Hi there, I am on developement team of Newnode, a successor of FireChat founded by two of the same people (https://www.newnode.com/). We now provide both, a VPN and a Messenger, with purpose to help people evade censorship and enable device-to-device connectivity. You can find the source code at https://github.com/clostra/newnode
When I get to the phone number step, it briefly shows a captcha screen but then transitions to the phone number screen.
When I enter my phone number. Country code +47. I don’t get any sms at all.
When I switch to the sms app to see if an sms arrived (it didn’t), and I switch back to your app, the counter on the screen that is counting down to allow resending code resets to 00:59 although it was at like 00:30 when I switched away from the app.
When after waiting for another full minute and occasionally touching the screen to prevent it from locking I am presented with the following options when clicking “I didn’t get a code”:
- Contact NewNode Support
- Resend code
- Call me instead
- Cancel
I tried resend code. No code arrives still.
Great, now I have to wait another full minute with your app in focus before I can try another option.
After waiting another full minute, I click “call me instead”. No call comes.
If they are on Twilio or other VoIP provider need to enable other countries. My USA based business had that issue with international, check a bunch of boxes in the (Twilio) UI and click save.
Hey there thank you for taking the time to respond. I have a few questions:
The sign up process is surprisingly difficult and doesn't appear to be working.
The CAPTCHA is VERY thorough. I couldn't seem to get it to agree that I was human. When I finally solved it, the submit button is hidden (you have to scroll for some reason).
When I enter my phone number it prompts me to enter a code that never arrived. When I click "I didn't receive a code" the app sends me back to the CAPTCHA (lol). I complete the captcha again and request the code.
I went through this process three or four times before I gave up. This seems like an ongoing issue[1]
Does the app have many users? Any users?
The last blog post on the NewNode site was July of last year.
According to the App Store there has been three minor updates- 3, 9 and 12 months ago. No notes on the updates.
Does NewNode have a road map?
I couldn't find any write ups about the app anywhere. No press coverage.
I'm just curious, why not build ontop of another app like Signal?[0] My understanding is that there's nothing stopping anyone from using the same app and creating their own server and nodes. My understanding is that you can even hook into multiple nodes with a custom fork of the app. Wouldn't this give a big advantage of not requiring people to have a whole new app and you can work synergistically with a company with similar/compatable goals?
The thing I see is that if you really want to make a huge P2P network, you need a reason to have the app installed for reasons other than P2P. The problem I've always seen with FireChat was that I'd never get anyone to talk to me and then when there was an emergency no one would be able to download. So we need to have the features built into something with more normal day-to-day utility.
Not up, but most of the times it is a lot easier to build something from scratch. Signal is notoriously hard extend and use - they have a lot of custom tech. I gave up looking through their documentation.
Now, the reason is that they actually have end-to-end encryption and most do not implement it in a secure and nice way. They basically had to build everything from scratch themselves.
It seems to me like they didn’t learn anything. You can’t have a business whose product is meant to overcome state censorship, unless, perhaps, you work for another government. It can work as an open source project though as there’s no legal entity to coerce, just a diffuse and ever changing group of contributors. Plus of course the trust question. As a closed source project, they could be paid or forced to add a backdoor. It’s possible that they didn’t help anyone at all.
You do know In-q-tel has invested in things that people use in the day to day, including Google Earth (originally created by Keyhole). DARPA kick-started the semi-autonomous vehicle industry with two of their Grand Challenges in the 2000s. The US Navy helped develop what would become Tor also in the early 2000s....
Yes. What is your point, other than trying to justify the bloated budget of the security state? As if we couldn't get better outcomes by investing directly in primary research and education without spook middlemen.
So hypothetically the CIA benefited from an anonymous decentralized non-internet based chat app? I guess that's two things (protest movements and a intelligence agency) can agree on....
It seems obvious to me that protest movements in certain countries serve US security state interests and other protest movements in other countries do not. It would make sense in this context if you have e.g. a backdoored chat app which is otherwise secure that it would serve US security state interests for some protestors to have access to that app, and no harm if the protestors you don't like use it.
