This means that as opposed to the default Facebook Messenger apps that transmit and store their messages in plaintext, no one but you and the person you are messaging can read the contents of the communication. This goes far beyond the really unsafe designs of group messaging products like WhatsApp, which have pretty much no security at all, and are easily hijacked and monitored.

You can even use Gibberbot over the Tor network, to access Facebook messaging in places where it might be blocked or monitored, like your school, work, or your local authoritarian surveillance state.

Now, it is very interesting to note, that while they allow it, they do *detect* that you are using encryption, and tag it as such in the web-based messaging interface (which does NOT support encryption). Only time will tell if this is simply a feature for tidying up the user interface (else you see a bunch of cypher text gobblyegook), or some sort of retro-future surveillance of who is using Facebook in non mainstream ways. After all, if Facebook cannot index my chats for keywords to advertise against, do they really want me using up their server computing time?

Below is a screenshot of ChatSecure, the first open-source secure messenger for iOS devices. We are excited to be partnering this project to ensure full interoperability with Gibberbot.

Learn more about the entire Guardian Project suite of open-source secure mobile apps.

Once the node is operational, accounts are provisioned on the node and users install the OSTel Android application on their mobile handsets. Users may place secure calls to other users within the domain ostel.me.

This week I reached a milestone. I placed a call from a user at ostel.me to a user on a second private debugging domain. Both domains were configured as an OSTN node and two handsets were registered, one on each node. This kind of cross domain calling is something that is rare in the VoIP world when compared to other communications protocols on the Internet, for example email and XMPP. This is due in part to the complexity of the SIP protocol. I’m documenting the extended details on the wiki.

I configured both servers to register to each other, establishing a two way link between them. This is called VoIP peering. The more nodes in the network, the more peering relationships must exist. For example, this picture illustrates the relationships between a fully interconnected network with four nodes, named A, B, C and D.

Four Node Peering Network

The implementation of this kind of peering network differs for each application. Once the peering configuration is completed by the operator of each node, they must also enable cross domain calling in the Freeswitch dialplan. In Freeswitch, the peers create a “gateway” to route calls to a non-local domain. When a non-local call is placed, Freeswitch will attempt to find a gateway to that domain. If it exists, it will route the call to the other server, which will in turn ring the handset belonging to the registered username.

Cross Domain SIP Call

This test proved that cross domain SIP calling is possible but as I’ve shown above, there are significant hurdles on both the user and operator side. Some of these hurdles may be overcome by using a SIP application other than Freeswitch, some may be solved on the client side, others with DNS. It’s great to have a secure voice service with a network of trusted peers. I’m looking forward to future research and development to remove the hurdles to create these peering agreements. Eventually we’ll all have the ability to call our friends email addresses.

WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time. In particular, resolution of hostnames via DNS may not be properly routed through Tor (this is a common issue with proxied software). In addition, through other permissions that Twitter for Android may have you on your device, there may be a strong ability to correlate identity between your registered Google Account and your activities on Twitter.

Until recently, in order to run Twitter for Android through Tor for Android, aka Orbot, you would need to root your device, or deal with complex proxy settings. However, as of last week, Twitter became one of the first and only major apps (aka 100M+ installs!) to add direct proxy support into their app, in a very easy to find and activate way. Install and activate Orbot, open Twitter, tap the gear icon on the home screen, check the “proxy” box, enter ‘localhost’ and ’8118′, and you are ready to proxy through Tor. See the screenshots below for a full walkthrough, and please spread the word to those in need.

Learn more and install apps

• Twitter for Android: Google Play
• Orbot: Tor for Android: Google Play or direct download via TorProject.org
• Learn more about how Tor works or just watch the video below!

Next we tried to use some services. We were going to try running a cryptocat session, but the phone that was running cryptocat via a Lil’ Debi Debian install was having trouble staying connected to the mesh. Next we tried a serverless direct SIP call using CSIPSimple.

