[liberationtech] update on RiseApp
Tom Ritter
tom at ritter.vg
Fri Sep 12 07:32:39 PDT 2014
On Sep 11, 2014 6:28 AM, "Leonardo Maccari" <leonardo.maccari at unitn.it>
wrote:
>
> On 09/10/2014 04:54 AM, elijah wrote:
> > On 09/09/2014 11:01 AM, Leonardo Maccari wrote:
> >
> >> Before i apply to the new call (and get the money to really do it),
> >> i'd like to receive feedback to validate the idea.
> > ....
> >
> >> You take pictures, hold the mobile phone in you pocket, and every
> >> time anybody else with the App in his pocket walks close to you, you
> >> send him your media and receive his own. The first phone that is
> >> connected to the Internet will upload all the material online. This
> >> way, the chance that a certain picture is lost/destroyed lowers.
> >> Moreover, if only one phone reaches any kind of connection all the
> >> images it contains will be published
> >
> > I appreciate what you are trying to do, although I think this particular
> > design element would be a security nightmare if implemented.
> >
> > -elijah
>
> thanks Elijah.
>
> in the next weeks i'll start sketching the adversaries, and the design
> model. My plan is to open up the design as much as possible, and in
> every project proposal i'll prepare, there will be money for external
> reviewers on the security concepts.
>
> What are your concerns in particular?
I agree with elijah. (I'd also note that if you're not affiliated with
RiseUp, it's a bit impolite to name your app so closely.)
I see a DoS vector, where I show up and starting sharing gigs of media. I
block others from receiving media from other people and from ever being
able to upload all that to the server. And I fill up their phones if I can
actually manage to transfer it all. You can cap how much you receive in
total, but not how much you receive from one person - I will have a million
identities.
And, since everyone's thinking it, I'll say it - someone will show up and
put illegal images onto everyone's phones. Combined with police searches of
arrested persons - anyone showing up to a protest goes from slap on the
wrist to having their life ruined.
-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140912/c1cd2266/attachment.html>
More information about the liberationtech
mailing list