Recall that it is public information that USAID created a Twitter clone called Zunzuneo to be used in Cuba. It's not out of the realm of possibility that they have also made some "secure" chat app.
It requires phone number for registration.
Site explain this as it is unique and hard to obtain en masse.
But it is not so. Phone numbers are controlled effectively by governments if needed, they are re-used, and they cheap-dirt in some countries (like, I could get SIM card in Serbia or Laos for about 1 Euro on the street).
About re-use: When I get new number in Serbia Is tarted to get a lot of SMSes and later WhatsApp messages about my debts, from very aggressive people. It was not scam, but this number only 3 months before that was used by some local guy who got into big troubles with loan sharks. They were Ok when I explained that I'm expat with SIM card bought in the newspaper stand, but I needed to explain it something like 50 times!
Sorry, but phone number is BAD ID and SMS is TERRIBLE 2FA / confirmation media.
> Then, one day in February 2020, as COVID-19 swept the globe, access to FireChat was completely cut off without explanation.
If it could be shut off from one place like that, it doesn't sound very "decentralized". Anyway, are there significant obstacles to re-implementation?
Someone above mentioned an alternative that uses LoRa. That's nice but it sounds like the attraction of Firechat was that it used ordinary phones that everyone already has. LoRa by comparison is special hardware that is already a bit suspicious.
If you're willing to use special purpose radios and live with low bandwidth text communication, you can do quite a bit better than LoRa, such as with JS8CALL and HF radios. But, a sad "theorem" tells us that any communications medium will be beaten into carrying video....
Once you realize that the ability to update code, obviously, negates any advantage "end-to-end encryption" brings, or any other form of security, you'll quickly find there is not a single secure messenger.
This is an argument I've never been able to successfully make to anyone except a military colonel.
Is there really no way on an Android to keep an app forever without taking updates? Of course maybe the OS needs to be updated which then breaks the app and necessitates updating the app, but the distinction of a forced update seems important.
TIL Briar does "offline messaging". This is news to me, though I've never used it.
That said, I am curious to hear more about the offline messaging. If it only is able to exchange when the two people who are trying to communicate with eachother are directly nearby it isn't so much a mesh network, right? A mesh network would be able to route across other nodes to get to its destination. Does Briar do that? The "How it works" page doesn't really seem to answer much, so I am assuming not.
I think a combination of LoRa, bluetooth, and WiFi might be the alternative. I've seen videos of LoRA functioning below the noise floor (perfect for evading RF triangulation), and at 200km (perfect for reaching past physical borders). The major weakness is line of sight (and availability), but bluetooth and WiFi can help there.
Communication protocols that incorporate spread spectrum (code/direct sequence for GPS and chirp spread spectrum for LoRa) get a "processing gain" at the stage of the receiver where the signal is despreaded. The resulting signal will have an SNR roughly equivalent to a narrow band (non spread spectrum) signal with otherwise the same parameters. You will have a generally equivalent bit error rate for the same SNR.
It's also possible to receive non spread-spectrum signals below the noise floor, if you can observe it over longer time and get additional "processing gain" that way
Additionally, it is a bad idea to use spread spectrum as a means of concealment because if the adversary is physically near enough, your signal will show up above the noise floor. Due to the inverse square law etc, you have a narrow zone of enough power to be received by your remote recipient, but not enough power for closer adversaries to detect you. You are also reliant on the unlikely situation of an adversary without more advanced RF hardware with lower noise receivers.
Other posters have pointed out that this is incorrect, but I wanted to give a bit of intuition as to how signals can be received when they are below the noise floor.
First, as a definition, below the noise floor means that the power of my signal at any given time is smaller than the power of the ambient noise in my channel, and usually this implies that you're only interested in a particular segment of frequency spectrum (e.g. within the 10MHz band centered at 1.8GHz). If we were doing a simple frequency-shift keying or amplitude-modulated signal, once the noise power exceeds the signal power, there is basically no hope of recovering anything useful, as those are both demodulation schemes that rely upon obtaining instantaneous estimates of the frequency or amplitude of the signal of interest.
