Egypt appears to have cut all internet connectivity with the rest of the world in an attempt to quell its use in organizing protests. The only reason this makes any sense is if the tools used to organize the protests (Twitter, Facebook, Gmail, etc) are hosted outside Egypt.
To this you might say "Let's just host protest-organizing tools on servers inside protest-likely nations in anticipation of them using this strategy again." But that won't work because odds are the government would just seize all protest-organizing servers within their borders. So the only protest-tools that will continue to work reliably are those that continue to work without access to the outside world, without relying on locally-hosted servers, and *without even relying on the internet at all*. It's a tall order, but here's how I'd do it. 1) Recognize that this service needs to be used in the good days, such that there is adequate distribution already in place when the bad days happen. THIS IS THE HARDEST PART. I say this in all caps because this is why no meaningful system like this exists today: the people most likely to build it are too obsessed with esoteric technical problems than solving the issues that actually matter in the real world. Asymmetric, anonymized, mesh-distributed, onionskin-routed communication doesn't mean anything if nobody uses it. So before even thinking about the technology, we need to think how to make it relevant to users who *aren't* protesting (yet). 2) At an absolute minimum, it needs to be no worse than then existing alternatives. So if it's going to replicate Twitter, it needs to be at *least* as good as Twitter, otherwise everybody will use the *real* Twitter (until it's turned off by their local neighborhood dictator). On way to be better than Twitter is to actually be better than Twitter. Good luck with that. Another way is to just make your tool post to Twitter. I think that's a much better idea: if this tool (let's call it "anoninet" just for kicks) offers some Twitter-like functionality, it should be completely compatible with the real Twitter in the 99.99999999999% of situations where the real Twitter is actually available. Same goes for Facebook, Flickr, etc. 3) Ok, so anoninet's primary value in "good times" is starting to take shape: it's a one-stop-shop to post to all your social networks. So you install this thing, type in all your passwords (You could store them locally in some encrypted keychain decrypted by a master password, but that's the sort of technomasturbation thinking that obscures real-world requirements; in reality just store it unencrypted because those who don't care don't care, and those who do should really just encrypt their whole hard drive), then you can post status updates, photos, videos, and everything will automatically go to the right place. Indeed, before you even think about making this into some sort of resilient protest-enabling tool, you should make this the best possible social-network posting tool. (Because if it's not that, then nobody will have it installed when they want it most.) I'd suggest emphasizing how this thing works even with unreliable internet, essentially letting you queue up everything locally and it does background uploading as the network becomes available. Similarly, it downloads everything locally for offline reading. Odds are your protest-likely environment has shitty internet to start, so this feature will likely have immediate value. Add in really good support for USB-connected devices (cameras, videocams), and basically present it as the single best way to do social networking in a nation with shitty internet. 4) Step 4 is to succeed with step (3). Don't even think of anything else until you've done that. Seriously, it's a waste of your time and a disservice to your users. (3) needs to be totally nailed and immensely popular before anything else matters. I'd say something like 10% of your target population needs to be using it before you consider continuing. 5) Once you've got huge distribution of your client-side social-network-optimizer, then you can start to raise the bar. Because it's targeted to environments that have expensive and/or unreliable internet, P2P starts to sound interesting. Throw in a network-localized DHT and build out a distribution network that "rides" on these other networks. So every time they post to Twitter, Facebook, Flickr, YouTube, or whatever -- they're also posting to anoninet. And when another anoninet is reading your Twitter stream, somehow they detect each other and rather than getting the data from Twitter (for example), they get it directly via some localized P2P connection. Present this to the user as faster, more reliable, and cheaper than getting it from the *real* YouTube. 6) Quietly encrypt everything and tunnel over commonly-used ports. Don't talk about this, just do it. Users don't care until they do, and by then it's too late. 7) Ok, so at this point we have wide distribution of a very popular social networking tool that uses a localized P2P mesh as an optimized fallback to the major global tools. Its major advantage is it works over networks that are slow, unreliable, or expensive. This'll save you in the Egypt case; these users would continue using the tools they already use, to talk to the people they already talk with, and everything will continue functioning as normal. They won't be able to talk with the rest of the world, but they *will* be able to talk amongst themselves, which is the important thing. Furthermore, because it's all P2P, there are no servers to seize, and because it's all encrypted over common ports, it's indistinguishable from all other encrypted traffic. 8) However, if this had existed in Egypt, odds are Egypt would have just shut down the internet, period. If a dictator is willing kill you, odds are they wouldn't blink at turning off your email. So how to make this work without internet? The answer is: make it incredibly easy to batch and retransmit data like Fidonet back in the day. So when shit is *really* going down, you whip out your favorite 4GB, 32GB, or 640GB USB drive and just sync your local repository (remember how everything was conveniently cached locally for fast offline access?) with the device. Optimize it to sync the most popular content first, basically ensuring that the most intersting/important message is also the most widely and redundantly distributed. 9) Finally, this needs to spit out an installable copy of itself to whatever removable media is available. This way when the shit starts to *really* go down, as people realize the true value of this system it can spread fast to the people who need it. Voila. A tool that supports communication amongst protesters even in the face of total internet blackout. Some other random thoughts: - Ideally it'd piggyback on existing credentials. So when you install this thing you don't need to think "I'm creating a new account". Rather, you just install this thing, type in your Twitter username and password, and whatever giant asymmetric keypair it creates internally is just some nameless thing associated with that Twitter account. (And you might have multiple.) - This thing needs to broadcast itself via existing networks in a totally transparent way, so if we're both users and I read your Twitter stream, I should know you're also a user without you ever telling me. The first way that comes to mind is this thing could watermark your profile image with maybe a digital signature (or perhaps just jam it into some sort of extra field in the image). Then when I follow you, my client sees the watermark, reaches out to the DHT, sees that you're signed in (or not), and establishes a NAT-tunneled P2P connection directly. - Social networks are particularly good for this sort of architecture as they map well to the "publish/subscribe" model. This works easily on a P2P network (you register yourself with the DHT by name and keyword/hashtag, and then when you post there everybody who is "following" you or a particular hashtag gets your data), as well as create an implicit "value" metric for use when synchronizing data in "sneakernet mode" (publishers/hashtags with a high follower count are assumed to be more valuable and thus beat out less-popular content). - This sort of system actually isn't that useful to terrorists, criminals, drug-dealers, and so on because it's designed for mass public communication (not indvidual private communications). Granted, nothing in this protects the individual from being targeted, but that's an entirely different problem. (And I wager one that could be layered on top of this in a straightforward manner.) In all honesty, this isn't that hard a thing to build. One dude could do it. I could personally do it, and know several others who could as well. But I'm busy. Hopefully a better person than me with more time on their hands will pick up on this and do what needs to be done. The world will thank them for it, though its dictators won't. -david My blog (including this post) is at http://quinthar.com Follow me at http://twitter.com/quithar _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
