When I was young, I wrote a science report about how radio works, including shortwave radio, and that's when I originally discovered number stations. This was before the World Wide Web existed, so I had no real way of learning about what I was hearing. I've been interested in them ever since. I love the idea of broadcasting secret messages all around the world, that anyone can hear, but only a handful of people can actually understand.
It's easy now to listen to historical recordings of stations via The Conet Project. With the end of the Cold War, some of the allure of number stations seems to have faded, but there are still broadcasts and with a little effort you can use the internet to monitor for new broadcasts with online shortwave radio receivers.
This podcast adapts the concept of number stations to the web, while also making it possible for anyone to broadcast a secret message. You can send a secret message to a friend, or even just into the void.
It's also an attempt to make a podcast that is largely automated, which creates episodes with little or no human intervention, but those aspects are definitely still a work in progress.
How It Works
Users can submit messages via the website. The messages are encoded using One-time pad encryption, which means that you can only read the message if you have the decryption key. You can share that key with anyone you like, and send them to the decryptor tool which can be used to turn the encrypted message back into your original message.
How Does The Encryption Work?
Each message is encoded using letter 'one-time pad' encryption. In this method, each character from the original message is combined with a character from the 'pad', which is a pre-generated random key -- basically, a collection of random letters. Each pair of letters is added together, and the result in the encrypted letter. You do this for each letter in the message, and then you have your ciphertext.
Decryption is the same process, but in reverse order. The message recipient has a copy of the same OTP used to encode the message. Letter by letter, they subtract the pad's letter from the encrypyted text. The result should be the original, unencrypted message.
The Wikipedia example for OTP messages goes into great detail on how this works.
There's a decryption tool that will automate a lot of this work for you.
How Secure Is It?
It's pretty secure, but there are a few caveats:
- A message can only be decrypted by someone who has the the OTP used to encrypt the message. However, the OTP is currently stored on the server. If someone hacks this server, they can probably read your message.
- If you submit a message, your message will be sent over HTTPS. That said, some processing will occur on the server. If someone hacks this server, they might be able to intercept your message and read it.
- Ideally, the OTP would be generated with true random values, but I very much doubt the code I'm using qualifies.
- Your message will be run through a word filter before it is encrypted. Just because the message is basically indecipherable doesn't mean that I'm cool with broadcasting messages with slurs.
- Ultimately, you must trust me, the owner of this server, to not read your message. I promise not to read them, but the way the system is currently written, I could in theory read your message.
The audio for the podcast is generated with Overtone. Voice synthesis is done with Amazon Polly.
- The main image is of the Flevo shortwave station, taken by Jan Joris Vereijken, and Creative Commons licensed.
- The background static is a recording of actual shortwave static, taken via the Wide-band WebSDR project.
- The music is generated via MIDI files sourced from the Mutopia project
- Other audio clips are sourced from The Prelinger Archive
- favicon is Radio Tower by Jon Anderson from the Noun Project