Pis 07, 01 / Feb 4, 17 19:34 UTC

Re: Special Committee: Asgardia Mobile Application Development - Community Input  

Touch ID! That sounds secure. No-one leaves their fingerprints anywhere. It's a good thing there's no previous evidence fingerprints can be printed with conventional 2D printing technology or 3D print them, reversing the print from photos found online.

Even if it wasn't so trivial to bypass or spoof, it's just an excuse to start cutting bits off people to gain access to things.

It's really disturbing to read through suggestions, with regards to what some think is secure.

  Updated  on Pis 07, 01 / Feb 4, 17 20:02 UTC, edited 1 time in total.

Pis 07, 01 / Feb 4, 17 22:28 UTC

Gostei da maioria da ideias, de cirar uma rede social para os asgardianos poderem interagir melhor e mais "socialmente", com GPS para saber se há asgardianaos nas proximidades, com notificações para noticias e afins. Mas acredito que poderia também permitir interagir mais com a sociedade em si; como permitir que votemos e perticipemos de peblecitos do governo nas épocas de eleições (já que o povo de asgardia está espalhado pelo globo), permitir envio de projetos e material de publicação aos outros asgardianos para serem comentados e pesquisados (tipo, para verificar se é viavél em certos paises), e é claro servir como uma espécie de identidade ou "distintivo" de Asgardia, para nos autenticar ou indentificar nas redes sociais ou governamentais que viriamos a criar.

I liked most of the ideas, CIRAR a social network for Asgardians can interact better and more "socially" with GPS to see if there asgardianaos nearby with notifications for news and the like. But I believe it could also allow more interaction with society itself; to allow us to vote and perticipemos government peblecitos in the elections of times (since the people of asgardia scattered around the globe), enable sending projects and publication of materials to other Asgardians for comment and searched (type, to see if you feasible in some countries), and of course serve as a kind of identity or "distinctive" of Asgardia to authenticate or indentificar us on social networks or government that we would come to create.


MOD EDIT:
This post has been translated using Google Translate (https://translate.google.com/). Please keep this in mind that this forum uses English as a base language at this moment, however you are able to use your native language in the Regional (https://asgardia.space/en/forum/forum/regions-36/) forum that applies to you.
- Jason Rainbow 04 February 2017 @ 11:10 pm

  Last edited by:  Jason Rainbow (Global Admin, Global Mod, Asgardian)  on Pis 07, 01 / Feb 4, 17 23:10 UTC, edited 1 time in total.

Pis 07, 01 / Feb 4, 17 23:23 UTC

Things like a "social network" would be external features to the mobile application, this just being a portal for acessing - unless the idea is to create completely independant services that are only accessible from this application and creating a whole host of needless complexity in keeping the two seperate systems synchronised.

Leaking a user's GPS position isn't overly clever. To ignore all the associated security(would make it really easy to eliminate Asgardians in a specific area) and privacy risks that this would generate, then you have to consider the data collection and proliferation - much needless overheads avoided simply by having a manually updated opt-in system.

Things like voting and other suggested "features" are again, not features of application itself but of the backend services it connects to. As I previously mentioned, conformity with a standard web browser will allow for any feature we roll out in the future, and be compatible fully with existing architecture. There should, rightly, be nothing this "app" can do that can't be done without it - it's unreasonable to be expecting people to be buying and using insecure equipment to be able to take part.

It's rediculous to entertain two independant systems to perform the same task so at best I see production of what is little more than an underfeatured web browser, or a collection of single purpose apps that are too limited in scope to be of productive use.

At which point I think: why bother. That effort could of been made to simply upgrading the .css served to mobile devices and othersuch interface tweaks and to develop the backend services(which will need doing anyway. Depserately.) that would effectively result in the same outcome. You minimally save yourself the needless long term maintainence of an underfeatured web browser.

