I'm an Iranian and the current situation in Iran is not good. No internet. Businesses have stopped because of uncertainty and constant protests and crackdowns. I don't know what will happen next. I think it will get uglier.
He who tries to change the world, from a position in power, will always have the barking of the underdogs.
Its easy beeing a underdog, you dont have to provide analysis or better solutions, you dont have to proof that you are not delusional, that those you represent are good (lots of evil ex-empires among todays underdogs), all you have to do is bark and bite.
Even if you have a "desert-mumified" culture like in the middle east, that has adapted to survival in a manmade dessert, without risky progress.
Even landing a western spaceship, proofing things can thrive in the dessert, will not change what people have internalized over the centuries. Rather the local culture rubs off on the spaceship and it begins to rust into the same empire scrap yard.
Things proofen not to work:
* military interventions
* secret service interventions
* cultural nudging (soft power)
* brute force take-overs (colonialism)
Ironically, if humanity goes into desert mode, it brings the desert with it.
You produce lots of offspring for the inevitable war, when crashing into the resource ceiling.
You shun risky capitalist endavours.
You vote for one strong man and against diversity of opinion and culture. (prevents civil war, which is always worser then external warfare).
And we had that in medieval europe too, just listen to a catholic preacher and you can hear the bad times ruleset singing itself praises, less your lineage withers.
A maxed out environment is a trap, preventing complex structures and escape attempts.
@qpqpdbdbqpqp I honestly do not see were my viewpoint is racist. I argue that all of humanity, when run into a ressource spares environment, is behaviour optimized towards this loop.
The "western spaceships" aka iraq and afghanistan were doomed to fail, as all the outside surplus is converted into "catastrophe" preparations or escape plans. Would have done the same in the situation.
Israel might be a exemption for now, but even there the orthodox "survial-mode" culture is taking over the enlightment project form within.
And its universal. As soon as things run out, conservative mindsets take over and all ventures and endavours come to a screeching halt.
Sorry, if the physical limitations and the negative impression it made on humanity, scare you and your idealized view of the world.
Largely agree I think, except soft power. I think soft power is exactly what is happening in Iran. People in Iran has been living a "private" life for a long time with access to information, a "public" life which goes on as usual. Something has to give.
From an american perspective where they stayed in the back during WW1 and had to be trained on the spot, and were perfectly happy to work with nazi germany in WW2 until shit hit the fan, sure.
For most of europe, it's a traumatic experience that led to dozens of millions of dead young adults, entire cities firebombed and razed to the ground, areas shelled so hard that even today their access is forbidden.
But I'm sure it's much easier from a position of a country that never had a single war on its territory.
It helped to exaust alot of old colonial empires close to collapse, were the memberstates escaped to independence. Those two worldwars were what ate the british empire alive.
~ And you could have written a well thought out rebuttal instead of your one liner. At least the g.p spent some time on their thoughts. Have a down vote on me.
I just wish they studied history to realize that the US has a history of overthrowing Iran's democratically elected government and shares blame for the current conditions.
It’s interesting that IMEI seems to be the primary key that much of these backdoor commands rely on. Collating your IMEI against historical info, the government knows where you’ve been and with whom; collating it against other personal data, it can figure out your address, employer, birth certificate, etc.
I wonder how people might obfuscate or rotate their IMEIs, to prevent this kind of tracking and collation?
Oh, I see the misunderstanding; this is fully intentional and by specification. Think "please don't encrypt SNI we need to spy on people" but much more sinister.
The whole 2G thing in this article is really outdated, though. So much so that they featured this kind of tracking in The Wire (remember "Stingrays"). But that only really matters for external actors; if the government controls the mobile providers, all of this and much more remains possible.
It’s pretty easy to do in a lot of countries. The US doesn't require ID to buy some pay-as-you-go SIMs.
Of course, you could probably determine identity either from video cameras or, more likely, people using the phone and connecting to various towers, but you if you were diligent you could make it really hard.