However, spread-spectrum methods make a time/frequency tradeoff, where the signal of interest is "spread" across multiple points in time and frequency. A very simple example of this is to say "if I want to transmit a 1, instead of transmitting one cycle of a sinusoid at 18.GHz, I will transmit 10 cycles". Then, at the decoder stage, you average across 10 cycles of your carrier in order to detect whether a signal was sent or not. By doing this averaging across time, you get a 10x gain versus the noise which is expected to cancel itself out as often as not.
True spread-spectrum techniques are more advanced than this, they actually use wave shapes that are more complicated than just a sinusoid to make it easier to detect when they start and stop (whereas with a sinusoid there's a fair amount of ambiguity if you shift one period to the left or right) but the fundamental idea of averaging across time is the same.
Through this mechanism we are able to rescue out signals from far below the noise floor, although it reduces your maximum transmission rate. When dealing with digital radio systems we can even rescue out signals from below our quantization floor, although not too much lower, as eventually you lose the ability to average out a signal that is fluctuating by significantly less than a single bit.
Whenever I talk about making tradeoffs in transmission speed to aid in reception, I am reminded of the ELF systems in submarines [0]. While they did not use spread-spectrum techniques, (they just jumped between two frequencies, 76Hz and 80Hz) they still correlated across time to boost up their effective SNR.
[0] https://en.wikipedia.org/wiki/Communication_with_submarines#...
> If the RSSI is below the noise floor, it is impossible to demodulate the signal. However, LoRa can demodulate signals that are below the noise floor.
Not exactly. Briar uses bluetooth or wifi when peers are close, but also tor (over standard internet) when not, so it's possible to use it at wide scale.
I would think that a meshnet only over contacts would have too many holes to really be helpful in the hypothetical protest setting that's being described. Definitely a cool way to do it! Do you happen to know if it's XMPP or something, or it's own protocol?
There are still holes of course, connecting only to contacts limits the spread of messages but ensures you don't leak too much information if your device is compromised
Briar is awesome. Ive used it to talk to my wife when we are seated away from each other in planes or trains and cant get up, via bluetooth due to lack of service, wifi, or because of airplane mode.
I continue to be frustrated by having to use the plane's satellite internet connection (not always free) to message somebody sitting two rows away from me, so this would be great.
Seriously though, if you are going to take a phone to a protest, buy an Android used at a bodega and don't put anything personal on it. Expect to lose it.
I've bought a fair number of test devices. Nobody at a corner shop or mall phone repair kiosk has ever ID'ed me or kept track of the IMEI of a device I bought.
Interesting. My understanding was that IMEI could be traced to what vendor it was sold to, then they could pull the purchases and either see the card used to buy it, or find the video when the transaction occurred. Guess it depends on whether there is a method to pin which the exact phone without needing to scrub the purchases records.
You are significantly overestimating the level of recordkeeping by random sellers of used and/or ultra-cheap phones. Manufacturers, major retailers, and carriers may keep this information, but bodegas and street vendors certainly do not.
This is certainly approaching murder investigation levels of effort by law enforcement, but I don't think it's ridiculous to imagine a POS system being used that keeps transaction records for a year or two.
There are so many links in that chain that need to line up, from the manufacturer keeping track of it to the distribution system to keep track of what batch goes where to the vendor keeping track of what phone IMEI is sold when or to who. Even if all those link up you need to get at the video within the rotation time for their video storage or link to their financial transaction data.
I would not be surprised if it is still as easy to evade as shown in the show (and as easy to get wrong).
New burner phones, probably, but one could exit from a flea market or 2nd hand shop with a €100 bagful of phones not linked to anyone, at least until one puts personal data inside them or creates a potential association by using the same phones along personal ones on the same WiFi/cell tower/position or calling the same numbers.
US is one of the few nations where you can buy a phone and sim card without exposing your ID. You can even wear a full face mask when you do it if you're paranoid.
It's annoying, but open source projects tend to prefer more open platforms. I assume that many Briar users use a deGoogled custom ROM instead of the stock Android ROM and a privacy focused app store like F-Droid.
