US Promoting Mesh Networks; Reporters Misleadingly Think They Somehow Stop Digital Spying
from the not-the-same-thing dept
A recent article in the NY Times talked about how the US State Department is behind a project to build up mesh networks that can be used in countries with authoritarian governments, helping citizens of those places access an internet that is often greatly limited. This isn’t actually new. In fact, three years ago we wrote about another NY Times article about the State Department funding these kinds of projects. Nor is the specific project in the latest NYT article new. A few months back, we had covered an important milestone with Commotion, the mesh networking project coming out of New America Foundation’s Open Technology Institute (OTI).
But the latest NYT article is especially odd, not because it repeats old news, but because it tries to build a narrative that Commotion and other such projects funded by the State Department are somehow awkward because they could be used to fight back against government surveillance, such as those of the NSA. The problem is that the issues are unrelated, and nothing in mesh networking deals with stopping surveillance. As Ed Felten notes, the Times reporters appear to be confusing things greatly:
There’s only one problem: mesh networks don’t do much to protect you from surveillance. They’re useful, but not for that purpose.
A mesh network is constructed from a bunch of nodes that connect to each other opportunistically and figure out how to forward packets of data among themselves. This is in constrast to the hub-and-spoke model common on most networks.
The big advantage of mesh networks is availability: set up nodes wherever you can, and they’ll find other nearby nodes and self-organize to route data. It’s not always the most efficient way to move data, but it is resilient and can provide working connectivity in difficult places and conditions. This alone makes mesh networks worth pursing.
But what mesh networks don’t do is protect your privacy. As soon as an adversary connects to your network, or your network links up to the Internet, you’re dealing with the same security and privacy problems you would have had with an ordinary connection.
The whole point of Commotion and other mesh networks is availability, not privacy. The target use is for places where governments are seeking to shut down internet access, not surveil on them. Yes, there is a case where if you could set up a mesh network that then routed around government surveillance points you could circumvent some level of surveillance, but the networks themselves are not designed to be surveillance proof. In fact, back in January when we wrote about Commotion, we pointed out directly that the folks behind the project themselves are pretty explicit that Commotion is not about hiding your identity or preventing monitoring of internet traffic.
Could a mesh network also be combined with stronger privacy and security protections? Yes, but that’s different than just assuming that mesh networking takes on that problem by itself. It doesn’t — and it’s misleading for the NYT to suggest otherwise.
Filed Under: access, commotion, mesh networks, privacy, security, state department
Companies: new america foundation, oti
Comments on “US Promoting Mesh Networks; Reporters Misleadingly Think They Somehow Stop Digital Spying”
Mesh networks should have encrypted communication by default, otherwise they are not secure. Same for that FireChat app that was in the news recently – it doesn’t encrypt the conversations, even in transit.
Re: Re:
That does not solve the big problem for people living under an authoritarian government, hiding the fact that they are communicating in secret, and/or aiding people to do so, by for instance running a TOR node. Under the worse forms of these governments, just cwhen under an authoritarian government Steganography, via something like Flickr, if you can establish a relationship with a trustworthy person to get your message out.
It’s amazing to me how naive some journalists are with respect to science or technology. The following quote from the story should tell anyone with even the least understanding of networking that the mesh networks described cannot be secure.
?I just put my router up, and it will connect to anything it sees,? Ms. Gerety said. ?You just keep putting up more routers.?
Doesn’t the NYT have fact checkers or editors anymore? They certainly do have some reporters who are quite knowledgeable about science and technology in general and the Internet in particular.
Mesh networks are in use in the US although you may not be aware of it. For example, the network behind PG&Es smart meters is a mesh network. Now that one is supposed to be secure, using encryption to ensure confidentiality and exclusivity.
Think about the digital spying implications when telepresence robots are added.
My Wi-Fi reaches 30 feet, limiting the roaming range of a robot. Connected in a mesh with other Wi-Fi access points, a robot could roam much further.
Those stuck in a hospital – or someplace boring – could rent a robot, put on an Oculus Rift and wander around anywhere from a distant mall to tourist attractions. Tourist areas will no doubt rent them out to anyone who can’t afford to visit in person. Executives could stay at the cabin and still “manage by walking around” at the office. Business people and reporters may rent them in distant cities rather than visiting.
Which in turn means that anyone can position a surveillance camera where needed, as needed, from anywhere.
Anonymous stalking of celebrities and ex-girlfriends will get worse when rented telepresence robots meet Tor. Whistle blowers and activists will find telepresense robots permanently watching their yards, moving only if someone places something in front of them. (The medium is the message!) The Chinese government will LOVE this technology.
Larry Niven’s flash mobs will happen. But instead people flooding in to a major news event using teleport booths, they’ll be using rented telepresence robots. There’s even a monetary incentive Niven never thought of: As fires and accidents and celebrity indiscretions hit the newswire anywhere in the world, rent a local robot and rush to the scene to record it for your YouTube channel or for sale. First responders won’t be able to move a fire truck without (cheerfully) running over them.
Yeah.
Yeah...about that spying...
The meshes are meant to stop digital spying in those countries…Believe it or not…citizens of countries that censor the Internet, are more heavily monitored than the NSA did us…The mesh is also a means to help get around such censorship from the outside world.
“and it’s misleading for the NYT to suggest otherwise.“
This is my shocked face…
Most people do not understand security
When one is connected to the mainstream Internet through an ISP, it goes through many checkpoints. It is like there is a highway and there are police checkpoints. It is difficult for somone to get past those once they are setup.
The only way to secure your communication is by not using the mainstream Internet and insteading using p2p wireless communication that does not require the mobile or internet network to be operational. Today’s mobile devices have many such options. Bluetooth, Wifi, NFC, etc
All one needs to do is create a network by using these p2p communication technologies. This is possible by enabling a secure handshake between two devices and a grid computing app (the one similar to SETI uses) that converts every such device into a server and stores the latest repository of all such connections in a secure encrypted format that cannot be reversed (your information will decrypt only on your device).
So it is like a Grid OS in place on each of these devices that enable individual secure apps such as messaging, chat, etc.
This will put the Mobile networks out of business and reason why they are not encouraging such technologies.
But this is doable. The fact that the security agencies generally get to us through the ISPs it is time we junk their services.
Well you're half right
“As soon as an adversary connects to your network … you’re dealing with the same security and privacy problems you would have had with an ordinary connection.”
This is not really true.
There is no one place on a mesh where an adversary can position himself to eavesdrop all of your communication the way he can on the mainstream Internet backbone.
Eavesdropping on a mesh is like sitting in the middle of a dark lake and hoping that when a fish goes from point A to point B, he just happens to hit you. Possible, but very unlikely.