API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 31st, 2017
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.75 KB | None | 0 0
raw download clone embed print report
  1. Celso Mireles
  2. @celsom3
  3. Feb 20 19:17
  4. Hi! I created this to be a public forum to discuss ideas around a solution to send verified alerts about immigration raids to undocumented people.
  5. Celso Mireles
  6. @celsom3
  7. Feb 20 21:00
  8. https://motherboard.vice.com/en_us/article/raid-alerts-wants-to-warn-undocumented-immigrants-with-an-app
  9. radical desi
  10. @radicaldesi_twitter
  11. Feb 21 22:53
  12. Hello! I am not multi lingual, but I know many people who are who have informed me they would like to help translate. I have someone who speaks Indonesian and German fluently and would like to use those skills to help. I also know many Tibetans who speak Tibetan, Nepali and Hindi who I'm sure would want to volunteer to translate as well.
  13. Jessica Rodriguez
  14. @UndocuJessRod
  15. Feb 22 04:36
  16. @celsom3 Requested this article in spanish, hope I get to hear soon from them to share it.
  17. @radicaldesi_twitter amazing! thank you for reaching out! and say thank you to all of those who are willing to make this happen in every language!
  18. Can you create a list of contact information of those interested to help? Names, contact info and language of interest will be good to have.
  19. Celso Mireles
  20. @celsom3
  21. Feb 22 13:05
  22. Thanks @UndocuJessRod! Have you played around with editing the Wiki?
  23. And thanks @radicaldesi_twitter. Any translations will help make this tool accessible to more people.
  24. radical desi
  25. @radicaldesi_twitter
  26. Feb 22 13:40
  27. @UndocuJessRod Right now the people who are interested in helping to translate would prefer not to give their contact info (for their safety) but have asked me to coordinate. I also can find people who can help translate into Tagalog. My contact info is radicaldesi@riseup.net.
  28. OSP123
  29. @OSP123
  30. Feb 23 17:14
  31. Hey everyone :)
  32. OSP123
  33. @OSP123
  34. Feb 23 17:31
  35. @celsom3 I'm running the app on local. The CSS hasn't been added, correct? Seems like routes and what not have been taken care of.
  36. Going through issues on Github and it looks like design exists for Add App Header #6 issue, but no styling yet.
  37. I know web designers as well. Did you need designers?
  38. Celso Mireles
  39. @celsom3
  40. Feb 23 17:43
  41. @OSP123 yes, designers would be helpful. Currently have a prototype with some design on it, but could be more intentional.
  42. Have you checked out the prototype in the wiki?
  43. And welcome @OSP123 :-)
  44. OSP123
  45. @OSP123
  46. Feb 23 17:44
  47. Deployed prototype? Let me see. Danke :smiley:. I'll let the designers know.
  48. Sigh, unfortunately the web designers don't know much about encapsulation off CSS with react. I do have students that are front end devs and know React, though. I just reached out to them.
  49. Celso Mireles
  50. @celsom3
  51. Feb 23 17:47
  52. https://invis.io/KRAI38IG3#/219546731_Home
  53. OSP123
  54. @OSP123
  55. Feb 23 18:06
  56. Yeah, I was looking at that. Easy to implement, but did you want a certain flow? Do you have a logical flow chart?
  57. Celso Mireles
  58. @celsom3
  59. Feb 23 19:15
  60. I don’t have a logical flowchart yet.
  61. OSP123
  62. @OSP123
  63. Feb 23 20:43
  64. Ah, OK. Let me know if you get something going. From there, design would be super easy
  65. Celso Mireles
  66. @celsom3
  67. Feb 23 20:45
  68. I'm working on it tonight. Thanks!
  69. OSP123
  70. @OSP123
  71. Feb 23 20:45
  72. Excellent :grinning:
  73. Victoria Burgos
  74. @ThetaSigma88_twitter
  75. Feb 23 23:07
  76. Hey everyone. I have 0 programming skills but I am a volunteer and professional legal translator for Spanish. I'm not sure if there's even a need to translate into Spanish at this point or whether it's already been done since I have 0 coding/design knowledge. But I'd be happy to translate whatever needed to be translated or to compile a list of translators
  77. Cooper Williams
  78. @skuckle_twitter
  79. Feb 23 23:12
  80. Hi all. I'm so glad this app is being developed and I'm spreading the word. I'd like to ask whether the devs have considered the security risk to users. In its current state, could LE use signals from this app to pinpoint the undocumented? If so, are precautions being taken to prevent that?