They almost always start out this way then slowly become figured out and integrated into the corporate machine. And the ones that are centralization-resistant become demonized and/or suppressed by the media. Tor, bitcoin, etc.
The entire history of the internet is basically decentralized protocols being slowly transformed into corporate walled-gardens.
they are just failed business with above average marketing budgets. It would have sold to facebook just the same if it took over market as whatsapp did.
That seems very likely. My point wasn't to say that they were looking to make a revolutionary tool to fight a state, more that it makes me sad that the ones that catch on are rarely open source ones that have existed.
Do you know of any projects that tried to advertise how much it helps? Obviously quite a limited set of projects that would even have a budget to advertise, but I wonder if there is data on how much it helps to show folks there are other options.
there's ton of data. that's why most project want to use MIT. They dream with vc money so they can just dump it all in marketing and make bank. like moby, i mean docker. npm. etc.
hence why you either go GPLv3 or don't bother calling it open source.
Not only marketing but also the worst engineering, testing, design, accessibility ... budgets.
Financing open-source projects is hard because anybody can take them and build stuff on top of them to sell at a way higher margin (or they are restrictive i.e. AGPL so nobody builds anything on top of them)
Only well-financed major open source projects are the ones that existed at critical points of time where no strong proprietary alternative with abundant features existed (e.g. Linux kernel, GCC, Apache Web Server) or the ones that are created by major companies as part of their infrastructure and released as a way to shape markets (e.g. Kubernetes, Chromium, PyTorch, React, .NET Core) for the worse or the better.
To be clear, FireChat was a proprietary and closed source app which went away for reasons that only the people controlling it truly understand. That immediately suggests to me more of a "the money ran out" situation vs the more salacious "the CIA had a word" style implication at the end of the parent.
Huh, I've had the mesh network concept rolling around in the back of my head for years specifically due to FireChat. I had no idea it was gone - guess I took it for granted.
Wonder if anybody's got more info on what happened?
While I quite like Meshtastic and have literally dozens of t-beams, they serve fairly different usecases. Meshtastic is great for keeping in touch with your preorganized paragliding group or whatever, but the need for special hardware will always limit adoption in emergent scenarios vs. FireChat's "we're going to the protest; install this app".
Several years ago (circa 2015) I was asked to build an app like FireChat by just the _oddest_ couple of guys I've ever met. They wanted an app where you could connect to other folks just by being near them. I never could get them to agree on what exactly the app was supposed to be beyond that.
The first gentleman was a VP-type for a large company. He insisted that the app (nicknamed "Pals" at the time) was for people with similar interests to find each other and connect based on just being near the same place at the same time.
The second partner was a well-known lawyer in my city. When I mentioned their app sounds like a dating app, this guy says to the first man, "SEE! It's a dating app." And then he proceeds to tell me (in graphic detail) his proposed strategy to build a dating app that would tell you where the other person is when you go to meet them in person. He essentially wanted to be able to spy on them to see if the person matched their online description or not before committing to the date.
I thought the idea, while clever, was also super creepy but offered to build it for them. I thought if they pivoted to something like large-scale live events they might have something. Imagine going to a sporting event and having a group chat with everyone else at the stadium. Great way to make new friends/contacts to hang out with later.
They hired a marketing firm to build it instead, and last I heard they had given up on the idea. I guess the only good that really came out of it was that I had a lawyer to call when I had to go to traffic court a few years later. Turns out he was actually pretty good at his job.
FireChat was never going to be resilient enough because it was installed on Apple and Google controlled devices.
This kind of system needs a dedicated or at least 'open' device with adequate hardware to support wireless mesh networks.
I would love to see something like this, because we (even, or rather, especially; Western countries) currently have no decentralized fallback for emergency communication. If the electric grid and cellphone network go... most people don't even have AM radios at this point.
If the electric grid and cellphone go, what would be the problem with devices being Apple- and Google-controlled?
It seems like you're talking about two related but ultimately distinct concerns, i.e. reliance against infrastructure failures and reliance against organizational failures.
Yeah, you're mostly right. I mean, these centralized entities could still sign and release instructions over the mesh network propagation (unlikely though).
