More Analysis of Firechat’s Opportunistic Mesh Marketing

Re/code recently published an article on Firechat’s use in Hong Kong, mostly just repeating one of the app’s founders speech from a recent Silicon Valley area tech event. I am really tired of beating this horse, but I really couldn’t help myself, as the attempts to use the ongoing very real-life protests in Hong Kong as a some sort of springboard for VC funding or product awareness is a tactic I have never been happy with. I also think tech publications like Re/code must do a much better job about being informed and critical on topics related to privacy, security, anonymity and freedom-enhancing tools developed by privately funded, closed source companies, that somehow claim to do things they may not really do. As an example, a Wired story from March on Wickr, another closed-source secure mobile messaging startup, is actually quite good, and includes a variety of actual experts providing actual analysis.

Somehow while WhatsApp and Facebook weren’t working,Open Garden’s Micha Benoliel claims people were able to still download the multi-megabyte Firechat app from Google Play or iTunes, and register on Firechat’s cloud-based servers before using the app. Benoliel wants to paint a picture of an app that can work without Internet, but it requires the Internet, and pretty decent reliable connection to app stores, to get the app in the first place. Additionally, the majority of screenshots of the apps use show people on the “Everyone” tab, which should be renamed the “Internet” tab, meaning you are using a wifi, 3g or 4g connection, and NOT meshing. If you are using the “Nearby” tab then you are meshing. Screenshot after screenshot after screenshot I have seen showing examples of use in Hong Kong, Taiwan and elsewhere all use Firechat in the basic IRC-style chat room mode, which is great, but has nothing to do with what they are saying the app is being used for.


A great analysis from PC Magazine actually provided detailed testing of the promise of Firechat’s nearby mesh mode versus its reality:

“But in my testing, FireChat’s mesh networking proved unreliable. With four phones spread over 241 feet apart, I was unable to receive messages from the furthest device while offline in nearby mode. I experienced this same unreliability in offline nearby mode when all the phones were within a few inches of each other.”

If a highly skilled tech reporter finds it unreliable in his lab, then how is it magically working for 100,000s of people in the streets of Hong Kong? Perhaps Firechat does work better when there is more people, but again, I would love to see any tiny piece of evidence of that, and not just anecdotes.

Somehow even though this is a decentralized mesh app not using the Internet (remember it was too congested!), the Firechat team knows specific numbers about the amount and duration of unique chat sessions. The truth is their app constantly communicates back to their centralized servers, which is apparently how they are getting these metrics for their marketing efforts. This is important because words like anonymous chat app are constantly batted around in reference to Firechat, when it isn’t at all, and in fact, there is a great deal of analytics going on to fuel possible future funding and business models. Reminds me of a whisper I once heard…

The numbers they promote in the presentation are a bit blurry even though they sound big when initially quoted… 500,000 new users held 2 million unique chat sessions that averaged 3 minutes each. This is promoted as being more powerful than 1.4 million tweets sent during the same time, even though those likely reached a much larger audience of people that a half million. Now first, let’s address the cognitive dissonance that people *were* tweeting, meaning they were using the Internet, posting photos, videos, and other rich media content, constantly from their phones in the streets of Hong Kong. Even Kenny G appeared on Twitter from the front lines of Occupy Central, though he now famously backpedaled, unlike the truly awesome Chow-Yun Fat. Again, the congestion of the mobile Internet and Firechat’s ability to counteract that are being overplayed, and by promoting Twitters use in Hong Kong during their own presentation, Firechat is not even being consistent with their own version of reality.

Now back to the “unique chat sessions”… Are these mostly just one on one chats? Are they huge group chats all in the “Nearby” mode, or are they topic based chat rooms? How far does one message or one session actually spread? The current impressions is not very far, though they claim 70 meters, so people are having 3 minute chat sessions with people within a few blocks from them. However, in the Nearby mode there is no filtering or targeting – it is just a massive stream of everyone within 70 meters of you (apparently). Again, if that was really happening in the middle of these massive crowds, I would love to see some evidence of it – a screen shot of “Nearby” with 100000s talking in it, or even 100. Does it exist? Please share!

Finally, the idea they were surprised by this type of usage is not genuine, considering they had promoted press coverage months earlier of use of the app in protests in Taiwan and by ISIL supporters in Iraq. In both of those places, just to continue to make this point, all of the screenshots were in “Everyone” mode, and not in “Nearby”. However, the point is that Firechat is keenly aware of the press attention they can get by promoting adoption of their apps in high visibility gatherings, be it their marketing around Burning Man or Occupy Central. In this way, I do really appreciate the stance that Snapchat’s CEO Evan Spiegel took on not promoting use of their app in situations like this:

“One of my pet peeves over time is how the technology industry has tried to sell counterculture. It’s tried to sell the revolution. We’ve been really resistant to doing this. We didn’t feel like pushing these photos and videos out would turn that attention into action that would be helpful in Hong Kong.”

When Snapchat is making your marketing tactics look bad, then you really do need to take a look at yourself. Look, I understand Open Garden is a startup, with investors, and they need to have that break through in order to make it. I just want them to be honest with themselves and the world about what their app can or cannot do today, and really, deeply consider what might happen if their app doesn’t work as well as they say it does, when the Internet ACTUALLY gets turned off, blocked, intercepted or surveilled. Don’t let your marketing and popularity get ahead of what it is your product is meant to do.


How Dungeons & Dragons Can Help Twitter Fight Trolls

One of the core problems of Twitter with regards to trolling and bullying, is that all users are created equally. While the various follow, filter and block features allow you to craft the version of the Twitter feed that you want to see, it doesn’t stop someone from spreading misinformation about you, spreading actual information (doxing), impersonating you or otherwise causing trouble. When users are banned or blocked, it is easy enough for someone to create a new account, under a new pseudonym, and continue their harassment. Blocking IP addresses or requiring “real name registration” are not the solutions, and we are left with the targets of the attacks often choosing to leave Twitter instead.

Ironically, given recent events, I believe traditional table-top role-playing games (RPGs) offer some insight to a solution to the problem that Twitter and other users face. Game dynamics have often been used to predict outcomes of real-world events, and inversely they can be used to provide constructive frameworks for people to interact in complex ways. At this point, Twitter, and Facebook, as well, have very rudimentary systems to deal with harassment and trolling, and instead, need a great deal more complexity within their own systems for monitoring and managing, as well as in the tools and capabilities users have to shape their feeds.



Here are some possibly unoriginal thoughts (would love to hear about other online community systems who might have D&D inspired reputation systems) about how to address that, and no, you won’t need a twenty-sided die to implement them…

Leveling Up

RPGs: When you roll a new character in role-playing games, you start at Level 0 with no weapons or armor. This means you better not piss anyone off, or your characters life-span will be quite short. Mostly you stay in town, do basic jobs, and try to get some gold. The goal is to level up, add some points to various skills, and get some leather skins and a workable weapon.

Twitter: If your account falls under a certain threshold of followers or tweets, you should be considered a provisional user, and any @ tweet message you send mentioning another user should be shown publicly or at least in the timeline of the targeted user. If your message is flagged a small amount of times, your account is instantly shutdown for review. You should be able to build some reputation by tweeting useful, interesting, unique content that others will want to follow. One you have shown you have something useful to add to Twitter, you can graduate past the provisional phase.

Building Alliances

RPGs: One quick way to improve the power and longevity of your character is to team up with other characters, join groups, guilds or armies. This way you can begin joining quests that you otherwise may not be equipped to survive. If your group contains a mage, you can even benefit from healing spells.

Twitter: Getting put onto Twitter lists that have a strong percentage of users with many follows and high-quality tweets should reflect well on your account, and build resistance to being flagged or blocked. Anyone who places you on a list, can endorse you, as someone worth following.

