Getting Signal on a PocketCHIP

I’m a big fan of the NextThingCo and their $9 CHIP computer for the simultaneously radical and practical approach to hardware manufacturing and low cost computing. Being a fairly early backer of their crowdfunding effort, I was able to get the super fun PocketCHIP dock/case/shell, as well, which looks like a cross between a Blackberry and a Gameboy, with all the circuitous guts exposed. The PocketCHIP is an open-source, handheld, portable computing device, with built-in Wifi and Bluetooth, a hilariously difficult keyboard, and a not so terrible battery. While I have tried to find legitimate uses for it in my day to day toolkit, including as an IoT monitoring terminal for a car’s ODB2 port, I have mostly just carried it to remind myself that the future of mobile computing could be one based on open-source hardware, software and an infinite variety of 3D-printed form factors.

Now, in the last few days, I have become a big fan of Signal-CLI, a Java-based command line interface to the Signal Messenger service. On this very blog, I wrote post on how you can easily send batched encrypted broadcast messages from a terminal shell using it. Then, tonight, I was looking at my PocketCHIP, and I had a moment of inspiration, when I realized that I could easily “apt-get install” java onto it, and by extension run Signal-CLI. This means that I could turn my underused PocketCHIP into a portable, open device upon which to send and receive encrypted messages to anyone in the world who also had Signal.

To make a long story short, it works! I installed Java (“apt-get install openjdk-7-jre-headless”), I downloaded the latest Signal-CLI releases (“wget https://tinyurl.com/signalcli035”), unpacked it (“tar xzvf… ” yada yada), and then ran the signal-cli command line. From there, you just follow the simple instructions provided on Github for registering and verifying, and away you go! I used a Google Voice number to handle receiving the SMS verification code. You could also use any landline or payphone – you just need something that can receive a text or voice call. Make sure to follow all the Signal safety tips, as well!

With Signal-CLI, you can send and receive messages, create and manage groups, and even list and verify safety number “keys”. The limited processing power and memory on the PocketCHIP does cause each command to take a few seconds, but that can be worked around. I can easily imaging an ELM or PINE style user interface for this, that would hide all of that fetching and receiving in a background process.

So, now my PocketCHIP is on Signal, and it has become infinitely more useful. Oh, and did I mention, it also runs Tor? Who is up for writing Ricochet-CLI?


Assessing the Impact of Five Years of Mobile Security Problem Solving (and Planning for Five More…)

Below is the text of my successful application to the Berkman Center 2015 Fellows program, including the concept for my fairly ambitious project that I look forwarding to finding some allies and collaborators on during the year.

***

In a recent leak from the Snowden files, one of the mobile security apps I have developed, Orbot (Tor for Android), showed up in an NSA powerpoint slide explaining the different forms that the Tor anonymity and circumvention software takes. Next to the app’s name was a comment that stated it was “easy to use!”. It was a strangely gratifying moment to know that I had done a good enough job building a mobile version of Tor that it both showed up on the radar of an NSA analyst, and that it merited a positive comment about its usability. It also triggered a good deal of reflection on the impact my efforts were having in the world, and just who was paying attention out there.

It was in the Fall of 2009 that I began work on the Guardian Project, an effort to research and develop open, free security software for mobile devices, with a particular focus on solving problems for people living and working in high-risk, high-surveillance situations. I had recently seen a group of my friends working as undercover journalists in a hostile country, get tracked down, arrested and temporarily imprisoned due to use of their mobile phones to organize and communicate. I was determined to come up with software that would defend against such an situation occuring again in the future. I knew the undertaking was significant, and so I set my horizon five years out, and came up with a feature roadmap that I hoped to fulfill.

That milestone is now looming, and coincidentally it also times well with the beginning of this fellowship opportunity at Berkman. At this point in the project, I and my team have developed and release a number of open-source apps for Android, and recently iOS, that enable encryption and circumvention features for voice calls, mobile messaging and mobile web access. We’ve also come up with some clever ideas like a camera app that automatically blurs faces detected in a photo. There have been millions of downloads, resulting in a hundreds of thousands of active users, around the globe. We have received grant funding from a diverse set of sources, recruited a brilliant team of talented engineers and designers, and generally done well delivering on our promises. The original feature roadmap I set out to build, has largely been fulfilled.

I seek then, some time, a context and community in which to reflect on the work I have done, to asses its merit, worth and impact, and to begin planning for the next five years. Beyond a collection of really amazing, moving emails and anecdotes from real users in difficult places, I still have trouble answering “Who are we helping, and how much?”. I want to ensure we are doing more harm, than good, and that we are actually reaching the types of users we hoped to in the beginning. I seek to understand better the different global, legal, and cultural contexts in which tools for privacy, security and expression are utilized for social change. This can be easily boiled down to questions I often receive when I am giving a mobile security training in some far flung location in the world – “Is this legal for me to use?” and “Can I be arrested for having this on my phone?”. While there is no simple answer, it is also true that there is a huge disconnect between the Internet idealists perspective “If it is not legal, it should be, so you should use it anyways”, and the on the ground reality of being detained and incriminated because of some digital bits in your pocket.

