@saschameinrath Sacha, thanks for your post on FireChat and mesh communications tools in protests; it's terrifically interesting and informative. (And ing in @Quinn, because of Everything is Broken, about which more in a minute.)
You break down your reactions to FireChat into sections. I found all of them interesting, but something you said in #4 sticks with me:
I'm more than a little scared about the overhyping of FireChat--not because it's not a cool technology, but because it's being way oversold for a use case where people may be surveilled. For example, I'm not sure how it can be completely "off the grid" but still require registration of users with a central database--that would seem to require being on the grid (as do the usage stats that are being collected).
I want to offer a bit of local perspective on the issue. I'm in Hong Kong now, and I can tell you, having just gotten back from Occupy Central, that FireChat is mostly not being oversold in that way, and certainly not to the degree people outside Hong Kong sometimes think it is.
Other than pissing off the US, or Israel inside that country's borders, the Chinese Communist Party is the most broadly capable attacker in the world. There is zero chance that all of us are not being surveilled, and more to the point, we are surveilling ourselves. Looking east from the crest of Connaught road, you don't just see thousands of people, you see thousands of cameras, Occupiers and observers all taking pictures of each other, and per 21C protocol, most of those cameras are sharing their lat/longs in real time.
This not a private protest, in the manner of DDOS attacks. There are no Guy Fawkes masks here; the Occupiers are not saying "You can't find us!" They are saying "We are right here. Your move."
This is normal. This is the standard case. Demonstrations are about demonstrating, and what occupations demonstrate is that real people are willing to mass in real space for a political cause.
This is such a huge disconnect between the security community and the political activists -- secrecy is far less important to political movements than many security people assume. The ideal case in much of the security literature seems to be "Say nothing until you are sure you can't be surveilled", which, forget it. The standard political case, by contrast, is "Say what you need to when you need to, as securely as you can, even if that isn't very secure."
Lemme quote @quinn. In Everything is Broken, she talks to people in the security community about how activists using commodity hardware and software (substantially all of them) should behave. Their reply was that those people...
...shouldn’t do anything that might upset the people watching them. But, I explained, these are the activists, organizers, and journalists around the world dealing with governments and corporations and criminals that do real harm, the people in real danger. [...] In the wild, in really dangerous situations — even when people are being hunted by men with guns — when encryption and security fails, no one stops talking. They just hope they don’t get caught.
It would indeed be terrible if people were handed FireChat or anything else, with a promise that sooper-seekrit elliptical curve cryptography or whatever will keep their conspiring against the state a secret.
I'm sure some people think that about FireChat, but unlike, say, the nightmare of Haystack, FireChat isn't making promises nearly so rash. What FireChat is really good for is as an antidote to the "downtown Bangkok/Oakland BART station" scenario, where Gov't just shuts down all the fixed telecom infrastructure.
From my point of view, the main issue is that the broader security community still thinks secrecy is the main issue. (This is not you, I know, but your post reminded me of the problem.) The abstractions the electronic security community traffics in -- "Alice and Bob need to play baccarat by mail, but only have postcards and invisible ink..." -- are crazily far removed from the needs of college students massing to oppose a government that slaughtered college students by the hundreds last time anyone tried anything like this.
It would be a great help to political activists of all stripes if the security world heard that Alice and Bob got a divorce and no longer had much reason to speak to one another. We still need encrypted channels when small groups are actively conspiring, and we should certainly disabuse citizens of the fantasy that they can have a communications mesh that is both broadly available and secure against surveillance. But we should disabuse the security people of that fantasy as well.
People in political situations need to communicate. Indeed, if they are forced to stop communicating, the situation stops being political. (The state's goal.) In those kinds of circumstances, what FireChat provides is just what's required -- not a defense against observation, but against disconnection.