Ask HN: How Belarus can keep connected despite internet blackout?

307 points by izik ↗ HN
Hello hackers. What would be your advice for Belarus protesters to keep connected to each other and the rest of the world.There are some solutions for short-range communication (e.g. https://briarproject.org/), but what are the solutions for the mid-range (e.g. city) and long-range (hundreds of kilometers) communication? I suppose the HAM radio could be used for that or AMPRNet. Any ideas how to provide low-cost, decentralized, communication infrastructure for the time when internet is cut off?

161 comments

[ 6.8 ms ] story [ 197 ms ] thread
Why and how is the internet cut off?

You could send an email/tweet to SpaceX and ask to be part of the Starlink beta program. They'd have to be granted a license for your country first, however.

(comment deleted)
Why - I suppose that government want to get tactical advantage over protesters by limiting information flow and making protest coordination more difficult.

How - both deep packet inspection + filtering and primitive solution - making communication services (mobile and broadband) stop functioning. Such things happen already in the past in Turkey, Egipt, Iran.

Depending on the type of filtering you could try to tunnel data across UDP (DNS?) or ICMP packets or configure hosts on both ends to ignore TCP RESET packets.
You need to be careful with long range radio solutions. Radio waves sources are very easy to locate with cheap equipment. Wifi/Bluetooth is perhaps better since it's already everywhere, but the range isn't good.
Thanks, I'm aware of that - that is why I was thinking about low cost (say cost of Raspberry Pi) and distributed. When it is low cost - there is grater chance that large number of nodes can be deployed and single point of failure can be avoided.
Watch out, Wifi and Bluetooth and any radio source can be located (with direction finding, Time Difference on Arrival, ...).

It's sometime a bit more difficult: with spread spectrum technologies for example, widely used wireless technologies that work well in dense usage. It works also on cellular networks (2G, 3G, 4G, 5G).

Just so people don't get a false sense of security with some solutions.

For large gatherings you can have Bluetooth connected mesh networks. There are apps that already implement this out of the box like Bridgefy or Briar.

You can have a network of consumer radio walkie talkies with privacy codes, each node spread with a range of about 20km, depending on the weather and terrain. But this is would need dedicated hardware which I assume is not easily sourced in the current restricted environment.

Edit: Maybe if you setup a network of walkie talkies on rooftops you could probably maximize the node spread if are able to keep line of sight across each node.

Are there any documents describing the actual user experiences of using Bridgefy or Briar in a real life scenario. They seem like cool tools using interesting technology but I am not convinced that they work well in practice and it is difficult to find much information about where they have been used successfully.
Not a document but Hong Kong protesters use it https://www.bbc.com/news/technology-49565587
This article only states that the app had been downloaded more during the protests. Reviews in the app store suggest it doesn't work reliably.
For full-disclosure I have no first hand experience with Bridgefy or Briar, I suggested the former because it seemed like an alternative to _Firechat_ (which apparently is no longer available).

Having said that, irrespective of the Application layer, all BT based mesh networks are inherently fragile.

There are large performance variations accross BT chipsets (old/new and different manufacturers) and externals like BT firmware, OS variations, battery level, RF blocking/reflecting structures nearby, Law enforcement jammers, the number of nodes available (the more nodes in a narrow area the more fault tolerant it is), all of these factors affect the performance of such a network.

The point is, OP is asking for help to scope out what are the options. None of them are great, but the best we can do is to bring forward the known options and hope that those struggling in this situation are able to implement whatever they need to remain safe.

In addition to short-range bluetooth app like Briar.

There exist long range communication : Meshtastic, with $20 devices you can send messages with kilometers range.

What would be ideal is for Briar to embrace the "Bluetooth to LoRa node".

We can extend Briar Bluetooth network by adding Bluetooth to LoRa node that can connect multiple bluetooth mesh networks together.

LoRa cannot handle much data at all. At the lowest data rate you're talking 51 bytes taking 400ms to transmit. Its also far better at uplink traffic than downlink, meaning 2 way communication is very, very, very limited.
Yeah. Meshtastic in default (very long range) config has practical limits of ~30 nodes/users on a channel and can only broadcast old-school SMS style messages across the mesh.

