Firechat, this «freedom of speech-app» is bogus
Hello there, Mostly I'm just a lurker here but for once I will ask some questions/make remarks about Firechat. As you may know, this app just got extensive media coverage due to their widespread use in Hong Kong «Occupy-central». Check on the Guardian for example: www.theguardian.com/world/2014/sep/29/firechat-messaging-app-powering-hong-kong-protests So, out of curiosity, I just downloaded the app. Below are my remarks on the process: - You can't directly download the apk from the website. For android, the only link available is from the Google store. As if, if you really need privacy and freedom of speech, the first thing that you do is have a google account linked to your android device. I downloaded the app from Aptoide, but well… - Once you download the app, required permissions include: - Localization - Read contacts - Search accounts on the device How are those permissions necessary ? I just want to connect to nearby people. I don't need firechat servers to point me to those people nor to know where I am or with whom I chat. - Once you launch the app, there comes the cherry on the cake, you need to have properly activated and updated Google Play background services in order to run the app. I suppose that it implies that you must have a Google account linked to your device and that, thanks to the «Search account» permission, Firechat just like Google are perfectly aware of who you exactly are ?? If my goal was just to chat with my neighbors without paying during the Worldcup, that would be fine, but the problem here is that this app is now also marketed in newspapers as a privacy app, thanks to Hong Kong protests. When the product was released a few month ago, I already tried it but abandoned immediately due to those privacy problems. What I want first of all is privacy, not to avoid paying my provider. Now I understand that for Hong Kong people this is a lesser evil solution because they fear an Internet shutdown, but well, I am disappointed to remark that «freedom-of-speech» and «privacy-aware» are so strongly disconnected even in a promising app like this one. Xavier
I'm mostly a lurker, too, but I'll remark that Firechat can't be bogus: its use caught on in a massive way, and the ease of use and the P2P connection feature is playing an active part in a community's SUCCESSFUL self-organization in the face of real repression. While you're absolutely right that an app can't call itself anonymous if it collects Google Play information on its users, the question about whether the app allows perfect anonymity isn't as important as: does the app allow perfect anonymity from Beijing? Is there a danger that Google Co. Inc. will help the government of China identify Firechat users in the case of a retroactive crackdown? This is a political problem North Americans could indeed work on, if it came down to that. This conversation reminds me of Quinn Norton's "assess your adversary" talk at HOPE (https://www.youtube.com/watch?v=RkjrbK3DyRM). I'd also point out that I believe Firechat is open source. And on Github: https://github.com/firebase/firechat They're working on adding encryption: http://www.forbes.com/sites/parmyolson/2014/09/29/firechat-prepares-encrypti... On 30/09/14 07:23 AM, Xavier wrote:
Hello there,
Mostly I'm just a lurker here but for once I will ask some questions/make remarks about Firechat.
As you may know, this app just got extensive media coverage due to their widespread use in Hong Kong «Occupy-central». Check on the Guardian for example: www.theguardian.com/world/2014/sep/29/firechat-messaging-app-powering-hong-kong-protests
So, out of curiosity, I just downloaded the app. Below are my remarks on the process:
- You can't directly download the apk from the website. For android, the only link available is from the Google store. As if, if you really need privacy and freedom of speech, the first thing that you do is have a google account linked to your android device. I downloaded the app from Aptoide, but well…
- Once you download the app, required permissions include: - Localization - Read contacts - Search accounts on the device
How are those permissions necessary ? I just want to connect to nearby people. I don't need firechat servers to point me to those people nor to know where I am or with whom I chat.
- Once you launch the app, there comes the cherry on the cake, you need to have properly activated and updated Google Play background services in order to run the app. I suppose that it implies that you must have a Google account linked to your device and that, thanks to the «Search account» permission, Firechat just like Google are perfectly aware of who you exactly are ??
If my goal was just to chat with my neighbors without paying during the Worldcup, that would be fine, but the problem here is that this app is now also marketed in newspapers as a privacy app, thanks to Hong Kong protests.
When the product was released a few month ago, I already tried it but abandoned immediately due to those privacy problems. What I want first of all is privacy, not to avoid paying my provider. Now I understand that for Hong Kong people this is a lesser evil solution because they fear an Internet shutdown, but well, I am disappointed to remark that «freedom-of-speech» and «privacy-aware» are so strongly disconnected even in a promising app like this one.
Xavier
On 09/30/2014 12:39 PM, Bethany wrote:
I'm mostly a lurker, too, but I'll remark that Firechat can't be bogus: its use caught on in a massive way, and the ease of use and the P2P connection feature is playing an active part in a community's SUCCESSFUL self-organization in the face of real repression. While you're absolutely right that an app can't call itself anonymous if it collects Google Play information on its users, the question about whether the app allows perfect anonymity isn't as important as: does the app allow perfect anonymity from Beijing?
Well.. you can't be sure if you don't have the source code ;) (see below).
I'd also point out that I believe Firechat is open source. And on Github: https://github.com/firebase/firechat
I think that's a different app [1]. There is no mention for source code on the official website. [2] [1] https://firechat.firebaseapp.com/ [2] https://opengarden.com/firechat -- Nikos Roussos http://www.roussos.cc
On Tue, Sep 30, 2014 at 10:39:00AM +0100, Bethany wrote:
I'm mostly a lurker, too, but I'll remark that Firechat can't be bogus: its use caught on in a massive way, and the ease of use and the P2P connection feature is playing an active part in a community's SUCCESSFUL
i think it might be a bit premature to talk about success. it might turn out to be a successful trap. i'd wait until the crackdown or something is actually achieved. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
Dnia wtorek, 30 września 2014 14:53:05 Nikos Roussos pisze:
On 09/30/2014 12:39 PM, Bethany wrote:
I'm mostly a lurker, too, but I'll remark that Firechat can't be bogus: its use caught on in a massive way, and the ease of use and the P2P connection feature is playing an active part in a community's SUCCESSFUL self-organization in the face of real repression. While you're absolutely right that an app can't call itself anonymous if it collects Google Play information on its users, the question about whether the app allows perfect anonymity isn't as important as: does the app allow perfect anonymity from Beijing?
Well.. you can't be sure if you don't have the source code ;) (see below).
I'd also point out that I believe Firechat is open source. And on Github: https://github.com/firebase/firechat
I think that's a different app [1]. There is no mention for source code on the official website. [2]
[1] https://firechat.firebaseapp.com/ [2] https://opengarden.com/firechat
Let me just add that a truly FLOSS and P2P Twitter replacement, Twister, got a huge number of new Chinese-speaking users during the last few days. Tags #occupycentral and #hkclassboycott are really active as far as what could be expected from a beta you have to compile yourself. https://github.com/miguelfreitas/twister-core http://twister.net.co/ You can search Twister from outside with this (warning: code unavailable, it's a 3rd-party service, might eat your dog, etc): https://twisterio.com/ Examples: https://twisterio.com/search?kw=hkclassboycott https://twisterio.com/search?kw=occupycentral -- Pozdr rysiek
participants (5)
-
Bethany -
Nikos Roussos -
rysiek -
stef -
Xavier