I think the most critical thing we could do is to make a small app that handles direct P2P communication. Let's take the internet where it was built to go.

For example: Each person stores encrypted their contacts routing information. You can direct-message (server-less) if the person is online, or if not, send it encrypted to others who are online, and when the person logs in, it's routed on to them. You could do micro-blogging like this, where messages pulse out to two or three degrees of separation, and only if they are validated (i.e. liked), do they push on further. This lets spam die soon (or sooner if it's marked as such) but important messages will make their way through the system.

> I think the most critical thing we could do is to make a small app that handles direct P2P communication.

Agreed. In order to actually solve the problems we face though, this p2p app needs to always encrypt messages -- even for indirect messaging. It needs to solve the authentication problem. And it needs to be opensource for perpetuity.

Forward secrecy ("I threw away the key") and repudiability ("You can't prove I sent that") would also be nice. OTR has these and I highly recommend reading the OTR papers [1] [2].

All in all this is a tall order. Heck, authentication alone is a tall order. The OTR Pidgin plugin has you enter a shared secret in order to authenticate a new buddy. I'm not sure this is ideal. Normal users will agree on that shared secret through an insecure channel like phone or text, or just use a guessable one, opening the door to a MITM attack at the most critical stage.

I'd rather see a web of trust [3] solution to the authentication problem. Bootstrapping the trust network is of necessity harder because it requires more careful interactions, usually f2f, but it does enjoy a viral property: the more users in the trust network, the easier it is to fill out your authenticated contacts list, since you'll be getting many of their identities through WoT introduction.

Maybe the existing GPG web of trust could be used as the base -- ie, offer import of GPG keys and trust database, or just reuse the GPG code straight up.

[1] http://www.cypherpunks.ca/otr/otr-wpes.pdf

[2] http://www.cypherpunks.ca/~iang/pubs/impauth.pdf

[3] http://en.wikipedia.org/wiki/Web_of_Trust

I know it's hard but I also think it would be one of the most important things we could do.

If you or anyone else is interested in building this, email me.

I think the holy grail of P2P networks will be when we have something like Bluetooth that has a significantly better range. So we can really exempt ourselves from private infrastructure.

http://en.wikipedia.org/wiki/ZigBee ?

These things are made, and then they fail due to lack of interest.

The problem is that these things solve a theoretical problem, not an actual need.

Doesn't such a validation system place a model for censoring in the very architecture of the system?

Only in the way Page Rank is for web sites. It's reputation-based message propagation.

I would even argue that it's necessary. Without this, it would susceptible to attack by injecting noise to drown out the signal.

Retroshare?

Am thinking devoting our focus on such privacy-focused projects as :

Tent [ https://tent.io/ ] : the crypto-social network protocol

or

BitMessage [ https://github.com/Bitmessage ]: crypto-P2P message protocol

If more people can join these efforts (even as early adopters), it would do us all (the entire internet village) a great benefit in fighting back against the System.

This would have a whole lot more credibility if you had actually done something yourself, rather than doing the same as everybody else, which is to say nothing at all except writing a bit of indignant text on a website.

writing indignant text on a website should the the first step for any endeavour!

Many projects with similar aims already exist, meshnet (https://projectmeshnet.org/) comes to mind.

People becoming inspired to change the world after recent events need to be directed to established projects where their (probably short lived) enthusiasm can make a difference.

This isn't about Technology.

This is about Government and organizing. Not to sit around and code. Its about organizing.

The same principles apply, just like everyone suddenly becomes an expert on politics just before elections.

I'm from the UK so you could say its worse for me as I'm definitely allowed to be spied on by the NSA. What are you suggesting should be built/organised? Protests? Another political party? Aggression?

Governments today have seemingly limitless ability to do whatever they want and then just shrug it off if they get caught, we on the other hand don't have that luxury, we have consequences. This is why you'll find few people willing to stand up and put their ass on the line, the last really notable people (Aaron Swartz, Edward Snowden) unfortunately aren't doing too well right now.

If something of the scale capable of toppling the current power structure is to be organised then the tools for doing so need to come first.

I think a lot of us are working on things that will help, but there's no single silver bullet.

I've been working on a secure, unblockable network, at Tavern.com

It uses GPG to encrypt messages, and passes them along by any means possible - The public internet if possible, Wifi if necessary, or saving to Phones or USB sticks in the worst case.

