Hacking on a basic Bluetooth mesh-y concept

Inspired and frustrated by the closed, murky, proprietary nature of FireChat, and equally frustrated by my experiencing working on the way too complicated Commotion mesh project, I wanted to find a simple way to answer the question “what do we do when the Internet goes away” problem. FireChat is clearly not the answer for the types of communities I am trying to help, but in its absence, we have no other solutions, it seems.

What I have discovered is that Bluetooth device names (the things  you see when you are trying to pair a bluetooth device to your phone for instance) are actually a really great way to broadcast messages from your phone or computer to anyone within distance. This was partly inspired by the humorous wifi SSID messages that people often use, but the key difference is that Bluetooth device names can actually be 248 bytes long (80-240 letters/glyphs depending upon unicode language), as opposed to the much shorter ~30 character wifi SSIDs. It is also very easy to dynamically change your Bluetooth device name through open programming APIs.

The idea then is to use your device’s Bluetooth name as a kind of Twitter status message bearer, sharing key information during a crisis or as an act of protest/speech. It doesn’t require an app, just a little bit of knowledge and a new behavior. I have built an app (more below) that makes the user experience much simpler, and adds the ability to support retweets/shares (to expand the radio mesh reach), verification, privacy and even encryption (in theory).

To test the basic premise however, if you have an iPhone or iPad, you can set your device name in the general about settings. Then go to the Bluetooth settings area, and you will see all devices that are currently broadcasting. With Android, go to the Settings->Bluetooth screen, and you can “rename phone” from the menu, and set the visibility and timeout of your broadcast. With iPhones, as long as you stay on the Bluetooth screen, it will broadcast. With many new Android phones, you can set your visibility/broadcast timeout to 1 hour or infinite.

You can set a message like “!Gather 7pm at 1st and Main” or “@press please don’t photo faces” or “#Legal Aid is 2125551212”, or even just motivational messages “#staycalm #noviolence” or “#theworldiswatching”. If people like what you have written, they can change their status that message, and rebroadcast another 30 feet in whatever direction they are headed. Again, it is basically Twitter combined with doing “the wave” at a football game, except the wave is powered by these little super computers+radio stations we have in our pockets.

The Gilga app I am working on makes this all feel much more like a chat or Twitter type experience. The app also supports direct messaging using a secured RF socket. The important thing is that there a baseline concept here, that can be tapped into by anyone with a bluetooth device, be it a smartphone, an old Nokia, a PC with a huge Bluetooth antenna etc.

From a threat modeling perspective, there are risks about Bluetooth device IDs being scanned and logged, impersonation attacks based on modified Bluetooth radios, and the same misinformation spreading we see whenever we have an open commons, be it FireChat or Twitter. We have some ways to combat that, but it will be hard. My hope is that, by doing this work in the open, and with contributions by brilliant minds like yours, we can come up with some additional breakthroughs.


Gilga Meshenger: Messaging in the Bluetooth Babylon!

Some notes on the implementation, aka the glorious hack of Bluetooth Device Names. This application was original based on the Android SDK BluetoothChat sample. It used insecure (unpaired) and secure (paired) Bluetooth RFComm sockets to allow for short messages to be sent between devices. The primary modification that this project has made has been to add support for a “Broadcast” mode, that uses the Bluetooth device name, that is public visible during the Discovery process, as the message transport itself.

The design goals of this project are:

  • A truly decentralised application that requires only Bluetooth connectivity and has no central user registry
  • Incredible ease of use that ensures all “mesh” connectivity happens with as little user involvment as possible
  • Ability to enable trust or reputation for specific users or devices you message with
  • A very transient app that stores no data permanently
  • Ability to share the app easily between devices
  • A “fire and forget” mode, where the user can enter a message, put the phone in their pocket, and walk around and area and have it broadcast to all devices it encounters

alt   alt

The key innovations/hacks/revelations that led us to this point were:

  • As of recent Android versions, you can call an API to set your the device’s Bluetooth visibility to a very long time ~1 hour
  • You can dynamically change the Bluetooth device name, and it can be long – up to 248 bytes encoded as UTF-8
  • That the first two things above could be wrapped mostly in API calls the user did not have to see or worry about

Finally, some thoughts on security, privacy and reputation:

  • This app supports both a public broadcast mode, and a private, direct message mode. It is easy to use to both. The direct message mode is optionally secured and encrypted at the Bluetooth level if you have paired with the device/user you are connected with.
  • Impersonation is combatted by simplified user id’s to a short (6 character alphanumeric) value, based on the device’s unique Bluetooth ID. This makes them speakable and easy to remember. If someone says “trust messages from A1BC99” then likely you will be able to rememember that.
  • If you pair with a user (using standard Bluetooth pairing settings), their userid will be appended with a *, to make it even easier to know this is someone you should trust
  • The app ONLY works in Bluetooth mode, so though is no confusion when it might be using 3G/4G, Wifi or some other mode, and possibly go through a centralised server
  • The code is open-source, very small, and the entire app is only 28kb making it easy to audit, test and share
  • We make it easy to “retweet” a message by long pressing on it, which enables reputation for something to be built up by multiple people resharing it. If the user has paired with the user, you will also see the * next to the name to further indicate trust.

