Ask HN: How Belarus can keep connected despite internet blackout?
Hello hackers. What would be your advice for Belarus protesters to keep connected to each other and the rest of the world.There are some solutions for short-range communication (e.g. https://briarproject.org/), but what are the solutions for the mid-range (e.g. city) and long-range (hundreds of kilometers) communication? I suppose the HAM radio could be used for that or AMPRNet. Any ideas how to provide low-cost, decentralized, communication infrastructure for the time when internet is cut off?
161 comments
[ 6.8 ms ] story [ 197 ms ] threadYou could send an email/tweet to SpaceX and ask to be part of the Starlink beta program. They'd have to be granted a license for your country first, however.
How - both deep packet inspection + filtering and primitive solution - making communication services (mobile and broadband) stop functioning. Such things happen already in the past in Turkey, Egipt, Iran.
https://news.ycombinator.com/item?id=20861948
It's sometime a bit more difficult: with spread spectrum technologies for example, widely used wireless technologies that work well in dense usage. It works also on cellular networks (2G, 3G, 4G, 5G).
Just so people don't get a false sense of security with some solutions.
You can have a network of consumer radio walkie talkies with privacy codes, each node spread with a range of about 20km, depending on the weather and terrain. But this is would need dedicated hardware which I assume is not easily sourced in the current restricted environment.
Edit: Maybe if you setup a network of walkie talkies on rooftops you could probably maximize the node spread if are able to keep line of sight across each node.
Having said that, irrespective of the Application layer, all BT based mesh networks are inherently fragile.
There are large performance variations accross BT chipsets (old/new and different manufacturers) and externals like BT firmware, OS variations, battery level, RF blocking/reflecting structures nearby, Law enforcement jammers, the number of nodes available (the more nodes in a narrow area the more fault tolerant it is), all of these factors affect the performance of such a network.
The point is, OP is asking for help to scope out what are the options. None of them are great, but the best we can do is to bring forward the known options and hope that those struggling in this situation are able to implement whatever they need to remain safe.
There exist long range communication : Meshtastic, with $20 devices you can send messages with kilometers range.
What would be ideal is for Briar to embrace the "Bluetooth to LoRa node".
We can extend Briar Bluetooth network by adding Bluetooth to LoRa node that can connect multiple bluetooth mesh networks together.
It's super fun to play with. But it isn't gonna "save democracy by circumventing nations-state internet shutdowns"
It's a reasonable solution for "a few dozen nodes up to 8-10km apart under ideal conditions", and enables SMS-style messaging across the mesh - but it's not "an internet replacement" by a long shot...
Think more "30people in an irc channel - without pics/video" rather than "Stream your protests to Instagram or Facebook Live"...
I couldn't find anything less than $100, where can you buy them from?
https://www.aliexpress.com/item/4000897355282.html
And if you don't need GPS (they'll use the GPS in an Android phone), these too:
https://www.aliexpress.com/item/4000329729312.html
You could save a buck or two more by getting ones without screens, but it makes Bluetooth pairing more complex (you need to read the pairing code off the serial console over the USB port. But yo only need to do it once. It's not _awful_ if your plan is always to pair each device with the same (Android) phone)
There are companies that sell software-defined radio products to help deploy volunteer-run radio networks, but those may be easy to jam and/or illegal: https://limemicro.com/products/boards/limesdr/
Not sure how far srsLTE (https://www.srslte.com/) can go here without requiring special equipment and Internet connectivity (someone well-versed can perhaps comment on its feasibility as a standalone backhaul): https://news.ycombinator.com/item?id=18569961
Walkie-talkies work nicely for comms but not secure, should work well enough for coded messages; however.
I stumbled upon now-defunct https://opentech.fund backed https://www.qaul.net a few days back, developed in response to censorship in MENA, that I personally like: They maintain a mapping of devices (similar to BitTorrent) over Wifi P2P and/or Bluetooth to create a decentralised secure routing network. No extra hardware needed.
For everyone talking about solutions that involve deploying additional hardware: who's going to pay for it and how are you going to get it into Belarus?
It also underestimates the resourcefulness and motivation of those struggling in this situation.
It wouldn't be inconceivable that additional resources/hardware could be introduced either via smuggling or diplomatic staff. There is also a large and supportive diaspora of Belarusians in Lithuania and Poland that I assume would be willing to source and finance additional resources if it could tip the scale.
https://www.washingtonpost.com/world/asia_pacific/indias-int...
(2) 2G internet was available
(3) 4G service is restored now. https://www.ndtv.com/india-news/4g-internet-to-be-allowed-on...