If you know Python, I'd love to have your help. Send me your Github username, and I'll add you.

I'd love to give it a security review before a public release - There are some rough spots, but I think that having people like us stand up, and do what we can, is important.

I'm in the process of putting together a weekend project inspired by this (doubling as teaching me everything about webdev because I'd hadn't grasped it all fully yet).

It's going to be a super simple site, but it will simplify the process of writing to your representative. In my experiences, physical letters have yielded better results than emails. I'm basically making a site that will easily let you select a representative, type out a letter, and it will cheaply print, address, and mail the letter for you with 25% of the proceeds going to the charity of their choice.

Any thoughts on that? It's my first real project building and deploying a website from scratch, so I'm chugging along on it slowly when I get free time and learning a lot along the way. I don't expect this will be a game-changer regarding PRISM, but it will be solving a pain point for me where I want to write my representative but emails seem futile and mailing a letter is inconvenient.

I actually just commented about this same sort of thing. Except I think voice messages would be far more effective, and a rep would actually have to listen, whereas letters can be easily dismissed and thrown away. How about a website that utilizes the computer's mic and instantly sends the voice message to the rep? Wouldn't that be easier, cheaper, and more effective? (Of course, the scope of creating such as website would be much more difficult)

That sounds really cool too, and it could be a nice addition later on down the road. It'd definitely make it a little harder to put together, so I'd probably save that for after I got the initial version out into the open. Thanks for the thoughts!

We have something like this in the UK, which works very well indeed: http://www.writetothem.com/ . May be worth copying their design as a starting point.

Does that send a physical letter or an email? It looks like I'm going for the same thing, but I'm using an API that will send physical mail for a low price.

I believe that politicians still respond better to letters received through the post than in their inbox (anecdotal evidence from my friends who've volunteered for congressmen).

Email (or a fax, I believe).

Physical letter - good idea!

Sounds like a good idea—enabling the effectiveness of a mailed letter with the ease of an email. Most people don't seem willing to do more than an email to their members of Congress, so this may have real value.

The two issues that keep the public from taking action are:

-Apathy or laziness

-Not knowing how to effectively make a difference

So let's brainstorm how to address one or both of these.

Apathy and laziness is an economically logical reaction to data collection because 1) most people don't have time or interest to deal with governemnt issues, 2) they don't feel their data is relevant, 3) they don't know about their Constituational rights and don't have the time or effort to defend them, 4) the issue hasn't become serious enough yet. Really, what most people are doing is just upvoting pre-written opinions they agree with plus relevant articles they see online (guilty). The most we can ask for is for people to send cookie-cutter emails (such as the EFF's) to their representatives.

I'm not saying I agree with the current system of government, but without going into the entire American government system, suffice it to say that we are supposed to contact our representatives directly. The transaction cost of doing so requires that a person 1) find out who their rep is 2) compose a (well-written) email or letter to them and possibly follow up at a later date. How many of you can say you have done this?

So perhaps we can try and narrow the transaction cost of contacting a rep? How about a website that automatically finds out your rep, then let's you send them a voice message with your mic on your computer. This will fix 1) Some of the effort required, 2) Diminishes the ability to dismiss cookie cutter emails and letters, 3) Allows the user to send a voice message before they get up from the computer and become apathetic or forget about the issue. Would this be a viable solution?

Side-note: If you really want to make the biggest impact, start using Bitcoin. The government has power over you because they can tax you.

Emails don't have much effect. I used to email my representatives regularly, to no effect. I always just got an automated response presumably picked out from a set by keywords in my email, and the response was usually praising the thing I was writing to urge them to not support.

Written letters have greater impact, and actual phone calls have far more yet. I don't think recorded voice messages will have as much of an impact as actually calling and interacting with someone in their office. They can ignore recordings just as much as emails, but it's harder to ignore someone who is actually conversing with you, especially if there are many such people doing so.

stopwatching.us and others have put together a phone number you can call which will automatically connect you to your legislators and give you tips on the sorts of points to make. https://call.stopwatching.us/

I'd have to agree. But it's not about everybody converging on one project, as implied in the question; it's everybody doing their part to create a huge decentralized mesh - decentralized and uncontrollable.

Most people live in the here and now; if things don't affect their daily lives, it's not worth attention. But we're all intelligent enough to see where things are heading. We're also all intelligent enough to know that we can at least mitigate the effects of expected developments through coding a few tools.

