Ragtag

Update 2011-06-12: Just noticed this article about the current unrest in Syria. The #syria hashtag is apparently being flooded by government spam. This shows that this problem really exists, whether or not the following offers any real chance for a solution.

Twitter is the opposite of an authoritative source. It's a mighty stream of uncertain information, and trying to take it all in is known as 'drinking from the fire-hose.' Hearsay gets cut and pasted as fact. The most sensational news gets retweeted most often. Before you know it, you've got running gun battles on Oxford Street.

There's been some debate about whether Twitter played any role in bringing down Mubarak in Egypt. It can't be doubted that technology shaped the way we remote observers heard about the situation, but it's a stretch to claim it provided useful information to the people doing the protesting.

Is it possible to take the fire-hose and make it useful for such people? The penetration of Twitter and similar social media is increasing. Smartphones are heading towards ubiquity. Is there a way to make these trends work for an internet-connected protester in a Tahrir-square situation?

Perhaps they could ignore the fire-hose and rely on their existing network of follows and followers. They would probably have a good idea of the reliability of anyone known in real life. But there will be thousands of other potential sources in the crowd that don't have meaningful links to their social graph, and there's no way to bolt them on by the mere fact that they're present.

Additionally, existing contacts will only be useful if they post as themselves. Anonymity makes a useful social graph impossible to maintain -- Facebook bans pseudonyms, even for embattled protesters -- but identifiable dissent is a dangerous game. There was serious worry among Egyptian protesters that their emails and tweets would be used as evidence against them if the regime survived.

So can we come up with a way to allow anonymous communication without making the fire-hose even harder to filter? Is there a way to pick out information that comes from people who are present at the protest and on the same side of the fight?

There's a commonly accepted way for one party to prove their authorship of a public message to another. The two parties (let's follow tradition and call them Alice and Bob) establish a shared, secret phrase between themselves. Alice then comes up with a message. Before sending it, she adds the secret phrase and runs the resulting string through a cryptographic hash function. The resulting hash is sent with the original message. On receipt, Bob goes through the same steps, and if his hash matches the hash in the message, he knows it was sent by someone who also has the secret.

A simple Twitter Client could automate this process. You'd give it the secret and it would automatically sign your updates, and filter hashtagged messages to determine whether they were also signed with the secret. Say you were following a general hashtag, and also filtering based on hashes, you might set up an interface something like this.

So, if you suspend your disbelief and imagine that the secret has been established, you now have an ad-hoc network of people who can communicate with some degree of trust. You don't have to know or follow other crowd members to be able to believe what they report. You don't have to post as yourself in order to get information to those that need it. The trusted stream works alongside the fire-hose, and you can compare the two to gain useful perspective.

The huge flaws in this scheme

1. How does a crowd agree and maintain a secret?

Well, that's a very good question. It would have to be passed person to person in the crowd, based on individuals sizing each other up as trust-worthy recipients. A holder could pass it to those that he personally trusts, who could do the same in turn. There would have to be strong social conventions around sharing the secret. Depending on who trusts whom, perhaps only a subset of the crowd would end up holding the secret.

Perhaps this gets easier if you allow the possibility of multiple shared secrets. The ad-hoc nature of this system means that subsections of the crowd might end up with their own secrets. Information could still be shared as long as some members of the crowd held multiple secrets. They can then see trusted updates from both groups, and retweet updates from one group signed with the secret of the other. This could also be automated.

2. How much damage can be done by a malicious person posing as a protester?

If a malicious person gets hold of the secret, he can use it to spread disinformation. However, malevolent users are likely to be heavily outnumbered by genuine ones, and since the whole point of the system is to provide local information (on the scale of a few square miles of protests), disinformation can be rapidly debunked. Consistent disinformation from one or several sources will simply provide a clear signal to the crowd that a particular secret has been compromised.

In the worst case, the system is known to be compromised and crowd members stop relying on it. Even then, they are not worse off than before. In the best case, if only one secret out of many is compromised, the system may be resilient to such attacks. The multiple secret-holders will stop repeating information signed with compromised secrets, but others will remain useful.

Anyway, those are some thoughts which I've finally had time to scribble down. I'm wondering whether this might lead to a project that I can prototype at the Rewired State hack day later this month. Maybe there's the seed of something useful there, but I'm still not sure.