It's super fun to play with. But it isn't gonna "save democracy by circumventing nations-state internet shutdowns"

Meshtastic (and the LoRa tech underneath it in general) has a lot lower bandwidth than some people expect.

It's a reasonable solution for "a few dozen nodes up to 8-10km apart under ideal conditions", and enables SMS-style messaging across the mesh - but it's not "an internet replacement" by a long shot...

Think more "30people in an irc channel - without pics/video" rather than "Stream your protests to Instagram or Facebook Live"...

> $20 devices

I couldn't find anything less than $100, where can you buy them from?

Meshtastic runs on these:

https://www.aliexpress.com/item/4000897355282.html

And if you don't need GPS (they'll use the GPS in an Android phone), these too:

https://www.aliexpress.com/item/4000329729312.html

You could save a buck or two more by getting ones without screens, but it makes Bluetooth pairing more complex (you need to read the pairing code off the serial console over the USB port. But yo only need to do it once. It's not _awful_ if your plan is always to pair each device with the same (Android) phone)

Maybe scuttlebutt could work, if the gossiping works across mesh wifis.
A YC company is (was?) working on creating mesh communication network from just mobile devices (not sure if they can be deployed right away independent of Internet connectivity): https://volkfi.com/

There are companies that sell software-defined radio products to help deploy volunteer-run radio networks, but those may be easy to jam and/or illegal: https://limemicro.com/products/boards/limesdr/

Not sure how far srsLTE (https://www.srslte.com/) can go here without requiring special equipment and Internet connectivity (someone well-versed can perhaps comment on its feasibility as a standalone backhaul): https://news.ycombinator.com/item?id=18569961

Walkie-talkies work nicely for comms but not secure, should work well enough for coded messages; however.

I stumbled upon now-defunct https://opentech.fund backed https://www.qaul.net a few days back, developed in response to censorship in MENA, that I personally like: They maintain a mapping of devices (similar to BitTorrent) over Wifi P2P and/or Bluetooth to create a decentralised secure routing network. No extra hardware needed.

For everyone talking about solutions that involve short-range mesh networking: Belarus is about 600km across and the capital Minsk is about 130km from the border with the nearest free country, Lithuania.

For everyone talking about solutions that involve deploying additional hardware: who's going to pay for it and how are you going to get it into Belarus?

A large part of the reason for the blackout is to prevent people from organising protests. Mesh networks are perfect for that kind of thing, as generally you only need to communicate with people in the same city.
I think your input is really defeatist and non-constructive. There are plenty of comments that address long range communication with (e.g. storage devices).

It also underestimates the resourcefulness and motivation of those struggling in this situation.

It wouldn't be inconceivable that additional resources/hardware could be introduced either via smuggling or diplomatic staff. There is also a large and supportive diaspora of Belarusians in Lithuania and Poland that I assume would be willing to source and finance additional resources if it could tip the scale.

On the other hand, Brest is right on the border with Poland so point to point links would be very possible. The country is generally quite flat so you might even have success connecting other cities with a few hops.
During the arab spring, people in Tunisia managed to communicate with outside world thanks to proxies set by outside crackers on tunisian governement's servers. Turns out that when tyrants want to cut their people out of the internet, they still want access themselves.

If crackers around the world want to actually be useful, now is the time.

All of these censorship resistant communication projects tend to assume that the network needs to be low latency, always connected, etc. It’s far easier to build a robust network if you relax that assumption, and cheap hard drives + e2e encryption mean you ought to be able to route a large volume of private p2p messaging / email in addition to any curated content that’s distributed more widely.

https://boingboing.net/2018/05/03/inside-cubas-massive-weekl... https://www.wired.com/2017/07/inside-cubas-diy-internet-revo... https://en.wikipedia.org/wiki/El_Paquete_Semanal

Agreed. They should only be low latency within a dense community, like say at a rally or in an urban neighborhood and even then, latency on the order of seconds is fine. As it is almost always more important to o communicate with those socially proximate to you than those further away.