If crackers around the world want to actually be useful, now is the time.
https://boingboing.net/2018/05/03/inside-cubas-massive-weekl... https://www.wired.com/2017/07/inside-cubas-diy-internet-revo... https://en.wikipedia.org/wiki/El_Paquete_Semanal
I think the level of indirection and timelyness can be used as a filter, in that it ought to be modeled after the sneaker nets and human crowds/socialization. For example individual clients can ignore messages more than a configurable signed time/distance and configure their clients to only repeat at a certain rate. That way the network is robust to spam, because it relies on the movement and consensus of people to move messages long range.
If you're interested in the cryptographic and networking details, the specs is probably what you want. At least the introduction to the core spec: https://specs.relaynet.network/RS-000
(Apologies for the late reply. I'm new around here and I didn't remember that HN won't send me an email notifications for replies to my comments.)
Before getting into Relaynet, let's consider how Internet apps work: They have a client and a server, and the client is responsible for producing and delivering its own data. That means that the server must be reachable and ready to respond to each request, at the exact time each takes place. This architecture (called Remote Procedure Call, RPC) is fine when the Internet is available, but it breaks when the Internet is cut off and it's also incompatible with alternative transports because they add a significant latency.
By contrast, Relaynet apps use a radically different architecture: Asynchronous messaging. Instead of clients/servers, apps have "endpoints"; and instead of requests/responses, endpoints exchange "messages". Endpoints delegate the delivery of such messages to one or more brokers, which we call "gateways" in Relaynet. This way, the sender and receiver don't have to be reachable and ready at the same time, because the gateways will keep a copy of each message until it reaches its final destination. Consequently, when the Internet is available, gateways will use it and messages would be delivered instantly, but when the Internet is cut off, gateways will switch to a secure sneakernet (https://en.wikipedia.org/wiki/Sneakernet). Additionally, endpoint messages (called "parcels" in Relaynet) are end-to-end encrypted and signed, so gateways can't tamper with them or see what's inside.
Behind the scenes, Relaynet apps communicate over the Internet/sneakernets via two gateways: A private gateway (a standalone app on the user's device) and a public gateway (a server-side app). Say Twitter supports Relaynet and exposes an endpoint at https://api.twitter.com/relaynet: When you post a tweet, your Twitter app will encapsulate it in a parcel bound for https://api.twitter.com/relaynet, but instead of delivering the parcel by itself, it'd send it to its local private gateway, which will in turn send it to its public gateway, and which will finally deliver it to Twitter's endpoint. Now consider the case where the Twitter server wants to send you data: It'd post the data to your public gateway (e.g., https://eu.relaycorp.tech), which would in turn send to your private gateway, which will finally send it to the endpoint in your local Twitter app; in this direction, the parcel is bound for an opaque address derived from the public key of the endpoint (analogous to Bitcoin addresses).
Now, when the Internet is cut off, your two gateways get disconnected. That's when couriers (https://relaynet.network/couriers) would step in and provide a secure sneakernet. Couriers will physically transport parcels between a place disconnected from the Internet and one connected to it. However, since parcels contain the address of the recipient, and that address would identify the service when it's bound for an Internet host (e.g., https://api.twitter.com/relaynet), gateways will encapsulate those parcels in a new layer of end-to-end encryption -- You can think of it as an "offline TLS". So couriers (or anyone who intercepts them) won't be able to see or change the parcels being transported.
As you may have anticipated by now, for a preexisting, Internet-based ...
When would relay-net be ready?
Mesh / opportunistic network solutions are great in theory, but require the installation of special software, which is difficult to coordinate on large scale. Also, this is an adversarial environment. We need to assume that every new network will be infiltrated by pro-government forces.
Only mobile internet was affected so far, so for now the most effective response was encouraging people to remove their WiFi passwords.
--
[1] https://www.starlink.com/
Maybe some lone dude in the remote are can smuggle it in and keep it hidden, but if we are talking about mass movements, that terminal won't be mich use
Article 18 of the ITU Radio Regulations was mentioned in the comments on another post. It basically states that nobody can use radio in any country without permission from that country.
The controversy they would stir up, is likely not worth the risk for the company's public image. Also I don't think the technology isn even released yet...
Sure you could smuggle a American terminal in, but SpaceX won’t help you.
Furthermore there is sheer practical considerations: ground terminals won't be stealthy at all, and in fact it's not clear to what extent they could be stealthy against a serious state actor. By definition, they are active EM emitters in very specific bands and must be detectable hundreds of km up. With their phased arrays the emissions should be reasonably focused, but even so it's not like it's a tight beam optical link or even a covert wired tap. Use of them would probably be readily detectable if authorities cared to do so, they're literally broadcasting themselves. Military gear tries to avoid this with techniques like massive pseudo-random frequency hopping at low energies but that's not really an option here. And of course, operating at quite low energies and known frequencies, Starlink may be quite susceptible to even fairly primitive active jamming.