That or leaving your phone at home during protests. Of course, that won't help with automatic face recognition software that the Iranian authorities most certainly have set up in place already, but that's the rough deal of living in a tech-heavy society.
Or do phone + simcard swapping and use a higher level system for communication. So the mobile network as a whole becomes a communication channel where the mobile number itself is irrelevant. It’s only used as a mean to get on the network.
Havent give this too much thought yet but it could work.
That way Cellular Operators / Government can't see what you're doing (assuming VPN, no leaking, etc.) but they still can track where you are, very precisely, every second your phone is not in airplane mode or off. And with location, they know a LOT about you, potentially can infer identity at some point.
It could be done manually by swapping sims between each other and storing the phones in random places throughout the day/night e.g in a service apartment under an apartment block.
Still the way the government acts there this would probably just incriminate others who have nothing to do with their cause.
You could drop blind tower repeaters everywhere to make signal strength based triangulation useless, but short of that the only solution is to not carry a cell phone or at least keep them in airplane mode.
Apps like Briar can allow people to communicate peer to peer.
Locating cellphones based on towers is based more on the timing advance and less on raw signal strength.
And I'm not sure what you mean by "blind repeaters"?
If that's the usual cheap dumb cellular repeaters one can find on ebay, than they will just cause noise on the cellbands if not properly installed and thus be actively hunted down by the telco as they degrade service.
Put the cheap dumb repeaters in vehicles, turned on only when in motion, or in backbacks, so the telcos have a hard time tracking them down.
Where possible, manipulate timing too.
Would this cause total chaos? Yes. Promise telcos the chaos ends when they agree to allow IEMI randomization like most WiFi devices do with MAC addresses today.
We will need some new forms of protest to get our rights to privacy back.
Without wanting to sound negative, as long as the cell network's function is to ensure that when someone dials 1-234-567-8901 my phone rings, won't they always need to know my phone's location, and the number-to-handset mapping?
I think there is no way to have true security on a cellphone; the surface of attack is so wide that although one uses only FOSS apps, the platform can host all sorts of backdoors buried either in the OS or in the hardware/firmware themselves, so that any attempt to communicate through strong encryption might be rendered futile by code running at higher privileges (device drivers and firmware, conveniently all closed) which would access sent data before encryption and received data after decryption, mirroring them home somewhere unbeknownst to the user.
Now I don't think the Iran govt has any leverage to force companies to release their sources, nor forcing them to install backdoors on their behalf, but if they found a way to sneak new firmware or system level apps into phones sold there, that would be a possibility.
This is the wrong threat model, I say more here[0]. There's a difference in threat model when you're an individual vs part of a large protest/revolution. A government can't arrest everyone. They can definitely get a mole into the encrypted discussion (even if it isn't technological). You can't vet hundreds of people in such a short time. Protests and revolutions have been organized in the open on Facebook and Twitter for exactly this reason. Because it doesn't matter. You're going to go out and show your face to CCTV anyways.
I tried this a few years ago out of curiosity and couldn't get it to work at all. Tried again now and the UX seems more polished but got "sorry Briar has crashed" immediately after trying to add a contact.
I am always surprised at how hard it is to network any nearby devices on any hardware or OS compared to sharing files/messages etc via the Internet.
Feels like we need to spread more awareness of more traditional, offline methods of organizing and protesting en masse, to avoid these kinds of exploits.
Social media has destroyed people’s ability (at least in western world) to have IRL interpersonal communications.
I find not only myself but many of my peers struggle with this. Online is easy to be in an echo chamber where nothing actually gets done. You find acceptance but it is meaningless once you shut off your phone. You find community but it’s brittle and again you shut off your phone and you’re alone.
What we need is a return real life in person social life. Being stuck in online/VR all day is basically a precursor to the matrix.
Why can't we build distributed networks? I more mean like Google, Apple, WhatsApp, Signal, Telegram, etc building methods to communicate through WiFi/Bluetooth and not be completely reliant upon cellular. I don't mean your random 3rd party app that is useless because no one uses it.
