The Guardian and Cambridge University scientists deploy new open source technology
-
Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf
-
Ok, so it's an encrypted, open source whistle-blowing feature in their app / system.
The article is light on technical details but if it makes whistleblowing easier and safer than for example emailing their editors that's probably a good thing.
-
Ok, so it's an encrypted, open source whistle-blowing feature in their app / system.
The article is light on technical details but if it makes whistleblowing easier and safer than for example emailing their editors that's probably a good thing.
But like the ice tracker, wouldn't download and use the app expose the potential user lists to surface if local authority can ask for such information?
-
But like the ice tracker, wouldn't download and use the app expose the potential user lists to surface if local authority can ask for such information?
I think they are bundling this into their regular app, so they'd have to put every guardian read on the list
-
I think they are bundling this into their regular app, so they'd have to put every guardian read on the list
Yep, that's the point described in the linked paper - traffic goes via the same domains used for their app, and the messenger is embedded in their app
-
Yep, that's the point described in the linked paper - traffic goes via the same domains used for their app, and the messenger is embedded in their app
Not only that, but every app will constantly appear to be sending messages, so real messages are greatly obfuscated. That's honestly the real innovative part of the product IMHO.
-
Not only that, but every app will constantly appear to be sending messages, so real messages are greatly obfuscated. That's honestly the real innovative part of the product IMHO.
that's really cool. Does the message part work as regular p2p message app?
-
that's really cool. Does the message part work as regular p2p message app?
No it's a bit complex. The transmissions are sent constantly at regular intervals and are a very specific size and are then combined later. So it's not "instant" messaging. It's closer to email.
-
No it's a bit complex. The transmissions are sent constantly at regular intervals and are a very specific size and are then combined later. So it's not "instant" messaging. It's closer to email.
So encrypted, periodical interval to mask out any incoming/out going variance in traffic I wonder how they mitigate the backend part as there might be a ton of wasted traffic to hide the actual traffic. since they obviously need a lot of users to hide the whistle blower, but that also mean their backend needs to be pretty smart to handle lots of traffic and still consume energy to decrypt and then throw away the "noise" data.
