Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Celso Mireles
- @celsom3
- Feb 20 19:17
- Hi! I created this to be a public forum to discuss ideas around a solution to send verified alerts about immigration raids to undocumented people.
- Celso Mireles
- @celsom3
- Feb 20 21:00
- https://motherboard.vice.com/en_us/article/raid-alerts-wants-to-warn-undocumented-immigrants-with-an-app
- radical desi
- @radicaldesi_twitter
- Feb 21 22:53
- Hello! I am not multi lingual, but I know many people who are who have informed me they would like to help translate. I have someone who speaks Indonesian and German fluently and would like to use those skills to help. I also know many Tibetans who speak Tibetan, Nepali and Hindi who I'm sure would want to volunteer to translate as well.
- Jessica Rodriguez
- @UndocuJessRod
- Feb 22 04:36
- @celsom3 Requested this article in spanish, hope I get to hear soon from them to share it.
- @radicaldesi_twitter amazing! thank you for reaching out! and say thank you to all of those who are willing to make this happen in every language!
- Can you create a list of contact information of those interested to help? Names, contact info and language of interest will be good to have.
- Celso Mireles
- @celsom3
- Feb 22 13:05
- Thanks @UndocuJessRod! Have you played around with editing the Wiki?
- And thanks @radicaldesi_twitter. Any translations will help make this tool accessible to more people.
- radical desi
- @radicaldesi_twitter
- Feb 22 13:40
- @UndocuJessRod Right now the people who are interested in helping to translate would prefer not to give their contact info (for their safety) but have asked me to coordinate. I also can find people who can help translate into Tagalog. My contact info is radicaldesi@riseup.net.
- OSP123
- @OSP123
- Feb 23 17:14
- Hey everyone :)
- OSP123
- @OSP123
- Feb 23 17:31
- @celsom3 I'm running the app on local. The CSS hasn't been added, correct? Seems like routes and what not have been taken care of.
- Going through issues on Github and it looks like design exists for Add App Header #6 issue, but no styling yet.
- I know web designers as well. Did you need designers?
- Celso Mireles
- @celsom3
- Feb 23 17:43
- @OSP123 yes, designers would be helpful. Currently have a prototype with some design on it, but could be more intentional.
- Have you checked out the prototype in the wiki?
- And welcome @OSP123 :-)
- OSP123
- @OSP123
- Feb 23 17:44
- Deployed prototype? Let me see. Danke :smiley:. I'll let the designers know.
- Sigh, unfortunately the web designers don't know much about encapsulation off CSS with react. I do have students that are front end devs and know React, though. I just reached out to them.
- Celso Mireles
- @celsom3
- Feb 23 17:47
- https://invis.io/KRAI38IG3#/219546731_Home
- OSP123
- @OSP123
- Feb 23 18:06
- Yeah, I was looking at that. Easy to implement, but did you want a certain flow? Do you have a logical flow chart?
- Celso Mireles
- @celsom3
- Feb 23 19:15
- I don’t have a logical flowchart yet.
- OSP123
- @OSP123
- Feb 23 20:43
- Ah, OK. Let me know if you get something going. From there, design would be super easy
- Celso Mireles
- @celsom3
- Feb 23 20:45
- I'm working on it tonight. Thanks!
- OSP123
- @OSP123
- Feb 23 20:45
- Excellent :grinning:
- Victoria Burgos
- @ThetaSigma88_twitter
- Feb 23 23:07
- Hey everyone. I have 0 programming skills but I am a volunteer and professional legal translator for Spanish. I'm not sure if there's even a need to translate into Spanish at this point or whether it's already been done since I have 0 coding/design knowledge. But I'd be happy to translate whatever needed to be translated or to compile a list of translators
- Cooper Williams
- @skuckle_twitter
- Feb 23 23:12
- Hi all. I'm so glad this app is being developed and I'm spreading the word. I'd like to ask whether the devs have considered the security risk to users. In its current state, could LE use signals from this app to pinpoint the undocumented? If so, are precautions being taken to prevent that?
- LE = law enforcement
- Celso Mireles
- @celsom3
- Feb 23 23:34
- Good question @skuckle_twitter. LE wouldn't be able to use signals to pinpoint location. One risk is that they or malicious users trick the system into sending false alerts. Another risk is that they get access to the data, which is why we aim to not collect too much data.
- Cooper Williams
- @skuckle_twitter
- Feb 23 23:35
- Gotcha. Thanks for the prompt response. Is stingray technology incapable of identifying which phone numbers are using the app?