I'm not sure what the badge is about, this isn't something anyone else should really be able to see. Authentication or identification with something easily removed from your person isn't a sane choice overall when it comes to security. Ignoring things like SoC based backdoors in firmware it's minimally able to be used as a Denial of Service attack. You could just add the IMEI to the blacklist to cripple it on the network. Most users don't know how to change that. Any detail offered by the hardware itself is able to be spoofed, so offers no significant measure of security.

  Updated  on Pis 07, 01 / Feb 4, 17 23:28 UTC, edited 1 time in total.
Reason: typo

Pis 08, 01 / Feb 5, 17 02:39 UTC

Olá Asgardianos, primeiramente um projeto móvel, é indispensável à essa altura para todos, com afins de melhoramento de sugestões concursivas, a idéia é ótima claro. Primeira Sugestão, Registro de todos os Asgardianos para ter acesso ao Aplicativo, Segunda Sugestão, trocas de mensagens com nossos companheiros Asgardianos ou criação de Grupos, talvez com temas, sobre Cidadania, cultura, ministérios, engenharia, e etc...

Pis 08, 01 / Feb 5, 17 03:08 UTC

Registrations already occur - additional registration procedure is unlikely to result in additional security.

Theming should certainly be plausible, the rest largely being features of the backend services and supposedly some are in development.

Pis 10, 01 / Feb 7, 17 00:15 UTC

You must take into account the easy access to the forum, the profile, a section to the direct access to the news, something very important and necessary is that the administrators can contact directly for any idea that is interesting. Ahh and something very interesting an area to do meetings live by country. Thus the same president can connect with all members of a country in specific.

Pis 11, 01 / Feb 8, 17 03:25 UTC

The problem with facebook - to ignore the glaring and megalithic security and privacy risks associated with - is you are in absolutely no control over the data they allow you to recieve. Contractually, they are under no obligation to ensure that your messages are read by others, or you are able to read others. They also have previous history of manipulating this for their own gain, and at the whim of third parties.

There is absolutely no sane reason that anything we do should ever be placed into their mines. The data we generate - especially interpersonal communications - should not be relient on the good will of a third party to proceed - this is not an inherently secure model - and we certainly shouldn't be giving it to third parties to abuse. Development of our own secure systems are somewhat critical. Development of such can be minimised by leveraging an existing open source project and building a frontend around that in the page, and or app(still think a browser should do, .css is capable) and being open source it should also work standalone clients. XMPP is good here, it's what FB neutered to build their messenging system and abused similarly for whatsapp and gtalk etc. Manpower in deployment can be a couple of hours, maybe less, for a single person. Cost in terms of resources would be minimal, to assume this wasn't layered with something like kamailio to give VOIP/SIP function to act as a telephone as well, would be incredibly minimal, considering the userbase. I'd wager the existing infrastructure should cope.

Interface tweaks to the forum are desperately required. IMHO more important then information about the lack of progress should be some sort of progress. A half decent set of tweaks should render an "app" moot - and by nature of being a full browser retain compatabilty with 0 extra development or maintainence with whatever the future brings.

"vote on the go" sounds a little omnious. If I was deploying the voting system, you'd all be generating some X.509 certificates(really not as hard as it sounds), and using them for logging in. Once logged in, from a portal you can gain access to the voting system. Once the security of the connection and authenticty confirmed a random token would be generated, cleared for use once then passed to the user's system wherin it allows access to the ability to actually place the vote. "Spending" said token can then flag the user as voted on that topic and as long as you don't record any correlation only the yes/no of the "has voted" it retains anonymity. The software performing this would be open sourced and SHA-256 fingerprints can confirm that what is in operation is genuinely what's in the source.

For general questions, someone is putting together a proposal for a regular Q&A session with Dr Ashurebyli... https://asgardia.space/en/forum/forum/feedback-11/topic/weekly-qa-session-with-igor-ashurbeyli-2632

  Updated  on Pis 11, 01 / Feb 8, 17 16:56 UTC, edited 1 time in total.
Reason: typo

Pis 14, 01 / Feb 11, 17 04:52 UTC

Hey all!

