When the police, etc use facebook and twitter to track and trace people they will stop using them, it's as simple as that.
This time has come.
After discovering that BBM and their Twittery playthings fed straight into the hands of the cops, smartphone-toting revolutionaries have taken up a new type of instant messaging – Vibe. Like Twitter in that it is open and lets you mass-message, Vibe is unlike Twitter in that all messages or "vibes" are anonymous. You can set …
When the police, etc use facebook and twitter to track and trace people they will stop using them, it's as simple as that.
This time has come.
Yeah, 'stick it to the man' with an app on your 'alternative' smartphone.
Yeah, smash the capitalist pigs' system with the aid of your iPhone, then blog about it on your £1500 macbook.
Any message that goes via internet is susceptible to interception with or without an active warrant. E.g. mobile telephone "stored communications" are available for weeks after an event and can be discovered by a retroactive warrant.
Communication between mobile devices can be encrypted. Often the encryption key can be broken in transit, but in particular, the decoded message can be discovered on a device after decryption. At the same time the decryption keys can be recovered and all encrypted traffic that has been intercepted can then be decoded.
To put it simply, anonymous communications can be broken at the transmission device or at multiple receiving devices assuming some devices are seized by the authorities.
So any "Vibe" communications, encrypted or unencrypted, can be captured by monitoring the communications channels, or more easily by seizing receiving communications devices.
What's actually useful is a progressive irreversible key system that allows messages to be read once and then automaticaly deleted before a new key is generated. Ditto the sender has sent messages deleted and the send key progressed.
There's a good body of knowledge on how to do this. However. there is a market gap for software apps that allow secret communications that can't be later be decoded based on intercepted communications or seized devices.
... by the fact that the UK government allows all it's public comms to be freely intercepted by facilities like Menwith Hill which in turn uses the supercomputer based at FBI facility in Langley (US) to look for suspicious activity and profiling. This info will then get passed back to the UK authorities if requested (and as long as it it's in the US's interests, i.e. doesn't comprise thier goals and allows them to keep operating Menwith on UK soil).
Once it's digital it's traceable, end of.
it *mandates* it.
I thought Langley was NSA? or is it all the same?
Also, I was under the impression that Langley and Cheltenham are effectively mirrors of each other, so there *shouldnt* be a need to send it overseas.
Anon, because I quite like my delusion of privacy.
All manufacturers of telecoms broadcast kit must provide details of Duh Spectrum and Keys.
In my experience design has been halted because US D.ect ect. IE Lanley found keys problematic and called a halt to most things. talk about spooks!!
However, code was modified and now all the( Fixed Wireless Access) system in the region which FWA was rolled out is acessible to anyone who has an interest, including spooks (Langley) moreover Moscow, who are not thick!
Not sure who inhabits Langley, but your right I think FBI and NSA are a bit blurred.
I've been trying to remember the name of the computer in the basement, I think it begins with M.
You can bet that all the data will get filtered by the US on US soil before it comes anywhere near UK agencies.
How can it be anonymous if it goes through the network?
The authorities just need to get the network to store all activity so it can be analysed kater. Each message will be linked to a particular phone or device, they will also be able to find out who read it so have information on who was present at the event.
Do you REALLY think the networks (mobile or physical) have the capacity to store all the traffic and the metadata to allow this type of matchup to be done?
Only GCHQ has this type of capability (not that they'd ever admit to it)
however a SMSC (the srever through which all SMS are routed through) can easily copy all messages that flow through it and either store the copy or forward it to an alternate destination. This capability would give the PLODs the ability to monitor in real-time any SMS traffic.
For non-SMS traffic based using packet-data circuits (e.g. IP) standard sniffing tools can be deployed in (for example) the SGSN or GGSN or anywhere in the baseband network. None of this is rocket science.
In either case the apps could use encryption to secure the messages, but GCHQ has enough raw horsepower at its fingertips to make that a fairly htin layer of protection.
"In either case the apps could use encryption to secure the messages, but GCHQ has enough raw horsepower at its fingertips to make that a fairly htin layer of protection"
Do you have any proof of this? I mean, AES-256 would be pretty handy and, given plod has a law requiring you to reveal your password, I'd say they'd find it quite difficult to crack more basic encryption especially in any realistically useful timeframe. Let's face it, you're not going to redirect GCHQ processing power from hunt-the-terrorist operations to collar someone for stealing a f*cking TV from Currys.
PS I'm not into conspiracy theories that state things such as "they only have the law to mask the fact they can already crack encryption". The country's skint, I really doubt it.