  81. LE = law enforcement
  82. Celso Mireles
  83. @celsom3
  84. Feb 23 23:34
  85. Good question @skuckle_twitter. LE wouldn't be able to use signals to pinpoint location. One risk is that they or malicious users trick the system into sending false alerts. Another risk is that they get access to the data, which is why we aim to not collect too much data.
  86. Cooper Williams
  87. @skuckle_twitter
  88. Feb 23 23:35
  89. Gotcha. Thanks for the prompt response. Is stingray technology incapable of identifying which phone numbers are using the app?
  90. As I understand it, those devices are LE's main phone surveillance technique
  91. John O'Doyle
  92. @JohnnyBoyODoyle_twitter
  93. Feb 24 01:38
  94. Yeah. I just saw this. I'm worried that users are providing their phone numbers directly
  95. the app literally has a list of the phone numbers of people using the app
  96. that makes them easier to target
  97. signal gets around this
  98. they use a bloom filter with (I think) a cryptographically secure hash function (secure against preimage attack)
  99. to be able to check, but not list, what phone numbers are registered
  100. a thing to consider is that maybe there's no need to register a phone number at all?
  101. John O'Doyle
  102. @JohnnyBoyODoyle_twitter
  103. Feb 24 01:45
  104. also, is https://www.fastcoexist.com/3068357/this-app-warns-undocumented-immigrants-when-raids-are-coming accurate?
  105. like is the plan to use a reputation-based system?
  106. since that's probably not a great idea since:
  107. (1) the government could just spam the system with fake reports, since they have a ton of phone numbers (even though the system at present doesn't verify phone numbers; which is a good thing, since then twilio or some other 3rd party would know who was using the app)
  108. (2) repeated raids in the same area probably wouldn't end up being reported by the same people over and over again
  109. ultimately, this app needs a careful implementation
  110. since an insecure implementation would be worse than no app at all
  111. i'm dubious about using node.js for everything. they tend not to have great track records for logging CVEs
  112. and you care about security
  113. moreover, how would this be deployed?
  114. with a central server?
  115. you're definitely gonna want some sort of key pinning of an intermediate signed cert in the app
  116. Cooper Williams
  117. @skuckle_twitter
  118. Feb 24 01:49
  119. My main outstanding concern is that even the list of phone numbers is already to much info to fall into malicious hands. I wouldn't trust this service unless I knew that list of numbers was airtight.
  120. John O'Doyle
  121. @JohnnyBoyODoyle_twitter
  122. Feb 24 01:50
  123. it couldn't be airtight though
  124. like, it would need to be sent to some 3rd party
  125. in order to verify the phone numbers
  126. i don't think registration is neccessarily a great idea for this
  127. maybe hashcash would work?