CSIPSimple uses the Android Java API to determine if the device is online. The current approach to configuring the ad-hoc mode used by Android-Wifi-Tether-based apps including Serval and Barnacle-based apps including OLSR-Mesh-Tether disables the wifi via the Android Java API, then configures ad-hoc mode using command line tools. This means that Android believe that the wifi is off, and when apps query the network status via the normal Android API, Android will tell it what it believes: there is no network connection.

This works in Serval because Serval is a self-contained system with its own SIP client and server, etc. This does not work for situations where we want to provide generic IP service using OLSR mesh on Android phones. I’m going to try to see if I can get the ad-hoc setup to work while making Android believe that the wifi is an and associated with infrastructure-mode network.

Also, in the process of setting up the mesh while mixing in a crowd and walking with a crowd down the street we realized two key things: 1) the setup process should be tolerant of frequent interruptions, and 2) it should be as easy as possible for people to give the mesh app itself from one phone to another. We’ll be working on #1 as part of our Commotion work and we will focus on making a UI that clearly shows its status and lets the user continue where they left off. We will be working directly on #2 as part of a separate project, so we’ll try to keep everyone informed on our progress with that.

Another idea we discussed was how to have a “strength meter” for mesh, like the GSM or wifi bars. We talked about taking a tally of how many first hop connections there are, the total connections, and the total willingness of all of the first hop connections.

If you see me dancing or signing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy?

This past weekend, a bunch of members of the Guardian Project team found ourselves at the Wall Street Journal Data Transparency Hackathon. The Journal put this together in order to “invite developers to help build free Web tools that promote data transparency and control.” The tracks were divided into:

• Scanning: Enhancing technology that scans the Web to reveal tracking
• Education: Helping people see how much information they share
• Control: Improving software that helps people control sensitive information

Tracks were led by Ashkan Soltani, an independent researcher and technical adviser to the Journal; Brian Kennish, a Web developer and founder of Disconnect; and Jacob Appelbaum, a security researcher at the Tor Project. Our teams went down the path of control, with the goal of making tools that are secure by default.

We danced our way into winning in the control category by helping the victorious Cryptocat team that has a tool for encrypted chat service right from the browser. This fantastic project blew through a number of innovations, porting into a Firefox web app, doing desktop notifications, and improved cryptographic primitives from within the browser. We helped by creating an Android app for the tool that converts dance moves into a random number generator for creating the encryption key. Just start the program, enter the name of the chat, enter your nickname, then DANCE. Starting a secure chat from a phone is now as easy as that. You can try it in your browser via their site https://crypto.cat/ or download our new Android app (either with or without Tor compatibility). And congrats to Nadim Kobeissi for this well deserved win and the team Tobias Pulls, Jacob Appelbaum, David Huerta, Joseph Bonneau  and Nathan Freitas.

The Guardian Team & Friends Hacking Away

We sang our way into winning in a new category that the judges came up with, “soup cans and string” for Ostel, our encrypted VOIP solution. Launching an alpha version of our tool in front of some of the worlds leading experts in the security field was a risky move, but thankfully we managed to work out a number of bugs and generally received great feedback and support from the community. Over the weekend, we made progress in our alpha demo, identified additional clients that can receive calls on Mac, PC, Linux, iPhone, & Blackberry and created a new user signup system that allows users to register and immediately be sent an email with a link to their credentials via SSL. To extend the project even further, we have started compiling information on VOIP laws in countries from every continent so that the tool can explicitly be supported on as many platforms, in as many countries and in as many languages as possible. In addition to singing praise, singing (and other voice signatures) might be used in the future for entropy as the random number generator for the encryption key exchange. PrivateGSM is already doing this and it would be great to incorporate this feature into Ostel & CSipSimple later on. Thanks to Lee Azzarello, Luke Stark, Sean McIntyre and Zach Schwartz for being great members of the Ostel team. 

Lee accepts the "Soupcan & Strings Award" for Ostel

Dancing for encryption in Cryptocat, singing for encryption in Ostel. Let us know if you have other ideas for fun ways to generate keys. We’re always looking for inspiring ideas from the community.

