[Noisebridge-discuss] Unlocking the door via SMS

[Jacob Appelbaum]

Jeffrey Malone wrote:
> What about creating a dual system, allowing people to use a passphrase
> entry system (that we could also use for simply accessing a web
> interface -- enter in this week's key to the website or via sms), and
> create an ACL of known telephone numbers that will work without the
> passphrase.

Spoofing caller ID is trivial. An ACL like that should probably not be
called a very strong ACL if an ACL at all... They're basically a weak,
long running version of a shared secret. Many of us have published our
cell phone numbers on the wiki.

> It'd be pretty simply to create a method of adding a phone number to
> an ACL, but require they either have an account on pony or be
> connected to our internal network.  As google voice already logs all
> messages, the exposure of privacy would not be realistically increased
> -- those wishing to keep their phone numbers entirely private would
> not want to use this method anyway.
> 

Who has access to those logs?

> I think it's a good idea, personally... and could prove pretty
> awesome.  Especially as we get more automation going in the space, we
> can expand it to provide more information... essentially hijack it as
> a shortcode.

I agree and I think the SMS door unlock is a nice idea.

> 
> For those who want to get paranoid, however, I will also point out
> that an sms-based entry system will inherently log who enters at what
> time.  As it would be entirely opt-in, I personally see no problem
> with this...
> 

The system itself does not need to log. Many parts of the phone system
outside of our control do log. We do not need to participate in such
logging.

Best,
Jake

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100310/90c75003/attachment-0003.sig>