Yesterday, some people were shocked to find their private conversations posted on twitter. Here was the major problem: their conversations were never private. When many people downloaded and started to use Firechat this past week in Hong Kong, some people initially thought that their conversations were private. When people hear the word “meshnet”, they automatically assume that the software running the meshnet is encrypted and secure.
Earlier today, I called Open Garden, the makers of Firechat. A man who identified himself as the CEO of Open Garden, Micha Benoliel, answered the phone. He said that he was on a business trip from India to China when the protests in Hong Kong broke out. After seeing the protests, he has decided to stay in Hong Kong for the time being.
I asked him if Open Garden had ever received any US government funding directly or indirectly. Benoliel said that Open Garden does not receive US government funding; instead, Open Garden is financed by private investors.
When asked if he was worried that the Chinese government might be monitoring or recording the chats, Benoliel said that he was not concerned at all since the information was already public information. Benoliel said that everyone knows Firechat is completely public, and Firechat is used by the Hong Kong protesters to broadcast information publicly. He characterized the episode yesterday, where people were able to retrieve conversations from Open Garden’s website, as trivial information that was already public.
According to Open Garden’s CEO, Firechat has been used under more mundane circumstances such as concerts, local dating, and the Burning Man festival. Firechat has also been used in other more extreme situations though, such as when the Iraqi government shut down the internet and when there were protests in Taiwan. Firechat still works in situations where the mobile phone networks are congested.
The Open Garden CEO said that encryption might come when Firechat releases private messaging, but it is not available now. When asked what type of encryption the private messaging would use, he said that it was too soon to tell which type of encryption would be implemented and he assured me that they are very well versed in security. Since many journalists are using Firechat in Hong Kong, Firechat has released its verified accounts feature, and he asked me if I would like a verified account.
A few hours ago, I downloaded the Firechat app. My registration for a Firechat account failed and I am not sure why. Open Garden’s website was also down today, and the Open Garden CEO said that they are making changes to the website. When I tried to register an account, I did not see any warning that the chats on the app are completely public. The links to the Terms of Service and Privacy Policy were also not reachable.
The way in which developers talk about security and privacy gets lost on a lot of people who are not tech savvy. Many users falsely believe that software is more secure and private than it actually is. How developers talk and communicate with average users so often gets lost in translation.
Further Reading:
Firechat and Nearby Communication
FireChat Prepares Encryption Feature As It Drives Hong Kong Protests