
Could This App Create A Free, Secret Web? - chippy
http://www.forbes.com/sites/parmyolson/2014/06/05/could-this-app-create-a-free-secret-web/
======
ENGNR
Just a caution because it's not clear from the article or app, Open Garden
volunteers your mobile data connection. That seems to be the intended purpose
for meshing your personal devices, but it volunteers your connection to the
entire mesh, ie everyone nearby[0].

That'd be fine for eg my home wired connection (especially if bandwidth
throttled so mostly for the use of firechat), but metered cell data could
potentially be blown just by sitting near someone with a laptop that wants to
do an update... it seems like something you'd want to warn people of and not
hide in a forum post.

0: [http://forum.opengarden.com/discussion/345/i-want-to-know-
is...](http://forum.opengarden.com/discussion/345/i-want-to-know-is-it-open-
garden-sharing-internet-connection-for-my-devices-only/p1)

------
schoen
I'd like to hear more of the story of how mesh supposedly avoids surveillance.
I talked to a few people working on mesh projects (not Open Garden) who
readily admitted that a spy node could join the mesh and monitor user traffic
(even apart from the possibility of passive wireless monitoring).

Does "secret web" here just mean "normally within your own city and not using
someone else's faraway data center as an intermediary"? Or is there a stronger
privacy claim? I don't see one in the Forbes story.

~~~
vidarh
Depending on project, some aims for obscuring or hiding the ultimate
source/destination from intermediary nodes, as well as ensuring end-to-end
encryption of _all_ data.

Generally the idea seems to be that the mesh functionality is there to prevent
blackouts, while the surveillance avoidance is down to layering encryption to
various extents.

Key to surveillance avoidance then becomes to get enough "legitimate" traffic
over such a network that just monitoring traffic amounts isn't enough to look
for potential suspects.

------
pkulak
But you still need to get out to the main internet somehow right? And then
whichever poor sap has an outgoing connection is going to end up sharing it
with everyone else and get cops coming to his door about the child porn.

~~~
twobits
Maybe just get over caring about the "main" internet, and leave it to be the
ad ridden, surveillance clusterf*, old and rusty one?

~~~
chenster
Or you can use ham radio.

~~~
dTal
Encryption is outlawed on public radio bands.

------
cowbell
Open Garden: Not open source. Nice one guys.

~~~
foobarqux
Serval Mesh is an open alternative.

------
nickthemagicman
This is really cool. Combine this with IPV6 and decentralized DNS and it will
be very hard to censor the internerd.

------
higherpurpose
> _There’s been similar interest for FireChat in Iran. Users in the country
> have started 1,800 FireChat groups, according to Open Garden, making Iran
> the second biggest user of the app after the United States. India, Brazil
> and Mexico follow close behind, and Open Garden says people in Cairo and on
> the outskirts of Baghdad, Iraq are using the app too._

Oh god. What have they done? Please tell me they have encrypted the
communication between users by now.

~~~
cowbell
Wouldn't it be illegal for an American company to export strong encryption to
Iran? At least, that's the gist I get from the JCE unlimited strength policy
file. If not illegal, it would definitely go against the agreement for
distribution of that.

~~~
schoen
Historically, clearly so. But since 2010 there has been a "General License"
for exporting "Personal Communication Services" technology (essentially based
on the idea that individuals' communication weakens the government's hold on
society, or, as OFAC put it, "are a vital tool for change").

[http://www.treasury.gov/resource-
center/sanctions/Programs/D...](http://www.treasury.gov/resource-
center/sanctions/Programs/Documents/soc_net.pdf)

I don't know how the General License applies to cryptographic technology in
particular. Paging Collin Anderson...

~~~
ixwt
I do know there are requirements that need to be met for exportation of
cryptography [0]. Interesting fact related to this: Strong crypto used to be
considered a weapon. This is why the DVD standard is 40 bits (iirc, it's
possibly 64 bits).

0:
[http://en.wikipedia.org/wiki/Export_of_cryptography_from_the...](http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

------
unix-dude
Interesting concept. A year or two ago I was pretty interested in the various
dark/mesh-net projects that kept popping up, but there were a few problems.
Namely the fact that they were somewhat difficult to set up, and the fact that
they were somewhat like TOR in the sense that accessing the "regular" internet
required someone to tunnel traffic through.

Packaging this up into an app pretty much solves any difficulty of setup,
making it accessible nearly to anyone.

I have no idea about how secure/sound current implementations are, but this
looks like a cool first step.

Combined with something like TOR to bridge local communities, it certainly has
the potential to become a truly useful technology.

------
ackfoo
Tested just now between an iPad3 and an iPhone5. Breathtakingly unusable and
flaky as hell.

Requires you to pick a bunch of chat categories at startup, which is
ridiculous if you only want to use it in nearby mode.

Could not see the other device unless both were logged into the same WiFi
network, which is going to be totally useless in the middle of a field. Even
with both devices on the same WiFi, only about half the messages showed up.

Made no difference if BT/WiFi were on. Completely unreliable. Deleted the app.
Nice try. Better luck next time.

------
shutupalready
> _A note on the technology behind this: For iPhones, Open Garden harnesses
> Apple’s Multi-peer Connectivity Framework_

While it sounds like the iPhone has a secret new radio transceiver inside,
it's actually based on existing WiFi and Bluetooth[1].

[1]
[https://developer.apple.com/library/ios/documentation/Multip...](https://developer.apple.com/library/ios/documentation/MultipeerConnectivity/Reference/MultipeerConnectivityFramework/Introduction/Introduction.html)

------
glomek
The Serval Project is already working on this:
[http://www.servalproject.org/](http://www.servalproject.org/)

Unfortunately, they are limited by Google's very long standing lack of
response to requests to support peer to peer WiFi on Android. See
[https://code.google.com/p/android/issues/detail?id=82](https://code.google.com/p/android/issues/detail?id=82)

------
po
_“This can be a billion dollar company if we can get to the tipping point,”
says Benoliel, referring to the 7% uptake in urban areas._

It might hard to monetize an app up to a $B where you have no real insight
into/control over the audience… which is kind of the point. The company sounds
super-cool but it should probably be operating more as a non-profit or
lifestyle business, not as a hyper-growth startup company.

------
runeks
This is pretty cool.

I had no idea a smartphone was able to communicate with another smartphone 70
meters away. I had always thought that the reason a smartphone can communicate
with a distant WiFi network, or a cellular tower, is because the recipient has
a large antenna, which means it can send data over long distances, and pick up
relatively weak signals up over long distances.

------
jsemrau
The wonders of this world. An app that that is hardly ever working is getting
all this coverage on Forbes et al.

Just shaking my head in disbelief...

