait for someone
to remove all the extraneous stuff, make a real protocol definition and make
this modular (for example, split the web-interface from the server).

Great idea though, and a nice proof-of-concept, I'd give them that. There
might be a real need for something like this when governments shut down or
block internet connectivity.

~~~
carlesfe
If you watch the video you can see that the RSS code is used to receive RSS
feeds (I guess for those people who don't have internet access) and the
Twitter auth is used similarly to receive Twitter updates (e.g. they show
:twittersearch=#syria)

The video is quite interesting, it shows the proof of concept.

I agree about the source code though, they have tried too hard being "lulz" at
the expense of readability.

This project is very, very interesting. Unfortunately it requires some
investment in the radio equipment, but I can see in a few months some Arduino
bundles with this code and the radio antenna...

~~~
fredsted
I may have been too harsh in my original reply also; the author has some
comments on github about a code review that was done:
[http://cl.ly/2A0b093d3i3N](http://cl.ly/2A0b093d3i3N)

------
falcolas
There's a lot of problems with using radios (particularly ham radios) for
this:

1) "over-regulated by evil organizations like the FCC and similars shits
around the world" yet using technology that is only available for use
_because_ of the FCC. If the FCC didn't set aside radio frequency bands for
non-commercial use, this project would be infeasible because the radio bands
would be in use already. The FCC and its ilk is the only real reason that ham
operators can operate - the frequencies have been set aside for licensed
amateur use.

2) "transmissions are anonymous" but only in data - radio location is as old a
location technology as radio itself. Many GA aircraft still use radio beacons
as fallback when GPS and VOR signals go down. It's simple, anybody can do it,
and unless you're on the move, you will be found.

3) "We don't give a fucking shit about prohibitions over the use of
encryption. fuck you NSA." And yet it's probably not the NSA who will care the
most, but the FCC (ironically the group with the specialized equipment vans
capable of finding you). Worse, if too much non-licensed, encrypted
communication happens over radio (especially the frequencies reserved for ham
radio), it's possible that the FCC will revoke the non-commercial use of the
airspace, which would cause a whole host of other problems. That frequency
space (which includes a number of harmonic frequencies throughout the radio
spectrum from ULF to UHF) is ridiculously valuable, because it's a finite and
highly contested resource.

I applaud the concept and idea, and cringe over the consequences and ignorance
thereof.

------
xwintermutex
I have been wanting to create something similar for years. Before I had access
to the Internet, I used "packet radio", a CB-radio based network (there
were/are amateur radio band versions too). The whole Netherlands, as well
parts of Europe, were wireless connected (at 1200 baud) and one could send
messages via the network of nodes from one side of the country to the other
side, usually within days. Or chat with people one could contact directly
(usually within ~10 km iirc).

At that moment I didn't realise how awesome it was, but in retrospect it was
pure self-organised anarchy, without any commercial or governmental
interference.

Regarding this AirChat, it is sad that they, as it appears to me, did not make
usage of the expertise from the amateur radio community. Still, I believe that
it has potential.

~~~
explorigin
I can't speak for Netherlanders but over here in the US, all forms of
encryption on the amateur radio bands are illegal. (Of course if you're trying
to topple your government, arab spring style, I guess that doesn't matter so
much.)

Be careful kids, you're playing with fire.

------
snops
There is a good initial code review which points out the alarming bug that
keys are _hardcoded_ in the symmetrical encoding mode, and can be found in the
source!

"Basically the script encrypts a randomly generated ephemeral key using RSA
but then ignores it and uses the above hardcoded key for symmetric
encryption."

[1] [http://www.daemon.de/blog/2014/04/25/351/code-review-
lulzlab...](http://www.daemon.de/blog/2014/04/25/351/code-review-lulzlabs-
radio-airchat/)

------
chm
Here's a link to the PDF[1] which contains some details about what this does
and how it works. And here's an excerpt:

"We ended up with a simple protocol packet: the Lulzpacket. This simple packet
contains information to verify there was no corruption during the transmission
and a random code to pseudo-identify the packet. We define the addresses of
nodes in the net by their ability to decrypt a given packet. Addresses are
derived from the hashes of asymmetric encryption keys, Every radio node
defines its own address by the pair of keys it has generated for itself and
the addresses change if users choose to regenerate their keys. Each node only
cares for what is being received. No hardware identification, no transmitter
plain identification. only packets matter. transmissions are anonymous.
whenever an address is needed to reply to a packet, it is encrypted inside the
packet. Packets targeting specific addresses are encrypted and they must be
decrypted by the private key only the target possesses. Anyone trying to spoof
an address will not be able to decrypt the packet."

[1]:[https://github.com/lulzlabs/AirChat/blob/master/Airchat-
Rele...](https://github.com/lulzlabs/AirChat/blob/master/Airchat-
Release.pdf?raw=true)

------
tomaskafka
This is a lol beginning of something big - imagine a hardware startup making
$50 radio dongles that create encrypted p2p mesh network. It would be slow,
but with 20+km range, it could be really useful really fast and almost
worldwide.

Big part of this would need to be software stack that would replace DNS
(centralized, single source of truth) with something distributed (every P2P
mesh can have it's own 'domains' \- let's just assume there is no way to
coordinate globally except each subnet having different random prefix).

Combine with encrypted tunnels over the old compromised internet to link the
cities together.

Fck ISPs, fck mobile operators and their builtin surveillance. Impossible to
turn off, government-proof, apocalypse-proof...

