This post was adapted in two segments from an article written by Oiwan Lam and originally published in Chinese on 1 October 2014 on citizen media platform inmediahk.net. It was translated by Loki Chu and republished on Global Voices as part of a content-sharing agreement. Read the first segment here.
On September 28, after Hong Kong police unleashed tear gas on protesters, many said that they could not access the Internet with their mobile phones and had to run to Central or Wanchai districts before they could send their messages.
Since then, a large number of protesters have downloaded FireChat to prepare for communication during network outages or network congestion.
The FireChat application can run over a mesh network. As each mobile phone sends out a weak signal, a mesh network turns each mobile phone into a network node and links the nodes together to form a local telecommunication network that enables the exchange of messages between users.
But Internet privacy and security experts warn that this software has security vulnerabilities and its users may become the targets of attacks. Calls may be intercepted and the locations of users may be tracked. The application also lacks a strong authentication system for users’ identities — it is relatively easy to impersonate another user, making the network vulnerable to infiltration by malicious actors.
Are there any tools that are more secure than FireChat and can be used during major network congestion?
President of the Hong Kong Professional Information Security Association Eric Fan bluntly answered, “No.” He urged users not to download applications casually and not to jailbreak their iPhones or iPads because these actions are likely to pose security problems. Indeed, security vulnerabilities abound in this arena, and threats from mainland China are many.
In mid-September, hackers distributed an Android application that was discovered to be spyware capable of stealing information from users’ smartphones and tracking users’ locations on Baidu Maps, a mainland Chinese version of Google Maps. The hackers disguised themselves as Code4HK, a group of tech geeks who support social movements in Hong Kong.
Fan pointed out that, in fact, many applications have security vulnerabilities, and users must be vigilant in protecting their communication tools. In addition, under a good network connection, he recommends the use of Telegram.
Telegram is an application similar to WhatsApp, but all communications are encrypted and users may choose to delete conversation records permanently to prevent old records from being spied upon if a user’s mobile phone or computer is confiscated.
This particular point is important for activists who are targets of political persecution. It is now common practice for Hong Kong police to confiscate protest organizers’ mobile phones, and in some cases, they even obtain search warrants and confiscate personal computers for investigation.
Google Talk is another common communication tools among protesters. It is prudent to develop the habit of choosing the “off-the-record” chat option so that others cannot read the chat history.