Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] HK protesters use “unblockable” messaging via a bluetooth mesh (bbc.com)
139 points by gumby 12 days ago | hide | past | web | favorite | 71 comments

“Be water my friends” said bruce lee. It is not one or two or three trial. It is one of the attempts.

The problem is hard as police is using various tactics to try to silence protestors. As mentioned they “can join and hone in on”. And once found physical protestors, they can beaten them up and then if circumstances allow, they could charge them as beaten up police instead etc. So far 1000+ arrest and as you seen many protestors are hurt - 4 eyes are lost ... etc.

The leaderless communities have to work out how to communicate. This is one of the attempts as LIHKG is ddosed during protest time. No doubt, they will try others. We will try until the five demands are met. (The last one is for the real elections as promised in joint declaration and basic laws.)

Hong Kong Add Oil.

Human fighting for liberty should not perish from the earth.

I'm guessing HK police haven't adopted body cams yet?

For that matter, has anyone outside of North America?

It wouldn't matter much as they appear to be above the law, or at least to think like that.

There are hundreds of videos released everyday of evident gratuitous police violence and misbehavior that is never investigated anyway.

Bangalore police in India spent some money in acquiring them but looks like it was lost to corruption.

The SMS verification in this app makes it insecure. The Chinese govt could easily see who has the app based on this. They can probably assume anyone who has the app installed is a protester

At a minimum it would be a signal. I remember from the Snowden leaks that NSA was monitoring people who had searched for Tor Browser and other privacy tools.

Do you have a source for that?

It has a dark pattern where if you fail SMS verification enough times, it allows you to register without it.

It's not obvious, but you can somewhat skip the SMS verification. IMO it would be better if they allowed a phone number-less, in-person verification to add a contract.

Oppo released a similar app few month ago : https://venturebeat.com/2019/06/26/oppos-meshtalk-technology...

Oppo is a chinese company. What are they trying to do with an app like that?

These sort of apps great for indoor events, crowded+huge shopping malls, concerts, clubs.....I will be generous and say those are the sort of targets for Oppo app. Not met anyone using it yet.

With the very short range of Bluetooth you would have to have massive adoption to carry the signal any distance. With a crowd or protest or sports arena I can see it but to send messages to someone quite a ways away it would not work. So good for masses and coordination within them.

With Hong Kong's population density, I could see this technology working fairly well. I'm not sure how well it would work inside buildings, but could be good enough for people walking on the streets. It would also theoretically possible for each phone to store hundreds of encrypted text messages if latency isn't important.

This would work exceptionally well if what they're doing is store-and-forward, instead of a classic mesh.

HK definitely has the population density to make it work, especially with people moving around.

This would entirely depend on population density and how often people are in relatively crowded areas. Something like this may or may not work in an apartment building, but it seems like it would definitely work on crowded city streets, particularly if you allow for a transmission delay as it spreads from one device to another.

(And to that end, in a big city like Hong Kong, you probably wouldn't really need massive adoption, just a few % as you are in close proximity to hundreds of people fairly regularly).

I wonder if it's feasible for cities to implement infrastructure to help during times of large gatherings.

During the NBA championship parade this summer every cell network in Toronto was basically shut down, even with extra capacity along the parade route. If there had also been the bandwidth of a series of 'permenent' Bluetooth nodes, I wonder how that would effect things.

Here's an idea I came with at least 8 years ago and wanted to develop further but in the end never managed to. I'm not aware if someone in the meantime made something like that, however this article brought it back to mind.

Basically it was a phone app that through mesh networking (Bt/WiFi) builds then maintains updated a distributed database of signed up local devices where each record contains accurate geographical coordinates (or seat numbers in public places - that would require a map of course) of all devices then arranges them in a xy matrix, rounding to the next available device when necessary. The initial purpose of the app, once the owner wears it like a pendant, was to make each device screen become essentially a RGB pixel in a giant screen, then distribute and synchronize (again, through mesh networking) down to fractions of a second (NTP and GPS should allow that) both graphical and temporal data to drive them. My idea was to use this giant screen to allow people to show political dissent messages in countries/times/places where this is not permitted (just imagine a 20k people crowd in a stadium). The app should have implemented some mechanism so that only trusted people could decide and schedule what's being shown and when, but other than that, every connection would have been on a peer to peer basis through mesh networking. I didn't think about implementing a chat over all the above, but that would probably be a lot simpler than the rest. As further security measure, the database should be encrypted so that if someone is arrested it won't reveal the peers data/position, and a panic button or dead man switch function could also be added so that a routine propagates the alert instructing all other apps to uninstall themselves and reboot.