- As I understand it, those devices are LE's main phone surveillance technique
- John O'Doyle
- @JohnnyBoyODoyle_twitter
- Feb 24 01:38
- Yeah. I just saw this. I'm worried that users are providing their phone numbers directly
- the app literally has a list of the phone numbers of people using the app
- that makes them easier to target
- signal gets around this
- they use a bloom filter with (I think) a cryptographically secure hash function (secure against preimage attack)
- to be able to check, but not list, what phone numbers are registered
- a thing to consider is that maybe there's no need to register a phone number at all?
- John O'Doyle
- @JohnnyBoyODoyle_twitter
- Feb 24 01:45
- also, is https://www.fastcoexist.com/3068357/this-app-warns-undocumented-immigrants-when-raids-are-coming accurate?
- like is the plan to use a reputation-based system?
- since that's probably not a great idea since:
- (1) the government could just spam the system with fake reports, since they have a ton of phone numbers (even though the system at present doesn't verify phone numbers; which is a good thing, since then twilio or some other 3rd party would know who was using the app)
- (2) repeated raids in the same area probably wouldn't end up being reported by the same people over and over again
- ultimately, this app needs a careful implementation
- since an insecure implementation would be worse than no app at all
- i'm dubious about using node.js for everything. they tend not to have great track records for logging CVEs
- and you care about security
- moreover, how would this be deployed?
- with a central server?
- you're definitely gonna want some sort of key pinning of an intermediate signed cert in the app
- Cooper Williams
- @skuckle_twitter
- Feb 24 01:49
- My main outstanding concern is that even the list of phone numbers is already to much info to fall into malicious hands. I wouldn't trust this service unless I knew that list of numbers was airtight.
- John O'Doyle
- @JohnnyBoyODoyle_twitter
- Feb 24 01:50
- it couldn't be airtight though
- like, it would need to be sent to some 3rd party
- in order to verify the phone numbers
- i don't think registration is neccessarily a great idea for this
- maybe hashcash would work?
- since that makes it harder to spam
- but it ties the number of users that you can impersonate to your processing power
- so it doesn't do much
- but it does make it harder to fake the system
- the biggest issue is fake reports
- but it's unclear how to deal with that
- moreover, in order to push out quick alerts to android or iphone
- you typically want to use google's or apple's push services
- but those deanonymize the service
- and that lets google and apple know who has the app
- that being said, that's probably unavoidable
- and same for the carriers
- right since people have to get the app somehow
- maybe it's a native app
- but then google and apple know that you've got it
- and they might ban it from the store
- so, maybe a webapp
- but now the issue is that you want to be able to push alerts
- and then if a user enters the url myapp.com
- then the carrier knows that the user wants to go there
- either because the initial request goes over HTTP, and not HTTPS
- or by doing a reverse lookup on the ip that they're talking to
- John O'Doyle
- @JohnnyBoyODoyle_twitter
- Feb 24 01:55
- one thing to do might be to trust some common ip that's used by other services, to hide this app
- an alternative is to separate the reporting and alerting
- that is the alerting app might be a generic alerting app
- that could be used for other purposes
- people download that app
- and then point it at the url for this use case
- that way, especially if the app is used for other purposes, e2e encryption of the notifications could help hide who is using the app
- you really need to decide who you trust more: google and apple or the carriers
- it's probably safer to trust the carriers
- and write a general alerting app
- right, e2e encryption means that it's slightly harder for apple and google to guess that people are using the app
- and then the carriers just see your phone talking with google/apple, as it normally does
- now, the reporting could be done through a web app
- reporting doesn't need any push alerts
- Jessica Rodriguez
- @UndocuJessRod
- Feb 24 03:32
- https://www.fastcoexist.com/3068357/this-app-warns-undocumented-immigrants-when-raids-are-coming
- Jessica Rodriguez
- @UndocuJessRod
- Feb 24 04:09
- @radicaldesi_twitter that's great! as long as there someone to stay in touch with them!
- @celsom3 I go there and click here and there, getting familiar with the page.
- Can you remind me where I can help?
- Celso Mireles
- @celsom3
- Feb 24 10:21
- @JohnnyBoyODoyle_twitter great feedback. Love it. A question on node. If node won't work, what will?
- I know I may be suffering from "if all you have is a hammer, everything looks like a nail" lol
- But I would like ideas to be replaced with better alternatives, not just shot down.
- Celso Mireles
- @celsom3
- Feb 24 12:00
- For server side, would something like PHP be more secure?