  128. since that makes it harder to spam
  129. but it ties the number of users that you can impersonate to your processing power
  130. so it doesn't do much
  131. but it does make it harder to fake the system
  132. the biggest issue is fake reports
  133. but it's unclear how to deal with that
  134. moreover, in order to push out quick alerts to android or iphone
  135. you typically want to use google's or apple's push services
  136. but those deanonymize the service
  137. and that lets google and apple know who has the app
  138. that being said, that's probably unavoidable
  139. and same for the carriers
  140. right since people have to get the app somehow
  141. maybe it's a native app
  142. but then google and apple know that you've got it
  143. and they might ban it from the store
  144. so, maybe a webapp
  145. but now the issue is that you want to be able to push alerts
  146. and then if a user enters the url myapp.com
  147. then the carrier knows that the user wants to go there
  148. either because the initial request goes over HTTP, and not HTTPS
  149. or by doing a reverse lookup on the ip that they're talking to
  150. John O'Doyle
  151. @JohnnyBoyODoyle_twitter
  152. Feb 24 01:55
  153. one thing to do might be to trust some common ip that's used by other services, to hide this app
  154. an alternative is to separate the reporting and alerting
  155. that is the alerting app might be a generic alerting app
  156. that could be used for other purposes
  157. people download that app
  158. and then point it at the url for this use case
  159. that way, especially if the app is used for other purposes, e2e encryption of the notifications could help hide who is using the app
  160. you really need to decide who you trust more: google and apple or the carriers
  161. it's probably safer to trust the carriers
  162. and write a general alerting app
  163. right, e2e encryption means that it's slightly harder for apple and google to guess that people are using the app
  164. and then the carriers just see your phone talking with google/apple, as it normally does
  165. now, the reporting could be done through a web app
  166. reporting doesn't need any push alerts
  167. Jessica Rodriguez
  168. @UndocuJessRod
  169. Feb 24 03:32
  170. https://www.fastcoexist.com/3068357/this-app-warns-undocumented-immigrants-when-raids-are-coming
  171. Jessica Rodriguez
  172. @UndocuJessRod
  173. Feb 24 04:09
  174. @radicaldesi_twitter that's great! as long as there someone to stay in touch with them!
  175. @celsom3 I go there and click here and there, getting familiar with the page.
  176. Can you remind me where I can help?
  177. Celso Mireles
  178. @celsom3
  179. Feb 24 10:21
  180. @JohnnyBoyODoyle_twitter great feedback. Love it. A question on node. If node won't work, what will?
  181. I know I may be suffering from "if all you have is a hammer, everything looks like a nail" lol
  182. But I would like ideas to be replaced with better alternatives, not just shot down.
  183. Celso Mireles
  184. @celsom3
  185. Feb 24 12:00
  186. For server side, would something like PHP be more secure?
  187. Steve Le Roy Harris
  188. @simlrh
  189. Feb 24 13:14
  190. Hello, web developer here. I'm working on a react native app and API for a group here in London so they can alert each other for help if they're in trouble/getting harassed, so there's some cross over with this use case.
  191. Relaid / PaseLaVoz
  192. @rek2_twitter
  193. Feb 24 14:51
  194. Hello everyone, I'm David, the founder of PaseLaVoz.net and am here to help. Celso mentioned we could serve as the SMS arm of redadalertas which I think is a great idea. I'll be working on an API interface to make this possible. In the meantime, just joining the convo and saying hi.
  195. standupresistpersist
  196. @ShoutAloudNow_twitter
  197. Feb 24 21:02
  198. Hi all, am here to help in any way I can. Not a developer; can add expertise on innovation strategy and marketing planning. Have shared the articles on this app development with the 'Tech Stands Up' group as well, so you can tap into the developer community there.
  199. mgorkani
  200. @mgorkani
  201. Feb 24 21:24
  202. Hi, My name is Mainika. I am iOS developer. Let me know if you need any help
  203. Ansel Halliburton
  204. @anseljh
  205. Feb 25 05:39
  206. If the app were to download a list of alerts and process that locally, then it could issue local notifications, instead of receiving push notifications over the wire.
  207. And you wouldn't need to collect anyone's ZIP code or other location info
  208. Or phone #
  209. OSP123
  210. @OSP123
  211. Feb 25 12:54
  212. @celsom3 I got several designers and front-end devs (part of a team called Breakfast Squad Studio) ready to help with design and UI elements. They can also implement HTML/CSS
  213. Lily, Liz, and Mikey should be joining this channel soon. Is there a logical workflow for them to base their design off of yet? I can guide them on how to use React components.
  214. 8bakon8
  215. @8bakon8
  216. Feb 25 12:58
  217. Hello all! I'm Mikey, animator/illustrator/designer and founder of Breakfast Squad Studio. I will be helping out with UI design elements and anything else that I could be of use to!
  218. OSP123
  219. @OSP123
  220. Feb 25 13:01
  221.  
  222. Devs, It seems like there are 2 parts to this application:
  223.  
  224. 1) Input from users to location and other details of ICE raids
  225. 2) Output that send data via sms to end users about ICE raids.
