As a radio amateur may I say... ugh. Most amateur radio licenses prohibit encrypted communications. And for good reason: the ham bands are a shared resource, they are not there for private conversations.
Here's the relevant regulation in the UK license: "11(2) The Licensee shall only address Messages to other Amateurs or to the stations of
those Amateurs and shall not encrypt these Messages for the purpose of rendering the Message unintelligible to other radio spectrum users."
The idea, in the AirChat proposal, that institutions like the FCC, OFCOM, etc. are 'evil' because they regulate spectrum is ridiculous. The only reason we can communicate successfully on radio is because someone is regulating who gets to use what and how. The AirChat proposal mentions using the Yaesu FT-897D for test transmissions. That's a ham radio operating in the specific bands licensed for hams to use. So, these guys are (a) breaking the law (which they don't care about) and (b) messing things up for other radio users.
Amateur radio (I'm W6OCT) is for experimenting with technology ("advancing the radio art") and teaching people how to use the technology. I'd argue encryption is now a fundamental enough technology that banning it hinders advancements to the radio art, and fails to teach people key skills.
There was a practical reason to prevent coded transmissions during the cold war -- by doing so, it allowed cross-border communications which countries otherwise would have banned. Bilateral communications between individuals made war less likely and peace more possible. It wasn't to keep the radio spectrum safe from commercial use (since commercial users didn't use crypto, either, at the time).
There are other whole classes of amateur radio use which are precluded or seriously hindered by lack of encryption -- disaster work which communicates PII in a medical context, certain police or security backup use.
I'd like to see encryption permitted on certain bands; some where the keys are required to be exchanged in the clear (for protocol development), and some where people can use real keys but still tag the communications with their callsign and be aware of and responsive to any interference.
ISM is inadequate due to frequency bands; if the proposal is to open up dramatically larger parts of the spectrum to ISM-type use, then I could be fine with that too.
I don't understand this. Roads are a common resource but (so far) we're not forced to ride only in buses. Also, one can have a conversation in a 'cryptic' language, or is that prohibited as well ? :)
The source file is a big mess, 4chan slang everywhere, twitter authentication code, rss reader code (WTF? Why?), random commented code, "nones" and "yeah" strings instead of booleans, random HTML scattered everywhere, I could go on.
This just seems silly and insecure. Noone in their right mind would use this for any kind of serious secure communication. Personally I'd wait for someone to remove all the extraneous stuff, make a real protocol definition and make this modular (for example, split the web-interface from the server).
Great idea though, and a nice proof-of-concept, I'd give them that. There might be a real need for something like this when governments shut down or block internet connectivity.
I'm viewing it as intentional, a childish meta "fuck you" towards the various government agents that they imagine will be forced to spend hours deciphering the code.
It totally flies in the face of open collaboration however.
If you watch the video you can see that the RSS code is used to receive RSS feeds (I guess for those people who don't have internet access) and the Twitter auth is used similarly to receive Twitter updates (e.g. they show :twittersearch=#syria)
The video is quite interesting, it shows the proof of concept.
I agree about the source code though, they have tried too hard being "lulz" at the expense of readability.
This project is very, very interesting. Unfortunately it requires some investment in the radio equipment, but I can see in a few months some Arduino bundles with this code and the radio antenna...
Just because the code doesn't confirm to your latest language standards and flavor-of-the-month Javascript-framework doesn't mean it is silly or insecure.
In fact you even acknowledge this in the last paragraph. This sounds like a cheap stab at Perl.
There's a lot of problems with using radios (particularly ham radios) for this:
1) "over-regulated by evil organizations like the FCC and similars shits around the world" yet using technology that is only available for use because of the FCC. If the FCC didn't set aside radio frequency bands for non-commercial use, this project would be infeasible because the radio bands would be in use already. The FCC and its ilk is the only real reason that ham operators can operate - the frequencies have been set aside for licensed amateur use.
2) "transmissions are anonymous" but only in data - radio location is as old a location technology as radio itself. Many GA aircraft still use radio beacons as fallback when GPS and VOR signals go down. It's simple, anybody can do it, and unless you're on the move, you will be found.
3) "We don't give a fucking shit about prohibitions over the use of encryption. fuck you NSA." And yet it's probably not the NSA who will care the most, but the FCC (ironically the group with the specialized equipment vans capable of finding you). Worse, if too much non-licensed, encrypted communication happens over radio (especially the frequencies reserved for ham radio), it's possible that the FCC will revoke the non-commercial use of the airspace, which would cause a whole host of other problems. That frequency space (which includes a number of harmonic frequencies throughout the radio spectrum from ULF to UHF) is ridiculously valuable, because it's a finite and highly contested resource.