- Steve Le Roy Harris
- @simlrh
- Feb 24 13:14
- Hello, web developer here. I'm working on a react native app and API for a group here in London so they can alert each other for help if they're in trouble/getting harassed, so there's some cross over with this use case.
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 24 14:51
- Hello everyone, I'm David, the founder of PaseLaVoz.net and am here to help. Celso mentioned we could serve as the SMS arm of redadalertas which I think is a great idea. I'll be working on an API interface to make this possible. In the meantime, just joining the convo and saying hi.
- standupresistpersist
- @ShoutAloudNow_twitter
- Feb 24 21:02
- Hi all, am here to help in any way I can. Not a developer; can add expertise on innovation strategy and marketing planning. Have shared the articles on this app development with the 'Tech Stands Up' group as well, so you can tap into the developer community there.
- mgorkani
- @mgorkani
- Feb 24 21:24
- Hi, My name is Mainika. I am iOS developer. Let me know if you need any help
- Ansel Halliburton
- @anseljh
- Feb 25 05:39
- If the app were to download a list of alerts and process that locally, then it could issue local notifications, instead of receiving push notifications over the wire.
- And you wouldn't need to collect anyone's ZIP code or other location info
- Or phone #
- OSP123
- @OSP123
- Feb 25 12:54
- @celsom3 I got several designers and front-end devs (part of a team called Breakfast Squad Studio) ready to help with design and UI elements. They can also implement HTML/CSS
- Lily, Liz, and Mikey should be joining this channel soon. Is there a logical workflow for them to base their design off of yet? I can guide them on how to use React components.
- 8bakon8
- @8bakon8
- Feb 25 12:58
- Hello all! I'm Mikey, animator/illustrator/designer and founder of Breakfast Squad Studio. I will be helping out with UI design elements and anything else that I could be of use to!
- OSP123
- @OSP123
- Feb 25 13:01
- Devs, It seems like there are 2 parts to this application:
- 1) Input from users to location and other details of ICE raids
- 2) Output that send data via sms to end users about ICE raids.
- Part 1 would require securing the data, while still trying to maintain authenticity of users (don't want alt-right or 4chan users messing up data).
- Part 2 could be using something like Twilio or PaseLaVoz.net for output as SMS messages.
- @celsom3 Please correct me if I said anything wrong/stupid.
- Celso Mireles
- @celsom3
- Feb 25 13:18
- Yes, @OSP123 that’s pretty much the gist of it.
- Also, today some folks at Hack The Ban are working on getting the CRUD aspect for reporting/verifying going.
- https://github.com/Cosecha/redadalertas/projects/2
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 25 13:21
- For #2, PLV (PaseLaVoz) would just need to know who to send. Based on the initial description of the project, this is my idea for the JSON post from RA (redadalertas/raid alerts) to PLV: {coordinates, description, verified_status, reporter_id, reporter_score, desc_language, verifier_ids & scores (list), recipient_list (id, tel., opt_in_status(?)), datetime_reported, datetime_verified}
- OSP123
- @OSP123
- Feb 25 13:23
- Wow, that's fast. OK, so who should designers and front end people talk to or work with at this point?
- @rek2_twitter Nice, that seems to cover the data needed.
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 25 13:24
- As @anseljh mentioned, TCPA (and also CTIA) would require users to opt in to SMS. RA's sign-up should ask users to opt in to SMS from the get go.
- Celso Mireles
- @celsom3
- Feb 25 13:24
- I think at this point, front end devs can join in the conversation through the issues created for it.
- OSP123
- @OSP123
- Feb 25 13:24
- Gotcha, directly on Github via Github issues, si?
- Celso Mireles
- @celsom3
- Feb 25 13:25
- These folks will only be able to help out today. So people getting familiar with it and contributing today could set us up to continue the work after….
- Si :-)
- OSP123
- @OSP123
- Feb 25 13:26
- Perfecto :). As long as it's documented, I can guide my peeps
- Celso Mireles
- @celsom3
- Feb 25 13:28
- Muchas gracias por el apoyo. :+1:
- Just a reminder. There are 2 repos
- FrontEnd: https://github.com/Cosecha/redadalertas
- BackEnd: https://github.com/Cosecha/redadalertas-api
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 25 13:34
- Some media stuff for your entertainment: https://www.youtube.com/watch?v=Tmvkazv1bPc Telemundo on Thurs. night talking about RA and PLV minute ~17 (in spanish).
