Upload
nicholas-doiron
View
225
Download
2
Tags:
Embed Size (px)
DESCRIPTION
How can we make OpenStreetMap more secure for users everywhere? And could we make a secure reporting tool for mappers? Ignite talk at SOTMUS 2014 DC
Citation preview
CartoDrop
mapping and reporting over Tor !
Nick Doiron - @mapmeld
My background: maps
Carto and Crypto
At first glance, very different fields
Six months in, still different ¯\_(ツ)_/¯
Who needs crypto?
Not just NSA and USA
NSA gets capabilities through contractors
Software is resold to many countries
Government-run ISPs
With maps like these…
Human rights violations
Poaching and pollution
Systemic bribery
Political uncertainty
Voter suppression
Disease outbreaks
HTTPS?
HTTPS reveals
you and your domain
size of downloaded tiles
can’t read messages…
… unless someone gives up the key (ever)
build on Uncensorable Twitter
only protects distributor
Decentralize?
What does work?
Sounds tricky…?
Looks like Firefox
Orbot for Android
Disclaimer
Do use public WiFi
Don’t sign into your account
Don’t do illegal stuff
Don’t allow JavaScript
-> SecureDropDemo.org <- !
Designed for journalists, already on FirstLook and WildLeaks
Good and bad newsJavaScript? NO
APIs NO
Secure passwords YES
PGP encryption YES
Air gap docs YES
Maps break SecureDrop!Journalist needs to look up each coordinate:
without a visual
without software (can’t install on Tails)
without the web
Can we build crypto?
Building CartoDrop
OSM + NaturalEarth
Mapnik Python
Messages stay encrypted
Source’s identity stays protected
The <way/> forward
Speak Freely@mapmeldon Twitter & Keybase