I think the level of indirection and timelyness can be used as a filter, in that it ought to be modeled after the sneaker nets and human crowds/socialization. For example individual clients can ignore messages more than a configurable signed time/distance and configure their clients to only repeat at a certain rate. That way the network is robust to spam, because it relies on the movement and consensus of people to move messages long range.

Agreed 100%. That's precisely how Relaynet works (hence the name): https://relaynet.network/
I read the whole page and didn't find any information how it is supposed to actually work. The page compares Relaynet with Starlink and Ballons, but then it doesn't say how Relaynet work.
Hey Urza. There's a page and a corresponding video for each type of stakeholder: end users, service providers and couriers (who step in to restore connectivity with a secure sneakernet). Those are quite high-level on purpose.

If you're interested in the cryptographic and networking details, the specs is probably what you want. At least the introduction to the core spec: https://specs.relaynet.network/RS-000

Hi, unfortunately I am not much wiser from the specs. It describes higher level network/app protocols, no mention on the underlying mechanism of communication. Can you give me example of the hardware on which it is supposed to run and how it would work in Belarus?
Hi Urza,

(Apologies for the late reply. I'm new around here and I didn't remember that HN won't send me an email notifications for replies to my comments.)

Before getting into Relaynet, let's consider how Internet apps work: They have a client and a server, and the client is responsible for producing and delivering its own data. That means that the server must be reachable and ready to respond to each request, at the exact time each takes place. This architecture (called Remote Procedure Call, RPC) is fine when the Internet is available, but it breaks when the Internet is cut off and it's also incompatible with alternative transports because they add a significant latency.

By contrast, Relaynet apps use a radically different architecture: Asynchronous messaging. Instead of clients/servers, apps have "endpoints"; and instead of requests/responses, endpoints exchange "messages". Endpoints delegate the delivery of such messages to one or more brokers, which we call "gateways" in Relaynet. This way, the sender and receiver don't have to be reachable and ready at the same time, because the gateways will keep a copy of each message until it reaches its final destination. Consequently, when the Internet is available, gateways will use it and messages would be delivered instantly, but when the Internet is cut off, gateways will switch to a secure sneakernet (https://en.wikipedia.org/wiki/Sneakernet). Additionally, endpoint messages (called "parcels" in Relaynet) are end-to-end encrypted and signed, so gateways can't tamper with them or see what's inside.

Behind the scenes, Relaynet apps communicate over the Internet/sneakernets via two gateways: A private gateway (a standalone app on the user's device) and a public gateway (a server-side app). Say Twitter supports Relaynet and exposes an endpoint at https://api.twitter.com/relaynet: When you post a tweet, your Twitter app will encapsulate it in a parcel bound for https://api.twitter.com/relaynet, but instead of delivering the parcel by itself, it'd send it to its local private gateway, which will in turn send it to its public gateway, and which will finally deliver it to Twitter's endpoint. Now consider the case where the Twitter server wants to send you data: It'd post the data to your public gateway (e.g., https://eu.relaycorp.tech), which would in turn send to your private gateway, which will finally send it to the endpoint in your local Twitter app; in this direction, the parcel is bound for an opaque address derived from the public key of the endpoint (analogous to Bitcoin addresses).

Now, when the Internet is cut off, your two gateways get disconnected. That's when couriers (https://relaynet.network/couriers) would step in and provide a secure sneakernet. Couriers will physically transport parcels between a place disconnected from the Internet and one connected to it. However, since parcels contain the address of the recipient, and that address would identify the service when it's bound for an Internet host (e.g., https://api.twitter.com/relaynet), gateways will encapsulate those parcels in a new layer of end-to-end encryption -- You can think of it as an "offline TLS". So couriers (or anyone who intercepts them) won't be able to see or change the parcels being transported.

As you may have anticipated by now, for a preexisting, Internet-based ...

Nice. Thanks. Sounds like it is built on similar principles to scuttlebutt.

