Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CartoDrop

mapping and reporting over Tor
!
Nick Doiron - @mapmeld
My background: maps
Carto and Crypto
At first glance, very different
fields
Six months in, still different

¯_(ツ)_/¯
Who needs crypto?
Not just NSA and USA
NSA gets capabilities through contractors
Software is resold to many countries
Government-run ISPs
With maps like these…
Human rights violations
Poaching and pollution
Systemic bribery
Political uncertainty
Voter suppress...
HTTPS?
HTTPS reveals
you and your domain
size of downloaded tiles
can’t read messages…
… unless someone gives up the key (...
build on Uncensorable Twitter







only protects distributor
Decentralize?
What does work?
Sounds tricky…?
Looks like Firefox
Orbot for Android
Disclaimer
Do use public WiFi
Don’t sign into your account
Don’t do illegal stuff
Don’t allow JavaScript
-> SecureDropDemo.org <-
!
Designed for journalists, already on
FirstLook and WildLeaks
Good and bad news
JavaScript? NO
APIs NO
Secure passwords YES
PGP encryption YES
Air gap docs YES
Maps break SecureDrop!
Journalist needs to look up each coordinate:
without a visual
without software (can’t install on Ta...
Can we build crypto?
Building CartoDrop
OSM + NaturalEarth
Mapnik Python
Messages stay encrypted
Source’s identity stays protected
The <way/> forward
Speak
Freely
@mapmeld

on Twitter & Keybase
CartoDrop: secure mapping and reporting over Tor
CartoDrop: secure mapping and reporting over Tor
Upcoming SlideShare
Loading in …5
×

CartoDrop: secure mapping and reporting over Tor

539 views

Published on

How can we make OpenStreetMap more secure for users everywhere? And could we make a secure reporting tool for mappers? Ignite talk at SOTMUS 2014 DC

Published in: Internet, Technology
  • Be the first to comment

  • Be the first to like this

CartoDrop: secure mapping and reporting over Tor

  1. 1. CartoDrop
 mapping and reporting over Tor ! Nick Doiron - @mapmeld
  2. 2. My background: maps
  3. 3. Carto and Crypto At first glance, very different fields Six months in, still different
 ¯_(ツ)_/¯
  4. 4. Who needs crypto?
  5. 5. Not just NSA and USA NSA gets capabilities through contractors Software is resold to many countries Government-run ISPs
  6. 6. With maps like these… Human rights violations Poaching and pollution Systemic bribery Political uncertainty Voter suppression Disease outbreaks
  7. 7. HTTPS? HTTPS reveals you and your domain size of downloaded tiles can’t read messages… … unless someone gives up the key (ever)
  8. 8. build on Uncensorable Twitter
 
 
 
 only protects distributor Decentralize?
  9. 9. What does work?
  10. 10. Sounds tricky…? Looks like Firefox Orbot for Android
  11. 11. Disclaimer Do use public WiFi Don’t sign into your account Don’t do illegal stuff Don’t allow JavaScript
  12. 12. -> SecureDropDemo.org <- ! Designed for journalists, already on FirstLook and WildLeaks
  13. 13. Good and bad news JavaScript? NO APIs NO Secure passwords YES PGP encryption YES Air gap docs YES
  14. 14. Maps break SecureDrop! Journalist needs to look up each coordinate: without a visual without software (can’t install on Tails) without the web
  15. 15. Can we build crypto?
  16. 16. Building CartoDrop OSM + NaturalEarth Mapnik Python Messages stay encrypted Source’s identity stays protected
  17. 17. The <way/> forward
  18. 18. Speak Freely @mapmeld
 on Twitter & Keybase

×