My raw thoughts on Google’s acquisition of Motorola Mobility

Overall, I am positive on the acquisition, with my main concern being that Google is clear and decisive about how they plan to proceed with the integration and operational side, and that they don’t unintentionally create confusion and concern in the consumer market.

Obviously this acquisition is related to the ongoing patent wars between Apple and Google (with their hardware partners HTC and Samsung as the primary proxies for litigation). Motorola has a deep, broad collection of intellectual property. Not only did they invent the cellular telephone and have years of creating popular consumer mobile hardware (StarTAC!), but they also have created their own Linux+Java mobile OSes in the past, which could provide support for Google in the case vs. Oracle.

I don’t think this will change much for developers in the next few years, as Android has great momentum that won’t end anytime soon. It may be a boon ultimately, as Google must work harder to maintain the image of Android being open now. The more transparency and code they release, the better for all.  I would also hope Google uses this to support and/or indemnify its app developers from worrying about being sued by patent trolls like LodSys.

Motorola has a “Pro” category of devices, with enhanced security in the OS to meet enterprise and gov requirements, as well as Blackberry style keyboards. This device could be a “Nexus Pro” sold bundled with Google Enterprise services to take on RIM directly as complete business tack. Google is having a lot more success in this space than people realize, taking on IBM, Microsoft and RIM all in one swoop. This is an area that Apple cannot compete in.

It will be a tricky task to manage Android and Motorola business units of Google. While not entirely comparable, there are some good lessons to learn from Palm and Apple’s own failed attempts at licensing an OS while producing their own competitive hardware. I was at Palm when we had the PalmOne (Hardware) and PalmSource (OS) divisions, when there were still Palm licensees such as Handspring and Sony, and it was a really difficult mess. PalmSource had to treat us like a separate company, in order to appease partners, but at the same time, we didn’t have the freedom those partners would have to implement their solutions because we had to maintain unity with the Palm vision. Eventually, all the licensing ended, Palm bought Handspring, and the whole company unified again, and then ultimately failed, and was acquired by HP.

Another Excellent Event: Open Video Conference, This Week in NYC

News from my work on The Guardian Project:

Nathan Freitas will be on a panel at the 2nd annual Open Video Conference in New York this Friday and Saturday. He will be on the panel entitled “Cameras Everywhere” led by our partners at Witness, on Saturday at 3pm.

Summary: Cameras Everywhere: Human Rights and Web Video – (2:45 PM – 3:30 PM)

Description: Once upon a time, video cameras were rare. Now they are ubiquitous—as are the opportunities to share, use, and re-use video. What are the limits and possibilities of an ethics of openness when it comes to human rights footage?

Videos (particularly mobile and online video) make it possible to document and publicize human rights struggles – from monks marching for freedom in Rangoon and Lhasa, and the election protestors in Tehran, to individual voices speaking out against injustice on YouTube and other online spaces. But despite the growing circulation of images of human rights violations, of victims and survivors, there is limited discussion of crucial safety, consent and ethical concerns – particularly for people who are filmed.

Issues around consent, representation and re-victimization and retaliation have emerged even more clearly in an open and networked online environment, as have concerns about intentionality and authenticity. Video is being reworked, remixed and recirculated by many more people. New possibilities for action by a global citizenry have arisen, but these carry with them substantial challenges, opportunities and dangers.

Sam Gregory — WITNESS
Gabriella Coleman — NYU
Nathan Freitas — The Guardian Project
Steve Grove – News and Politics, YouTube

Following the panel, there will be an open workshop, to continue the discussion and brainstorm new approaches and tools to address the issues raised. This feedback will be gathered and fed into the OVC Hackday, held at NYU ITP on Sunday. Team Guardian will join in with whoever shows up at the hackday, take the ideas from the previous day, and build prototyped mobile video solutions in response to them.

You can get more information and register for the hackday here: http://www.openvideoconference.org/hacklabs/

OVC hack labs: Sunday, October 3

Join us at NYU’s Interactive Telecommunications Program for an all-day open space gathering for innovators of all stripes. Meet and collaborate with conference attendees, HTML5 developers, transmedia storytelling experts, and more. Among the planned activities:

Make interactive HTML5 video using WebMadeMovies technology like popcorn.js
Map out a transmedia strategy for your content
Build a custom HTML5 player for your site
Create robust video sites using the free+open source Kaltura CE 2.0 self-hosted software stack
or just grab a room and hack on your project!

OVC hack labs are free and open to the public.

Video from Open Mobile Camp at UNICEF

I am grateful to have been included in this video round-up from the Open Mobile Camp a few weeks ago:

Mobile phones in human rights monitoring is still relatively rare and there are few examples where mobile shave been used successfully in this field. In this video from the recent Open Mobile Camp in New York, three experts are discussing their projects and thinking on the use of mobiles in human rights work. Nathan Freitas discusses security issues in regard to using mobiles in this field and his project Guardian, Enrique Piraces from Human Rights Watch describes his thinking in regard to the use of mobiles in human rights work, and Emily Jacobi features Handheld Human Rights and the mobile tools that are part of the project.