GOtenna Mesh (go tenna) delivers the ONLY domestic, made in the USA, trusted Fed / State Gov contractor-made, tactical communications device for less than $1000. Gotenna Pro X lists for $890; Pros for about $500; and Gotenna Mesh can be had for $40 each. Not only that, but they are the ONLY device that allows for Encryption, private 1:1 or 1:M group chat, or even public broadcast and offline mapping with Android Tactical Assault Kit /Android Team Awareness Kit (ATAK) or CivTak / CTAK.

Gotenna is in use in “every branch of the military” and practically “every agency within [Homeland Security] DHS” which includes Fema, CBP, and others; and DOJ / FBI. A casual perusal of USAspending.GOV shows millions in Federal Contracts; 20 Million from various VCs like InQTel/IQT, Walden Capitol, BBG Ventures (Verizon subsidiary), and others.

It’s little surprise then, that GOtenna also conveniently provides the only secure encryption that’s exportable without a Department of Commerce / Foreign Export license and operable by anyone in the US, or any jurisdiction in the world, without any FCC license whatsoever and can optionally interface with ANY datalink, available to deliver messages to any device anywhere in the world (even users without a GOtenna).

Gotenna intelligently and automatically adjusts power output and tunes frequencies depending on the detected GPS location and jurisdiction to avoid interfering with other bands and to comply with each countries’ rules. Once powered on, it builds a mesh network with people around you to communicate without untrusted intermediaries, directly, as the bird-flies one to another.

But, GOtenna has been known, in some instances, to leak phone numbers of the users, GPS location in cleartext and be susceptible to several attacks: e.g., against encryption, allowing impersonation, Man-In-The-Middle MITM attacks, repeater / protocol manipulation, possible censorship by GID aggregation, bluetooth attacks, … etc., as seen in both the last two DefCon conferences (seen at Defcon 25 and 26).

People who may rely on GOtenna privacy should consider some thoughts on best practices for GOtenna use in hostile locations like NK, VZ, HK, CN, RU, Sudan, DefCon, BlackHat, and other areas.