Remember the last time HK protesters were using mesh networking via an app in 2014? Something like FireChat or something

Anyway, funny how this is still novel news and there is no market leader in this space, because that was 5, almost 6 years ago.

The problem is that the popular mobile OSes make a lot of this stuff harder than it needs to be. Maybe if it ended up in the IEEE standard...

I still feel like ad-hoc wifi networks with something like BGP would be better. On the other hand there still isn't a good standard "chat over IP" except maybe unix "talk" which just about no one uses.

SIP can work point-to-point directly over IP without a central server. I remember trying that with 2 SIP phones connected directly via Ethernet (configured with static Its) and I could call the IP of the other phone and that one would ring.

Unix talk requires servers. For a well standardized chat over IP protocol using servers we have XMPP.

Since Bluetooth is trivial to be disruped (or wifi for that matter) couple of programmers with enough sdr s and antennas could block it in a weekend...

Not that trivial with the huge amount of frequency hopping it does, or is it?

It does not hop much. Spectrum is heavily regulated. To get certified to sell you must comply with a lot of regulations. What usually the smart jammers do is to disrupt the handshakes. Or you can bruteforce with couple of kilowatts white noise. You can also install the app and cause packet drop. Or all three.

I expect on the next protest people suddenly to find out those kind of networks to work poorly.

It does not hop outside of the defined unlicensed[1] 2.40-2.48 GHz band. If you can block that whole band, BT doesn't work.

[1]: In the US; it's complicated. Tl;dr is http://afar.net/tutorials/fcc-rules/ , much much more verbose is https://www.ecfr.gov/cgi-bin/retrieveECFR?mc=true&r=PART&n=p...

2.4GHz band is the GSM band here in HK so would be major disruption of general communications which is why they cant do it. Yes GSM runs on other bands like 1900 but majority of phones in Asia use GSM as backbone, and LTE over this freq, so unadvisable to block that freq. What could be done is to flood the mesh from myriad devices running the same app or derivative.

jam the entire 2.400-2.485 GHz spectrum?

What's the practical range of any jamming attempt? Wouldn't the government have to put jammers in every corner?

I downloaded Berkanan for iOS this summer for use at music festivals when mobile network capacity usually fails, but I didn’t get a chance to use it - anyone else tried it?

Well, I'm sure if this catches on more, China will ask respective App stores to block this app.

Hong Kong is a separate region in the Apple App Store and I imagine Play Store as well. China does not normally have anything to do with the Hong Kong app stores but if they do, that'd be extremely bad PR and would likely fuel even more protests, achieving the opposite goal of suppressing the protests.

FYI Play Store not accessible directly. There are many many app stores and one can frequently get access to other apk serving sites from China. I wont mention them directly for obvious reasons.

It also doesn't seem like rocket science to scan for these Bluetooth signals. If you're part of a mesh, the police can also join and hone in on participants.

Using an app by itself isn't probative of anything, and homing in on half the people in a large crowd isn't effective.

Not just join, but actively disrupt by spreading false messages.

Not so easily. There's still social signaling, as exemplified best by this amusing meme: https://knowyourmeme.com/memes/how-do-you-do-fellow-kids

The fact you even mention this is evidence that Restrictive/Exclusive App Stores (e.g. Apple App Store) are a bad deal for consumers - limiting their privacy, and freedom. No entity should be able to block you from running software of your choice on a device you own.

Fortunately the majority of these protestors are likely using Android devices with the easy ability to put them in developer mode and side load these messaging apps.

I'd like to see Apple iOS introduce a developer mode (free of cost!) that allows side loading.

The problem with sideloading is the threat of compromised/modified version of an app being unknowingly installed. I believe the Saudis did this with the help of an Italian company whose name escapes me right now.