We’re even well on our way to seeing the world through encryption tinted glasses. Progress was made on making innovations in our Informacam project. The goal is to be able to snap a picture, but protect the privacy of the people in the frame by blurring their faces and the metadata connected to the event. Whie this can be crucial in a sensitive scenario, it can also be important that a judge or trusted organization can “unblur” the image and so we’re working on a way to encrypt and send those pixels. Bugs were removed, code was written, and soon enough, hopefully we’ll be able to incorporate it into the new Google Augmented reality goggles.  

Using the InformaCam “Identify” filter.	Select a Trusted Destination for your encrypted media.

Being head down, singing and dancing encryption with our security glasses on while coding, it was easy to miss the other amazing projects in the room. I highly recommend checking out the other winners as well. They’re doing fantastic and necessary work:

• “Scanning” Track Winner:  TOSBack2 - a living archive of all privacy policies
• “Education” Track Winner:   PrivacyBucket - a Chrome extension that measures the extent to which individual third-party trackers can discover demographic information about the use
• Judges’ Choice Winner:   Site Scoper
• “Ready for Primetime” Winner:   MobileScope
• “Zuckerberg/Systrom Memorial Award for Opportunistic Optimism” Winner:   Pestagram
• “Best Listener” Winner:   The Price of Free 

Thanks to Julia Angwin and the WSJ team for making this great event and the fantastic What They Know blog possible, to Gunner for being such an inspiring facilitator, to judges Alessandro Acquisti, Sid Stamm, Dan Kaminsky, Andrew McLaughlin and to everyone else who made this possible.

This post outlines some initial user scenarios that PSST aims to address. We believe them to be common enough so that our solutions will be readily applicable to real world people now. They are a small subset of all of the types of users that we feel can ultimately benefit from the PSST core research, so these user stories provide a starting place for honing the tools for the needs of actual working organizations. These stories also discuss how the software could be used in these situations. The software as described mostly exists, but not all details are currently implemented or even fully vetted as secure practices.

We are very eager for feedback, comments, and criticism on any aspect of these scenarios, from whether they are plausible to whether the user interactions described are built upon realistic expectations of actual members of organizations like the ones described here.

The Small Cabal

There is a small group of people that needs to communicate as securely and anonymously as possible. They all meet up in person. They generate keys, and individually sign each person’s key and get that person’s signature on their own key. These are local-only unpublishable signatures. No one uploads their keys to any other server or device. They each generate a revocation certificate and hook it up to their panic button app. Once the panic button is hit, the phone broadcasts the revocation certificate to the pre-determined list of people.

Diffuse Activist Organization

An activist organization has members spread out all over their country, with concentrations in certain areas, and a handful abroad. They are working in a country that aggressively tracks communications, but encryption is not banned nor aggressively tracked. Since there are many members and they are widely spread, very few of the members have met the whole membership. Many members often meet up in person at various places around the country, and some people also travel to regional and national meet-ups. The central forum for the whole group is on the internet, and there are many big group discussions and announcements that happen on internet forums.

Each member has a cryptographic key that represents their online identity, which they post to the public keyservers. They generate and store a revocation certificate to upload to the keyservers in case of a compromised key or computer. They do not post any signatures to the key servers so that the social graph information remains private. Whenever they meet another person that they trust, they sign each others’ keys and swap all signature data using direct peer-to-peer communication.

When interacting with members who they only know on the internet, they check whether they have a cryptographic trust path to each others’ keys, and if not, they establish the first step of trust via OTR by doing key verification via question/answer, shared secret or manual fingerprint validation over a trusted channel, like the phone. When they hit there panic button the post the revocation certificate to the keyserver. Each member’s computer/phone automatically checks the public keyservers for revocations hourly, and marks any revoked key as invalid as soon as it receives a revocation certificate.

Multinational Organization

An organization has many members in a number of different countries. Some of the governments are supportive of the organization’s goals, while some of the governments are strongly hostile and are actively seeking out local members. Many members work in countries where there is little chance of active tracking and monitoring of their use of encryption, while others work in high risk environments from time to time. Certain local contacts and members work in aggressively monitored countries where use of encryption is a flag for the secret police.