While the tool builders goal is to develop and provide a tangible tool for someone to fight back against oppression and corruption with, they are often unwittingly turning those they want to help into practioners of a type of civil disobedience without explaining to them what the risks of that are. Does the net benefit of the increased mobile privacy, ability to avoid traffic surveillance, and to general keep your plans and dreams confidential to yourself and others you trust, a net positive benefit, versus the increased scrutiny or exposure to incrimination by association one might face? Is it actually safer and more powerful for an activist or organization to operate transparently, in the open, and not expect to have any communications privacy outside of close physical proximity?

These type of questions need to be both researched and explored within an authoritarian state context, as well as within our own democratic (self-inflicted?) surveillance states, as increasing lobbying pressure from law enforcement on legislation might turn my team and I into outlaws quite soon. In other words, the axom “No one has ever been arrested for using Tor” may need to be refreshed soon. The concept of “lawful intercept” is a globally fungable term more better expressed as state-required eavesdropping for corporations seeking to do business in a certain region. Whether the interception is just or not, is the important question, when seeking to develop and deploy tools that improve and empower a community of users.

During my fellowship, I hope to reach out to legal and research resources within the Berkman community to assist in building a global map overlaying lawful intercept laws and capabilities with the robustness of the larger rule of law. Additional layers of data could include records of persecution based on possession or use of cryptography or other advanced communication tools, whether real name registration is required for mobile network use, data on user groups in the area that are known to be using mobile security tools, and information about surveillance infrastructure known to be use at telcos and internet service providers in the region. If possible, details on collaboration or collusion by corporate communications hardware and software companies could also be useful to display. I see this resource both as an effort to bring a spotlight on these issues, and as an active resource for any advisor, trainer, activists or journalists traveling to an area, who wants to understand the challenges they might face in using a particular type of software, or promoting its use to local communities.

For example, as a journalist working in a region, I might want to know if I should encourage my sources to use mobile security software that would protect my communications with them, but also increase their chances of coming under greater scrutiny by network operators? If I am a labor organizer supporting exploited workers, I also need to make sure I don’t radically increase the chance they will lose their job or be otherwise because they got caught using an app. I will research and document these type of user stories, and test them against the resources, to understand the value of this research.

I want the software I develop to work, and to be helpful, useful and empowering. I do not want to just solve for threat X, and not think properly about threats Y and Z. I also know that my work is just one small part of a sea of solutions both free and commercial, attempting to enhance privacy and security for mobile users. The work I am proposing for this fellowship aims to help that larger community of tool builders to think about the use, deployment and realization of their efforts in a more complete way, so that the result can be what we all hope for. It also aims to ensure our users can make the best decisions about the threat they face, and whether or not using a piece of mobile communications software is ultimately beneficial for their situation.

Finally, I envision the output of this work not to be a static report, but a dynamic, shared dataset, that any website or application could clone or tap into. I would ideally also develop a default mobile website or app that would give users a “sixth sense”, warning them of potential risks, by cross-refering their devices network operator, geographic location, and installed applications, with the data available in the networked mobile security risk database.

I cannot think of a better place to pursue this work than at the Berkman Center, within a community of fellowship to help tune, improve and realize this complex effort. I expect there to be good amount of overlap with other communication infrastructure mapping efforts. I also realize that there exists a great deal of expertise well beyond my own into the legal aspects of the issue. This work would greatly benefit from access to these efforts and skills, and I from a supportive network of like-minded colleagues, and thus humbly ask for your consideration of my application.

The “Took”: Tibetan-enabled Nook eReader

Thanks to amazing work by Tibetan font experts Tom Meyer and Chris Fynn, as well as the Barnes and Noble Nook eInk reader device hackers at NookDevs.com, I have modified my $199 Nook  ($149 if you get the wifi only model!)  to support proper rendering of Tibetan characters. This is dynamic rendering of Unicode text, and not just static pre-rendered images.

You might have seen an earlier post I wrote about this here, and I’ve essentially done the same thing this time, but with an important addition of code from Tom that properly stacks the characters (a critical feature often not available in an OS font library), and a new Tibetan font (actually Bhutanese) from Chris which is small, lightweight and efficient enough to be used on Android. All together this provides support for reading Tibetan text on web pages, and within full application user interfaces, eBooks and more.

With up to 32gb of storage possible via the tiny micro SD Card, this one device could probably store and serve up the majority of Tibetan Buddhist texts, not to mention literary, poetic and historic works, that exist, all in a lightweight, energy-efficient device. Since the device is also networked, you can use it to pull down the latest Tibetan language online news and blogs.