It helps the people that frequently text in the same room. It helps during natural disasters (including power outages). It helps prevent oppressive governments from shutting down communication. I see these companies talk a lot about promoting democracy, so I want to see them make an open protocol that is installed on all phones that allow this. They have the network effect that's required to do this.
Hell, I think even if Apple or Google just did this others would follow. It cleanly fits into the new privacy + safety narratives both are selling.
There is/was FireChat [1], which does exactly that. AFAIK it gained popularity during Hong Kong protests. Looks like it's now discontinued, not sure if there's a successor app.
I'm completely aware that there are apps that do these. The problem is the network effect. This app is all fine and dandy when you think ahead of time, but humans aren't really good at that (I have a laundry list of examples of us not doing this). So what I'm asking for is companies with a large network effect to leverage that, and their huge capital, to improve their existing products to be resistant to things like power outages and government shutdowns. It should be default, not require people to be proactive.
We can... but I'll argue, very hard, that we shouldn't. Because it's the wrong technology to solve the problem, being based on the very things that are well targeted, understood, and frequently compromised.
If the problem is "Cell phones are compromised through and through," which I'll argue they are, and Apple's addition of Lockdown to work through the fact that even their best sandboxing efforts have been bypassed argues for as well, then "doing things with cell phones" is a horrible idea, because once either an endpoint is compromised, or a tap is within range, you're still giving your adversaries everything they could desire. Both of those are basically certain in a protest.
> because once either an endpoint is compromised, or a tap is within range, you're still giving your adversaries everything they could desire
This is hogwash because it is the wrong threat model. The encryption in this kind of communication is nearly pointless. If you're trying to organize a protest where you have to be messaging 100+ people then there's no way you can vet everyone. There's going to be a mole. In fact, we saw this with some of the militias at Jan 6th. Despite using Signal their texts got turned over. You just have to turn one person to compromise the system.
Would I rather have the communications encrypted? Hell yeah. I'm that annoying friend that makes everyone use Signal. But it is absurd to think that wire tapped mass communication is worse than no mass communication. Revolutions and protests are won my shear mass. They often show their faces and are demonstrating in a public space (where there are often plenty of cameras: CCT, Police, and the protestors themselves!), so there's no concern about privacy already. Many get arrested, you can't arrest a large group. Arresting everyone would be nearly impossible.
Furthermore, people still use covert speech. People are doing it in Iran right now. People are doing it on highly censored platforms like WeChat. Hell, there's covert speech on Twitter. There's definitely an advantage to using phones rather than going down to the public square and organizing that way. If you think everything is/was organized in back rooms and in complete secrecy, you're gravely misinformed at how these things work in reality.
If your location (which implies who you're with) and at least the metadata of your communications (who you communicate with, when, how frequently, how long of messages, etc) are sensitive, I don't believe there's any way to use a cell phone safely for those tasks.
And having grown up before cell phones, I assure you, there are ways to coordinate things offline. We just need to bring them back.
> Also be sure that nobody carries cellphones into in-person meetings, otherwise location correlation will associate them.
Correct. Which is why it's good to start cultivating the habits now of "not always having your phone with you, powered on, or connected to the network." If you turn it off right before going somewhere, and that's the only place it's ever off, well, huh. That's interesting. If you're cultivating the forgetful 70 year old approach to cell phones of "I don't know where I left it and I think the battery is dead," so much the better.
Good old secret associations and secret meetings. The Italians did it quite well 200 years ago [1]:
> Cardinals Ercole Consalvi and Bartolomeo Pacca issued an edict forbidding all secret societies, to become members of these secret associations, to attend their meetings, or to furnish a meeting-place for such, under severe penalties
It also f.cks with the head with those in power, having secret associations and secret meetings, that is. Having it all out in the open gives them (the authorities) the illusion of control, and, I'd argue, actual control over any significant protest movement. Moving it in the "shadows" is a good tactic because it helps make things blurry and it starts "attaching" doubts to said authorities' monopoly of violence. The authorities will ask themselves: "whom should I punish? where are the revolutionaries? is everyone a revolutionary?", and, as such, that will decrease their legitimacy and their hold on actual power.
