That's it on b_b's cracked Nexus.
We will be testing it this week, and plan to release it the next.
Once again, big thanks to insomniasexx who helped salvage the project.
For those of you not familiar with the Tin-Can saga, start at this post, and read the others here: #tincan
In short, Tin-Can is a one-to-many messaging app (think Twitter, alpha.app.net, etc) that does not connect to the internet or use any cellular service. Instead, messages hop directly from phone to phone over wifi. When you turn Tin-Can on, you exchange messages with other Tin-Can apps in wifi range. Messages spread like the flu. In general, it's terribly inefficient. However it should work well in high density, especially conventions, gatherings, protests, etc. Obviously, it also can't be disrupted by loss of internet or cell service. It is built for Android, and it will be free.
I don't really understand this but this is the answer I got from the dev (copy and pasted from text) Just answer master tin-can will be switched to adhoc and the slave tincan will connect to that. Adhoc APN changes everytime and has a unique password for security reasons. Only tincan can connect to this network, if anyone install a packetsniffer on their phone and become the master they can get the mac address of clients but thats normal and thats how networks work. Getting mac address of another person doesnt create any immediate threats
for the use-case that TinCan is intended for, it would be prudent to consider mac sniffing a threat. if a state-level adversary can collect your mac addr, they could track you in a way similar to what grocery stores do already, noting your presence or absence at subsequent events, or even spot you somewhere else. we know that police already set up wifi sniffers at protests, and there's no reason to expect that practice to decrease, so you should probably have TinCan spoof a random mac addr on boot if not every time a new master is chosen.
AFAIK there is no way to determine if you are the originator or propagator unless someone physically has your phone, and your username remains. I'll verify this and get back. Thus, your address should only be linked to TC propagation but not a specific username. Btw it's a use case, but not the only one. :)
This is correct. The phones store and push all messages on the phone. The message is the username, time code, and the message. There is no way to tell which message came from which phone.
I think if you have a sensitive account, the best measure is to broadcast messages in private to carrier phones. A username can be overwritten at anytime, but wifi is always a point of vulnerability. The username is generated in a manner not linked to the phone.
Messages are public. They are attached to a name, plus a unique identifier. you can see there I created mk, which became mk_36ecb. If you follow mk_36ecb, you can sort out just my messages in the 'subscribed users' tab, or you can look at all messages passing through your phone. You can get a new username at any time, but that gets rid of your old one. So, messages are public, yet anonymous.
Your question is timely. I have it on good authority that something formal shall be announced next week. It's been tested etc. Exciting!