When would relay-net be ready?

Fidonet comes to mind, though it worked over the landline phone network.
scuttlebutt, mentioned elsewhere in these comments works entirely offline, and many of its users have absolutely terrible internet connections. It's designed fro that situation and works just fine.
(comment deleted)
Two-way satellite modems were banned long ago in Belarus, so there is not much equipment on hands.

Mesh / opportunistic network solutions are great in theory, but require the installation of special software, which is difficult to coordinate on large scale. Also, this is an adversarial environment. We need to assume that every new network will be infiltrated by pro-government forces.

Only mobile internet was affected so far, so for now the most effective response was encouraging people to remove their WiFi passwords.

The penny has just dropped with me. This scenario is exactly where Starlink[1] can shine (no pun intended). Find a way to get uplink routers into the locked down country and it would be impossible for totalitarian governments to block internet access completely.

--

[1] https://www.starlink.com/

What did I say wrong? Care to explain the down-votes?
Because it doesn't work yet? Maybe it's useful in the future in other places.
Ah good point. My bad.
Just curious, is there a way governments could somehow block access to those satellites or force the companies behind them to deny access for people of their country?
See above - two-way satellite equipment is illegal in belarus. There will be no legal way to buy an access point, and owning it risks you jail time. So most people wont have one.

Maybe some lone dude in the remote are can smuggle it in and keep it hidden, but if we are talking about mass movements, that terminal won't be mich use

(comment deleted)
There are national laws and international treaties that regulate usage of the radio spectrum. Without international cooperation, many radio applications would be impossible.

Article 18 of the ITU Radio Regulations was mentioned in the comments on another post. It basically states that nobody can use radio in any country without permission from that country.

Not sure, but I think the idea of SpaceX intervening with political protests in a foreign country is a little naive.

The controversy they would stir up, is likely not worth the risk for the company's public image. Also I don't think the technology isn even released yet...

SpaceX specifically said that this system isn’t designed to be a way to get unrestricted internet access in censorship-ridden states. Outside of the US, terminals will be sold by resellers that comply with local laws (for example, in China traffic will be routed through the GFW).

Sure you could smuggle a American terminal in, but SpaceX won’t help you.

Is that because they want to reach e.g. the Chinese market? It would be the perfect showcase. Starlink could (and imho should) create a "dissenter backpack" with a starlink kit (Terminal and wifi hotspot) plus batteries for a few hours of unplugged operation. Unfortunately the size of the dish and the power requirements make it pretty inconvenient and risky for the user.
A lot of countries beyond the most strong authoritarian have speech laws much more restrictive than America's. Even beyond censorship, there are also basic spectrum regulations and so on per country that are genuinely very important and have significant international treaties around. SpaceX isn't trying to be some rogue player here, that'd be an absolutely enormous briar patch to step into particularly at such an early stage.

Furthermore there is sheer practical considerations: ground terminals won't be stealthy at all, and in fact it's not clear to what extent they could be stealthy against a serious state actor. By definition, they are active EM emitters in very specific bands and must be detectable hundreds of km up. With their phased arrays the emissions should be reasonably focused, but even so it's not like it's a tight beam optical link or even a covert wired tap. Use of them would probably be readily detectable if authorities cared to do so, they're literally broadcasting themselves. Military gear tries to avoid this with techniques like massive pseudo-random frequency hopping at low energies but that's not really an option here. And of course, operating at quite low energies and known frequencies, Starlink may be quite susceptible to even fairly primitive active jamming.

I hope it does serve some small democratizing purpose, but I suspect any of that for the foreseeable future will be primarily in the form of disrupting de facto cozy hookups, not going against explicit law by nation-states. Ie., in some places monopoly infrastructure players might choose to censor stuff they don't have to per se on their own volition for their own profits, or take under the table payments/coercion to give intel agencies access beyond what they're formally entitled too etc. Starlink might in principle force some of that out into the open, a given nation would at least have to formally put a law on the books (which might itself cause protests, changes in government if there is still some level of democracy, and international expense). But SpaceX isn't just going to flat out actively try to circumvent law around the world.