The public figures of the organization in safe countries have a public trust profile that is freely downloadable. They use the public OpenPGP infrastructure and publicly share all public signatures. These members also have private, unpublishable signatures related to the members in high risk situations. Operatives in high risk situations use only unpublishable local signatures and the whole collection of signatures is stored in an encrypted form. There devices only contact keyservers via anonymized connections like Tor or VPNs.

When members are signing each other’s keys, the signatures are always sent to the key owner via encrypted email. The signer can then mark the signature as private or public, or their software can be set to always mark all keys as private and unpublishable. When the key owner receives the emailed signature, she can then decide how to manage the signatures: either privately import the signature to their keyring, where it will be stored in an unpublishable format; or publicly import the signature into their keyring and sync it via the public PGP servers. If the signer emailed a private signature to the key owner, then the key management software will automatically make it a private signature.

Improvised movement organized via social software

People from all over a region join a popular movement to help organize protests, distribute media, spread information, etc. Many join in groups of friends or family, but overall the group is not socially well connected together. The common cause is the central binding of the group. In their communications, they want to avoid keyword filtering and communications tracking, as well as try to hinder infiltration and the injection of misinformation. They need to communicate and exchange media with some level of trust. Since the group wants as many members as possible, the infrastructure must be relatively open and public.

Users who do not have any shared history will trust each other’s keys on first contact, and rely on the continued validation against the initial mark of trust (known as TOFU/POP or Trust On First Use/Persistence of Pseudonym). Once users build up some context with each other, they can deepen the cryptographic trust by using OTR question/answer or shared secret authentication. Users publicly share their TOFU/POP and OTR marks of trust on public exchanges so that people can build up public trust in their cryptographic identity.

Foreign Journalist, Diplomat, Business Person, etc.

This user is working in a place with active monitoring, tracking and filtering. She has strong links to institutions outside of the country that can help in case of trouble. She has clear outsider status so is able to use encryption and anonymizing software without a large risk of persecution. She wants to keep her communications private in the face of active monitoring.

Standard public cryptography tools cover most of this situation, but they must be made easier to use, and work on mobile devices. If this user needs encrypted exchanges with locals at high risk of monitoring, local unpublishable signatures can be used in those situations.

Encryption provides the building blocks for making the experience no longer a lie. With properly encrypted data, it is possible to throw away the key and delete it, and then no one can get the data ever again. The problem now is how best to use encryption to make our private information actually private with as few complicated decisions or onerous interfaces as possible. Full disk encryption is one popular choice. It does a good job of providing a transparent experience, merely type in a password when you boot up your computer, and the rest is totally normal. But it also offers limited protection. When your full disk encryption is unlocked and your computer is running, that disk behaves no differently than an unencrypted disk. Someone with access to the computer has full access to the files, malware does too, undelete tools will still work, etc. You have to power off the computer to get the protection that full disk encryption provides.

Another option is providing virtual encrypted disks like TrueCrypt or Apple’s encrypted disk images. Then you can decide on what needs to be in which compartment and what is always unlocked versus what is locked away behind a long, cryptic password with a short timeout. This provides good security and privacy when managed properly, but requires a fair amount of skill and time to setup and manage everything. These techniques also require root access since they mount these virtual disks as file systems. We focus a lot on Android, where most people do not have root access.

A related approach is to have a software layer automatically encrypt each file. This is how the EncFS FUSE module and the Certgate MAPL file access work. This provides transparent encryption, but since each file is individually encrypted, a lot of information is still available without decrypting anything: the file size, modification and access times, etc.

