[guardian-dev] improved Gilgamesh app

Wed Oct 8 08:29:42 EDT 2014

http://openideals.com/2014/10/06/gilgamesh-twitter-over-bluetooth/

Gilgamesh: Twitter over Bluetooth

Hey, looks, it is like Twitter… except without any Internet! The
Gilgamesh App continues to evolves, and is now tagged at 0.0.4. You can
unofficially find it on FDroid thought it might take a bit for the
latest code to show up there.

device-2014-10-06-165429 device-2014-10-06-165405
device-2014-10-06-165421  device-2014-10-06-165447

The primary update is that I have made the user interface look somewhat
like a real app. This includes an easy popup menu to reshare (“retweet”)
messages, which helps expand the reach of any message, while the human
aspect of it combats spam and false information.

I have also added the ability to send a direct (private) message to
anyone easily, as well. The direct messages will be queued and stored
until delivered, which means you can send a message when someone is out
of range, and it will be delivered if they happen to come into range.
Delivery is indicated by a ✓mark.

This is all still operating using the plain text Bluetooth Discovery
name hack that I’ve been writing about here for the last week, or so.
Any Bluetooth device be it a $1000 iPhone or a $10 Nokia can participate
in this network simply by changing their Bluetooth name to have a space
in front of it, and then writing their own status updates there. They
can view all of the messages as well, by scanning for nearby devices.
This Android app simply builds on top of that network to support private
messages, and a persistent log of all status/names encountered.

Finally, just to review some of the privacy-enhancing aspects of this
app:

If you just want to listen/consume information, you do not need to
broadcast (make your device visible), making it very difficult to target
your device
The passive broadcast/discovery conduit allows for people that do not
know each other, to passively and async exchange information in public
spaces, with their devices out of sight (in their pockets)
The asynchronous direct message features allows the exchange of messages
in public places without any direct or visible interaction between
parties
All data received in the app is stored in memory, and not permanently
stored to the device. This means killing the app wipes all memory clean,
leaving no trace behind.
All user identifiers are derived from the device’s ID, and though simple
to remember, are not “friendly” in anyway that allows for easy social
engineering impersonation attacks
If Bluetooth pairing is done between devices, an extra level of identity
verification is provided, and an * is tagged to all identifiers when
displayed to ensure this is who you think it is.
For Direct messages, any device which you have paired with, will use the
Bluetooth “secure” socket connection mode, which provides a basic level
of encryption and verification
No registration, real name, phone number or email is required, providing
no link to any other identity
All resharing/re-broadcasting of information is powered by human minds
and human hands, making it more difficult for any attacker to poison the
information flow
As always, feedback on these, the code, the design and the concept, are
welcome here, on github, diaspora, twitter, etc, etc, etc… see you
around, and I really hope to find you on the Gilgamesh soon!

-- 
  Nathan of Guardian
  nathan at guardianproject.info