It's funny how people jump to spacex for this sort of thing. For a number of reasons I don't think that they will have very much interest at all in providing connectivity in politically difficult situations. To me, companies like https://lynk.world/ are more interesting for this use case.
This is an important area in which I feel development has been disappointing, mainly because the commercial value isn't there. There are a few off-grid mesh dongle products that have been released in the past few years. Unfortunately, they're all crazy expensive.

Examples: https://gotenna.com/

https://beartooth.com/

https://www.gotoky.com/

https://fogo.io/

They all rely on your phone and themselves cost more than a whole low-end phone! I am really confused as to why meshing requires much additional hardware that isn't already in a phone.

Because we have no access or control over the actual phoone part of the phone - the 4G/ cellular transmitter.
But you do have control over the wifi and bluetooth radios, which should be fine in an urban setting or a protest.
Loon flight systems create a network in the stratosphere similar to terrestrial based cell towers. The difference is on the ground, cell towers are fixed and transmit their signals to moving cell phones. With Loon’s solution, both the cell towers and the people are moving... More here: https://loon.com
But Loon requires the authorisation of the local government.
I used to work for a Belarusian company (outside of Belarus). From what my ex-colleagues told me, they have very little contact with the people in Minsk. There's the occasional email or connected people on MS Teams. Not sure if that's caused by people protesting or internet shutdown/filtering for offices as well.

I also asked some Belarusian friends how they keep getting information from there. They said they have intermittent access to Telegram but it works better by using proxies. Some of the news channels on Telegram are managed by people outside the country who receive the information via text message. Not sure what type of block was in place (cellular data?).

Edit: Another Belarusian friend said he's able to communicate again with people back home after 3 days of quasi constant blackout.

I have contacts in Belarus. They were completely offline for 3 days since Sunday. Only today (12-Aug-2020 08:00 UTC approx) it seems the situation got back to normal and I've heard from them.

People are just terrified now and all they want is peace. They know that continuing protests is likely to result in a bloodbath and are understandably afraid of that.

I would disagree with your last statement.

I have a lot of friends from Belarus, and at least from IT sector, they are really eager to continue protests simply cause they are scarred what can happen if current government will stay

At this point, it's very difficult to know if the people who want protests to stop (even if they hate their government) are more numerous than the people who want the protests to continue and grow until the government can be replaced (with, from what I know in Belarus, is extremely unlikely - given that there's zero opposition prepared to take over the Government). But at least for now, things seem to be calming down instead of escalating.
Russia will take over or get involved. Do not kid yourself that they won't. Belarus has a direct border to Russia. They'll probably use protests to install a pro Kremlin government just like they did in Ukraine before Euromaidan sent him fleeing to Russia.
telekomix usually provides dial up access if the internet is cut. its not much but enough to provide at least a communication channel. with dial up modems no longer in circulation it gets harder every time. the numbers get fax bombed over the whole country.
I have no idea how it would work out in practise given the requirement of physical distribution, but I've always thought of plain pencil and paper among the most democratic of media. It could work for organising people, but maybe not as well for casual banter (which – now that I think about it – might be the more important part.)
Lots of revolutions come with "zines" or pamphlets, it's a very traditional technique, but it's also very risky when the police are in the streets to physically intercept your physical messages.
During China's Xinjiang crackdown people use old fashioned dialup modems and 56kbps is better than 0kbps.

I think if you can still make cross border International phone calls you can setup modem on both sides and create a end-to-end network.

I imagine it would be relatively easy to detect that kind of activity.

Maybe some kind of ad hoc mobile/mesh network stands a better chance, though that too is detectable and jammable.

I think it depends on what exactly you need before, during and/or after the protest.

Generally, I think Briar is your best bet for the organisers of the protest, since it's meant to communicate a group of people, but not broadcast data to anyone (inc. strangers). It can help you before, during and after the protest. However, you'll need a connection to the Internet to synchronise over what you describe as mid- and long-ranges (it'd use Tor in that case).