There's some great suggestions floating amongst the debate here. Definitely taking note.

As far as security is concerned couldn't the same protocols that many banking apps use for authentication be sufficient? Or, as Alan suggested, a more advanced form of authentication. As a layman (very layman), security is a big concern but I use my banks mobile app constantly and have had no issue with security breeches.

As far as features, we were thinking about website integration as well as the forums, each would be upgraded as the IT team brought more features online (i.e. the blogs, private messaging, friends lists, etc.) Bringing this initiative to the community, there was a hope that some of the more creative and technical minds would stretch out and think of things that may have not already been implemented in a social app or suggest something wholly new or something very basic.

It's been very interesting so far to see the many different views on this initiative and we look forward to seeing many others from the community add their voices to this one.

Cheers! Rebekah Berg, Lead Community Administrator, Asgardia

Pis 14, 01 / Feb 11, 17 06:44 UTC

Some protocols used by banks - ie: SSL/TLS are currently deployed in the existing model, however the authentication is somewhat moot as there's not real steps taken to validate the user is indeed the autherised user and the cookie used as an authentication token is left everywhere the user doens't specifically remove it from, and doesn't seem to expire. It's also apparently vulnerable to some MITM evilness which will result is plaintext transmission of it. And likely a lot more because you take security "seriously".

TBH, "layman" and "lead admin" are a little contradictory. Silghtly. Security should be something of initmate familiarity to admin.

IMHO about as secure as "login" can be made would be use of PKCS-11, there's a reason most .gov and DoD and many lower organisations that are actually serious use this. However, about as secure and far more accessible to most users can be X.509 - Which is related to SSL/TLS - this is common technology, throughly tested and users should be able to trivially generate themselves a pair of certificates. They can then have the keys signed by the server's CA allowing it's use for login without ever having to transmit the key. Keeping it as secure as they can keep the key, and the passphrase they should set with it's generation. This passphrase should prevent unautherised use, and the certificate is next to impossible to either guess or brute force.

X.509 and use of is not a complex topic, and for the people really scared of using their computer it should be possible to script up something that will generate them certificates uniquely from a single click, and some minimal data input. It should even be possible to have the site generate them, but it's more secure if the private key never leaves the user's possession. Then it's impossible(or thereabouts) for anyone else to login using that auth.

Mobile banking apps are not overly brilliant models. Commonly, I would indeed suggest banks as security models to emulate as they do tend to have a clue here, but mobile banking solutions are commonly rendered insecure by unsafe implimentation of TLS or implimentaiton of known insecure protocols like SSL, The things they are starting to accept as forms of ID - like voice - are quite laughable. You don't want to use things that are left everywhere - like fingerprints, and voiceprints - as forms of ID. There's already open source projects for both(text to speech engine for the voice auth and 2D and 3D printing solutions for fingerprints, facial recognition is even easier to spoof). Almost everything being rolled out about now has three to five independant ways to spoof.

To be honest, most breaches of credit cards etc are at the Point of Sale or thereabouts. People putting their cards into skimmers inserted into cash machines, or point of sale devices, skimmed by store employee, skimmed by passer by with RFID booster sweeping CC details from a 30ft radius as they walk down the street - the website you used the CC with kept a copy of the details then secured it like this site and lost a copy of the database, sat on public wifi someone else redirects your traffic to sample...

Next up in frequency is insecure devices and networks used to access the services. It's amazing what malware people will install on their devices. Or the things attached to emails downloaded and allowed to execute. I've seen pretending to be legitimate banking apps, intercepting data from the legitimate app and pushing network traffic through a third party to sample the transactions(including authentication details). This is going to be the most difficult thing to secure this from.