Protesters could always use physical people to carry short-range urgent messages. These are completely untraceable online. Too easy ?
Yeah, I'm sure it is.
Oh, hang on, a server somewhere must be storing the message and it's location in order to send it out to other vibe users. But how does it know who to send it to? Perhaps people sign up and constantly give the server their location? The server must store all those locations and a contact IP so a message when it arrives can be sent to the right people. Hmm, that's completely anonymous then.
It's location-based twitter with 'your name' crossed out and 'anonymous' written in in crayon.
* true for certain values of 'anonymous' only.
The 15m radius is obviously via Bluetooth unicast, so quite easy for The Man to monitor or jam without having to interfere with general mobile access. Or more amusingly, they could feed in their own disinformation - "all go Brooklyn Bridge, walk in the road and not on the sidewalk". The global option must involve some form of internet access, which is traceable or blockable (and will be logged) at the point it joins the internet, so sounds just as "anonymous" as using a British-based proxy to hack Sony (now, what kind of twit would do that?).
Rather amused that the same Zami crowd pushing Vibe also brought you Poledancer vid app - what will Code Pink have to say about that?
I'd have thought the system stored [message, lifespan, location, range] and if you're running the app (no formal registration required if it's to be anonymous) the app on your phone polls [any messages for location X]. The system then matches up messages for which you are in the radius whilst all the time deleting expired messages. Not sure any more than that is required. Connection from app should use encryption then the main point of concern is old-mate's server setup and logging.
OK, concentrate now, try and think "How does that little bit of text on my phone get out to the rest of the sheeple?"
First, it gets converted into a wireless signal and sent to the local cell - point one at which the transaction is recorded (yes, the phone companies can see which cells you have passed through in the last 24 hours without even having to look at your call history, they can see which one your transmitting through, and they can even triangulate if required to get a more accurate positioning). Then it gets turned into an IP communication, going from the network operator's gateway (outgoing traffic, logged by the operator) to the entry point for the Vibe system (logged at the operator's gateway as the destination), via all number of logged internet switches, and via Vibe's ISP gateway (guess what - logged!) before it gets to Vibe. At this point, if the Man is monitoring traffic going to the Vibe network, then he already has enough data to say your phone sent a message from the location of the protest/riot at the time of interest, that you sent it to the Vibe service, and they can probably read the contents pretty easily. That's enough to put you at the scene of a crime and charge you for incitement if your message is along the lines of "let's do this criminal act". And remember, interfering with a police operation (such as preventing a kettling) could be a charegable offence in many countries.
From the Vibe network the signal then has to go outwards, and if it's not logged by the Vibe people themselves then it will be logged by their ISP, meaning if it is sent direct to individual iBones then the Man can grab all those phone identities right there. If it is sent to some webpage that Vibe users then read to get the "tweets" then all the Man has to do is monitor which devices are going to that website (your iBone is given an IP by the network provider, it can be traced right back to its IMEI number), correlate that with which iBones were in the area of the protest/riot at the time (from the cell logging), and then the network provider can be forced to give up the full owner details. Now the Man has the details of the sender plus all accomplices - if the instruction has been "commit a criminal act" and the act is commited, you are potentially an accomplice even if you didn't actually join in with the criminal act.
It looks like Wall Street protest noobs should get someone with a clue to advise them.
It's not the FBI, CIA, and NSA looking for #OccupyWallStreet tags. It's the NYPD. They go after the low-hanging fruit.
People in this thread are making it sound like Vibe is actually worse than Facebook and Twitter. Is *this* much FUD really warranted?
Hell, I'll send a Vibe saying "I'm going to set a shop on fire" and await the police sirens. Wish me luck, zomg!
Not really. In the Wall Street case, the messages are being sent all over the States, making the transmission of inciting messages Federal crimes, so the FBI is going to be involved even if not at the request of the NYPD. And who knows who might be interested in tracking those making "contributions" from abroad. You have to remember the Police effort on things like G20 was international, and involved a lot of secret squirrel organsiations. Those same people will be tracking the Wall Street "leaders-that-aren't-leaders", on Vibe and elsewhere.
Are there clients for other systems (especially GNU/Linux)?
If things turn from a legal to an illegal protest and they can show that the developer encouraged people to use his app to plan crime then isn't he aiding and abetting?
That's rather like suggesting the gun manufacturer is an accomplice to a murder.
Well maybe, but If manufacturers were to advertise a particular model of gun as being "Ideal for murderers" they might not be in a very comfortable place.
What else are they good for? Decorating bedrooms? Cooking steak?