We’re working on another approach similar to the approach we took with SQLCipher for Android. We’re calling it IOCipher. In SQLCipher for Android, we took the code from Android’s core android.database.* classes used for working with the built-in SQLite and replaced the guts with the SQLCipher encrypted database. This allows Android app developers to use the familiar and well documented android.database.* API to build in encrypted storage into their apps. With IOCipher, we are again using SQLCipher as the core, but this time we are wrapping it with libsqlfs to make it behave like a filesystem, then grabbing the code to Android’s java.io.* API and replacing the guts with calls to libsqlfs on top of SQLCipher. libsqlfs is also a FUSE(Filesystem in Userspace) module, so it provides an API very similar to the POSIX API for working with files and directories. So that makes it easy to take java.io.File, for example, and replace all the calls to read(), open(), write(), stat(), etc. with calls to sqlfs_proc_read(), sqlfs_proc_open(), sqlfs_proc_write(), sqlfs_proc_stat(), etc. Then all the Android developer needs to do is to java their import java.io.* to import info.guardianproject.iocipher.*, specify the database file to use, and the key to lock/unlock it, and the rest is normal Java programming.

The beauty of using libsqlfs+SQLCipher is that its built of top of SQLite, which gives us a single, very portable file that is the whole filesystem, like a Mac OS X .dmg file or TrueCrypt .tc file. SQLite also allows multiple processes to access the same database file, so that means multiple apps can mount an IOCipher virtual disk, and can use Android permissions and native filesystem permissions to control access to the virtual filesystem. Lastly, libsqlfs is already a FUSE module. FUSE is already nicely integrated into most GNU/Linux distributions, and also available for Mac OS X and BSD. That means that the single file that represents a IOCipher file system could also be easily mounted on GNU/Linux, Mac OS X and BSD (we are already doing this on Debian and Ubuntu, Mac OS X will require some more work).

All in all we think this approach will make filesystem encryption easier to include in Android apps, and also make it possible to have the encryption be trivial to setup and very transparent to the user. Its close to being usable, once it is, we’ll post instructions on how you can use it in your apps. For now, you can follow our progress here:

https://github.com/guardianproject/libsqlfs
https://github.com/guardianproject/IOCipher
https://guardianproject.info/wiki/Products_of_PSST_Work

Here’s a bit more about the challenge:

The Knight News Challenge, an international media innovation contest, is evolving – and will be offered three times, with three different topics. The first challenge will be centered on networks, and will accept applications Feb. 27 – March 17. The Networks challenge round seeks projects that use the best of existing software and platforms – those already integrated into people’s lives – to find new ways to convey news and information.

Aside from the merits of SecureSmartCam itself, specifically the ObscuraCam and InformaCam sub-projects, our research and development over the last two years on this project have extended to support an entire range of completely open-source mobile technology for Android developments, the benefits of which extend far beyond our own project itself. There are already many other organizations, projects, and apps (both commercial and non) that have incorporated our technology into their own solutions, not to mention the hundreds of thousands of users out there who depend on our core apps like Orbot (Tor for Android) and Gibberbot (Secure Chat) to safeguard their day to day communication.

The work so far was largely funded by a generous private non-governmental donor, and if you look at the list of projects below, we have put that funding to great use. If we receive this funding from Knight (a similarly generous private donor), we will continue our work in this modular, open manner, ensuring that the money will benefit projects and causes far beyond our own personal vision and endeavors.

SecureSmartCam-supported Open-Source Projects

• GnuPG for Android: OpenPGP Public/Private Key Infrastructure for Encryption and Verification of Communications and Data
• SQLCipher for Android: AES-256 Symmetric Encryption Layer for SQLite Mobile Database. SQLCipher is also available for many other platforms.
• IOCipher for Android (or any mobile platform): Encrypted filesystem built upon SQLCipher that works for any application without requiring root or custom device modification. This is an extension of our port of LUKS for Android, encrypted disk partition system.
• FFMPEG for Android (with Video Redaction Filter): a build system and patches for compiling FFMPEG for Android, with support for custom features to enable video privacy controls
• Jpeg Redaction Library: a generic library for redacting visual and metadata information from JPEG images without needing to decode them. Very important for limited memory mobile devices!
• NoteCipher for Android: Simple secure text, photo and video storage app for Android, built upon SQLCipher
• SSCXfer for Android: Anonymous, Proxied, Secure Video (or any file) Uploader (based on Vidiom open-source project) over Tor to YouTube, VideoBin.org and other sites. By extension, this project also supports our core work on Orbot, the Tor for Android application with hundreds of thousands of users worldwide.