And yes, this is all possible because the Nook is based on the free, open-source Android operating system. Yay for freedom in all forms!

This is support for both web pages, as well as full applications on the device.

Something Extraordinary is Possible!

My friend Ben Rigby, co-founder of The Extraordinaries project that I am contributing some time to, wrote a great post on TechPresident last week that lays out the premise for a new approach to volunteerism. These ideas are both what inspired The Extraordinaries (“Why is it so hard to get people to volunteer?”) and also drivers for its theories (“Why don’t we have a new approach to volunteering?”).

  • Volunteerism has a problem. Most people don’t do it
  • People have a problem with volunteerism.
  • Volunteerism excludes most of us.
  • We’re trying to woo “Last Mile” volunteers.
  • Volunteerism is modeled for the Industrial Economy.

According to the Bureau of Labor Statistics, 74.6% of the U.S. population did not volunteer in 2007. Why? Because we’re too busy. We’re driving to work in bumper to bumper traffic, shuttling kids to after school sports, studying for class, and working at Starbucks to pay for college. We’re a nation with a lot to do. And when asked, we cite “lack of time” as the reason for not volunteering.

Fortunately, Ben’s got some ideas on how to improve the situation:

  • Let’s find new ways to do volunteerism.
  • Perspective shift experiment
  • Support Information Era volunteerism

“In addition, we can start thinking about how we can use these inspired models to inform the field of volunteerism. The private sector is quickly coming up with brilliant new ideas that take advantage of the amateur’s passion for participation. Threadless, Innocentive, iStockPhoto. These are companies that have dominated their niches by relying on loosely structured peer production. These models work. Let’s explore them deeply.”

Make sure to read the post and check out the main theextraordinaries.org site as well for information on you can get contribute or get your organization involved in a new approach to getting people to help you get things done.

Functional About Card – a better business card?

This morning, upon realizing my old business cards were mostly out of date, I decided to design a new card. I pulled up the most excellent Apple Pages and started designing away… now they have some nice built-in templates, but the problem is that you always end up with something you can’t easily manufacturer in the comfort of your own home. I’ve gone through a few sets of Moo cards, but I’ve grown weary of them a bit, as they just seem to disappear so quickly and aren’t that cheap. I looked at my stack of paper next to the printer, and noticed some index cards I had bought for recipes, D&D and perhaps a little-used Hipster PDA. In that moment, I was struck with a minor inspiration, which resulted in the work below… though its up to you to decide, of course, how productive my morning actually was.

Introducing… the Functional About Card (fāc)!
The Functional About Card (fāc) is a business card format & template that prints on 3×5 index cards in the color of your choice (Office Depot 500 pack on Recycled Paper for $2.89). The goal was to create a business card that can be easily produced on demand with a home printer, and is actually useful and functional, as opposed to the usual dead tree spam you usually get that just collect dust.

Functional About Card layout

The card design is two-sided, comprised of four 2.5×3″ quadrants:

  • a read-only information quad providing your critical stats (name, title, email, charisma, hit points)
  • a writeable, line-ruled quad where recipients of your card can take notes on things you’ve said, or perhaps what others have said about you. this area can also be torn off (see ‘scoring’ info later) and used for exchanging numbers or stock tips
  • a visual quad for displaying geeky things like QRCodes, avatars, creative commons badgets and so on
  • a blank “scratchpad” quad for brainstorming, mind mapping, UML sequence diagrams or maps for meeting up later in the evening

Functional About Card - Front View

You could optionally replace the note-taking area on the right with a maze, crossword puzzle, madlib or other small format, amusing game. Anyone you give you a card to will be delighted later when they discover that you’ve actually given them something fun to pass the time.

Functional About Card - Back View

I’ve chosen to use the back side to display a QRCode, but if that is just way too geeky for you, feel free to put a picture of yourself, your pet, your favorite flower or historical figure (Ben Franklin!). You might also expand the right “idea napkin” area to the whole card, because admittedly, 3×2.5″ isn’t much room for a great idea.

Functional About Card - the fold

Make sure to lightly score (with a screw driver, razor blade or exact knife) and fold the card down the middle of the long length… this way it fits nicely into wallets, pockets and other places people typically put these things. This also makes the card a bit easier to tear evenly in half, in case it needs to be used as a part of a sneaker net data transmission.

Download the template in Apple Pages, PDF and MS Word formats: FunctionalAboutCard-1.0.zip

Oh, yeah, and this template has been released under the Creative Commons By Attribution 3.0 license.

Creative Commons License
Functional About Card by Nathanial Freitas is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Based on a work at openideals.com.
Permissions beyond the scope of this license may be available at http://openideals.com.

So, there it is… I hope you love it, and if not, that you’ll provide some useful suggestions and improvements upon this flight of fancy.