Cleaning, of course!
Shooting armed crminals
There's a rather long list of things that guns are useful for, especially if you live in the country, and most firearms are used in a perfectly legitimate manner.
Putting holes in paper targets and hunting are the most popular uses in my country. In Turkey, folks largely keep them around to throw lead skyward in celebration. In North Korea and the UK, they're kept around to shoot civilians in the back of the head.
between shooting something and murder. Theres a big difference between driving a car and doing a hit and run, and if Vauxhall promoted their cars saying that you could run over people with little damage then people would rightly complain.
Who'd a thunk it, technology being used to route around a problem like anonymity?
Monitoring this would be pretty trivial for The Man - either by directly tapping the server(s) or by registering a Vibe "client" with a fake location to match that of the targets. Thereafter the life-span of the messages sent will be determined by how long it takes The Man to secure conviction.
Can they still Tweet from a jail cell when their a Twit?
"It's anonymous too, so not only are you able to send out relevant information to a small radius, but it also disappears, there's no record of it, so no one can come after the person who sent it."
Just as easy to abuse it with mis-information then. Whats to stop the rozzers anonymously vibing.
"Quick everyone - we're moving the protest into the back of the big police van".
Err, The fact that they are rozzers, and as thick as pigsh*t?
The prisons are full of idiots who thought they were too clever to be caught, and the cops too dumb to catch them.
The key point here is; "no one can come after the person who sent it."
When they say no-one, they mean no-one. Seriously, who is going to take any notice of anything when it comes from someone totally unidentified, and who can then deny to have ever have said it?
So anyone can say/claim anything they like and those who read it have no way of knowing they can trust a word of it, and no way of responding if it turns out to be lies.
It's a troll's dream app!
>>"When they say no-one, they mean no-one. Seriously, who is going to take any notice of anything when it comes from someone totally unidentified, and who can then deny to have ever have said it?"
Indeed, especially if some people might consider it desirable to make the system untrusted by feeding in bogus messages.
>>"It's a troll's dream app!"
And great for an agent provocteur who wants to be untraceable while simultaneously reducing people's trust in the system.
If 'they' want to turn a demonstration into a riot, they send a message alleging someone was just beaten up or killed by police in a nearby sidestreet.
If 'they' want to get some looters in one place, they send a message claiming there are great spoils at a particular store that's just been broken into, but where there are police and/or good CCTV waiting to catch people.
And if I actually *was* paranoid about Big Brother, why should I believe that anyone claiming to make a great anonymising app isn't actually working for Big Brother?
If only there was some kind of low bandwidth message posting system already out there where it was very difficult to find the original poster as the message is distributed across many servers. Maybe it could be called Usenet.....
Way to rip off yapat.us, who developed and released an anonymous Twitter-like service last year!
why not just shout
Not sure if Bluetooth hardware and spec could be programmed to do this, perhaps in relay mode. Could propagate to a maximum number of hops set by originator and agreed by receiver and relays, reducing the hop count used with each relay ? It wouldn't prevent an agent provocateur working for the fuzz to keep/use a version of said software, perhaps with logging, in which case, how much infomation about the phone sending or relaying a unicast does a Bluetooth unicast disclose if all packets received are logged ?
because it's the merkins, common sense is not an option if there's a technology solution to it..
No need for relay, you could just use a Bluetooth unicast. A relay would require a setup including a handshake, ie a trasnfer of identifying info. Minute I saw 15m I thought of Bluetooth too.
Because Shouting people can be identified.
If in fear of being caught we just ate it.
Kids these days eh?
Anon of course.
I could see this catching on with cottagers.
So what's to stop all the officers in charge at a protest having a copy of this app running on their phones?
The system could be easily gamed in many ways to disperse protests/rioters or heard them into one place. It's entirely possible that rival protesters (I'm thinking of EDL/Anti Nazi League protests) could stir up violence and/or panic in their rivals.
All in all this seems like a fairly irresponsible system to develop and I'm surprised that it's on the app store.
"So what's to stop all the officers in charge at a protest having a copy of this app running on their phones?" - AC has a point.
Just imagine the disinformation the police could then send - "South Street is Kettle free, head in that direction"
It's the perfect entrapment tool as who can then prove who sent the message?
If you have done nothing wrong, then you have nothing to fear (in our big brother society - my words there).
And there's not much point in posting as AC, because El Reg have my details anyway, bless 'em.. Oops hang on, there's a SWAT team outside my house. Gotta go.
Shows exact location of where it was posted if you press the blue co-ordinates on the message.