Twitter definitely, and video function too. Also, geo-tagging, so you could meet up via GPS, [or tag where the coppers are massing and avoid that area!]

I think strong encryption with PGP keys would be more of a necessity!

The central question here probably is _why_ do you want PGP, or strong encryption?

What is it that the crypto is supposed to provide?

Depending on the answers you'll want completely different solutions:
- is it keeping eavesdroppers out before the flashmob happens? Short timespan, go for some sort of session key handling and AES or something like that.
- is it keeping eavesdroppers out afterwards as well? This will get tricky, depending on your paranoia levels and the timespans involved.
- is it verifying identities? Now we're talking the entire trustweb infrastructure. And here the Javascript key-generation will not do any good.

FlashMobs require people. one alternate is a twitter/*chan hybrid with no security other than everything being wide open. (remove the persistence of messages to prevent snooping?) Handshaking becomes a social and content function as does any persistent identity for Anon.

Maybe a two layer system where you can consume information with a nominal login if any (keeps you and your devise Anon and not identified for prosecution) and a posting layer with much higher security?

Yeah, I respect the need to establish security around political protest. My point was that PGP is NOT a magic wand that you wave and automatically get Teh Securitee! - you need to actually figure out WHAT you want to do, which specific functions you want your crypto to do, and first when you have a clear idea of all your requirements it's useful to discuss specific program packages, specific protocols and specific algorithms.

Besides - if people are being tortured to divulge their Facebook passwords - what prevents The Authorities to request their secret keys while they're at it?

I am focused more on America, true, but that's no reason not to do it right the first time. Happily, this LJ is a good convergence point for some of the brightest minds in computer security today...

(software engineering lesson #1: figure out what the project requirements are first!)

/me pulls off a decent solo charleston routine

You're right...the problem is more 'how do you maintain anonymity and verify who's a legitimate user.'

I have no idea how to do that.

And once you have a way to verify legitimacy, how do you make sure that the police Hijackers don't look legitimate?

I used to be a salaried cryptographer. One major reason I'm throwing myself into this debate and dropping buzzwords as I go.

Agreed that the actual problem is not yet specified. Stronger, even: we haven't yet specified the users' requirements (from which we will derive the problems that need to be solved, etc.).

That is: there's a whole thread here which seems to be suggesting that there will be privacy guarantees and possibly identity verification measures...but nothing specific.

(Which is fine, this started out as you asking for possible features; I'm just suggesting that we may want to back up a bit.)

First, define "legitimate". Then we can start to take a hack at the problem.

(I'm not being snarky, really. Actually I suspect that once we define "legitimate" we may be most of the way to a solution.)

Have you already seen http://www.virgance.com/ and carrotmob?

Facebook during the election had an application where you could sign up to have your status automatically updated every 2 hours to urge people to go vote. 1,745,754 people signed up, and in just under 5 days, sent out 4,919,071 status messages. The largest online rally in history.

I don't have any experience with Facebook/MySpace (programming or even really spending time on their sites), but...

How do you want to contact people? Email, SMS, IM, phone, nearby hackable electronic billboard *grin*...the more options you provide the better your coverage. (Some of us use SMS only as a last resort.)

Geo-based filtering might be useful so that a call to arms for a protest in Podunk doesn't annoy the activists in Artemisia.

Give people an easy way to invite others along who haven't signed up for your alerts.

Uhm, an auto-archival function would be nice. Something that followed all of the participant twitter/Qix/whatever streams during the event and auto-collated it all into a timeline-based "What just happened" page. Assuming a group organizer/moderator, it would also be a good spot to submit links from later blog postings.

Semi-related, I had trouble finding info about a local Queer Women's March just 2 weeks ago. I found out about it here at LiveJournal, but other people who attended found out via Facebook.

I've been kicking around for several years an idea (specific to the Bear community, because of the name) to start a project called "Bearly Involved" that would highlight very easy steps that people could follow to actively do something helpful for the environment. Post one "challenge" each quarter-year, have people write in their accomplishment on the postcard and bring it to a Bear event. The postcards are collected and then a winner is randomly drawn to receive a prize. I think it would be a great way to entice/introduce people to "scary eco-activist" ideas but in a grounded and practical way. I would focus on the plight of the poor polar bear, just to begin, but branch out from there. From barely involved to bearly involved.

LOL... affinity for bearz... and bunnehs...