
Show HN: P2P microblogging over Bluetooth to avoid government censorship - matt2000
https://github.com/megamattron/SplinterNet
======
moxie
This looks like a great project. My only feedback is that in these types of
situations, the tendency is for people to use the tools they already have. For
the London riots that was BBM, for Tunisia and Egypt that was Facebook and
Twitter.

This could be particularly problematic if you're targeting an internet
blackout situation, because people will likely use the tools they have until
they can't anymore, at which point it will be too late to download yours.

So you might think about positioning it differently, or coming up with an
application for it that people will enjoy outside of a crisis situation, so
that it will be one of those tools that people already have.

~~~
matt2000
This is a great point. We were trying to figure out a way for people to first
pass the app between devices locally so it could spread and be used in a
situation where the internet was down, but we haven't figured anything out
there yet. Maybe your idea of figuring out a use for it before that situation
arises is a better idea.

~~~
stewie2
I think the app itself should be installable through bluetooth. if another
user doesn't have this app installed, the app should be able to transfer its
apk package to the user via bluetooth.

~~~
moxie
The potential problem is that you've just described a malware author's dream.

I know it's probably an unpopular opinion, but I don't believe that we should
be distributing APKs outside of the Play channels. It takes us back to the PC
distribution model, with all of the associated security and usability
problems.

~~~
matt2000
Yeah exactly, and this seems to be the reason that android doesn't allow apks
to be sent over Bluetooth, so we haven't really found a solution so far unless
you count swapping SD cards.

~~~
Dove
Really? Perhaps you know more than I do, but Android "not allowing apks to be
sent over Bluetooth" seems pretty unlikely to me.

It doesn't allow you to easily get _at_ apks you've downloaded from the Play
store, if that's what you mean, but I think that's just an anti-piracy
measure. An apk you've downloaded from somewhere else is, as far as I can
tell, just another file. I can't imagine why (or how!) it'd stop you from
exchanging them, particularly if you have some sort of custom Bluetooth
client.

Does it really try to stop you?

~~~
matt2000
Yeah if I remember correctly the built in Bluetooth file transfer actually
won't send an apk, which was definitely surprising to us too. We could send it
over our custom app, but that's the problem - what we're trying to send is the
custom app itself.

~~~
stewie2
I always send my apk via email, and my friends will install it. what's the
problem with that? apk is a file, just like jpeg, mp3. rename it to whatever
you like and then transfer.

~~~
gabriel34
You'd have to check if the block is solely based on the extension. If so, what
about disguising it in a videofile with instructions on how to set it up?

------
pasbesoin
I ask this from a fairly clueless, out-of-date perspective, but are the
current Bluetooth stacks and implementations robust enough at this point to
trust? (Aside from all the higher level stuff.)

P.S. I agree with what I think is the principle behind this -- I have for some
time, with respect to freedom on the Internet and its like. That being that
the only true security and reliability will come from owning and controlling
the physical layer.

I also like that, unlike with autonomous wifi access points, the signal might
be able to hide -- and move about -- within a larger sea of Bluetooth
connectivity and at lower powers and therefore exploitable ranges. If I'm
thinking about this at all correctly (I'm unsure).

------
jtchang
What happens if we take this idea and instead encrypt the messages using PGP.
If bluetooth wasn't so crazy on power consumption you could delivery peer to
peer SMS's. It would probably take a while though for delivery to happen if
you weren't walking around syncing with other nodes.

~~~
matt2000
We are considering as a next step having signed messages so you know at least
two messages came from the same person. We want to maintain anonymity to
protect posters, but it'd be interesting to know that posts were at least
coming from the same person. I'm not sure this is what you're talking about
though, sounds like you're more meaning person to person private messaging
right?

~~~
jrochkind1
This is neat. But. If this took off, and was actually being used by people...

...and the authorities, or any other attacker, wanted to disrupt the system --
they could just put all sorts of devices in the area distributing an
incredibly high volume of spammy messages. As you circulated and downloaded
messages from other nearby devices over bluetooth -- the legit messages from
good actors would be overwhelmed by the spam messages, taking up all your
storage space and making it hard to notice the legit messages.