Having an overall culture/goal of decentralization, can inform decisions on multiple levels/concerns (infra, energy, org). Basically, if I'm trying to be resilient to infra problems, it won't be that much effort in changing the design to also be resilient from centralized control.
It's been years since I had it, but I uninstalled it when I figured out it was breaking my phones wifi connectivity. I don't know how or why, but when it was installed, my wifi was inconsistent and would frequently drop. I would uninstall it, and the problem would go away. This was on Android at least 5 years, and maybe as many as 10.
the eulogy also forgets it was a mesh-tweeter public and all, not a mesh end to end private comunication solution people should have been using on those situations.
> In 2014, after Hong Kong protesters demonstrated to the world how effective a tool it was, news blogs quickly pointed out that FireChat messages were not secure. By 2015, Open Garden updated the app to include end-to-end encryption,
This type of service needs Apple and Google support to go anywhere, given how restricted access to radio hardware and background processing is on iOS and Android, and they're clearly not interested.
Apple has even rolled back AirDrop functionality, supposedly because of people receiving unwanted photos (which I don't doubt happened, but changing the defaut could address that – just outright removing the option to receive from anybody seems wrong).
There's absolutely no reason we shouldn't at least have a P2P Wi-Fi based chat client preinstalled on every iOS and Android phone, with a default of being able to message only known contacts. I mean, even the Nintendo DS could do it in 2004!
The article mentions Singaporeans, so I was very curious to find out how they were involved. But the word (erroneously?) links to the Hong Kong protests movement.
If you really want a chat tool to start a revolution, meet in person with people you trust and don't bring any electronic devices with you. And only talk to people who you really trust. Forget phones.
A antifa relative does not carry their phone with them when they meet, nor do they carry it in their person when attending a rally - they have a friend/lawyer name/number written in a paper with them, just in case some one has to be contacted.
At rallies, masked, sun glasses, baseball hat and a couple of shirts
It's not like the US recently saw protestors snatched off the streets in unmarked vans by unidentified forces [1]... or protestors designated terrorists by officials [2]... or widespread deployment of military surveillance on peaceful protestors...
In fact there's protests happening all over that seek to PROTECT the people who do this. And it's not like this is the first time THIS WEEK this happened. Also they're still holding several European academics to get the terrorist who killed several hundred people attacking the Bataclan in Paris and Brussels airport freed. In fact they keep claiming they're about to execute the first of those academics.
> there's protests happening all over that seek to PROTECT the people who do this
The protests are about protecting Gazan civilians, not Iranian security forces, which are different sets of people existing independently of one another. But of course you know that.
I assume you have seen the protests, the black flags, the green bandages, the swords on the flags, the demands to destroy Israel (from the river to ...), the demands to "free Palestine" (which is a sentence that makes no sense if it's about Gaza, or even Gaza and WB, or even everything 1967 borders, it only makes sense if it's a demand to destroy Israel), and the other demands ...
If these protests are about protecting civilians (of course, never ANY mention of protecting Israeli civilians from Hamas, that's not worth complaining about), I "somehow" missed it.
The "demands" seen everywhere in those protests. Just imagine a Jew would protest with a demand to drive muslims out of historical mosques ... But demands to drive Jews away from the wailing wall is perfectly reasonable, apparently. Nothing racist here!
Most of all perhaps, after 10 years of "you can't react against individuals because of what a country is doing", the constant actions taken against Jews and Israeli by all these protests seem EXTREMELY hypocritical. The outright racism outpouring these protests are, first, causing, and, secondly, accepting racism as if it doesn't matter. This, after decades of raging demands to stay kilometers away from anything that might look racist. Well, here's stating the obvious: these protests look racist. And not a little bit.
If anyone on the progressive side wants to accuse anyone else of religiously motivated racism in the next 50 years, they're going to get these protests thrown in their faces as proof that the progressive left are raging racists. And that complaint will be ... sorry, but that complaint will be accurate. These protests will affect a great many lives for decades, and almost universally negatively. How can anyone who likes these protests complain about a decision maker that "doesn't trust muslims anymore?", without BEING a complete hypocrite?