For "social media" functionality, the likes of the suggested previously(or elsewhere) GNUSocial and Diaspora should roll out similar funcitonality to FB & twitter. If we had some sort of portal, integration into this into existing services should be simple as it's all open source, and long term maintainence should be taken care of by those projects themselves, allowing to reap the benefits of developing in a modular fashion. Something like XMPP could give off a full comms protocol stack. If combined with something like kamailio then it could even go VOIP/SIP with ease. Access to collaborational tools will enable fluid productivity across a wide range of topics.

By concentrating the same devel effort you would for a "mobile app" on the content this site delivers to mobile devices you could end up saving yourself at least three times the effort to do the same thing(website, IOS, Android devel vs website).

Pis 14, 01 / Feb 11, 17 18:24 UTC

Hello!

Again, I'd love to hear someone elses take on the app and seeing some positive suggestions on how the app could be put together securely and with features the Asgardia community would like to have would be very welcomed.

We've already had some experienced application developers approach us about helping on the app so constructive suggestions would be very welcomed. We'd love to get the committee to hit the ground running to put together the proposal and get things going as quickly as possible.

Cheers! Rebekah Berg, Lead Community Administrator, Asgardia

Pis 15, 01 / Feb 12, 17 18:53 UTC

I would like to just petition that user privacy and security should be the number one priority when it comes to designing this app. That means that it is important that we do not collect personal data at any time, from any source. It's important for Asgardia to fulfill its constitutional, founding value of the freedom of the individual.

I would point to this statement on the "concept" page, as quoted directly by Dr. Ashurbeyli.

"A core legal principle is that Asgardia does not interfere in relations between states on Earth – and vice versa."

Given this statement, collecting personal data would actually be violating the Asgardian constitution, as collecting the data of the citizens of earthly nations could be considered an act of interference.

Furthermore, I believe that citizens should have a right to personal privacy if they so choose, and that any personal information collected by this app should of course be voluntarily disclosed by that person.

Pis 17, 01 / Feb 14, 17 12:13 UTC

Security and privacy should be paramount as we see on our current society these are serious with longer lasting consequences.

Chat feature (communication) is that basis of any society, so having chat is high priority, being encrypted and secure is a must have.

Privacy *the ability for the individual to decide what to whom to share information" must be at the basis of any technology developed by Asgardia.

With proper security and privacy any feature being for entertainment or for funcional reasons can be developed to match demand.

The best way to guarantee these objectives are achieved is being an open source project, so others, not involved in the development can verify that what is being developed is secure and does not compromise privacy.

Cheers, Rafael

  Last edited by:  Rafael Almeida (Asgardian)  on Pis 17, 01 / Feb 14, 17 12:18 UTC, edited 2 times in total.

Pis 17, 01 / Feb 14, 17 13:29 UTC

well i have only some ideia:

  • We will not put a bottom to register that brings the person here right?it would do that a large number of people registering here with out motive, like thinking its a normal forum,chat or things alike.
  • We could use a part to show our progess in BOINC , like the credits that we have generated in the week, number of mini projects concluded sucessfull and for last how many member there are participating
  • its more a question that other things , it will put in things like playstore? if it will i would recommend that we dont use that since its most likelly that it would make people confund our app. we could use a download link and intall via apk

well its some ideas and i am open to discuss about then haha

Pis 17, 01 / Feb 14, 17 17:45 UTC

i would recommend that we dont use that since its most likelly that it would make people confund our app

You can test valid client by keeping an SHA256 fingerprint of the executable and supporting libs etc that remain static and then as it attempts to connect you check this before proceding into the login handshake. This will ensure only assured valid clients are able to be used to login, and make spoofing harder.

For actual implimentation, ofc raw SHA256 isn't sensible, but this can be passed through some sort of algorithym...

  Updated  on Pis 17, 01 / Feb 14, 17 17:47 UTC, edited 1 time in total.
Reason: Additional data

Pis 18, 01 / Feb 15, 17 15:35 UTC

For me the most important thing is to read the news of Asgardia !