  226.  
  227. Part 1 would require securing the data, while still trying to maintain authenticity of users (don't want alt-right or 4chan users messing up data).
  228.  
  229. Part 2 could be using something like Twilio or PaseLaVoz.net for output as SMS messages.
  230.  
  231. @celsom3 Please correct me if I said anything wrong/stupid.
  232. Celso Mireles
  233. @celsom3
  234. Feb 25 13:18
  235. Yes, @OSP123 that’s pretty much the gist of it.
  236. Also, today some folks at Hack The Ban are working on getting the CRUD aspect for reporting/verifying going.
  237. https://github.com/Cosecha/redadalertas/projects/2
  238. Relaid / PaseLaVoz
  239. @rek2_twitter
  240. Feb 25 13:21
  241. For #2, PLV (PaseLaVoz) would just need to know who to send. Based on the initial description of the project, this is my idea for the JSON post from RA (redadalertas/raid alerts) to PLV: {coordinates, description, verified_status, reporter_id, reporter_score, desc_language, verifier_ids & scores (list), recipient_list (id, tel., opt_in_status(?)), datetime_reported, datetime_verified}
  242. OSP123
  243. @OSP123
  244. Feb 25 13:23
  245. Wow, that's fast. OK, so who should designers and front end people talk to or work with at this point?
  246. @rek2_twitter Nice, that seems to cover the data needed.
  247. Relaid / PaseLaVoz
  248. @rek2_twitter
  249. Feb 25 13:24
  250. As @anseljh mentioned, TCPA (and also CTIA) would require users to opt in to SMS. RA's sign-up should ask users to opt in to SMS from the get go.
  251. Celso Mireles
  252. @celsom3
  253. Feb 25 13:24
  254. I think at this point, front end devs can join in the conversation through the issues created for it.
  255. OSP123
  256. @OSP123
  257. Feb 25 13:24
  258. Gotcha, directly on Github via Github issues, si?
  259. Celso Mireles
  260. @celsom3
  261. Feb 25 13:25
  262. These folks will only be able to help out today. So people getting familiar with it and contributing today could set us up to continue the work after….
  263. Si :-)
  264. OSP123
  265. @OSP123
  266. Feb 25 13:26
  267. Perfecto :). As long as it's documented, I can guide my peeps
  268. Celso Mireles
  269. @celsom3
  270. Feb 25 13:28
  271. Muchas gracias por el apoyo. :+1:
  272. Just a reminder. There are 2 repos
  273. FrontEnd: https://github.com/Cosecha/redadalertas
  274. BackEnd: https://github.com/Cosecha/redadalertas-api
  275. Relaid / PaseLaVoz
  276. @rek2_twitter
  277. Feb 25 13:34
  278. Some media stuff for your entertainment: https://www.youtube.com/watch?v=Tmvkazv1bPc Telemundo on Thurs. night talking about RA and PLV minute ~17 (in spanish).
  279. Celso Mireles
  280. @celsom3
  281. Feb 25 13:35
  282. :+1: :clap:
  283. OSP123
  284. @OSP123
  285. Feb 25 13:53
  286. Ah, gracias.
  287. Relaid / PaseLaVoz
  288. @rek2_twitter
  289. Feb 25 13:58
  290. This is critical: I strongly suggest scrubbing the notion of "helping to avoid" raids and replacing with "helping to inform about raids". From a legal standpoint, this is a big difference.
  291. OSP123
  292. @OSP123
  293. Feb 25 13:59
  294. Yeah, I can talk to my cousin about legal implications. Cousin is undocumented lawyer for UCLA and I harass her with legal questions. Should I bug her to come on here or just relay legal questions?