I applaud the concept and idea, and cringe over the consequences and ignorance thereof.
I have been wanting to create something similar for years.
Before I had access to the Internet, I used "packet radio", a CB-radio based network (there were/are amateur radio band versions too). The whole Netherlands, as well parts of Europe, were wireless connected (at 1200 baud) and one could send messages via the network of nodes from one side of the country to the other side, usually within days. Or chat with people one could contact directly (usually within ~10 km iirc).
At that moment I didn't realise how awesome it was, but in retrospect it was pure self-organised anarchy, without any commercial or governmental interference.
Regarding this AirChat, it is sad that they, as it appears to me, did not make usage of the expertise from the amateur radio community. Still, I believe that it has potential.
I can't speak for Netherlanders but over here in the US, all forms of encryption on the amateur radio bands are illegal. (Of course if you're trying to topple your government, arab spring style, I guess that doesn't matter so much.)
There is a good initial code review which points out the alarming bug that keys are _hardcoded_ in the symmetrical encoding mode, and can be found in the source!
"Basically the script encrypts a randomly generated ephemeral key using RSA but then ignores it and uses the above hardcoded key for symmetric encryption."
Here's a link to the PDF[1] which contains some details about what this does and how it works. And here's an excerpt:
"We ended up with a simple protocol packet: the Lulzpacket. This simple packet contains information to verify there was no corruption during the transmission and a random code to pseudo-identify the packet. We define the addresses of nodes in the net by their ability to decrypt a given packet. Addresses are derived from the hashes of asymmetric encryption keys, Every radio node defines its own address by the pair of keys it has generated for itself and
the addresses change if users choose to regenerate their keys. Each node only cares for what is being received. No hardware identification, no transmitter
plain identification. only packets matter. transmissions are anonymous. whenever an address is needed to reply to a packet, it is encrypted inside the packet. Packets targeting specific addresses are encrypted and they must be decrypted by the private key only the target possesses. Anyone trying to spoof an
address will not be able to decrypt the packet."
This is a lol beginning of something big - imagine a hardware startup making $50 radio dongles that create encrypted p2p mesh network. It would be slow, but with 20+km range, it could be really useful really fast and almost worldwide.
Big part of this would need to be software stack that would replace DNS (centralized, single source of truth) with something distributed (every P2P mesh can have it's own 'domains' - let's just assume there is no way to coordinate globally except each subnet having different random prefix).
Combine with encrypted tunnels over the old compromised internet to link the cities together.
Fck ISPs, fck mobile operators and their builtin surveillance. Impossible to turn off, government-proof, apocalypse-proof...
So, living in a "democracy", can we petition / make the gov allow us that? "We, the people, want this spectrum for our own uses." Can we?... Lol. Sad lol.
Nifty, but looks a bit cluttered. There's stuff in there for twitter, webservers, etc. etc., and it's all in one giant file.
This is probably not super useful for anyone who wants to deploy practical infrastructure with audio transceivers. See tools like dsptunnel for IP-over-audio solutions.
>I want to cyber my girlfriend (who lives 20 miles away) without having NSA agents fapping to it, can I use this for it?
>ofc, man. thou we require your girlfriend to deliver tits or gtfo. (sorry but it's needed to help us on the datamining of frequencies usage and transmission mode performance raw data through our Hadoop cluster of ARM servers, all those pix will be used for the datalink test.. err...derp)
edit: maybe sexist is the wrong word? But for a project that wants "to build up our sense of community and stand up for our future and rights" the tone of the entire readme is overly sexualised and just unnecessary.
What is sexist about that? It seems just sexual to me. Someone who is sexually interested in women talking in a funny offensive way about how they want to see breasts.
Between the lulzspeak and the over-my-head jargon I'm not completely clear, but is this sms/twitter/email for ham radio? .... Because that's potentially amazing. Beyond what this could do for communication in the situations it suggests I can think of a lot of fun stuff to do with something like that.
This is still incredibly DF-able, as well as RF fingerprinting of the transmitter.
I'd be very interested in an SDR application which strove for undetectable communications, either super high chirp rate FHSS or UWB.
In practice, you're probably best off by masquerading as another communications technology and hiding your traffic within that, rather than trying to use long-haul broadcast RF to hide your location. A common technique if you do need to radiate a lot of RF and don't want to be DF'd is to remote the transmitter from yourself over some other protocol -- a separate point to point radio link, or stored communications, or an IP/PSTN/etc. link. This is how a lot of pirate radios, military radios and radars, etc. work -- the emitter is at risk, but as long as you can break the link between emitter and controller, that's not the end of the world.
so, where do these people hang out on the depths of the web? any forums that actively discuss this type of stuff? i'm dead serious, haven't looked at that side of things for a long time, just curious what has changed.
