Is it as secure as Wi-Fi WPA3, HTTPS TLS1.3, or Signal?
No.
WPA3, TLS1.3, Signal, and Meshtastic can all use AES256. Yet AES is one of the many cogs required in a modern encryption system. Below are the main features “missing” in Meshtastic.
Perfect-Forward-Secrecy, means previous communications and more generally anything passively captured cannot be decrypted even when the key is compromised.
Authentication means nodes say who they are on the network. Meshtastic does not implement this, so it is trivial to impersonate anyone else if you have access to the channel key. This is because node IDs are based on hardware MAC address, which are hardcoded by the manufacturer.
These issues are generally in place due to the limited bandwidth of LoRA radio and the extra payload that comes with implementing these features, especially in group chat. In the firmware version 2.5 they provide support to address these issues for direct messaging.
Given the threat model of an activist attending a protest in a moderate to severe police surveillance state, what are your thoughts around utilizing group private channels where only the admin can post broadcast messages and otherwise people must use DM communications to addresss security?
Would providing a guide on how to set these up to provide secure communications be considered or are there too many vulnerabilities remaining for truely secure comms?
Another threat model might simply be families going to a park, resort, or traveling abroad in a city.
I can envision it being utilized between protest organizers rather than a direct replacement for the hypothetical burner/secondary phone. They could use a Meshtastic-compatible device to issue simple commands or warnings that are then echoed via loudspeaker.
For example, if police are spotted cordoning protestors for arrest, an organizer can easily issue a warning across the city. There is less need for the cordoned protestors to turn on/unlock their phones to communicate this.
This makes sense. I can specifically think of video/audio recording or livecasting and internet searches that wouldn’t be covered by Meshtastic itself. What other features are missing from a phone that you might think would be necessary for protest?
Here are some use cases I might dream up:
Standard communications between individuals to build a distributed log of activities and communicate changing group objectives
Preprogrammed Text communications
PING/ACK
Meet at safety point
SOS
Hear Weapons/Danger
See Weapons/Danger
Police near
I’m being arrested
etc…
Communicate each device location at the time of preprogrammed communications
Internet searches
Video/Audio recording
I could envision a bunch of different setups, but more specifically, to minimize the number of phones and surveillance concerns that come with phones and also to avoid the accidental use of privacy phones for the wrong reasons, I think having a group of protesters with one or two admins (for redundancy) who contain the groups’ secondary phones that use the meshtastic app and run by the more tech/privacy savvy individuals of the group. The rest are holding cheap small devices.
As mentioned, you would need different gear for recording video/audio and streaming it. One cool thing about a lot of these IoT radio devices is they do support WiFi and Bluetooth protocols as well. Then take the LoRa device to connect to the Meshtastic mesh, a bluetooth body cam (glasses or necklace ~ $60/each) that streams to your LoRA device, and WiFi where you could stream to a central rtmp server, or a lot of these glasses have local sd card storage if WiFi isn’t an option.
I dunno if there are other things to consider. In all honesty, the setup wouldn’t need to be this elaborate, but just wanted to go a bit extra in case there was a desire to. Likely just doing the base Meshtastic and video/audio can just be buying the wearable alone, and Internet searches could be handled by questions to one of the two admin folks who have phones, or if you want no phones period, maybe bring a local WiFi mesh for folks that connects to broadband…sky is kind of the limit.
Any other use cases? I just really like the idea of removing phones entirely from the equation from a privacy perspective. GrapheneOS installs on everyone’s secondary phone feels a bit much…this is way cheaper from a device perspective and I think really reusable as much as you’d like since theres less opportunity of it having ids associated to your phone logins (less ewaste FTW! Since I assume protesters don’t like child slavery). There would be fewer temptations for folks to violate privacy with very limited dumb devices. Also from an opsec perspective, you’ll be less distracted and have more awareness of your surroundings. Then there’s the option to have nothing saved on the person if they are grabbed by adversarial agents. Like it kind of has the amnesiac properties of tails outsode of meshastic messages themselves and that can be resolved through settings where conversations cqn be logged offline.
