Egypt appears to have cut all internet connectivity with the rest of the
world in an attempt to quell its use in organizing protests. The only
reason this makes any sense is if the tools used to organize the
protests (Twitter, Facebook, Gmail, etc) are hosted outside Egypt.
To this you might say "Let's just host protest-organizing tools on
servers inside protest-likely nations in anticipation of them using this
strategy again." But that won't work because odds are the government
would just seize all protest-organizing servers within their borders.
So the only protest-tools that will continue to work reliably are those
that continue to work without access to the outside world, without
relying on locally-hosted servers, and *without even relying on the
internet at all*. It's a tall order, but here's how I'd do it.
1) Recognize that this service needs to be used in the good days, such
that there is adequate distribution already in place when the bad days
happen. THIS IS THE HARDEST PART. I say this in all caps because this
is why no meaningful system like this exists today: the people most
likely to build it are too obsessed with esoteric technical problems
than solving the issues that actually matter in the real world.
Asymmetric, anonymized, mesh-distributed, onionskin-routed communication
doesn't mean anything if nobody uses it. So before even thinking about
the technology, we need to think how to make it relevant to users who
*aren't* protesting (yet).
2) At an absolute minimum, it needs to be no worse than then existing
alternatives. So if it's going to replicate Twitter, it needs to be at
*least* as good as Twitter, otherwise everybody will use the *real*
Twitter (until it's turned off by their local neighborhood dictator).
On way to be better than Twitter is to actually be better than Twitter.
Good luck with that. Another way is to just make your tool post to
Twitter. I think that's a much better idea: if this tool (let's call it
"anoninet" just for kicks) offers some Twitter-like functionality, it
should be completely compatible with the real Twitter in the
99.99999999999% of situations where the real Twitter is actually
available. Same goes for Facebook, Flickr, etc.
3) Ok, so anoninet's primary value in "good times" is starting to take
shape: it's a one-stop-shop to post to all your social networks. So you
install this thing, type in all your passwords (You could store them
locally in some encrypted keychain decrypted by a master password, but
that's the sort of technomasturbation thinking that obscures real-world
requirements; in reality just store it unencrypted because those who
don't care don't care, and those who do should really just encrypt their
whole hard drive), then you can post status updates, photos, videos, and
everything will automatically go to the right place. Indeed, before you
even think about making this into some sort of resilient
protest-enabling tool, you should make this the best possible
social-network posting tool. (Because if it's not that, then nobody
will have it installed when they want it most.) I'd suggest emphasizing
how this thing works even with unreliable internet, essentially letting
you queue up everything locally and it does background uploading as the
network becomes available. Similarly, it downloads everything locally
for offline reading. Odds are your protest-likely environment has
shitty internet to start, so this feature will likely have immediate
value. Add in really good support for USB-connected devices (cameras,
videocams), and basically present it as the single best way to do social
networking in a nation with shitty internet.
4) Step 4 is to succeed with step (3). Don't even think of anything
else until you've done that. Seriously, it's a waste of your time and a
disservice to your users. (3) needs to be totally nailed and immensely
popular before anything else matters. I'd say something like 10% of
your target population needs to be using it before you consider continuing.
5) Once you've got huge distribution of your client-side
social-network-optimizer, then you can start to raise the bar. Because
it's targeted to environments that have expensive and/or unreliable
internet, P2P starts to sound interesting. Throw in a network-localized
DHT and build out a distribution network that "rides" on these other
networks. So every time they post to Twitter, Facebook, Flickr,
YouTube, or whatever -- they're also posting to anoninet. And when
another anoninet is reading your Twitter stream, somehow they detect
each other and rather than getting the data from Twitter (for example),
they get it directly via some localized P2P connection. Present this to
the user as faster, more reliable, and cheaper than getting it from the
*real* YouTube.
6) Quietly encrypt everything and tunnel over commonly-used ports.
Don't talk about this, just do it. Users don't care until they do, and
by then it's too late.
7) Ok, so at this point we have wide distribution of a very popular
social networking tool that uses a localized P2P mesh as an optimized
fallback to the major global tools. Its major advantage is it works
over networks that are slow, unreliable, or expensive. This'll save you
in the Egypt case; these users would continue using the tools they
already use, to talk to the people they already talk with, and
everything will continue functioning as normal. They won't be able to
talk with the rest of the world, but they *will* be able to talk amongst
themselves, which is the important thing. Furthermore, because it's all
P2P, there are no servers to seize, and because it's all encrypted over
common ports, it's indistinguishable from all other encrypted traffic.
8) However, if this had existed in Egypt, odds are Egypt would have just
shut down the internet, period. If a dictator is willing kill you, odds
are they wouldn't blink at turning off your email. So how to make this
work without internet? The answer is: make it incredibly easy to batch
and retransmit data like Fidonet back in the day. So when shit is
*really* going down, you whip out your favorite 4GB, 32GB, or 640GB USB
drive and just sync your local repository (remember how everything was
conveniently cached locally for fast offline access?) with the device.
Optimize it to sync the most popular content first, basically ensuring
that the most intersting/important message is also the most widely and
redundantly distributed.
9) Finally, this needs to spit out an installable copy of itself to
whatever removable media is available. This way when the shit starts to
*really* go down, as people realize the true value of this system it can
spread fast to the people who need it.
Voila. A tool that supports communication amongst protesters even in
the face of total internet blackout. Some other random thoughts:
- Ideally it'd piggyback on existing credentials. So when you install
this thing you don't need to think "I'm creating a new account".
Rather, you just install this thing, type in your Twitter username and
password, and whatever giant asymmetric keypair it creates internally is
just some nameless thing associated with that Twitter account. (And you
might have multiple.)
- This thing needs to broadcast itself via existing networks in a
totally transparent way, so if we're both users and I read your Twitter
stream, I should know you're also a user without you ever telling me.
The first way that comes to mind is this thing could watermark your
profile image with maybe a digital signature (or perhaps just jam it
into some sort of extra field in the image). Then when I follow you, my
client sees the watermark, reaches out to the DHT, sees that you're
signed in (or not), and establishes a NAT-tunneled P2P connection directly.
- Social networks are particularly good for this sort of architecture as
they map well to the "publish/subscribe" model. This works easily on a
P2P network (you register yourself with the DHT by name and
keyword/hashtag, and then when you post there everybody who is
"following" you or a particular hashtag gets your data), as well as
create an implicit "value" metric for use when synchronizing data in
"sneakernet mode" (publishers/hashtags with a high follower count are
assumed to be more valuable and thus beat out less-popular content).
- This sort of system actually isn't that useful to terrorists,
criminals, drug-dealers, and so on because it's designed for mass public
communication (not indvidual private communications). Granted, nothing
in this protects the individual from being targeted, but that's an
entirely different problem. (And I wager one that could be layered on
top of this in a straightforward manner.)
In all honesty, this isn't that hard a thing to build. One dude could
do it. I could personally do it, and know several others who could as
well. But I'm busy. Hopefully a better person than me with more time
on their hands will pick up on this and do what needs to be done. The
world will thank them for it, though its dictators won't.
-david
My blog (including this post) is at http://quinthar.com
Follow me at http://twitter.com/quinthar
No comments:
Post a Comment