Cryptocat is a web application that aims to provide an open source, browser-based communication environment with security that is comparable to desktop-based encrypted chat applications. Cryptocat aims to leverage both the ease of use and accessibility afforded by web applications and the security provided by client-side public key cryptosystems.
Tor bridges are Tor relays that aren’t listed in the main Tor directory. They are a step forward in the blocking resistance race. Cupcake Bridge is a browser extension that allows users to become new Tor bridges automatically, without having to install a full software suite or configure anything. This project would bring create a Cupcake Bridge extension for Firefox and plugins to work on sites like Wordpress and Drupal significantly growing the number of global Tor bridges.
Working with the Berkeley Anti-Censorship Lab and Incubator, the project will expand the Lab’s test-bed to mobility-based tools and proliferate the development of new security tools.
GlobaLeaks is the first open-source whistleblowing framework. It empowers anyone to easily set up and maintain a whistleblowing platform. GlobaLeaks can help many different types of users: media organizations, activist groups, corporations and public agencies. The current project will integrate a variety of new and requested features primarily focused on expanding the capabilities and security of the platform while simultaneously increasing usability.
Greatfire.org is implementing the concept of “collateral freedom” on the Internet and making their technology only available to any content provider who needs to unblock their content in any country that practices online censorship. Greatfire.org continues to test and experiment in China as censorship is pervasive and the censorship apparatus is well developed. They have launched an iOS app that the censors have been unable to block and launched mirror websites of FreeWeibo, China Digital Times, and Reuters which censors struggle to block.
OpenPGP encryption for Webmail
- Mailvelope uses the OpenPGP encryption standard which makes it compatible to existing mail encryption solutions.
- Installation of Mailvelope from the Chrome Web Store ensures that the installation package is signed and therefore its origin and integrity can be verified.
- Mailvelope integrates directly into the Webmail user interface, it’s elements are unintrusive and easy to use in your normal workflow.
- It comes preconfigured for major web mail provider.
- Mailvelope can be customized to work with any Webmail.
Journalists and human rights defenders face grave threats to themselves and to their sources that trust them with their stories. As more journalists use technology to store and manage their data, more perpetrators try to attack that technology. Benetech’s Martus is a tool aimed at providing journalists with a means of transmitting information, while protecting their sources and themselves. This project focuses create an open source Secure App Generator that will allow users and partners to create custom “Powered by Martus” write-only applications (where the user can only submit data, but not read it post-submission, so as to reduce risk for untrained data collectors), making it easier for organizations to distribute secure, easy-to-use data collection tools and for users to collect and secure information in the field. Previous support focused on the creation of a mobile version of Martus for the Android mobile OS to allow for secure information transmission in the field.
This project will build a new software client for M-Lab testing by developing a browser extension or similar software integration for one or more of the popular open source browsers. Once deployed, this tool will enable any user to become a regular and reliable part of the MLab community. It will also give researchers and policymakers a tool for realtime monitoring of censorship activity with a capability to zoom in on particular user communities on particular networks in particular geographies.
Ooni-probe, the Open Observatory of Networking Interference, is an open source network testing framework and associated tests for detecting internet censorship. Its aim is to collect high quality data using open methodologies, using Free and Open Source Software (FL/OSS) to share observations and data about the kind, methods and amount of surveillance and censorship in the world. Measurement Lab is an open platform for researchers to deploy Internet measurement tools. By enhancing Internet transparency, M-Lab helps sustain a healthy, innovative Internet.
TextSecure, is an easy to use encrypted text messaging application for Android. It enables secure local storage of SMS/MMS messages, as well as encrypted transmission of SMS/MMS messages to other TextSecure users. This project will develop a feature-parity TextSecure client for iOS, which will provide full secure text interoperability between the supported TextSecure platforms.
RedPhone is an easy to use encrypted VoIP application for Android which enables secure high-quality phone calls anywhere in the world. This project will develop a feature-parity RedPhone client for iOS, which will provide full secure call interoperability between the supported RedPhone platforms.
All current Android sync providers are unencrypted, meaning that the sync service gets a plaintext copy of everything sync’d, leaving your contact and calendar information potentially vulnerable to hostile parties. While the stock Android sync experience has no built in confidentiality, leaking contents of your contact and calendar details, Android fortunately has a mechanism for others to seamlessly provide different sync functionality. This project will take advantage of this mechanism to offer Android users encrypted backup.
The OpenNet Africa initiative (www.opennetafrica.org) by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) is documenting internet rights violations, reviewing cyber security policies and their impact on internet freedom, promoting information availability and creating awareness about internet freedom, with a focus on Burundi, Ethiopia, Kenya, Rwanda, Tanzania and Uganda.
This project is: 1) Working with the local tech community and human rights defenders to test and, where relevant, localize tools. This track will seek to generate an empirical understanding in an [East] African context, of what technologies and tools work well and why, what might need change, what tools need to be rolled out among vulnerable ICT/internet users in the region. 2) Conducting skills building and awareness raising on internet freedoms, privacy and security online. 3) Researching/ documenting the nature of threats to access, privacy and security online in East Africa. Without a solid appreciation of the means of surveillance, monitoring and website blocks, it is not possible to devise suitable safety, circumvention and awareness raising mechanisms.