Edit: looked it up, here: https://www.vice.com/en_us/article/ypw3xv/police-grade-mobil...

Sideloading is certainly risky, but it isn't something that a device manufacturer should be able to prevent a device owner from choosing to do.

If you are sideloading an app, you should verify the source of it and you should be aware of the potential security risks you are taking.

Preferably side loaded apps you might install are open source and the binaries are verifiable.

Yes, I don't know how they can call it unblockable, since it's quite easy to block apps from app stores.

Government can't block apps that could be transferred from one device to another via Bluetooth/WiFi. iOS/Apple devices are bad in this case; Android would be much better choice for organizing such meshes.

Also, F-Droid.org is safe place for Android users.

F-Droid includes a feature to get apps over Bluetooth.

I did a quick search for the app named in the article when it was first posted and didn't see it listed on F-Droid. I was actually surprised the protesters were using something closed-source.

It's also quite easy to install an apk.

How about iOS?

Yeah if you choose for a locked platform, you're out of luck if you get locked out.

Unfortunately that's a sophie's choice.

A locked but privacy respecting platform vs a no-privacy but open platform.

I don't know about "no privacy" when you can install (perhaps except for a few drivers, depending on which hardware you fancy) a FOSS environment.

I see where you are coming from and as a non-USA citizen I hate the Google integration as much as you probably do, but if this is the kind of thing you care about, Android is the free platform that gives you all the options. Those who say that iOS is more supportive of privacy... by default (if privacy is not important enough to you to follow a tutorial to install a clean OS), then sure, but when it really matters and you need to have control over your device, Apple just doesn't allow you to do that.

But let me repeat: I do see where you are coming from. Apple does a bunch more things right on this front than Android (again, speaking about manufacturers' defaults) and a lot of non-technical people would find it hard to even follow the step by step instructions that are available. I'm not sure there is an absolute right or wrong answer in the general case. I'm just saying that for the specific case of people that (need to) care about this, Android is at least an open platform with a (tiny, tiny) FOSS ecosystem.

Which doesn’t block any existing connection.

This looks cool

Why doesn't that app just create the mesh network, so that existing chat apps (Telegram, Signal) can be used on it?

Dont telegram and signal use centralized servers?

You need both a mesh net and a p2p chat app which single and telegram are not.

With such fractured connectivity, there's probably not much benefit in trying to abstract away the foibles of the network topology from the chat application. An ideal system would merge the network and application layers for the greatest reliability, at the expense of generality (but then a fractured meshnet is not a very general platform to begin with).

This is a classic use case for store-and-forward. Trying to build a mesh where sender and recipient need a TCP-style connection is futile; store and forward, on the other hand, would be ideal for Twitter-style applications.

That was basically what I was trying to get at, but your comment was much better and more succinct.

The entire point is to make it functional without connecting to the Internet at all.

Let's hope that China government don't figure out that jammers exist...

It's not like the same tactic can't be turned back on police, whose comms are already monitored by specialists in any large direct action.

There's a small problem in that jamming BT also jams some wifi. I don't think China is ready for the economic experience that is a world sans wifi.

1) why use bridgify instead of goTenna mesh? Never heard of bridgify previously.

2) https://bridgify.io/. First part of the page is dedicated to fundraising.

Is this link fake news?

1) Because few people own a goTenna device, whereas nearly all smartphones do Bluetooth?

2) Your link is an entirely different company, with a different name...

Some diligence please before throwing accusations around.

Thanks for catching the link problem. Is there an authoritative site you can point to?

Is this it? https://www.bridgefy.me/?ref=producthunt

Yep, that's the company. That's the specific site for the app: http://www.bfy.buzz/, which mostly seems to be intended to show that the tech they want to sell works.

goTenna is not approved for use in China (afaik) which means it cannot be imported. It's designed for US radio regulations. The old one used MURS and the new version uses 900mHz, both of which are effectively US-only. 900mHz exists elsewhere but often with far more restrictive rules that would require a new design.

Thank you for the informative response.

Review of GoTenna from a non-techie: https://granolashotgun.com/2019/01/21/the-mesh/

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact