CartoDrop: secure mapping and reporting over Tor
-
Upload
nicholas-doiron -
Category
Internet
-
view
225 -
download
2
description
Transcript of CartoDrop: secure mapping and reporting over Tor
![Page 1: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/1.jpg)
CartoDrop
mapping and reporting over Tor !
Nick Doiron - @mapmeld
![Page 2: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/2.jpg)
My background: maps
![Page 3: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/3.jpg)
Carto and Crypto
At first glance, very different fields
Six months in, still different ¯\_(ツ)_/¯
![Page 4: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/4.jpg)
Who needs crypto?
![Page 5: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/5.jpg)
Not just NSA and USA
NSA gets capabilities through contractors
Software is resold to many countries
Government-run ISPs
![Page 6: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/6.jpg)
With maps like these…
Human rights violations
Poaching and pollution
Systemic bribery
Political uncertainty
Voter suppression
Disease outbreaks
![Page 7: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/7.jpg)
HTTPS?
HTTPS reveals
you and your domain
size of downloaded tiles
can’t read messages…
… unless someone gives up the key (ever)
![Page 8: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/8.jpg)
build on Uncensorable Twitter
only protects distributor
Decentralize?
![Page 9: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/9.jpg)
What does work?
![Page 10: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/10.jpg)
![Page 11: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/11.jpg)
Sounds tricky…?
Looks like Firefox
Orbot for Android
![Page 12: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/12.jpg)
Disclaimer
Do use public WiFi
Don’t sign into your account
Don’t do illegal stuff
Don’t allow JavaScript
![Page 13: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/13.jpg)
-> SecureDropDemo.org <- !
Designed for journalists, already on FirstLook and WildLeaks
![Page 14: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/14.jpg)
Good and bad newsJavaScript? NO
APIs NO
Secure passwords YES
PGP encryption YES
Air gap docs YES
![Page 15: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/15.jpg)
Maps break SecureDrop!Journalist needs to look up each coordinate:
without a visual
without software (can’t install on Tails)
without the web
![Page 16: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/16.jpg)
Can we build crypto?
![Page 17: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/17.jpg)
Building CartoDrop
OSM + NaturalEarth
Mapnik Python
Messages stay encrypted
Source’s identity stays protected
![Page 18: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/18.jpg)
![Page 19: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/19.jpg)
The <way/> forward
![Page 20: CartoDrop: secure mapping and reporting over Tor](https://reader033.fdocuments.us/reader033/viewer/2022060111/55669544d8b42a51558b52ba/html5/thumbnails/20.jpg)
Speak Freely@mapmeldon Twitter & Keybase