I was thinking about this, but then read this thread, and it occurs to me
there may be some solution involving crypto, whitelisting certain signatures
as 'known good actors', or even a web of trust thing. But yeah, that also
could compromize the desired anonymity.

And it's also probably true not to bother designing for a hypothetical
problem/attack, the actual problem/attack will be subtly different. Still, I
see a lot of these systems that are _really neat_ tricks, but seem to me like
they would break down if they actually became popular, they work only as neat
tricks.

But yeah, I also really like the idea of private person-to-person (or person-
to-known-group) encrypted messages -- they could even be distributed over
participating third parties devices right? Author walks by person X, who's
device picks it up but can't actually read it, and later hands it off to
person Y, one of the intended recipients, who can read it. I'm not sure if
that would end up actually being useful or not, but it would be NEAT.

~~~
pents90
[I'm the co-creator of this project] I think that because this is a "human
network", you wouldn't get those kinds of problems. People won't be synching
with random strangers in the street, they will be synching with people they
know and trust. Data will spread via "six degrees of separation". Think of it
is just a more convenient form of USB thumb-drive sneakernets.

------
yareally
As an alternative, could just run your own little web server[1] on an Android
device and use wireless tethering + WPA2 to allow local users to connect (or
leave it open so people stumble upon it and use HTTPS). It would have a
slightly larger range than bluetooth as well.

Still a cool little project the OP has there though and I'm sure they learned
quite a bit while doing it.

[1] <http://hex.ro/wp/blog/nginx-on-android/>

------
neya
Brilliant! But here's the thing - iPhone users can't accept files with other
normal bluetooth users, except other Apple devices. So I suppose this app has
found a way to overcome this limitation?

~~~
matt2000
The app is Android only at the moment, so there's that, but also it actually
doesn't use bluetooth file exchange, just connects via bluetooth and sends a
data stream which can include encoded photos. Actually on iPhone it would be a
little easier because P2P wifi connections have been standard for a few OS
versions (they're new in Android), so the connection would be a little easier
to establish and way faster.

~~~
neya
Thanks for the clarification, Matt. Cheers!

------
unix-dude
Will I ever use this: Almost definitely no.

Do I think its really cool?: Hell yes.

------
glomph
I think it would make sense to have web based nodes to make it more useful
_before_ internet access is cut in order to increase adaptation.

------
arihantnahata
This reminds me of my final year project :)
<https://github.com/imarihantnahata/Bluetooth-Manager> We implemented DYMO
routing protocol over Bluetooth for Android devices and then created Chat,
Messaging and File Sharing services over the basic routing framework that we
created.

~~~
matt2000
Hey this seems really cool, I'll have to read up on how you do some of this
stuff - do you keep bluetooth connections open to multiple other devices?

~~~
arihantnahata
Yes,we do open connections to multiple devices, 7 being the maximum limit of
the Bluetooth stack. We also have a thread that runs every 10 seconds and
checks the last time a message was send to a device. if the time is greater
than 300 seconds then we used to disconnect that device so that new devices
could add to the topology.

~~~
matt2000
I see, so the use case here is real time messaging and chat? Like if there's a
lot of people in a given area they care fire this up and talk? That sounds
pretty awesome. We were going more for a slowly propagating P2P effect that
might take days for a message to reach someone farther away, but I like the
sound of what you've got there too.

------
chairmankaga
I noticed you handle images, but do you scrub the EXIF data?

~~~
matt2000
No actually I don't think we do, but I'll check since that would obviously be
a big problem. If you get a sec would you open an issue for us so we remember?
Thanks for pointing this out.

------
re_chief
This is such a cool project! I have it on my phone now, though I haven't had
the chance to give transferring anything a shot.

Is there any possibility of eventually adding settings to do things like make
the "delete all messages" button a one-press affair, instead of having to go
through a confirmation? Those crucial couple of seconds could be the
difference between securely deleting your info and giving it all up to
Totalitarian Regime X.

------
ricardobeat
This would be a great use for something like the chirp.io[1] protocol (data
over audio). It would be much easier to use, compatible with all kinds of
phones and devices, and messages could be broadcast over PA systems, radios,
megaphones. Not practical for images though.

[1] <http://chirp.io>

~~~
nwh
Messages and media with this system aren't sent by audio as the website and
this description portray. They are uploaded to a bog-standard webserver, and
the reference (URL) is sent with audio.