Even if you could get that to work someone would take a cellphone to the secret meeting and share a geotagged selfie, people just can't help themselves. Hello secret police!
Or, they'd somehow manage to control themselves, but would only turn off their cellphone just before they got there. It would be easy to figure out the pattern of a bunch of likely instigators heading to the same location.
Or, people would somehow learn to leave their cellphone at home. If anyone's then stopped by the police not having a cellphone in your pocket would be extremely suspicious in a totalitarian dictatorship.
Even then it's not Italy in the 1800s. There's surveillance cameras on every corner, and you're right back to the problem of no signal being the signal.
Nobody in Naples was filing multiple notices in their local papers before they had a normal meeting with their friends on a Tuesday, but that's what everyone's doing via social media. You can tease out suspicious meetings of any non-trivial size as being those without such a signal.
The only way this is going to work for any amount of time is if it's organized like modern terrorist cells, but that's assuming a lot of steps between angry students staging demonstrations and covert operatives.
Yeah, that's a big no-no, I'm starting to realise it more and more. I honestly don't know if there's a solution to it.
I remember leaving some piece of advice about 10 years ago on this forum about how best to attend an anti-government protest without getting into potential trouble afterwards (in the context of these protests [1]). My advice back then was to take a tram/bus to about 2 or 3 stations away from the location of the protests themselves, and then to walk to said location, that way one would have avoided the security cameras located at the metro stations or in some buses back then.
Nowadays, unfortunately, that piece of advice is null because there are cameras actually everywhere (including at the location of the protests), and the government, if it so desires, has access to them almost at will.
Not to mention the advances in machine learning and integrated systems to piece the picture together.
Now you probably won't need to follow the breadcrumb trail of some protestor trying to evade surveillance through the methods you describe, facial recognition will be enough.
And if it isn't completing the puzzle might only take computer time, and not someone in the police forces trying to manually track people down.
The CCP is apparently giddy at the opportunity to help Iran build out these systems, so they're likely state of the art.
Western companies would probably be keen to compete, with the only thing stopping them being the US sanctions. We'll only sell these sort of systems to regimes that respect human rights, like The Netherlands, Romania, and Saudi Arabia.
> Even if you could get that to work someone would take a cellphone to the secret meeting and share a geotagged selfie, people just can't help themselves. Hello secret police!
The book Deep Green Resistance goes into various organizing techniques (agree with them or not, it's a fascinating read on the history of leftist movements with quite a bit in the way of practical techniques), but this is one of the reasons why you need multiple different layers within a group - some core trusted layers, and then what amount to messengers who handle communication with that sort of person, with only what's needed.
And "the silence is the signal" is a reason one really needs to start cultivating these habits in ones social circles of not using social media, not posting everything online, etc. It's long past time to reject the draw of social media as intermediating everything, and either start hosting your own stuff at small scale, or simply not using consumer/networked tech for anything important.
They have an economic incentive just the same way they have the economic incentive to build better cellular infrastructure. Something they already invest in.
Investment in cellular infrastructure increases reach which increases the number of customers they can reach which increases profit.
Investment in distributed networks, reduces their own access to data about their customers because it would no longer go through their servers, which reduces income, at least for all of the companies that have an advertising business.
> Investment in cellular infrastructure increases reach which increases the number of customers they can reach which increases profit.
I could make this exact same argument about distributed networks. Along with the added selling point of safety, privacy, and security. Chat and share pictures with your friends while camping. Trying to contact your neighbors during a power outage?! There's a lot of angles to sell this.
> Investment in distributed networks, reduces their own access to data about their customers because it would no longer go through their servers
I have some serious doubts. If Google can still collect data you've collected while on airplane mode by just sending it once you reconnect to the network then they can do the same with this. If anything, I think it would increase the amount of data they can gather because it extends the capabilities of how one is able to communicate.