I hope it does serve some small democratizing purpose, but I suspect any of that for the foreseeable future will be primarily in the form of disrupting de facto cozy hookups, not going against explicit law by nation-states. Ie., in some places monopoly infrastructure players might choose to censor stuff they don't have to per se on their own volition for their own profits, or take under the table payments/coercion to give intel agencies access beyond what they're formally entitled too etc. Starlink might in principle force some of that out into the open, a given nation would at least have to formally put a law on the books (which might itself cause protests, changes in government if there is still some level of democracy, and international expense). But SpaceX isn't just going to flat out actively try to circumvent law around the world.
Examples: https://gotenna.com/
https://beartooth.com/
https://www.gotoky.com/
https://fogo.io/
They all rely on your phone and themselves cost more than a whole low-end phone! I am really confused as to why meshing requires much additional hardware that isn't already in a phone.
I also asked some Belarusian friends how they keep getting information from there. They said they have intermittent access to Telegram but it works better by using proxies. Some of the news channels on Telegram are managed by people outside the country who receive the information via text message. Not sure what type of block was in place (cellular data?).
Edit: Another Belarusian friend said he's able to communicate again with people back home after 3 days of quasi constant blackout.
People are just terrified now and all they want is peace. They know that continuing protests is likely to result in a bloodbath and are understandably afraid of that.
I have a lot of friends from Belarus, and at least from IT sector, they are really eager to continue protests simply cause they are scarred what can happen if current government will stay
https://en.wikipedia.org/wiki/Union_State
I think if you can still make cross border International phone calls you can setup modem on both sides and create a end-to-end network.
Maybe some kind of ad hoc mobile/mesh network stands a better chance, though that too is detectable and jammable.
Generally, I think Briar is your best bet for the organisers of the protest, since it's meant to communicate a group of people, but not broadcast data to anyone (inc. strangers). It can help you before, during and after the protest. However, you'll need a connection to the Internet to synchronise over what you describe as mid- and long-ranges (it'd use Tor in that case).
One thing to note is that when a repressive regime cuts off the Internet, it never gets to 100% of the affected population. At a minimum, certain government institutions will remain connected, but often also international organisations and hotels. Of course, in practice, finding which places remain connected to the Internet will be hard, but these are some of the places you could try. Also, if you have a land border and a SIM from the neighbour country, you'll generally get mobile access near the border.
During the protest, I think the Qual.net project is worth considering, although I must admit I haven't tried it myself.
Please, do not use FireChat or Bridgefy. They're pretty insecure: Data is neither encrypted or signed.
Shameless plug:
I'm leading the Relaynet project (https://relaynet.network/), a technology to restore connectivity when the Internet is totally cut off. Relaynet-compatible apps will use the Internet seamlessly when it's available, but they'll switch to a fallback medium (such as a sneakernet) when the Internet is cut off. No additional hardware required.
Relaynet's proof of concept made it possible to post and receive tweets without the Internet and we're currently funded by the Open Technology Fund. The protocol suite has been independently audited. The Android implementation will be ready by the end of the summer (and it'll also be audited).
Although we're focusing on connecting the general public, the security and privacy guarantees it offers should also be adequate for protesters (subject to the security/privacy guarantees of the Relaynet apps they use). Consequently, the initial version of Relaynet should come in handy before and after protests, and once we add support for Bluetooth-based meshnets (aka "scatternets"), it should also support protesters during a protest.
It allows you to create your own social media feed with messages, responses and media completely offline. You then gossip that feed to anyone you want, for example via the local (WiFi) network or even by USB stick. Long range communication is done by car or by train.
There are servers (pubs) that can be used for more real-time communication. Or to make the information available on the internet after it has been sneaked out of Belarus. The main pubs have a dedicated, friendly and active community. [3]
[1] https://scuttlebutt.nz
[2] https://www.youtube.com/watch?v=8Xjphvcd8Sw
[3] https://www.youtube.com/watch?v=PbzGpKffQuM
What happens on the Internet stays on the Internet and all that, but no reason to write everything in stone - especially in times and places where governments thinks it is a good idea to cut Internet.
That thing is called Internet..Information never goes away, not even in the real world.
Same could be done with "permanent" message by rotating shared encryption keys and discarding old ones for example, so you can build something with better privacy on top.
If something is not secure you can forget it by default, there is NO information system than can securely delete and protect it's delivered end user information, no DRM no Snapchat nothing, the consumed and delivered message can always be seen.
Your thinking is too narrow, i just make a screenshot of your message, or filming your Video from the Screen, that's what i mean by 'consumed', but yes if both party's delete the message normal encryption is enough even 'just' with forward secrecy, but the metadata is often much more interesting (even the NSA said that).
Sure, this would not get around a dedicated attacker, or screenshotting, but that's the same as printed information, or information transfer over radio. Someone can always listen in if they have enough resources and time. Even closed networks can be infiltrated with enough persistence.