Can someone touch on the legalities of using a radio band frequency in the U.S.? I didn't skim the source, so my presumption was it's within a reserved band.
They're really re-inventing the wheel here, there's nothing there that fldigi or soundmodem doesn't do better. AX.25 is built into linux. With that, soundmodem, and a radio you can route whatever traffic want over a radio link.
On the bright side maybe this will help encryption become legal for ham radio.
Not to nitpick, but wifi is radio. The propagation of radio waves depends on their frequency. The frequency wifi operates on is in the GHz, which mostly is line-of-sight only. This is not always practical. See [1] for an overview of frequency and propagation.
[+] [-] jgrahamc|12 years ago|reply
Here's the relevant regulation in the UK license: "11(2) The Licensee shall only address Messages to other Amateurs or to the stations of those Amateurs and shall not encrypt these Messages for the purpose of rendering the Message unintelligible to other radio spectrum users."
The idea, in the AirChat proposal, that institutions like the FCC, OFCOM, etc. are 'evil' because they regulate spectrum is ridiculous. The only reason we can communicate successfully on radio is because someone is regulating who gets to use what and how. The AirChat proposal mentions using the Yaesu FT-897D for test transmissions. That's a ham radio operating in the specific bands licensed for hams to use. So, these guys are (a) breaking the law (which they don't care about) and (b) messing things up for other radio users.
[+] [-] rdl|12 years ago|reply
There was a practical reason to prevent coded transmissions during the cold war -- by doing so, it allowed cross-border communications which countries otherwise would have banned. Bilateral communications between individuals made war less likely and peace more possible. It wasn't to keep the radio spectrum safe from commercial use (since commercial users didn't use crypto, either, at the time).
There are other whole classes of amateur radio use which are precluded or seriously hindered by lack of encryption -- disaster work which communicates PII in a medical context, certain police or security backup use.
I'd like to see encryption permitted on certain bands; some where the keys are required to be exchanged in the clear (for protocol development), and some where people can use real keys but still tag the communications with their callsign and be aware of and responsive to any interference.
ISM is inadequate due to frequency bands; if the proposal is to open up dramatically larger parts of the spectrum to ISM-type use, then I could be fine with that too.
[+] [-] eternalban|12 years ago|reply
I don't understand this. Roads are a common resource but (so far) we're not forced to ride only in buses. Also, one can have a conversation in a 'cryptic' language, or is that prohibited as well ? :)
[+] [-] Fundlab|12 years ago|reply
[+] [-] fredsted|12 years ago|reply
This just seems silly and insecure. Noone in their right mind would use this for any kind of serious secure communication. Personally I'd wait for someone to remove all the extraneous stuff, make a real protocol definition and make this modular (for example, split the web-interface from the server).
Great idea though, and a nice proof-of-concept, I'd give them that. There might be a real need for something like this when governments shut down or block internet connectivity.
[+] [-] rkachowski|12 years ago|reply
It totally flies in the face of open collaboration however.
[+] [-] carlesfe|12 years ago|reply
The video is quite interesting, it shows the proof of concept.
I agree about the source code though, they have tried too hard being "lulz" at the expense of readability.
This project is very, very interesting. Unfortunately it requires some investment in the radio equipment, but I can see in a few months some Arduino bundles with this code and the radio antenna...
[+] [-] Cakez0r|12 years ago|reply
[+] [-] pearjuice|12 years ago|reply
In fact you even acknowledge this in the last paragraph. This sounds like a cheap stab at Perl.
[+] [-] falcolas|12 years ago|reply
1) "over-regulated by evil organizations like the FCC and similars shits around the world" yet using technology that is only available for use because of the FCC. If the FCC didn't set aside radio frequency bands for non-commercial use, this project would be infeasible because the radio bands would be in use already. The FCC and its ilk is the only real reason that ham operators can operate - the frequencies have been set aside for licensed amateur use.
2) "transmissions are anonymous" but only in data - radio location is as old a location technology as radio itself. Many GA aircraft still use radio beacons as fallback when GPS and VOR signals go down. It's simple, anybody can do it, and unless you're on the move, you will be found.
3) "We don't give a fucking shit about prohibitions over the use of encryption. fuck you NSA." And yet it's probably not the NSA who will care the most, but the FCC (ironically the group with the specialized equipment vans capable of finding you). Worse, if too much non-licensed, encrypted communication happens over radio (especially the frequencies reserved for ham radio), it's possible that the FCC will revoke the non-commercial use of the airspace, which would cause a whole host of other problems. That frequency space (which includes a number of harmonic frequencies throughout the radio spectrum from ULF to UHF) is ridiculously valuable, because it's a finite and highly contested resource.
