If any of you know me personally, you know one of my main investments in the ideals behind GWOB are those ofÂ propagatingÂ security. Being in Berlin this past week for Chaos Communications Camp was a true joy – European hackers, specifically those from Berlin – tend to have a highly-tuned sense of geek social responsibility. I could go into (at great length) my theories on the historical basis for this, but let’s just dive right in.
At-risk populations using telecommunications systems must be secure in doing so. If a tool is created which furtherÂ jeopardizesÂ their well-being, kittens die. And so I was filled with joy when people I have the honor of knowing stood up for those at-risk populations and broke something — fast. In fact, they broke it before breakfast. Fluid Nexus is (was) a tool specifically designed for activists to use for off-grid communications. While a noble idea, it completely failed to shield its target user base from security attacks.
Additionally, the ownership of a message is attributable when theÂ client’s database is dumped. Â On an Android phone, *any* applicationÂ with access to the SD card can dump the database in this way, makingÂ trojans trivial to implement. Â Further, this database column doesÂ nothing to benefit the users of the software, putting them at risk forÂ no reason.
The full (incredibly snarky) write-up can be found on pastebin, I highly encourage the read.
That said, it is incredibly important that people continue working on creating and improving tools for situations in which communications break down. It is equally important to request feedback from people who live in this discipline – will your tool use more power than readily available? Is it possible to use with a different native language? Is it secure? It’s better that people who care break things and help to improve them than The Bad GuysTM doing it live. Get started with this Software for Activists overview.
Credit/Mad Props and Mate to Eleanor Saitta (@dymaxion), Meredith PattersonÂ (@maradydd), and Travis GoodspeedÂ (@travisgoodspeed) for the break; Stephan UrbachÂ (@herrurbach)Â for the overview; Fabienne SerriereÂ (@fbz)Â and Skytee HaasÂ (@skytee)Â for the Hacker Hostel (@hackerhostel); and my own selfÂ (@willowbl00)Â for the crepes.