  295. @rek2_twitter
  296. Relaid / PaseLaVoz
  297. @rek2_twitter
  298. Feb 25 13:59
  299. That should be very helpful.
  300. OSP123
  301. @OSP123
  302. Feb 25 14:00
  303. OK, she is terrible with technology but this should be easy enough.
  304. Ansel Halliburton
  305. @anseljh
  306. Feb 25 14:00
  307. <-- Lawyer here, also in touch with immigration specialist lawyers (including UC undocumented lawyers, too :wave: )
  308. OSP123
  309. @OSP123
  310. Feb 25 14:00
  311. Oh shit, Ansel, do you know Habiba?
  312. OK, do we need more if we already have lawyer?
  313. Ansel Halliburton
  314. @anseljh
  315. Feb 25 14:01
  316. No not directly
  317. Good to talk to the specialists. I'm in tech / privacy / startups mostly.
  318. OSP123
  319. @OSP123
  320. Feb 25 14:01
  321. Ah, OK. I don't know anything about law, so thanks :grinning:
  322. Ansel Halliburton
  323. @anseljh
  324. Feb 25 14:02
  325. TCPA is a minefield, happy to help w/ that later
  326. OSP123
  327. @OSP123
  328. Feb 25 14:03
  329. :thumbsup:
  330. Pat Farnach
  331. @pfarnach
  332. Feb 25 17:34
  333. Hi all. Haven't used Gitter before but i'm excited to see where I can help. I'm mostly a front-end dev (react, angular) and I'll have a lot more free time come two weeks
  334. Celso Mireles
  335. @celsom3
  336. Feb 25 18:23
  337. Welcome @pfarnach! Glad to have you on board. I’m in the process of writing better on boarding docs, but in the meantime, the wiki and README’s are what we’ve got:
  338. https://github.com/Cosecha/redadalertas/wiki
  339. https://github.com/Cosecha/redadalertas
  340. We’ll definitely be needing some React dev support. Let’s chat this week about what you want to work on.
  341. OSP123
  342. @OSP123
  343. Feb 25 18:41
  344. @pfarnach Mind working with a design team for front end assets? They're not familiar with React, but they know design inside and out.
  345. Pat Farnach
  346. @pfarnach
  347. Feb 25 19:49
  348. sure
  349. OSP123
  350. @OSP123
  351. Feb 25 20:03
  352. @pfarnach
  353. bianca c
  354. @arghgr
  355. Feb 25 20:08
  356. hi, i'm a fullstack dev in nyc who works with react/redux and would be down to
  357.  
  358. help build the app out on either end
  359. write/maintain docs
  360. figure out the project timeline and what needs to be done by whom and by when (or put you in touch with a PM who can)
  361. just let me know if/where i can pitch in. it's too bad i didn't see that there was a hack the ban meeting today!
  362.  
  363. OSP123
  364. @OSP123
  365. Feb 25 20:24
  366. @pfarnach Speak with @8bakon8
  367. Emailed you from info on Github.
  368. OSP123
  369. @OSP123
  370. Feb 25 20:30
  371. Also, cousin lawyer (specialized in undocumented cases) is down to answer and help for the app.
  372. Angel Jimenez
  373. @aJimmer
  374. Feb 26 01:30
  375. Hello! I am a dev interested in getting involved. I have some web an mobile experience. I see there is plenty of interest to get this going. I am still in school but would like to help as much as I can. I can also work on getting school clubs involved and get our hands in some of the work. I will be checking back for updates, will there be teams of any sort?
  376. OSP123
  377. @OSP123
  378. Feb 26 13:07
  379.  
  380. @arghgr @aJimmer Welcome :grinning:. This project is led by @celsom3 . There are front end and backend issues being worked on.
  381.  
  382. FrontEnd: https://github.com/Cosecha/redadalertas
  383.  
  384. BackEnd: https://github.com/Cosecha/redadalertas-api
  385.  
  386. Issues are being delegated via Github Issues. Front-end team so far is @pfarnach and some designers. Backend seems to be everyone else. Application is built with React for front end and Node on backend.
  387. Angel Jimenez
  388. @aJimmer
  389. Feb 26 14:31
  390. awesome, I don't mind helping in the front, ill start looking into getting my dev environment set up. I don't have any ft experience but i do have some personal project experience. How many experienced professionals do we have?
  391. Celso Mireles
  392. @celsom3
  393. Feb 26 14:36
  394. Haven't made a count yet @aJimmer but don't worry about it. :-p This can be a good project for up and coming devs.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!