I applaud the concept and idea, and cringe over the consequences and ignorance thereof.
[+] [-] xwintermutex|12 years ago|reply
At that moment I didn't realise how awesome it was, but in retrospect it was pure self-organised anarchy, without any commercial or governmental interference.
Regarding this AirChat, it is sad that they, as it appears to me, did not make usage of the expertise from the amateur radio community. Still, I believe that it has potential.
[+] [-] explorigin|12 years ago|reply
Be careful kids, you're playing with fire.
[+] [-] snops|12 years ago|reply
"Basically the script encrypts a randomly generated ephemeral key using RSA but then ignores it and uses the above hardcoded key for symmetric encryption."
[1] http://www.daemon.de/blog/2014/04/25/351/code-review-lulzlab...
[+] [-] chm|12 years ago|reply
"We ended up with a simple protocol packet: the Lulzpacket. This simple packet contains information to verify there was no corruption during the transmission and a random code to pseudo-identify the packet. We define the addresses of nodes in the net by their ability to decrypt a given packet. Addresses are derived from the hashes of asymmetric encryption keys, Every radio node defines its own address by the pair of keys it has generated for itself and the addresses change if users choose to regenerate their keys. Each node only cares for what is being received. No hardware identification, no transmitter plain identification. only packets matter. transmissions are anonymous. whenever an address is needed to reply to a packet, it is encrypted inside the packet. Packets targeting specific addresses are encrypted and they must be decrypted by the private key only the target possesses. Anyone trying to spoof an address will not be able to decrypt the packet."
[1]:https://github.com/lulzlabs/AirChat/blob/master/Airchat-Rele...
[+] [-] tomaskafka|12 years ago|reply
Big part of this would need to be software stack that would replace DNS (centralized, single source of truth) with something distributed (every P2P mesh can have it's own 'domains' - let's just assume there is no way to coordinate globally except each subnet having different random prefix).
Combine with encrypted tunnels over the old compromised internet to link the cities together.
Fck ISPs, fck mobile operators and their builtin surveillance. Impossible to turn off, government-proof, apocalypse-proof...
[+] [-] twobits|12 years ago|reply
[+] [-] wyager|12 years ago|reply
This is probably not super useful for anyone who wants to deploy practical infrastructure with audio transceivers. See tools like dsptunnel for IP-over-audio solutions.
[+] [-] doctorfoo|12 years ago|reply
[+] [-] lukeholder|12 years ago|reply
>ofc, man. thou we require your girlfriend to deliver tits or gtfo. (sorry but it's needed to help us on the datamining of frequencies usage and transmission mode performance raw data through our Hadoop cluster of ARM servers, all those pix will be used for the datalink test.. err...derp)
This is sexist filth.
[+] [-] lukeholder|12 years ago|reply
[+] [-] hnha|12 years ago|reply
[+] [-] bananaoomarang|12 years ago|reply
[+] [-] ps4fanboy|12 years ago|reply
[+] [-] goldenkey|12 years ago|reply
[+] [-] efesak|12 years ago|reply
[+] [-] bananaoomarang|12 years ago|reply
[deleted]
[+] [-] jerknextdoor|12 years ago|reply
[+] [-] rdl|12 years ago|reply
I'd be very interested in an SDR application which strove for undetectable communications, either super high chirp rate FHSS or UWB.
In practice, you're probably best off by masquerading as another communications technology and hiding your traffic within that, rather than trying to use long-haul broadcast RF to hide your location. A common technique if you do need to radiate a lot of RF and don't want to be DF'd is to remote the transmitter from yourself over some other protocol -- a separate point to point radio link, or stored communications, or an IP/PSTN/etc. link. This is how a lot of pirate radios, military radios and radars, etc. work -- the emitter is at risk, but as long as you can break the link between emitter and controller, that's not the end of the world.
[+] [-] codecondo|12 years ago|reply
[+] [-] paulrov|12 years ago|reply
[deleted]
[+] [-] jqueryin|12 years ago|reply
[+] [-] oliwary|12 years ago|reply
http://en.wikipedia.org/wiki/Self-Organized_Time_Division_Mu...
It assigns time slots to users without the involvement of a central station.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] harrystone|12 years ago|reply
On the bright side maybe this will help encryption become legal for ham radio.
[+] [-] brador|12 years ago|reply
[+] [-] xwintermutex|12 years ago|reply
[1]: http://en.wikipedia.org/wiki/Radio_propagation
[+] [-] ekianjo|12 years ago|reply
[+] [-] anonbanker|12 years ago|reply
[+] [-] wingerlang|12 years ago|reply
[+] [-] shekhar101|12 years ago|reply