Exposing Your Alignment

RPGs: There is no right or wrong in RPGs, and in fact there is a whole range of acceptable alignments, from good to evil, lawful to chaotic, with a variety of interesting combinations. This is all part of how the game works, and everyone plays their roles. That said, if you are a chaotic evil thief, don’t expect the a holy citadel full of lawful clerics to give you shelter.

Twitter: Who you follow, what you retweet, what you say, and the topics you discuss, all should have an impact on the perception of what kind of user of Twitter you are. There is not necessarily right or wrong on Twitter, and there shouldn’t be blanket censorship or bans, but your behavior on Twitter should allows others to avoid or block you en masse, and not just at the account level.

Character Classes

RPGs: Warrior, mage, thief, cleric, ranger, paladin… when you choose the type of character you wish to be, you say something about who you are, what you bring to the game, and what type of activities you want to participate in. Each class has certain skills and capabilities, not everyone can do everything, and this builds useful dependencies between people that require trust building and negotiation. If you are a warrior entering a dungeon, you better have a cleric with you who can heal, a mage that can open spell-bound chests, and a thief that can detect traps. Any quest requires this type of cooperation.

Twitter: Twitter provides a very limited, free form manner in which to indicate who you are, and why you are, on Twitter, and what you have to bring to the table. Your short bio, ollowers, “Follow Friday” tweets and hashtags, all provide a limited mechanism for indicating your expertise, and otherwise, it is general based on what you tweet that people decide whether to listen or ignore. Twitter would be greatly enhanced if you could more strongly indicate your alliances and affiliations, your background and your skill, that qualifies you to discuss a topic or provide insight. Tweets might show a special power-up symbol if you are tweeting about a topic you have been indicated as an expert in, or shown to have a google or linked history related to.

Strength, Constitution, Intelligence, Wisdom, Dexterity, Charisma….

RPGs: The strength or weakness of any attribute in your character plays a huge role in your value to a quest, guild or party. You don’t need to have huge numbers for all of them, but if you are a thief with great dexterity and speed, then you will be in great demand. Similarly, a warrior with excellent strength but low intelligence and wisdom, should be treated like the hulk they are, and a mage, a chaotic-nuetral one at that, with high intelligence and charisma perhaps should not be trusted at self-serving junctures. All of these factors contribute to interaction with everyone else in the game, and the success of your character in the realm.

Twitter: Twitter has metrics like follows, following, tweets, re-tweets, time since you joined, and perhaps a few other hidden ones as well. There is data behind your account that could be used to better indicate to others whether they should follow, interact or spend any time at all with you. If you follow relatively few people in ratio to who you follows you, then it is likely that your tweets are one-sided and you aren’t that interest in listening. If you have join a long time ago, and have highly re-tweeted tweets posted now and then, then you have good things to say, but tend to keep to yourself. All of this data could be summed up in a manner that helps people and/or Twitter decide how visible your tweets are, and how much benefit of the doubt you are given when others start to flag or block your account.

Back to the Future

I first played Dungeons and Dragons when I was about six years old. These gaming concepts are not new, and the larger notion of game mechanics and dynamics is a huge field of study way beyond my own comprehension. However, it seems the design teams behind Twitter, Facebook and other sites have implemented the minimal viable systems for managing users, and then left all the rest of it up to chance or binary choices. Facebook has a bad history of allowing groups of people to team up to flag users unfairly and unjustly, as well as leaving decisions about users and acceptable content up to an army of editors who decided on issues like nudity without any concept of the users or community they are a part of. More to the point of this post, Twitter is facing a huge reputation problem itself, as it is becoming literally overrun with trolls, not to mention orcs, goblings and kobolds. Users and botnets are already gaming these system for their own advantages and ends, be it financial, political, cultural or purely for amusement. Why not make the rules of the game then more complex, and more tuned for a better experience for all? Otherwise, no amount of spells of fire or healing will be able to fight off evil or heal these services in the long run.


