I mean, if we’re handwaving away the human nature of the entire population of PEI, we might as well do the rest of the world too.

In case it wasn’t clear, this wasn’t practical advice. Large groups of people quite often don’t do what they should. This is one of those times. Now we have to live with the consequences.

Alright, I’m back.

I was talking about amateur radio (in general) as a physical layer because I’m familiar with it, and know it can support short, wide-enough bursts with total radio silence in between. That’s an important requirement because if you’re loud continuously, in the “prod” case, jackboots with a yagi will show up and arrest you. Spies use fast, wide digital radio transmissions a bit like this in really locked-down countries, just not networked together in any way.

If more end-user hardware - or even a non-RF medium - would work, great, no issue. Like you said, there’s no way to support too many assuming they’re safe.

For routing, I would suggest no incoming transmission (or “transmission” if it’s really a hardwire connection) is ignored, but when to rebroadcast is left flexible for the user, who will be able to assess risk and likelihood of success getting closer to the destination in a way no reasonable software could.

Hybrid: Could take many forms but the one that comes to my mind is a multilevel hub and spoke architecture (I’ll draw this out). Basically, you end up having 2-3 “modes” for a client/server: hub, spoke, and endpoint. One or more client/servers operating in a hub “mode” act like traditional servers, kinda like a bulletin board, holding packets for local delivery or transmission to another hub. Client/servers in the spoke mode act as hops between hubs. Client/servers in the endpoint mode are the actual intended destination (this could be combined with the spoke mode). To protect endpoint identity, the destination could be part of the encrypted data packet allowing an endpoint to attempt to decrypt packets received from a hub locally, making it harder to know which endpoint a message is intended for. This does still require greater visibility of hub addresses for routing.

Yeah, so a hub just makes good sense - with such a modest network capacity relative to hardware capabilities, why not gather as much in one place as possible? Because one hub might get busted or just fall to some version of enshittification, it should be easy enough for a user to switch, but I think it’s the best choice of central organising principle.

Other than anonymity, is there a reason to separate out spokes from endpoints? One thing I already have worked out is a system where the hub can keep track of who has helped transmit things (in a cheat proof way), and could simply give credit for traffic moved, offsetting whatever cost there is to use it (ISPs aren’t usually free to start with, and this one is a safety risk to operate). The bandwidth overhead is literally just a key ID (address) and a hash per hop.

I figured switching keys frequently would be enough to ensure a degree of anonymity, since it’s completely pseudonymous. We don’t have a guarantee packets will arrive in order or in any reasonable timeframe, but if we did I’d suggest rolling through keys by count or timestamp.

A web of trust may be a good approach for authentication and identity.

I don’t really have anything to add there. Proving identity beyond just “I hold this key” is out of the scope of what I was considering. I’d probably go about it the same way I would over a more traditional network, if it came up.

Edit: Oh, and I’m not really sure how well this all dovetails into IP. If it can, that’s great, of course.

What do you expect them do on an individual or even municipal level? It’s a global issue.

Supporting policies at the provincial and federal level that would help with the global issue would have been good. I’m guessing support for the carbon tax isn’t any higher in PEI, though, so this is just “leopards eating their face”.

Darn, I have to go now. Apologies for the considerable latency there might be getting back to you on this, haha!

Thanks for the effortpost! Scuttlebutt in particular is similar in spirit, although I agree with the blog post that the implementation sounds funny. One conceptual difference, I think, is Scuttlebutt sounding fully decentralised, which necessarily introduces an O(n²) kind of overhead. Hubs could operate more like the content distribution networks that already exist in really locked-down countries, which are proven to work, just with the new protocol as a lower risk way of getting to the end user. Their own page is loading blank for me, unfortunately.

Public keys were identities, and were bound to devices; unfortunately people may have multiple devices, or change devices over time, so this was a hindrance.

I’m not sure why even they added that, haha. How hard is moving a private key? I’m also imagining it would be pretty routine to just discard a key-identity and make a new one, for anonymity’s sake.

I mention all these because, in an extreme censorship environment, any local state (session history on paper, an app on a smartphone, an odd device) might not be good to have around. So usability may require reducing the total amount of state that a command carries. The current working directory at the time a command is run changes the meaning and outcome of the command; you may not remember that directory in a day or two. The vocabulary and syntax of command-line switches are easy to look up in online manuals - but are there offline manuals? I don’t know if this avenue of inquiry helps you, but it’s interesting to think about for a moment.