- Celso Mireles
- @celsom3
- Feb 25 13:35
- :+1: :clap:
- OSP123
- @OSP123
- Feb 25 13:53
- Ah, gracias.
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 25 13:58
- This is critical: I strongly suggest scrubbing the notion of "helping to avoid" raids and replacing with "helping to inform about raids". From a legal standpoint, this is a big difference.
- OSP123
- @OSP123
- Feb 25 13:59
- Yeah, I can talk to my cousin about legal implications. Cousin is undocumented lawyer for UCLA and I harass her with legal questions. Should I bug her to come on here or just relay legal questions?
- @rek2_twitter
- Relaid / PaseLaVoz
- @rek2_twitter
- Feb 25 13:59
- That should be very helpful.
- OSP123
- @OSP123
- Feb 25 14:00
- OK, she is terrible with technology but this should be easy enough.
- Ansel Halliburton
- @anseljh
- Feb 25 14:00
- <-- Lawyer here, also in touch with immigration specialist lawyers (including UC undocumented lawyers, too :wave: )
- OSP123
- @OSP123
- Feb 25 14:00
- Oh shit, Ansel, do you know Habiba?
- OK, do we need more if we already have lawyer?
- Ansel Halliburton
- @anseljh
- Feb 25 14:01
- No not directly
- Good to talk to the specialists. I'm in tech / privacy / startups mostly.
- OSP123
- @OSP123
- Feb 25 14:01
- Ah, OK. I don't know anything about law, so thanks :grinning:
- Ansel Halliburton
- @anseljh
- Feb 25 14:02
- TCPA is a minefield, happy to help w/ that later
- OSP123
- @OSP123
- Feb 25 14:03
- :thumbsup:
- Pat Farnach
- @pfarnach
- Feb 25 17:34
- Hi all. Haven't used Gitter before but i'm excited to see where I can help. I'm mostly a front-end dev (react, angular) and I'll have a lot more free time come two weeks
- Celso Mireles
- @celsom3
- Feb 25 18:23
- Welcome @pfarnach! Glad to have you on board. I’m in the process of writing better on boarding docs, but in the meantime, the wiki and README’s are what we’ve got:
- https://github.com/Cosecha/redadalertas/wiki
- https://github.com/Cosecha/redadalertas
- We’ll definitely be needing some React dev support. Let’s chat this week about what you want to work on.
- OSP123
- @OSP123
- Feb 25 18:41
- @pfarnach Mind working with a design team for front end assets? They're not familiar with React, but they know design inside and out.
- Pat Farnach
- @pfarnach
- Feb 25 19:49
- sure
- OSP123
- @OSP123
- Feb 25 20:03
- @pfarnach
- bianca c
- @arghgr
- Feb 25 20:08
- hi, i'm a fullstack dev in nyc who works with react/redux and would be down to
- help build the app out on either end
- write/maintain docs
- figure out the project timeline and what needs to be done by whom and by when (or put you in touch with a PM who can)
- just let me know if/where i can pitch in. it's too bad i didn't see that there was a hack the ban meeting today!
- OSP123
- @OSP123
- Feb 25 20:24
- @pfarnach Speak with @8bakon8
- Emailed you from info on Github.
- OSP123
- @OSP123
- Feb 25 20:30
- Also, cousin lawyer (specialized in undocumented cases) is down to answer and help for the app.
- Angel Jimenez
- @aJimmer
- Feb 26 01:30
- Hello! I am a dev interested in getting involved. I have some web an mobile experience. I see there is plenty of interest to get this going. I am still in school but would like to help as much as I can. I can also work on getting school clubs involved and get our hands in some of the work. I will be checking back for updates, will there be teams of any sort?
- OSP123
- @OSP123
- Feb 26 13:07
- @arghgr @aJimmer Welcome :grinning:. This project is led by @celsom3 . There are front end and backend issues being worked on.
- FrontEnd: https://github.com/Cosecha/redadalertas
- BackEnd: https://github.com/Cosecha/redadalertas-api
- Issues are being delegated via Github Issues. Front-end team so far is @pfarnach and some designers. Backend seems to be everyone else. Application is built with React for front end and Node on backend.
- Angel Jimenez
- @aJimmer
- Feb 26 14:31
- awesome, I don't mind helping in the front, ill start looking into getting my dev environment set up. I don't have any ft experience but i do have some personal project experience. How many experienced professionals do we have?
- Celso Mireles
- @celsom3
- Feb 26 14:36
- Haven't made a count yet @aJimmer but don't worry about it. :-p This can be a good project for up and coming devs.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement