On Sun, Mar 10, 2013 at 10:29:44AM +0700, Nathan of Guardian wrote:

Glad to see such a great level of academic investigation and discourse coming out of this esteemed university.

I'll give him a pass on rigor, as this is an informal article and not intended to be a journal paper. (Besides, I write in the same style most of the time.) But when he asks: "What app should I use if I'm trying to overthrow my government?" I think he completely misses the point. I think a much more fundamental question is: "Should I use ANY app?" My answer to that is no. In fact: HELL NO. "Using a smartphone" strikes me as one of the most dangerous things you could possibly do in that situation. Yes...I know that's not a happy statement and is likely to be unpopular here, but let me see if I can manage to back it up. First, if you have a government that is so awful that the only alternative left is overthrowing it, then they control the telco. Therefore everyone walking around with a smartphone is providing them with a 24x7 feed of geolocation data, to the resolution available. (And that can be selectively improved in locations of interest.) Second, everyone using a smartphone is providing them data for traffic analysis. Oh, sure, it might be encrypted, but if X sends a 27313 byte message and shortly thereafter Y and Z get a 27313 byte message... Third, everyone using a smartphone and transmitting/receiving IP traffic is also providing them information about their intentions, Tor and VPNs and HTTPS notwithstanding. ("Oh, look: every night, right after the protests die down for the evening, X sends 300-400M of traffic out. Gosh...I wonder what that is.") Fourth, malware on phones is epidemic. One might have a fighting chance of stopping it if the phones are centrally managed and strictly controlled (no downloading of apps, no "updates", only a few web sites accessible, etc.) but few have the knowledge, resources and discpline to do that. Plus "centrally managed" is not exactly the best idea in this context. And of course any government faced with this threat will probably write and release more malware. Any government that *thinks* they might be faced with this threat in the future could plan ahead and embed the malware in the phones somewhere in the supply chain prior to retail sales. (I would. If I were the dictator of Elbonia, I'd be embedding malware in *every* shiny gadget because of course their closed-source nature makes it easy for me to do so. This would constitute an inexpensive insurance policy -- actually, now that I think about it, I could probably just pass the costs along to purchasers and thus get them to fund my malware. I'd label it as "a feature" or as some sort of network performance/diagnostic tool. *cough* CarrierIQ *cough*) Fifth, it's pretty easy to shut down the cellular network. Yes, this might have political and economic consequences. So? It's still not a good idea to use a communications medium that your adversary can turn off at will. (Let me note that it's not even necessary to shut it down entirely: local/temporary disruptions suffice and are easier to explain away. As we've seen.) Sixth, and let me encapsulate it as a principle: If you need a GUI to overthrow your government... you're probably not going to overthrow your government. That's harsh, condescending, snarky...but I think it's probably true. Sorry: revolution is hard. And if you're faced with an oppressive, vicious, murderous government that's fighting for its existence, I assure you that they will have people at *their* disposal who don't need a GUI to do whatever horrible things they have in mind. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE