علی صدارت – یکی از مهمترین اقداماتی که شکنجهگران و بازجوها و دژخیمان در زندانهای سیاسی، جهت شکستن زندانیان سیاسی انجام میدهند، تحمیل زندان انفرادی است. سلب امکان تماس با سایرین برای کسب و انتشار اطلاعات و خبرها و نظرها، از مهمترین ابزارها و روشهایی است که مقاومت زندانی سیاسی شکسته شود.
قدرتها در خارج زندان هم، همان روشها و ابزار داخل زندان را بکار میبرند. اینترنت در ایران، همیشه با سرعتهای پایین محدود میشود. در هر هنگامی که اعتراضات و تظاهرات اعتراضی مردم بالا میگیرد، رژیم ولایت مطلقه، سرعت اینترنت را بازهم پایینتر میبرد، و یا حتی به حد قطع شدن میرساند. دسترسی به خدمات تلفنهای همراه هم همین سرنوشت را پیدا میکند، و چه بسا که حداقل در بعضی مناطق، به طور کلی قطع میشود.
قبلا از «فایرچت» (FireChat) اشارهای شد.
وسیلهای که با نام «نهفت» اخیرا در اختیار قرار گرفته هم، در مقاله ذیل معرفی میشود.
باید دقت شود که امنیت «فایرچت» و «نهفت» باید بررسی و تایید شود.
A New App Helps Iranians Hide Messages in Plain Sight
AMID EVER-INCREASING GOVERNMENT internet control, surveillance, and censorship in Iran, a new Android app aims to give Iranians a way to speak freely.
Nahoft, which means “hidden” in Farsi, is an encryption tool that turns up to 1,000 characters of Farsi text into a jumble of random words. You can send this mélange to a friend over any communication platform—Telegram, WhatsApp, Google Chat, etc.—and then they run it through Nahoft on their device to decipher what you’ve said.
Released last week on Google Play by United for Iran, a San Francisco–based human rights and civil liberties group, Nahoft is designed to address multiple aspects of Iran’s internet crackdown. In addition to generating coded messages, the app can also encrypt communications and embed them imperceptibly in image files, a technique known as steganography. Recipients then use Nahoft to inspect the image file on their end and extract the hidden message.
Iranians can use end-to-end encrypted apps like WhatsApp for secure communications, but Nahoft, which is open source, has a crucial feature in its back pocket for when those aren’t accessible. The Iranian regime has repeatedly imposed near-total internet blackouts in particular regions or across the entire country, including for a full week in November 2019. Even without connectivity, though, if you already have Nahoft downloaded, you can still use it locally on your device. Enter the message you want to encrypt, and the app spits out the coded Farsi message. From there you can write that string of seemingly random words in a letter, or read it to another Nahoft user over the phone, and they can enter it into their app manually to see what you were really trying to say.
“When the internet goes down in Iran, people can’t communicate with their families inside and outside the country, and for activists everything comes to a screeching halt,” says Firuzeh Mahmoudi, United for Iran’s executive director, who lived through the 1979 Iranian revolution and left the country when she was 12. “And more and more the government is moving toward layered filtering, banning different digital platforms, and trying to come up with alternatives for international services like social media. This is not looking great; it’s the direction that we definitely don’t want to see. So this is where the app comes in.”
Iran is a highly connected country. More than 57 million of its 83 million citizens use the internet. But in recent years the country’s government has been extremely focused on developing a massive state-controlled network, or intranet, known as the “National Information Network” or SHOMA. This increasingly gives the government the ability to filter and censor data, and to block specific services, from social networks to circumvention tools like proxies and VPNs.
This is why Nahoft was intentionally designed as an app that functions locally on your device rather than as a communication platform. In the case of a full internet shutdown, users will need to have already downloaded the app to use it. But in general, it will be difficult for the Iranian government to block Nahoft as long as Google Play is still accessible there, according to United for Iran strategic adviser Reza Ghazinouri. Since Google Play traffic is encrypted, Iranian surveillance can’t see which apps users download. So far, Nahoft has been downloaded 4,300 times. It’s possible, Ghazinouri says, that the government will eventually develop its own app store and block international offerings, but for now that capability seems far off. In China, for example, Google Play is banned in favor of offerings from Chinese tech giants like Huawei and a curated version of the iOS App Store.
Ghazinouri and journalist Mohammad Heydari came up with the idea for Nahoft in 2012 and submitted it as part of United for Iran’s second “Irancubator” tech accelerator, which started last year. Operator Foundation, a Texas nonprofit development group focused on internet freedom, engineered the Nahoft app. And the German penetration testing firm Cure53 conducted two security audits of the app and its encryption scheme, which draws from proven protocols. United for Iran has published the findings from these audits along with detailed reports about how it fixed the problems Cure53 found. In the original app review from December 2020, for example, Cure53 found some major issues, including critical weaknesses in the steganographic technique used to embed messages in photo files. All of these vulnerabilities were fixed before the second audit, which turned up more moderate issues like Android denial-of-service vulnerabilities and a bypass for the in-app auto-delete passcode. Those issues were also fixed before launch, and the app’s Github repository contains notes about the improvements.
The stakes are extremely high for an app that Iranians could rely on to circumvent government surveillance and restrictions. Any flaws in the cryptography’s implementation could put people’s secret communications, and potentially their safety, at risk. Ghazinouri says the group took every precaution it could think of. For example, the random word jumbles the app produces are specifically designed to seem inconspicuous and benign. Using real words makes it less likely that a content scanner will flag the coded messages. And United for Iran researchers worked with Operator Foundation to confirm that current off-the-shelf scanning tools don’t detect the encryption algorithm used to generate the coded words. That makes it less likely that censors will be able to detect encoded messages and create a filter to block them.
You can set a passcode needed to open Nahoft and set an additional “destruction code” that will wipe all data from the app when entered.
“There has always been a gap between communities in need and the people who claim to work for them and develop tools for them,” Ghazinouri says. “We’re trying to shrink that gap. And the app is open source, so experts can audit the code for themselves. Encryption is an area where you can’t just ask people to trust you, and we don’t expect anyone to trust us blindly.”
In a 2020 academic keynote, “Crypto for the People,” Brown University cryptographer Seny Kamara made a similar point. The forces and incentives that typically guide cryptographic inquiry and creation of encryption tools, he argued, overlook and dismiss the specific community needs of marginalized people.
Kamara has not audited the code or cryptographic design of Nahoft, but he told WIRED that the goals of the project fit with his ideas about encryption tools made by the people, for the people.
“In terms of what the app is trying to accomplish, I think this is a good example of an important security and privacy problem that the tech industry and academia have no incentive to solve,” he says.
With Iran’s internet freedom rapidly deteriorating, Nahoft could become a vital lifeline to keep open communication going within the country and beyond.
What is FireChat?
با نصب این اپلیکیشن FireChat فایرچت در موبایل خود، بدون امکان بسته شدن و یا حتی فیلتر شدن توسط اطلاعاتیها، به راحتی میتوان با سایر کسانی که آنرا در موبایل خود دارند با آسودگی خیال در تماس باشیم. قطع شدن اینترنت و حتی قطع شدن سرویس تلفن موبایل هم نمیتواند آنرا از کار بیانداز.
FireChat enables communication among very large groups, in real-time. FireChat has been used all over the world, from Taiwan to Hong Kong, Delhi, Moscow, Paris and Manila. Some people have called FireChat: the “app for crowds.”
Conversations happen in “public chatrooms” or “private messages”.
You can create a chatroom under the name of your school, organization, project, NGO, event, conference or any topic. Chatrooms scale very quickly: they can gather as many as tens of thousands of people simultaneously. When your phone is connected to the Internet, the chatrooms become the place for live communication between people everywhere in the world: anyone can share messages and pictures with everyone else in real time.
Private messages can only be seen by the sender and the recipients. They are encrypted to ensure your privacy. Private messages can be sent to one or multiple persons. If you send a private message to several people, it automatically creates a private group.
What’s unique about FireChat is that it also works when there is no Internet connection or cellular phone coverage. It even works on a plane. When your community gets together, it creates your own free communication network and doesn’t rely on traditional networks.
You don’t have to do anything special: just keep FireChat on your smartphone and keep Bluetooth and WiFi on (yes, even if there is no Internet access). This is game-changing since you can create local communication networks at zero cost and also stay connected during sports games, rallies, music festivals, and in emergency situations.
How does it work?
When no Internet connection or cellular networks are available, FireChat uses the radios inside our phones to connect them directly with one another. In that case (which is also called “offline” or “off-the-grid”), messages will travel up to 70 meters (210 feet) from one phone to the next.
Old way of cell towers only vs. FireChat way of phone-to-phone as well
If there are more than two devices, they will form a network and messages will bounce from one device to the next, thus extending the range of the network. The more people use FireChat, the better the network gets for everybody. This is why FireChat works really well for very large groups of people.
How will this help me?
If you are the leader of a community, give FireChat a try: it will allow you to update all community members at the same time. You can share information or discuss projects or topics in an open space for all members of your community. FireChat is well suited for live discussions. Unlike other social networks, it allows everyone to see all the messages in real time, without ads or unrelated content. Unlike messaging apps, such as WhatsApp, it accommodates a very large number of users and doesn’t require people to share their phone numbers.
How do I use it?
۱٫ Download FireChat. The easiest way is to follow this link: www.getfirechat.com. It’s a small app.
۲٫ Create your profile. Pick a username, and add a photo and a short bio. You may choose to be anonymous by picking a pseudonym, use your real name, or create the account under the name of your community or organization.
۳٫ Start chatting. You can send private messages to people – or join a public conversation in public chatrooms. You can easily link several chatrooms by typing hashtags in any message.
۴٫ Create your chatroom. Typing a hashtag in any message (for example #Football) automatically creates a new chatroom and starts the discussion. If the chatroom already exists, you will be joining that conversation.
۵٫ Create a private group. To create a private group, simply send a private message to several people. FireChat does the rest.
۶٫ Invite your community. Tap on the “star” on the top right corner of the screen. This automatically creates a link and a screenshot of your chatroom, which you can share via Twitter, Facebook, SMS, Email. etc… You can also copy that link to use it anywhere or even type it yourself. The format is http://firech.at/Football. People who follow this link will be automatically placed into your chatroom after they have downloaded FireChat. If they already have FireChat, it will simply bring them in the chatroom.
If you are “off-the-grid”, remember to keep Bluetooth and WiFi turned on so that you can see other FireChat users nearby. That’s all. You do not need to do anything else.
Public Chatrooms: FireChat chatrooms are designed for public communications. They work like Twitter and Instagram from the perspective of message distribution. Anyone can see your messages, whether you are in a big chatroom or a small chatroom. Some people use FireChat with their real name or other identifying information. Some don’t. It’s up to you. Unlike Facebook and Google, FireChat does not require the use of real names. Unlike Telegram or WhatsApp, FireChat does not require your phone number (use the email signup option).
Private Messages: you can also send private messages to one person or several people. These messages are encrypted. Only the sender and the recipients can read the content of the message. You can send a private message to any FireChat user from the person’s user profile. When sending a private message to several people, you automatically create a private group (up to 50 people).
Following: You can ‘follow’ someone by tapping on the circle next to their name and clicking the “Follow” button. To unfollow, simply tap the button again. If you follow people, you will be notified when they become active on FireChat. People who follow you will know instantly when you are active in FireChat. This is very useful when you need to reach your entire community at once.
Blocking: If you don’t like what someone is saying, you can block the person simply by pressing and holding down on a message they sent. The people you block will not see your messages either.
Photos: You may share photos using FireChat, in the same way that you do so over SMS. Only the people who follow you will see your photos. To see someone else’s photos, you need to follow that person.
Favorite chatrooms: If you favorite (e.g. “star”) a chatroom, you will be notified of new messages in that chatroom. If you prefer, you can turn off notifications off from the Settings menu.
Please let us know what you think– we would love to hear from you! Email us at email@example.com. We usually respond to all communications within 24 hours. You can also find us on Twitter @firechatapp, and of course on FireChat: firech.at/OpenGarden.