In the US, I think most people I know have such weak in-person social patterns (beyond immediate family) that any organization system would be significantly less robust than even forty years ago.
Perhaps. Presumably any competent security force actively have/seek institutional knowledge on how to manage and suppress organized groups of people (kettling, etc). The information asymmetry here must be significant. Hoping that resources will simply appear feels foolhardy.
Yes. Consumer technology, the internet, cell phones, etc, have all been tried and found wanting in a wide variety of ways. Unfortunately, because they're sort of "the default" for people, and there are a range of social media companies very, very invested in ensuring that "everything happens on their platforms," we've lost the skills required to do that sort of thing.
We ought to be re-developing them in a hurry, because cell phones, internet, etc, have all proven themselves quite evil.
The English version PDF document going into the specific digit manipulation and service code string formats looks to me like a boilerplate they started with and I would be surprised if they have renamed all the methods and variables let alone modified any format structure. It should be easy to figure out the software platform they are using and even if this got sold through a front company there will be a very nervous LI system vendor and supply chain out there somewhere who is about to have a ton of bricks come down on them.
Just the fact that Iranian government routinely emits parasite radio signals to jam foreign Persian broadcasts (BBC Farsi, Manoto, etc), while knowing this causes significant health issues to its population, shows you how far they are ready to go before they are overthrown.
"Medical authorities in the Shiraz area estimate that local satellite jamming activity is likely to result in at least 24,000 cancer cases in the coming years, and a senior Iranian health official has stated publicly that, “recent studies show that jamming signals and waves have side effects and can increase the risk of cancer.”
https://spacewatch.global/2017/04/iranian-satellite-jamming-...
What I'm interested in is what's referred to here as the 'recent studies'. Medical research is important here because there have long been concerns around electromagnetic waves causing cancer, but none to my knowledge have held up. Such as living under power lines or near radio stations, cellphones. That's not to say the radio jamming in this case is not using a dramatically more dangerous method.
Why would lowering speed of a communication make interception easier ? I am thinking in terms of Internet standards (TCP/IP, TLS, etc) and know nothing about telephony:
"This ability to downgrade users’ speed and network quality is particularly pernicious because it can not only obstruct one’s ability to use their phone, but also make whatever communication is still possible vulnerable to interception."
So, reading further, it seems to be a downgrade attack where they force the connection to be made over 2G. I wonder if that would then be visible on the victim's phone. I didn't even know 2G existed...
In the old days we had https://en.wikipedia.org/wiki/Xmodem that could send digital data over 1G sound channel. Something like that should be possible for 2G potentially adding e2ee, but it's useful for any cellular protocol, because none of them provide e2ee, not 5G, none. The article mentioning 5G as something good forgets to mention that 5G is fully inspectable.
It saddens me a lot but my prediction is that these protest won't overthrow anything. As long as there is no help from at least part of the military there is no hope for the protests to grow into a revolution. We have seen it in Belarus.
But when Khamenei dies there is a window of opportunity for Iran to become a military dictatorship instead of the current theocracy.
It's not binary. If it weren't for the popular protests in Belarus, Belarus would have probably joined Russia's invasion of Ukraine. Belarus revolution didn't happen (yet), but its men are not dying in Ukraine. Also, this is tangential, but after the war in Ukraine, a significant contingent of Belarussians fighting in Ukraine (for Ukraine) will return to Belarus. Who knows what an armed, war-hardened dissident military faction can do; in contrast, Maidan was won by armed civilians.
It doesn’t make a lot of sense that they’re trying to move people to old protocols that can be intercepted. It’s an authoritarian country, why not intercept at the provider who has all the keys anyway?
politics aside, based on public information it feels like the main difference between this and all the other metadata-type systems in place is the centralised ability to downgrade connections?
I think the magnitude and extent of the integration is a big difference. The cellular and internet providers essentially work for the government at all times.