The more people that think of such tools, the better. But that's not enough. Being a bit blunt, ideas don't count for shit on their own. The more people that sit down to code such tools from those ideas, the better.

I agree. Let's do something. But what? Physical protests? Projects created in protest? New tools that can actually do something to make a difference, e.g. meshnets, anonymization & encryption software, email clients with GPG support built in? Participating in existing projects to do the same?

Some people have started doing things. See:

https://optin.stopwatching.us

https://call.stopwatching.us

http://www.restorethefourth.net

And if you have browsed New on HN for the past few weeks, you will have seen many hobby projects on the subject which received little to no upvotes.

But I agree, let's keep it up and do something.

And by the way, here's my idea I've been throwing around. It's just an idea and I'm not sure if it would even work or be worthwhile, but:

A decentralized personal information protocol. Instead of joining a social network or other online service and putting all your personal information into their database, you run your own server (either truly on your own server if you want the most privacy or through a hosting service for this protocol if you want ease of setup) that contains a certain set of information which services can request (but you must authorize, like with OAuth). Information generated within those services is then saved to your server rather than their own. Thus if you cancel your account, you have sole control of the data. If they don't allow you to cancel your account, you can just revoke their access to your server.

Problems:

- Trust: You can't trust everyone to not save their own copies of the data themselves. Perhaps this could be semi-solved by having a machine readable license agreement for your data that the services agree to by connecting to it, giving you the ability to sue if they violate those terms.

- Performance: Presumably there would be performance issues in something like a highly-interconnected social network if each person's data is on its own server. Some servers would be more reliable than others, too, leading to instability for the greater service using the data.

- Public exposure: If the services using your data are, for example, Facebook-like in nature, where a large amount of the data is publicly displayed anyway, there is nothing stopping anyone from scraping it off the public-facing webpage and archiving it.

I wonder if the same things that worked in Europe could be used in the US. Over here, we have a nascent network of professional activists (EDRI, DigiGes, laquadraturedunet) that monitor critical developments and coordinate the hacking, the public relations, the interactions with politicians and the feet on the ground. Having something like this is essential to be able to harness the public outrage fast enough to make a difference.

For instance, this network campaigned for a long time against ACTA, but not much was happening. Then all of a sudden there were mass protests in Poland (btw. thanks guys!) which, together with protests in other countries, helped the network to get heard by the people that matter in EU politics. This is how ACTA was killed.

From my perspective, it seems as if the US has some organizations that could help in this, if they would coordinate. I'm skeptical, however, if the way in which the US tech scene is organized might not be detrimental to the overall effort. To many people in it for the next big thing, to few people doing blinkenlights.

Ethics. Plain and simple. Computer scientists are given the ability to destroy people's lives, destroy companies, and destroy themselves. I do not care if they're gathering massive amounts of data. I would prefer there to be a system of checks/balances. There is much worse happening in the world and MUCH better places to put time and effort for changing the world.

I want the general populace to be controlled... maybe I'm a minority. Without religion or government, most of my family would be dead or murderers. Shrug.

It's all very well saying "let's do something" and feeling good about yourself, but what exactly are you planning to do?

Does it matter just yet? Really?

What matters is the courage to actually stand up and say, I will do something.

Its time to organize and not just sit behind a damn computer. The time is NOW.

Will you organize? If we moved forward, would you help?

Absolutely not. If you can present a clear, thought-out plan, I will consider joining you.

I'm not going to join a movement without a cause, plan or goal.

What have you done yourself?

Exactly my point.

I started a really basic project to help raise awareness. It's dead simple, but the idea is to remind people who aren't on HN all day about the core issue of privacy instead of focusing on an individual.

https://news.ycombinator.com/item?id=5933612

I wrote about this before. If we could build a website for the creation of a new political party. One that allows all of its members to vote on the direction and political stance of the party. One that allows for transparent party accounting.

I could go on and on....

I will devote some cycles.

Job #1: figure out what to do. What will have the biggest impact for the smallest risk and time investment?

What's the user story?

Really? Who said that and what backing do they have for such an sweeping statement?

Looking at the past 75 years, I'd say that technology has solved quite a lot of social problems. The impact of the washing machine alone, let alone the Pill, was absolutely huge.

Wasn't Barrett Brown working on something?