~~~
twobits
So, living in a "democracy", can we petition / make the gov allow us that?
"We, the people, want this spectrum for our own uses." Can we?... Lol. Sad
lol.

------
wyager
Nifty, but looks a bit cluttered. There's stuff in there for twitter,
webservers, etc. etc., and it's all in one giant file.

This is probably not super useful for anyone who wants to deploy practical
infrastructure with audio transceivers. See tools like dsptunnel for IP-over-
audio solutions.

------
doctorfoo
The guy who made this is one of the Lulzsec guys, and recently got out of
jail: @APT1337

------
lukeholder
>I want to cyber my girlfriend (who lives 20 miles away) without having NSA
agents fapping to it, can I use this for it?

>ofc, man. thou we require your girlfriend to deliver tits or gtfo. (sorry but
it's needed to help us on the datamining of frequencies usage and transmission
mode performance raw data through our Hadoop cluster of ARM servers, all those
pix will be used for the datalink test.. err...derp)

This is sexist filth.

~~~
lukeholder
edit: maybe sexist is the wrong word? But for a project that wants "to build
up our sense of community and stand up for our future and rights" the tone of
the entire readme is overly sexualised and just unnecessary.

~~~
Ntrails
Honestly I am mostly just shocked that at no point was there an ASCII
hello.jpg

The code, the readme, and all the other bits are in standard "lulzsec" tone.
There is no dissemblance to feign respect for your sensibilities, they don't
care. At least they're honest.

~~~
melville_X
Topiary aka Jake Davis from Lulzsec had funnier and more tasteful writing than
this. HN back in their defacement days always commented on the quality of the
writing. This sounds a bit wannabe, which is a shame since 4chan tends to be
obsessed with not rehashing tired content.

------
jerknextdoor
Between the lulzspeak and the over-my-head jargon I'm not completely clear,
but is this sms/twitter/email for ham radio? .... Because that's potentially
amazing. Beyond what this could do for communication in the situations it
suggests I can think of a lot of fun stuff to do with something like that.

------
rdl
This is still incredibly DF-able, as well as RF fingerprinting of the
transmitter.

I'd be very interested in an SDR application which strove for undetectable
communications, either super high chirp rate FHSS or UWB.

In practice, you're probably best off by masquerading as another
communications technology and hiding your traffic within that, rather than
trying to use long-haul broadcast RF to hide your location. A common technique
if you do need to radiate a lot of RF and don't want to be DF'd is to remote
the transmitter from yourself over some other protocol -- a separate point to
point radio link, or stored communications, or an IP/PSTN/etc. link. This is
how a lot of pirate radios, military radios and radars, etc. work -- the
emitter is at risk, but as long as you can break the link between emitter and
controller, that's not the end of the world.

------
codecondo
so, where do these people hang out on the depths of the web? any forums that
actively discuss this type of stuff? i'm dead serious, haven't looked at that
side of things for a long time, just curious what has changed.

------
jqueryin
Can someone touch on the legalities of using a radio band frequency in the
U.S.? I didn't skim the source, so my presumption was it's within a reserved
band.

------
oliwary
I wonder if this algorithm could be used to avoid collision if many send at
the same time:

[http://en.wikipedia.org/wiki/Self-
Organized_Time_Division_Mu...](http://en.wikipedia.org/wiki/Self-
Organized_Time_Division_Multiple_Access)

It assigns time slots to users without the involvement of a central station.

------
harrystone
They're really re-inventing the wheel here, there's nothing there that fldigi
or soundmodem doesn't do better. AX.25 is built into linux. With that,
soundmodem, and a radio you can route whatever traffic want over a radio link.

On the bright side maybe this will help encryption become legal for ham radio.

------
brador
Why radio, which needs extra equipment, and not wifi which comes built in to
every laptop?

~~~
xwintermutex
Not to nitpick, but wifi is radio. The propagation of radio waves depends on
their frequency. The frequency wifi operates on is in the GHz, which mostly is
line-of-sight only. This is not always practical. See [1] for an overview of
frequency and propagation.

[1]:
[http://en.wikipedia.org/wiki/Radio_propagation](http://en.wikipedia.org/wiki/Radio_propagation)

------
anonbanker
Beautiful. I'll be playing with this on the weekend.

------
wingerlang
"Lulzlabs", really?

~~~
shekhar101
What's wrong with it? (Seriously)

~~~
sillysaurus3
Programmers seem naturally inclined to name their projects or companies
inappropriate names. I once thought about writing an open source Bitcoin
exchange focused on security. When I was trying to think of what to call the
software, I named it the "s-exchange" library (short for "secure exchange").
Eventually I shortened the name to "sexchange," did a double-take, burst out
laughing, then debated whether or not to keep it. The temptation was strong.

I'm not one to really care about what other people think, but on the other
hand, there's no reason to portray yourself in a negative light needlessly.
It'll just alienate people from your goals for no reason.

~~~
lukeholder
it gets worse though:
[https://github.com/lulzlabs/AirChat/pull/6](https://github.com/lulzlabs/AirChat/pull/6)

~~~
fredsted
So, wait, it's OK when you switch the gender?

~~~
aw3c2
It's OK cyber with anyone. Do whatever your sexual desires are (as long as
they are legal).