Some local state is probably necessary for usability. I mean, at the very least you need to have the software, which is probably illegal itself. The trick, as always with contraband, is either hiding it or not getting searched in the first place. In emergency situations having a way to securely delete everything quickly is the best that can be done, I think.

I don’t expect the average user wouldn’t be writing shell scripts themselves. There should be user-friendly frontends for common tasks like email messaging, but that doesn’t help developers. A certain level of statelessness at the hub end would be good, just to avoid unwanted interactions like that. Maybe execution always starts with the same environment variables in the same directory, and your payload bootstraps other shell scripts or actual programs needed to add context.

No problem!

I mean, I guess you could just programmatically insert a > after every command. That’s actually a pretty good idea. It’s kind of obvious now that you mention it, haha!

It would be better if the tools expected to be used this way, but as a quick kludge for a project about something else it’s probably sufficient.

Probably Rust, although I’m not married to it. I’m just at the planning stage right now, though.

One open question is if you can use a fairly standard transceiver like a Bluetooth chip, or if you need an SDR. Obviously they weren’t designed with this in mind, by maybe there’s a profile that’s close enough.

Packets should have a few kilobytes of payload so you can fit a postquantum cryptographic artifact. Thankfully, even with a BCH code, it seems doable to fit that much in a 1-second burst in a standard amateur radio voice channel, for testing. (In actual clandestine use I’d expect you’d want to go as wide as the hardware can support)

As envisioned there would be someone operating a hub, which might have actual network access through some means, and on which the containers run. They would send out runners to collect traffic from busy public spaces which might serve as hubs for burst activity, and dump outgoing packets, all without giving up any locations.

Accounts with their own small container would be opened by sending in a public key, and then further communication would be by standard symmetric algorithm - except in testing, because that’s an amateur radio no-no, so just signed cleartext. ID would be derived from signature fingerprint, as I have been thinking about it. I have a lightweight hash scheme in mind that would allow awarding of credit for retransmitting packets in a way that couldn’t be cheated.

You’d want to have some ability to detect and move around jamming, or just other people’s bursts. That’s more hardware research, basically.

Is there a chance Macron would lean towards the FN? My impression was that even the conservatives are slightly reluctant to be associated with racists like that.

You can do all those things while also not supporting FAANG

Depends. If you can find another employer that’s more ethical (which is not guaranteed just because they’re smaller) and pays as much with as flexible a work schedule, yeah, you should probably do that. Otherwise it might indeed be necessary.

I don’t know, are we doing concequentialist ethics here, or deontological? I feel like we’ve reached the level of splitting hairs where we need to decide. For the purpose of actual advice people reading might follow, I’d say just try and be a good person, and don’t let perfect be the enemy of better.

I mean, a lot of companies do stuff like that, and yet you still need money to live. Just working there doesn’t necessarily make it your fault; by that logic it would be a sin to work checkout at Walmart, because you’ll have the same blood on your hands as the Waltons.

I don’t really like talking about capitalism as if it’s a well defined concept, but, no ethical consumption under.

I’m not ignoring the other two things listed, I’m realistic.

I didn’t mean you, FYI. I mean someone who does work for a FAANG and is looking for more justification to do nothing for the common good.

Theoretical computer scientists, historians of mathematics.

I’m not sure where I heard the term exactly, but I know I have multiple times.

West Ed is still dope. I don’t know about submarines, but they have a 10/10 water park in there, and a bunch of other stuff.

Man, I wish that became more of a thing here. I’m good enough at being a weird shut-in without the architecture pushing me to do so.

Yeah, that’s probably worth a look. Good suggestion. There’s also delay-tolerant protocols for space and similar, but I don’t know if any of them define an endpoint, as opposed to just a transport layer.

Why not? Unlike Schindler you don’t have to worry about how many beatings are necessary to keep up appearances, and you might have a specific role that exposes you to very little evil at all. Meanwhile, you can donate some of that big wage to people like EFF, or volunteer using the flexible schedule.

I was kind of assuming that, since FAANG are American, but I’d guess they probably have foreign employees as well.

Canadians make pretty much the same as Europeans, I think. The Americans have a bunch of monopolies, and are characteristically weird and nationalist about who they share the spoils with. (I know, it’s not all of you guys, but it’s definitely some)

Without reading this:

Alright then. Thanks for the info!

Government agencies, in my experience, tend to believe in security through obscurity; even the ones that don’t worry about spies as much as NASA. That said, maybe it’s worth a shot. I’ll have to figure out who’s the best person to bug.