Watch the Videos on Youtube of the DefCon 26 conference (linked below), starting at 8:40 to get an idea of the attacks that were in the wild almost a year ago and extrapolate, considering that there has been no updates from GOtenna since then. If you are a professional operator / can write off the purchases / or need to interface with .gov /ATAK, you are definitely going to want the Gotenna Pro X (and/or Gotenna Mesh -X?). Much better, more profitable for GOtenna, and accordingly, gets much more update love. Also has tunable frequencies, higher power (5Watt), and detachable antennas. If you don’t need ATAK or have no .gov sponsor, you may save some cash on the non-X pro version or a lot of money on the Gotenna Mesh devices. If you are using Gotenna Mesh ($40 each on Ebay / Amazon you should only buy from trusted sellers and maybe with a decent return policy. Gotenna has indicated they may void warranties on second hand purchases?) By default, Gotenna Mesh initializes your unique network id (GID) as your phone number which is also publicly accessible. You can change this at app installation. Suggest downloading the offline install file .apk for version 5.0.2 (77.4MB) from a trusted website, like APKPure? and comparing the MD5 hash before installing. Some firmware updates may fail. May want to keep an iOS device on hand as it may be able to unjam the bootloops. Separately, Mesh Developer Toolkit (iOS only) may provide some advanced backoffice or tactical features for admin / geek users to be aware of. Install on an airgapped burner device / tablet with airplane mode on. On install, set GID to random (or use disposable burner number). Provide GID to trusted friends through separate OOB channels. Be aware, once the GID is used in public, it may be susceptible to impersonation / perhaps decryption of cached messages? May be best to periodically randomize and re-coordinate with Out Of Band OOB gids? Shout Messages do NOT repeat. Emergency Shout messages repeat up to 6X hops, BUT Emergency Shout may also include your GID and GPS location. PRIVATE 1:1 and 1:M group messages have a higher likelihood of security / privacy against some adversaries; however, impersonation / decryption may be possible and some metadata may be exposed in cleartext. There may be some added security to registering with your phone number if you don’t mind it becoming public, such as a disposable number. A burner number might be good to help establish identity for OpSec and countering impersonation on first use? Gotenna Mesh public relays on the map at imeshyou.com is NOT dynamic, or verified. Relays / map may not be reliable. Completely user-editable, non-confirmed, curated, and barely moderated. Gotenna Mesh is entirely closed source. Even though they espouse and praise the Open Source / FOSS mantras and ethos, the underlying Gotenna Mesh devices are not open source in any way. Would they even submit to a 3rd party audit of their code? That said, while Gotenna is not open source, it does offer an SDK, a SIGNAL open source collab, Javascripting from Mesh Developers Toolkit, and an open source encryption (Bouncy Castle) FOSS. Gotenna privacy policy seems to be pretty broad in their sharing of information about you. Would they really fight to keep your info private? Do they have a Privacy Canary? https://gotenna.com/pages/privacy-policy-apps There does not appear to be any way to disable repeater or maintain radio silence on the Gotenna Mesh devices while they are on. Accordingly, if silence is golden such as at Defcon, blackhat, Venezuela, Sudan, or in HK protests, users may want to keep GOtenna OFF. and selectively use Faraday cage mesh bags? If I wanted to locate you, I could spam messages that your GOtenna would be obliged to repeatedly rebroadcast which might expose you to triangulation attacks. Do not transmit if you see a 900Mhz Yagi antenna pointed at you, a signal meter, ;) or a white verizon / unicom or unmarked van sitting in front of your house ;)))) Gotenna adhoc semi / permanent relays left in the field may be compromised by USB access… may be best to consider relays that are out of chain of custody as compromised and disposable. However, be aware, that relays cache messages for later delivery / review. May be prudent to collect these. Some unfriendly jurisdictions may force people to unlock your phones with fingerprint, face, or iris. If OpSec is important, may want to disable biometric unlock of paired device and/or remove bluetooth proximity unlock features with smartwatch/car/headphones. Remember that thermal cameras can detect your unlock pattern for a few seconds after use. BEWARE, if using SMSRelay, that those devices relaying via Twilio may have some data leak / surface of attack as well. Other applications on / in your phone may compromise the GOtenna device. May want to start with a burner, and via XDA Developers, install recovery software, wipe the OS, and install a fresh / known trustworthy barebones rom. As Gotenna is IQT / IN-Q-Tel / InQtel / INTEL / CIA funded, with millions in federal contracts to literally every branch of the US Military and every agency within Homeland Security, and they are completely CLOSED source, you can never be sure they haven’t left some vulnerability / Achilles’ heel / easter egg for malicious govs / blackhat hackers to expose? Considering GOtenna to be a naive, small business, good guys with only good intentions may be folly. See what they did to Puerto Rico? They took money from a fundraiser for Puerto Rico, to build an emergency hurricane network — and they never did it. Walked away, ghosted survivors, and to this day won’t answer questions, provide any transparency, account for or even return the money they took (or give it to an org that would use it to help Puerto Rico, as intended by the 213 backers to the fundraiser). Furthering this, GOtenna has known for almost a year that a girl was severely injured relying on their product and they continue to intentionally forbid Text911 smsRelay. Even though this could have saved her or anyone else who uses GOtenna devices at the edges of connectivity in disaster areas or when emergencies hit. GOtenna promised to provide the Text911 smsRelay feature over two years ago to enable emergency communications with first responders / hospitals but still has not made this available. Obviously, GOtenna does not prioritize our Senior, deaf, and Hard of Hearing HoH communities or compliance with Americans with Disabilities Act ADA. Do they do the RIGHT thing? Or the profitable thing? Will they give you a fighting chance or follow the most profitable path?

Will GOtenna comment publicly, provide updates, clearly commit to protecting users’ privacy, immutability, and adopt bare minimums of transparency to their users?