What's the point of that? Especially as this discussion has it's roots in an
offline, censorship free communication system.

You'd be better off using SSTV — <http://en.wikipedia.org/wiki/Slow-
scan_television>

~~~
ricardobeat
That's why I said it's not practical for images, but the rate is enough for
short texts.

If only mobile phones had good, configurable radio transmitters...

------
pablisco
Why not create a P2P server that runs on something simple like a raspbery pi
to provide supporting backbone for the network. They are cheap and small. This
could make an awesome kickstarter project. Maybe make it like a keychain that
wakes up every 5-15 minutes to update/broadcast messages

~~~
danarky
There is a project like that, in fact (full disclosure: I am the developer):
<https://github.com/danstaples/MediaGrid>. I bet SplinterNet could integrate
well with such a backbone network.

------
jcoder
Will this promiscuously share with any other reachable running instance? Does
that, combined with anonymity, create a risk that an adversary could
distribute misinformation directly to protesters via this app?

(EDIT: rephrased as question)

~~~
matt2000
No, for power reasons and the way that bluetooth works you have to expressly
put the app in sync mode with someone nearby, which isn't ideal but is a good
start. That being said anyone can post anything so there's certainly the
option for adversaries to propagate their own information.

------
ciderpunx
What happens when the cops find me with a phone full of pictures of them
beating people up? I can imagine they may seek to remonstrate. Perhaps add a
plausible deniability true-crypty bit?

~~~
matt2000
There's actually a panic button in the app which resets to an innocuous set of
stock photography. It's not perfect, but it's better than being caught in a
situation that you're describing.

~~~
andrewflnr
Is the "innocuous" photography configurable? It seems like if a cop finds a
bunch of pictures that can't possibly have been taken near where the phone was
found, by the person carrying it, they'll easily know something is off.

------
danarky
This looks like an awesome project! Another similar one to check out is called
Refuge: <http://refuge.io/>

------
akhilpai
This is great! I imagine it can also be used for areas of low connectivity or
high traffic. (e.g. rural guy & postman, hurricane affected areas)

------
funkwyrm
I've always wondered this: why can't this same idea be applied to wifi signal?

Is it truly impossible to make wifi behave in a peer-to-peer/mesh network
fashion?

~~~
danarky
Wifi mesh networking has definitely been done. Android hasn't officially
supported ad-hoc until recently, so it's been difficult (but possible).

------
stewie2
this is very cool!, last year we had a same idea. but we didn't finish it. at
first, we decided to build a microblog which relies on geolocation to find
nearby blogs. but the content is actually hosted on a server. but later, we
had more and more ideas added to the project, it got too huge, we eventually
gave up.

------
commoncents
What is the protocol being used for mesh routing? Has this been built on top
of B.A.T.M.A.N?

------
NatW
could this be a real start to internet of things?
<https://en.wikipedia.org/wiki/Internet_of_Things>

------
spotme
What is the licensing for SplinterNet source, please?

------
ritrit
maybe have a look at secushare.org

------
derpmaster
some problems with this

-authorities won't care msgs are anonymous and will assume you wrote them or know who did if your phone is seized, you will get rubber hosed anyways

-just having the app on your phone means guilty of dissent if arrested the erase function pretty useless. should camoflauge the app

-wandering around with bluetooth enabled while your adversary is a despotic regime with money to buy corporate intelligence contractor provided sophisticated malware and spyware is dangerous. hey here's my phone wide open for you to exploit even better, create spyware that jumps from phone to phone as we pass msgs you can create a virtual listening network to spy on the entire revolution

-intel can be changed by agents or censored before being passed on

to pass the app between devices could use nfc or wifi but that would also be
dangerous to leave on all the time should agents get close enough to you and
exploit your nfc to copy contacts or inject spyware, or wifi.

that said this is better than nothing which is the alternative

------
WizardlySquid
I almost thought this was a joke at first; kind of wish it was.