Sooper-seekritness is not the problem with Firechat

Here is my first (and most likely a very rare) post on Ello in response to Clay Shirky and apparently Firechat’s Chief Marketing Officer

@cshirky (Okay you got me to use ello!) There are many threats beyond sooper-seekritness, and issues beyond Mesh vs “meshy” that need to be considered. I don’t think anyone in the security/hacktivist community means to be disempowering, but I admit sometimes we have to reduce our public messages to “don’t use X app” in order to be heard. I’ve gone through this same discussion with Tibetans using WeChat – they know they are being watched and logged, and sometimes arrested, but the net benefit of being connected is worth the risk. We then say “use X app, but you should know Y”, which is fine. People in the streets are clearly ready for danger. The bigger fear I have about these communities on WeChat, and the people in the streets adopting FireChat is not what can happen to an individual, but what can happen to the crowd, movement or campaign. When the lights go off, will it really magically mesh as much as they want you to think? Does it defend against misinformation, social engineering, impersonation or have any way to block or defend against bad actors? I think Firechat’s answer would be “yes of course!” and “that is not our problem”, while I and others might disagree. Trust me, I have a long history foisting consumer social media tools onto activists groups, but in this case, I just can’t… yet!

@dalijet No one is trying to smear you. You just need to be ready for the spotlight, transparency and responsibility required when you latch your wagon to situations when groups are hitching their movements, freedom and lives, to your app. It is great if you can both serve humans and solve problems at Burning Man and Occupy Central – you’ve touched on a real base need, and thought outside of the typical architecture. That is commendable. I also know that the Occupy Central folks chose you, so you somehow broke through the noise of WeChat and WhatsApp, and showed them there are more possibilities for connecting. That is also a great feat. Now you must earn the trust they’ve put in you, and that many others surely will down the road, and fulfill the features and functionality you’ve touted. You must ensure your new users communities are not somehow subverted or made more vulnerable, by all choosing your app on which to organize and share. You must stand up to the governments who will undoubtedly come to you and ask you to shutdown a chatroom or block a user. Are you ready for that? Is your business model ready for that? So, don’t get defensive, and either embrace the high-risk user stories you now must adopt, or go back to the playa.


Bluetooth name meshyness on a Linux machine

First committed here:

Since the Gilgamesh system uses plaintext bluetooth names for its basic broadcasting communication mode, it is a very easy system to participate in from any desktop system. Below is the set of steps that can be performed at the Linux command line to configure the device name to be up to a 248 byte message (~248 ASCII characters, or ~60 Unicode characters).

These commands can be easily used to build a stationary repeater system, using a high powered bluetooth antenna, or you can just use them to broadcast your own status constantly in the background, to anyone in the area who might be listening.

1) Install Bluez Tools (

> sudo apt-get install bluez-tools

2) Find your Bluetooth adapter

> sudo bt-adapter -l

Available adapters:
default-device-name (A1:B1:C1:D1:E1:F1)

3) Set Discoverable and Powered

> sudo bt-adapter –adapter=A1:B1:C1:D1:E1:F1 –set Powered true
> sudo bt-adapter –adapter=A1:B1:C1:D1:E1:F1 –set Discoverable true
> sudo bt-adapter –adapter=A1:B1:C1:D1:E1:F1 –set DiscoverableTimeout 3600

4) Change the name of your device to a Gilgamesh compatible string (starts with space or special character)

> sudo bt-adapter –adapter=A1:B1:C1:D1:E1:F1 –set Name ” this is my laptop it is a great big BT device”

5) Listen for and discover other devices in the area

> sudo bt-adapter -d


Name: Now what. This is a message from my phone…yo..
Alias: Now what. This is a message from my phone…yo..
Address: A2:B2:C2:D2:E2:F2
Icon: phone
Class: 0x5a020c
LegacyPairing: 0
Paired: 0
RSSI: -59

Update: Added bash script to make it simpler:

> ./
> Powered: 1 -> 1
> Discoverable: 1 -> 1
> DiscoverableTimeout: 3600 -> 3600
> What’s happening nearby? this is a big ol’ test
> Name: this is a really long string that I am typing now!!!! -> this is a big ol’ test
> checking for local updates…
> Searching…