-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am one of the Commotion developers, and believe me, we are not
impressed with the framing of this (and the original) NYT piece. We
all breathed a collective sigh of relief when we noticed they at least
didn't mention the "internet in a suitcase".
We also took particular issue with the idea that we couldn't disclose
where Commotion was deployed. The answer is India and Tunisia. We've
been very public about both of them. We contacted the author with this
correction but so far no changes have been made.
I am not in any way involved with the outreach for the project, but
this kind of hyped up press has been an ongoing concern for us, which
is why we added an explicit warning label to our downloads page:
http://commotionwireless.net/download/routers/
Better security is in our road map, and yes, it is largely in
collaboration with Serval (which we currently only use for signing
routes and service advertisements). We have spent a great deal of time
with security experts but few of our planned security measures have
actually been implemented. These are hard problems to solve, made ten
times harder with wireless, and ten times harder than that with mesh.
To that end, after the article came out, we immediately put up a blog
post about the current state of security and our general road map:
http://commotionwireless.net/blog/2014/04/21/commotion-and-security/
You are right to be skeptical of the Times article. And our goal is
definitely not to put activists in harm's way with overhyped claims of
security. If you have other concerns, feel free to bring them up in
the Commotion discuss list, or on our IRC channel, or stop by the
office if you find yourself in DC (warning: it gets stupid hot here
during the summer).
We definitely welcome your criticism, input, and especially your pull
requests ;)
We're only a small part of the community -- we don't want to make
anyone else's jobs harder because we get bad press.
On 04/21/2014 08:29 PM, Jenny Ryan wrote:
On Mon 21 Apr 2014 12:28:46 AM PDT, David Keenan
wrote:
lets apply for some of that USAID to fight
spying at home?
This article is seriously disturbing. I didn't realize OTI was
promoting mesh networks as a secure alternative to the Internet. In
the Middle East. Maybe someone from the Commotion team is on this
list and wants to speak to the actual goals of the project and ways
in which the messaging around it could have been miscommunicated by
the NYT?
I think it's really important we all understand and emphasize to
new folks that mesh networks are not by default more secure than
other kinds of networks, though they are more resilient. This is
why we have monthly cryptoparties at sudo, so we can teach good
end-user security hygiene. We can further level up by promoting the
use of more trustworthy services, such as Riseup for email and
OwnCloud for storage, on the mesh splash page or some such.
One bonus point for SudoWRT is that it uses wlan-slovenija's
tunneldigger, routing all connections on the public network through
a VPN. So actually, our mesh will be more anonymous (insofar as
being unable to pin an IP to a specific identity) than most
networks. Mitar, do you know of other networks using tunneldigger?
We are also not funded by the State Dept.
_______________________________________________ mesh mailing list
mesh(a)lists.sudoroom.org
https://lists.sudoroom.org/listinfo/mesh
- --
Grady Johnson
Open Technology Institute | New America Foundation
@geekwrights
D6AE 65CE 141B 8DBC 7B5F 99AA 6BCC 0833 8B28 833B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQEcBAEBAgAGBQJTVoAgAAoJEGvMCDOLKIM7yIcIAJbj+vCSP0RmXx+iQO5Iy1xw
6O8Q4hCLL3hHCIqnDGh1Cgwq75vBr8SWZT4/YdqUkv+f687DZ99MoB7cxjSvXyQU
3M4sgeBC2PT6564SaKr6M90oHv2kDvIGYmc6kiPtraRtBARQFsGlGNybUGaDGzwe
ABDZm6tPOYj8ndoypTQP0MCARIVR2yQ+uv3ExCNkbBA+XjIsYmQRUbY42M+D2cFX
opjWRCCrgXbwvgBcmhovxxOoXIpcEXp7AB3iMfUevCoW1l5WE9LCW1Amk7W7sl71
zoVY6Jnjelx+8Gt3WrfZYq5yUGj8HVL28UYEGk71acOpQQvkQek6BkK51myUm8A=
=GZpF
-----END PGP SIGNATURE-----