occultOct 18

Seeing an increase in #MeshCore traffic around the downtown #Boston area today. Glad to see folks out using it during #NoKings.

This is an example of community-run, #decentralized, off-the-grid #mesh networking #infrastructure playing an important role in society.

Folks are reporting that cell phones are essentially unusable due to the volume of people but MeshCore and Meshtastic are both functioning.

Show threadoccultOct 18

For context this is what the whole #Boston #MeshCore map looks like right now.

The bulk of all traffic is concentrated around the area of #NoKings downtown.

The #mesh is certainly doing its job right now.

Community run, #decentralized, #encrypted, open-access #infrastructure at work.

Show threadoccultOct 18

Cities around the country should be thinking about how projects like #Meshtastic and #MeshCore fit into events such as #NoKings.

It requires the support of technical members of the community taking the time to set up this infrastructure, which has a cost and is certainly not free.

I’d estimate some members of the #Boston MeshCore network have spent thousands of dollars on equipment.

Show threadJérômeOct 18
@occult it’s actually what got me into mesh and motivates me to continue. Been worried about tech/communication being banned or surveilled at certain type of protests.
Show threadAlec PerkinsOct 23
@jerome @occult they are well suited as substitute communications channels when cell is unavailable, but I would be very careful with assumptions of how anonymous and untraceable these meshes are.
Show threadoccultOct 23

@alec @jerome it’s the same as using a cell phone in that you must understand the hardware/software stack, your threat model and practice good operational security at all times.

Just like with any other communications technology.

Show threadAlec PerkinsOct 23
@occult @jerome right exactly. I worry people think the mesh radios are automatically less traceable and more secure in protest conditions. Using them safely in adversarial conditions requires understanding and consideration. Never mind they are trivial to jam.
Show threadJérômeOct 23

@alec @occult Concretely, what is a security problem you see with meshcore? Because we talk in "theory" here, but what is the exact concern?

Of course it requires understanding and consideration, just like any other tech, but it's important to know what those are really.

Show threadAlec PerkinsOct 23
@jerome @occult they are trackable transmitters that typically require a smartphone itself to be in a radiating mode. Their transmissions inherently include unencrypted routing and addressing info. It would not be difficult for a motivated actor with even modest resources to document which transmitters are seen where and when (particularly at repeat protests), which nodes communicate with each other, and correlate these with other records. All without knowing any message content.
Show threadoccultOct 23

@alec @jerome I'd love to see someone narrow down who in a crowd of 1000s is holding a MeshCore radio and tie that to any specific transmission. They are only emanating when you send a message in short blips.

LoRa devices that are standalone and come with keyboards can be operated without the need for a smartphone companion.

You can buy these devices very anonymously, you can buy them at the MIT swap in cash if you wanted to.

I think your threat modeling may be a bit extreme.

Show threadoccult

@alec @jerome that said, no one is saying these are a magic solution to anonymity and security.

I certainly think that a cell phone gives out way more information about your location, who owns the phone (IMSI / IMEI registered with one of a few centralized cell phone providers) and we know IMSI catchers exist for direction fining cellphones which are way more talkative than LoRa radios.

Oct 23 at 3:29pmWeb
Show threadoccultOct 23
@alec @jerome the decentralized nature of mesh network repeaters (being owned and operated by private individuals) with their location reporting being completely optional and arbitrary (they do not have to report their exact location) on top of the whole system being E2EE. I'd say they definitely serve a purpose.
Show threadAlec PerkinsOct 23

@occult @jerome I agree they can lend some degree of conditional anonymity. But going back to the post I was responding to: if the concern is comms being surveilled or banned at “a certain type of protest”, then I think it is important to consider the implications of carrying a jammable transmitter beaconing an identifier. I’m not saying “don’t”, just check assumptions.

It’s trivial to slurp it all up for later analysis. My work now for building out our mesh processes a few M packets in seconds

Show threadoccultOct 23

@alec @jerome any RF device can be jammed, so I guess what's the point in your threat model?

That's why I say it's too extreme. No one is disagreeing with you that any RF spectrum can just be jammed.

What specific identifying beacons are being transmitted in the context of Meshtastic or MeshCore protocols?

Slurp up what exactly? A bunch of encrypted packets? At any point one can simply regenerate their private / public keys.

What mesh are you building? Would love to hear more.

Show threadAlec PerkinsOct 23
@occult @jerome I’m just saying it’s not uniquely resistant to malicious interference and surveillance compared to other methods someone might be concerned about. You can do a lot just with the headers. I can tell who is dm’ing who in nyme.sh or roughly where in the city they are at the time without seeing any message content. If I were a state actor with access to other data, that becomes really powerful. Heck I found node owner personal addresses through Google just by making some inferences.
Show threadoccultOct 23

@alec @jerome if your threat model is "state actor can do all and see all" yeah I guess you're right. Zero technology passes that test.

Throw it all out and attend protests like they used to for all time prior to the invention of the modern cell phone and just take a sign and nothing else.

Show threadAlec PerkinsOct 23
@occult @jerome I mean yeah. Again, the original post I was responding to heavily implies a state actor since who else can “ban” comms methods. And again, all I’m saying is if that’s the concern, apply those concerns to mesh radios also. If you wouldn’t bring your phone, consider not carrying a mesh node either. Or at least be mindful of exactly how it works and what kind of trail it leaves. One intriguing option is disable transmit on most and flood only, to use them like pagers.
Show threadAlec PerkinsOct 23
@occult @jerome something to consider is the nodes can’t be tied to an individual up front. But if someone is picked up with one, suddenly they are matched to it and there is evidence placing them at certain locations at certain times, who they are associated with, etc. The afterward is just important to think about as the real time of the action.