In the end, the approximately $300,000 of grant support we are seeking, is nothing compared to the millions of dollars in funding poured into closed-source mobile startups, who not only by a large majority fail, but also rarely share the components of their work in a way that moves everyone forward.

What we need you to do is, go to our SecureSmartCam Proposal on the Knight News Challenge Tumblr, and “like”, comment, reblog or otherwise show your support for it, in as a public and visible a manner as possible. If you have concerns or questions, please post them to the Tumblr, and our team will reply to you there. This is open-source research after all, and don’t claim to have all the answers, but we do need your support to get there.

What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN).

The internet is already structured to be able to do this. That’s why I can have all of my emails point to one email box if I want to. Simply by changing the MX records. So why not be able to do that with phone numbers, routing them through my same email by changing the SIP records?

Guardian Project is in the process of figuring out how to make your life better by doing just that. We’re currently in the early stages of research on how to make a stack for secure telephony standards so that anybody can participate, whether a novice user who wants easy access or a power user who wants to run their own stack.

Email already handles configurable standards well for text. As a user, I can choose my service (Gmail, Hotmail, RiseUp, self-hosting, etc) and the client (Outlook, Thunderbird, Mail, etc) on whatever platform works best for me (Windows, MacOS, Android, etc) and have my custom email (mark@funkymonkey.net, jedi83@rebelalliance.org, etc) point to whichever of these systems I trust the most and works best for me.

We’re now bringing that ease and customization to voice communication. As a user, I’ll be able to choose my service. We’re currently alpha testing a service we built, Ostel.me, but there are others like Tanstagi, Intimi.ca. Our open protocol will make it easy for companies to host their own internal server for communication. Whatever platform works best for you (Windows, MacOS, Android, etc) has a tool that lets you make phone calls with the service. We’re working directly with open source tools like CSipSimple on Android and Telephone on MacOS to improve them for best and most secure call quality. We’re also making it easy for people using other tools like Groundwire on the iPhone to make calls using these tools.

Our goal is to make a service that’s easier to use and more secure than Skype while cheaper and more reliable than a standard phone. This is just the start, but we’re excited by the progress we’ve already made. If you’d like to help, we’re always looking for smart and passionate people who can be testers, designers, translators, and supporters. Before you can call our email for updates, you can send us a message on it telling us how you’d like to participate, sign up to be an alpha tester on Ostel.me, or follow us on Twitter. Thanks for tuning in!

While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws.

And Acrobits software, an iOS dev shop in Prague, Czech Republic did just that. The result is an excellent OSTN compilant app for iPhone called Groundwire.

Groundwire is not cheap when compared to competing apps for Android or desktop computers. They distribute it as a feature-limited app for $9.99. Unfortunately, one of the limited features is required to bring the app up to OSTN spec, namely ZRTP support. ZRTP is the key exchange protocol to securely authenticate two caller’s identities during a call. To enable this feature, the user must pay a $24.99 fee as an “in-app purchase.” This purchase is only required to enable outgoing ZRTP calls. If you don’t have a need for this, you must only pay the $9.99 purchase price to get up and running.

The good news is that Groundwire is an excellent app. I’m testing it on an original iPhone with firmware 3.1.3. It supports push notifications to receive incoming calls even when the iPhone is asleep or Groundwire is in the background. This feature depends on Acrobits secure push servers, and a full security audit has not yet been performed to determine if this creates a risk.

I expect Groundwire to be a very popular client for OSTel, due to the high number of iPhones in the field. If you’d like to sign up for our alpha tested, named OSTel.me, fill out the form and we’ll be in touch soon thereafter. You can also checkout another OSTN-compliant service at Tanstagi: https://tanstagi.net/