[Noisebridge-discuss] Unlocking the door via SMS

Jeffrey Malone ieatlint at tehinterweb.com
Thu Mar 11 00:56:25 UTC 2010

On Wed, Mar 10, 2010 at 4:24 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> Spoofing caller ID is trivial. An ACL like that should probably not be
> called a very strong ACL if an ACL at all... They're basically a weak,
> long running version of a shared secret. Many of us have published our
> cell phone numbers on the wiki.

You're right.  But wouldn't this go back to the whole argument that if
you can root pony and open the gate, or pick the lock, "we probably
want you in anyway" ?
Any system we put in place can be easily hacked.  If that's what you
want to worry about, proceed.

>> It'd be pretty simply to create a method of adding a phone number to
>> an ACL, but require they either have an account on pony or be
>> connected to our internal network.  As google voice already logs all
>> messages, the exposure of privacy would not be realistically increased
>> -- those wishing to keep their phone numbers entirely private would
>> not want to use this method anyway.
> Who has access to those logs?

At the moment, it would seem to be Micah.  In general, whoever has
access to the google voice account.

>> For those who want to get paranoid, however, I will also point out
>> that an sms-based entry system will inherently log who enters at what
>> time.  As it would be entirely opt-in, I personally see no problem
>> with this...
> The system itself does not need to log. Many parts of the phone system
> outside of our control do log. We do not need to participate in such
> logging.

Google voice automatically records incoming SMS in their website
interface.  The emails generated that are then checked would also be
logs.  Yes, it is possible to delete the messages from within the web
interface... we'd need to look into any method that may be able to do
this automatically.
It would also be logged by the service provider of person who sends
the SMS, as you pointed out.  Not something we'd have access to, but
it would be a logged item in their billing system, and if someone is
sufficiently paranoid...
I'm also not sure I'd trust the reliability of google actually
deleting the info, or our system in not failing to delete it
(especially if they alter their systems, as there is no released API
for google voice).

Simply, I think it'd be an entry system that would not guarantee
anonymity.  Which is fine I think, as we're not talking about
eliminating other methods of anonymously entering.  I don't think we
should restrict additional methods simply because they can't provide
guaranteed anonymity as long as they are opt-in.


More information about the Noisebridge-discuss mailing list