One of the challenges that service providers face today, is to be able to troubleshoot problems that their clients experience that can not be reproduced in labs by technical teams. Gaining visibility of the data traffic in restricted locations is key to help organizations to advocate for an open Internet. Without proper forensics we can not build solutions and document the cases. Examples of efforts in the last years include troubleshooting network disruptions in Iran, content blocking in Zambia, DNS hijacking in Belarus, Vietnam or Sri Lanka and detection of DPI activity in Syria, Uzbekistan and Turkmenistan. The Proxy Looking Glass (PLG) initiative focuses on building a feasible alternative for data collection inside countries with repressive regimes that increase the safety of the involved parties.
The project has three major objectives:
- Analyze the limitations of existing tools and technologies to fingerprint infrastructure based attacks.
- Describe the mechanisms, tools and methods that will allow normal readers to conduct coordinated experiments from their Internet connections.
- Increase the awareness of Internet tampering in at least three selected countries by using the data collected during the PLG trials.
SecondMuse is an innovation and collaboration agency. They co-create prosperity by applying the art and science of collaboration to solve complex problems.
Their project with OTF is to aid in the creation and development of more effective Internet Freedom tools (IFTs) through the application of a research framework grounded in ethnography, human-centered design, and the practice of research-based product definition. This framework will define motivations, needs and usability challenges facing user communities of target IFTs and provide development and design milestones that are necessary to address these challenges. This work will also provide selective recommendations to developers of specific IFTs in the form of proposed development milestones to address the findings of a pilot study.
Security in-a-box drives a new paradigm of self-enabled agency in the digital realm, teaching human rights defenders how to become more efficient by adopting habits and approaches that help them to continue doing their work unimpeded and to circumvent harassment and censorship. However, the infrastructure is not suited to easily support maintenance of existing languages and adding new languages of the online toolkit despite frequently receiving offers to do them. This project will update the infrastructure and establish a reliable workflow which professionalized the translation process.
GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices. The security standards for voice and text messaging date back to 1990 and have never been overhauled. SRLab’s GSM Security Project creates tools to test and document vulnerabilities in GSM networks around the world. The project will create tools to detect and, where possible, prevent abuse of mobile network and SIM card vulnerabilities, and spread the tools to end users as widely as possible.
The Guardian Project aims to create easy to use apps, open-source firmware MODs, and customized, commercial mobile phones that can be used and deployed around the world, by any person looking to protect their communications and personal data from unjust intrusion and monitoring. This project focuses on core app development, the creation of a secure mobile media production tool, the creation of an open app store for privacy and security tools and expanding secure chat to other mobile platforms.
Armies of online drones, compromised social network accounts, and surrogate users known as “Internet sock puppets” are used to drown out the voice of the voiceless. These sock puppets are used by repressive regimes to deflect or redirect conversations that are important. Essentially, the use of these sock puppets threaten the benefits offered by a free Internet by abusing that same freedom. This makes for an insidious attack, because one of the fixes against sock puppet attacks would be to reduce Internet anonymity. A case where the cure might be much worse than the illness itself. This makes this project all the more important. It will map out these attacks, identify in depth the techniques commonly utilized, and build a set of tools to be used by organizations and the public to help defend against this attack.
This effort will focus on expanding security and usability of the Tor Browser Bundle (TBB). Tor Browser is used by millions worldwide daily and has been downloaded over 36 million times in the past 12 months. The project will identify and resolve privacy and security issues in Firefox that impact TBB users; improve the usability and functionality of the Firefox extensions that we include with TBB; finish and extend the “reproducible build” design that allows users to gain confidence that TBB includes exactly and only the components intended to be included.
Transparency Toolkit is open source software that lets journalists, activists, and human rights workers chain together tools to collect, combine, visualize, and analyze documents and data. The toolkit makes this process of examining public interest documents easier and more effective with tools to help anyone rapidly collect, combine, visualize, and analyze information from many different angles. These tools work in many different situations and require no coding ability. There are two main components to Transparency Toolkit. First, a collection of tools for getting data or documents, combining datasets, visualizing information, and analyzing documents. Second, a web application where users can use these tools individually or link together multiple tools. For instance, a researcher examining censorship in Belarus could use Transparency Toolkit to scrape the websites being blocked, extract the keywords mentioned in those websites, and generate a timeline that shows correlations between those blocking events with events in articles about the area and other reports of censorship.
Security First is building a mobile application, ‘Umbrella’, that provides all the information needed for a human rights defender to operate safely. With step-by-step processes for every situation from sending a secure email to emergency evacuation – Umbrella will provide human rights defenders with a one-stop-shop for all the latest know-how of how to operate securely as and when they need it. It will provide users with how-to guides, risk assessments and checklists, along with optional customisation, allowing users to securely and anonymously save their settings and track their progress.
This project will support a resource center for circumvention & digital security for the average Vietnamese netizen; the No Firewall online platform to continue to localize new manuals and guides, while promoting existing tools; and a help desk for bloggers, digital activists, citizen journalists, human rights defenders in need of support.