Put yourself in the shoes of an activist in Tunisia or elsewhere. You want to reach friends, acquaintances, and neighbors. You want a feed that people can follow from an account they check every single day. You want people to be able to find the latest information from their mobile phones. You have no money to spend and if you try to start an open source project or a company you'll probably be arrested.
To me, Facebook (etc.) looks like a pretty good option in that situation.
Someone should package a distribution of Diaspora for easy hosting on the Amazon cloud with a utility for someone to indirectly export their friend network through Yahoo. There would be an email link going to a page which would ask for a password distributed by a secondary channel.
One instance of such a site would be fairly easily penetrated by a government. However, if you divide up your organization based on strong personal relationships, you can require an adversary government to penetrate dozens or hundreds of such sites. (cells?)
EDIT: Add Rackspace and Linode and whoever else can provide low-cost hosting. A government might shut down one hosting provider. Shutting down the top 10 might cripple an economy.
EDIT: Also, use Google Voice as an SMS forwarder so that those without smartphones can at least have obfuscated comms. Or maybe a custom app with Twillio?
I agree that a distributed, secure, privacy-respectful social network would be very useful here for the activists to work together and am looking to the point where Appleseed, Diaspora et. al. are ready for it. It doesn't solve the same problem, though. Facebook is all about reaching people who aren't the core activists -- 600,000,000 people in the Diaspora universe yet.
Yes, but have them switch to something that Facebook or another single company can't shut down at the behest of some government.
Another idea: Have such sites continually back themselves up to Amazon S3. This way, if a government does try some knucklehead move like banning Linnode, then people an just resurrect the site on another provider. (And chances are, a government besides the US won't be able to block network between that provider and S3.)
> You want to reach friends, acquaintances, and neighbors. You want a feed that people can follow from an account they check every single day. You want people to be able to find the latest information from their mobile phones.
Email fits the bill here, 100%. Free, safe (SSL), distributed (choose any provider you like), anyone who has Facebook on their mobile device has email.
Form big mailing lists, and send email around. Is there any particular reason that you think Facebook is better suited to this task than email?
Yes. Tunisian protestors repeatedly talked about Facebook's important role.
Facebook, Twitter, and YouTube (unlike email) allows people to see updates without having to know about the email list. So that makes it much easier for a movement to get the word out beyond its core supporters and for like-minded people to find each other: "Oh look, my neighbor/colleague/second cousin just posted an article from Al Jazeera on Facebook. Funny, I didn't know she was political. Maybe we should talk."
Most younger people these days do most of their news and communication via social network sites. As an activist, that's where you want to be.
And about email's supposed advantages:
> Free,
If you have a server to host it, and the networking connectivity to get to it. What percentage of activists in Tunisa do?
> If you have a server to host it, and the networking connectivity to get to it. What percentage of activists in Tunisa do?
Well, they have Facebook, don't they?
> All Tunisian ISPs are owned by the government
They don't need to use their ISP's service. They can sign up for any one of thousands of secure, out-of-the-country accounts.
Nearly all your reasons for rejecting email apply to Facebook too.
> Facebook, Twitter, and YouTube (unlike email) allows people to see updates without having to know about the email list
No. Not at all. "The email list" in the case of a revolution should obviously include everyone you know. Facebook is closed off to only the people you know. It doesn't matter if you don't know that someone is politically active. It's a motherfucking revolution, they're going to be interested. Email them.
Most of them have Facebook but don't have servers -- or skills to administer it.
They may not have a credit card to pay for these secure out-of-the-country hosting accounts; if they do, the government will be monitoring their transactions so they'll get exposed anyhow.
> "The email list" in the case of a revolution should obviously include everyone you know.
Nonsense. In a country like Tunisia you may well be putting somebody's job at risk if you send political mail to their work account, so you have to be a lot more discerning. And this has been going on for over a month - if an activist sent all the updates to all of their friends in email, people would have long since stopped reading.
How are you so sure that the government monitors email but not Facebook? Especially since email CAN be encrypted, but Facebook cannot?
Why do you think the government ignores Facebook completely when monitoring connections? In many cases sending Facebook messages allows the government to eavesdrop even easier.
In times of revolution, encrypt your communications. Even Gmail has full SSL - if you trust Google. If not, there are others.
How can anyone know what someone's email reads when it was sent over SSL? I never mentioned "work email" either, that's probably a silly idea. But everyone has a personal account too.
Of course the government monitors Facebook. A lot of the stuff activists are posting publically on Facebook anyhow, so it's not like it's any big secret. For private communications, not sure; I'd have to think through the risk model of a Facebook group vs. an email-oriented Google group.
> I never mentioned "work email" either, that's probably a silly idea. But everyone has a personal account too.
Maybe, but not everybody knows it -- for a lot of current and former colleagues, I just have their work accounts.
How can anyone know what someone's email reads when it was sent over SSL?
Email is sent plaintext by default. Your scheme would work if everyone just used foreign-hosted web email providers with the option for SSL selected. But all you need is for one person on the list to be not following instructions and downloading their email using unencrypted POP to their home PC in the wrong country, and your adversary can intercept your comms in plaintext.
Sure, I get that. But on Facebook - the status quo - ALL of the dissidents are reading unencrypted messages. So how is email worse off? Maybe it's not that much better, but I find it hard to believe it's actually LESS safe than Facebook.
maybe. How would they work together in a situation where communications are monitored and they don't have any language in common? How many Tunisian activists other than Slim know about HN? If somebody stepped forward, how would the activists know whether to trust them? Remember Haystack, where an American techie stepped forward and wrote anonymizing software to Iranian activists that turned out to have a major bug in it exposing them all to the government ...
So, it's a reasonable suggestion, and I might try it next time I'm running an activist campaign. But Facebook looks like an easier alternative to me.
I genuinely wish you the best of luck, and hope that your decision to use Facebook doesn't have repercussions down the line. And your point about Haystack is well taken -- from what I remember reading, it was more hype than security software, and almost bordering on fraud.
That's not the point - it may be the easiest for the users, but it's not the easiest for the entire system. The system is primarily made up of the hosts of the data, which would be these private companies who would rather not deal with any potential ramifications for helping out a political movement that is, by its nature, revolutionary. It's the right idea for the activists to use these mediums, but it should not be expected to work long-term.
With all due respect, you're not thinking like an activist. Facebook certainly discourages this kind of behavior: they don't allow pseudonymous accounts, and there have been repeated problems with them shutting down human rights pages and groups. But it's the easiest way to reach people. So activism strategies adapt accordingly.
Back in 2009, for example, the key Mousavi Facebook page is run by somebody outside of Iran. Supporters who want to expose themselves publically can 'friend' the page and easily share information publically; but people who don't want to can view it without being on a list. Similar things are happening in Tunisia.
Exactly. If I post something on Facebook or YouTube, I don't have a contact list. People can sign up to follow me if they want to be public about it, but don't have to.
And the government got email passwords with its keystroke logging too.
> If I post something on Facebook or YouTube, I don't have a contact list.
But on Facebook, you do have a "Friends" list. That's the same thing as a contact list. If the government is keylogging for email passwords, they can keylog Facebook passwords too.
but information I post on Facebook doesn't just go to my friends.
i'm not arguing more or less secure; i'm arguing that the risk/effort/cost/benefit profiles are different, and in most situations for younger activists and audiences the balance favors Facebook.
To me, Facebook (etc.) looks like a pretty good option in that situation.
What alternatives would you suggest?