One thing to note is that when a repressive regime cuts off the Internet, it never gets to 100% of the affected population. At a minimum, certain government institutions will remain connected, but often also international organisations and hotels. Of course, in practice, finding which places remain connected to the Internet will be hard, but these are some of the places you could try. Also, if you have a land border and a SIM from the neighbour country, you'll generally get mobile access near the border.

During the protest, I think the Qual.net project is worth considering, although I must admit I haven't tried it myself.

Please, do not use FireChat or Bridgefy. They're pretty insecure: Data is neither encrypted or signed.

Shameless plug:

I'm leading the Relaynet project (https://relaynet.network/), a technology to restore connectivity when the Internet is totally cut off. Relaynet-compatible apps will use the Internet seamlessly when it's available, but they'll switch to a fallback medium (such as a sneakernet) when the Internet is cut off. No additional hardware required.

Relaynet's proof of concept made it possible to post and receive tweets without the Internet and we're currently funded by the Open Technology Fund. The protocol suite has been independently audited. The Android implementation will be ready by the end of the summer (and it'll also be audited).

Although we're focusing on connecting the general public, the security and privacy guarantees it offers should also be adequate for protesters (subject to the security/privacy guarantees of the Relaynet apps they use). Consequently, the initial version of Relaynet should come in handy before and after protests, and once we add support for Bluetooth-based meshnets (aka "scatternets"), it should also support protesters during a protest.

I've seen ham radio network AREDN
Am i right in understanding that people can still oing each-other in the country, they just cant reach the outside world? Do p2p applications like torrents work in this environment?
I'm surprised Scuttlebutt [1][2] hasn't gotten a mention.

It allows you to create your own social media feed with messages, responses and media completely offline. You then gossip that feed to anyone you want, for example via the local (WiFi) network or even by USB stick. Long range communication is done by car or by train.

There are servers (pubs) that can be used for more real-time communication. Or to make the information available on the internet after it has been sneaked out of Belarus. The main pubs have a dedicated, friendly and active community. [3]

[1] https://scuttlebutt.nz

[2] https://www.youtube.com/watch?v=8Xjphvcd8Sw

[3] https://www.youtube.com/watch?v=PbzGpKffQuM

One really dangerous thing about it is that once you send something it just won't disappear.

What happens on the Internet stays on the Internet and all that, but no reason to write everything in stone - especially in times and places where governments thinks it is a good idea to cut Internet.

>One really dangerous thing about it is that once you send something it just won't disappear.

That thing is called Internet..Information never goes away, not even in the real world.

It's not that black and white. Some communicators for example delete messages after a specified time and don't archive by default. It's not perfect, and it's not supposed to be. But it still raises the bar a bit - if your peer is not compromised, you can at least hope the history goes away.

Same could be done with "permanent" message by rotating shared encryption keys and discarding old ones for example, so you can build something with better privacy on top.

>It's not that black and white. Some communicators for example delete messages after a specified time and don't archive by default. It's not perfect, and it's not supposed to be

If something is not secure you can forget it by default, there is NO information system than can securely delete and protect it's delivered end user information, no DRM no Snapchat nothing, the consumed and delivered message can always be seen.

First, that's why I wrote "hope" and mentioned it's not perfect. But "the consumed and delivered message can always be seen" is just incorrect. IF both sides destroy either the message or the encryption keys for it, then no, it can't be seen. (Just the metadata about it being sent)
> is just incorrect.

Your thinking is too narrow, i just make a screenshot of your message, or filming your Video from the Screen, that's what i mean by 'consumed', but yes if both party's delete the message normal encryption is enough even 'just' with forward secrecy, but the metadata is often much more interesting (even the NSA said that).

(comment deleted)
Scrub the information and rotate encryption keys with enforced deletion.

Sure, this would not get around a dedicated attacker, or screenshotting, but that's the same as printed information, or information transfer over radio. Someone can always listen in if they have enough resources and time. Even closed networks can be infiltrated with enough persistence.

Isn’t deleting expired encryption keys how Snapchats are ‘disappeared’?