The next time someone demands that universities stop all cooperation with any university in any islamic country, what will you say? Trump only has to utter the words and it will take 50 years to repair the damage. And even if it's not Trump, obviously this demand will come.
Plus you're not going to say that you haven't personally caught the Palestinian side in an outright lie. Like the famous hospital "rocket strike". Even what's on the BBC when it comes to Gaza is bullshit [1] [2]. Have you failed to notice the completely different arabic ("we will win" or even "we'll kill all the jews") press messaging on Al Jazeera for example, vs their english reporting?
Note that the BBC reprinted Hamas propaganda without thinking. EVERYTHING about the printed BBC claims was wrong:
a) the rocket didn't do anywhere near the claimed damage (it made some cars dirty, destroyed maybe ONE car)
b) did not kill anyone at all, certainly not 471 people
c) and hurt ... maybe just a single person (who got shrapnel from a window in his hand, not exactly a life threatening injury)
d) the rocket was not fired by Israel, but by Palestinian terrorists from directly next to the hospital
e) The BBC did not present any doubt in their reporting, despite knowing the report was Hamas propaganda. The BBC reported a failed attack by Hamas by directly accusing Israel of, purposefully, killing Palestinian children in a hospital. What I'm saying is, this reporting did not carefully, unintentionally cross the line. This is utter, raging lunacy. If Israeli's complain this report was "blood libel" ... well, sorry to say, but that's exactly what it was.
Hell, it was worse in at least one way. The Soviets never actually committed the crimes they accused Jews of in "the protocols". Hamas did commit the crimes they accuse Israel of. There have been allegations of this before, even allegations Hamas committed warcrimes against their own people JUST to accuse Israel of those crimes.
... and of course everyone participated. The UN's secretary general repeated this propaganda!
up to this point EVERYTHING about the BBC report would have been extremely obvious to the reporter on the ground. It was BBC employees purposefully lying.
So, no, forgive me for saying that this is very much not about truth or justice, they are about killing Israeli. Nothing else.
f) the rocket didn't explode (the first thing that MIGHT not have been obvious to the BBC reporter). It started rotating, dumped it's fuel and "rapid unscheduled disassembly" occurred.
g) And, lastly, note the titles the BBC chose to use. To report the wrong information "Hundreds feared dead at Gaza hospital as Israel denies strike", to report that their information was incredibly inaccurate they waited NINE DAYS (and the dates on the articles are TEN days apart), and the title of that "retraction" was "Gaza hospital blast: What does new analysis tell us?"
Not having any communications at all puts you at a massive disadvantage when opposing people who do. Absolutely no revolutions were ever accomplished by improvisational means.
Anyhow, a combination of the two is likely best. It won't really help though, "back in the day" every movement had a few police informants in the mix. There's less of that now with electronic monitoring, and 24x7 tracking, but a totalitarian state likely has more of that mix.
Heck a bunch of crooks tried to rob my house, and were caught not only due to having their phones on them, but ALSO due to sending SMS messages about houses they were examining "This house looks empty!", but also because they dropped a phone outside my house, when fleeing when the alarm went off... and the phone wasn't even locked!
Just imagine in a police state. I think a lot of revolutions get stopped before conspirators even get to the "protect our comms" point.
A revolution is all about subterfuge, intelligence, and trust. If you don't hone those skills, you might not be suited for one. Conversely, technology is an attack vector.
Everything is trade-offs. Meeting in person is great, until you're in the middle of a protest and everyone has to scatter because the police are firing tear gas at your skull. At that point, you rather do need to either have had a plan, or you need some way to communicate that isn't face-to-face.
It was quite remarkable how Jan 6 proceeded entirely in the open with people posting selfies of themselves saying "off to overthrow the government today!", but because that kind of thing is entirely normalized from rightwing sources it wasn't important until those arrested eventually made it to court.
Stochastic terror and the stochastic coup work great precisely because there are no clear unambiguous two-way communication trails between the instigator and the accomplices; just a lot of "wouldn't it be great if somebody did something". Fell apart afterwards because there was no further planning.
.svg){kind=link}