The Only Way to Visit Strongbox on a Phone
Posted on May 16, 2013
| mark
The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access the hidden site on a phone or tablet, and that’s with our Orweb app. Here’s a simple breakdown of how to do securely and anonymously blow the whistle, explained in an interactive tutorial: Visit guardianproject.info/howto/strongbox for an interactive tutorial on using Strongbox on your phone. The website exists as a hidden site on what is widely known as the darknet, since you are going there hidden or “in the dark.
[Read More]
GnuPG for Android progress: we have an command line app!
Posted on May 9, 2013
| Hans-Christoph Steiner
This alpha release of our command-line developer tool brings GnuPG to Android for the first time!
GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME.
[Read More]
Security Awareness Party
Posted on April 26, 2013
| mark
In the security world, there’s a pesky belief that a tool can either be secure or easy to use, but not both. Some experts also argue that training people to be safe online is too hard and doesn’t accomplish much (see Bruce Schneier’s recent post Security Awareness Training). Without a thoughtful approach, that’s usually how it plays out. But it doesn’t have to be that way! We’re committed to making online security fun to learn and fun to use, and we’re launching a new series of interactive tutorials to make it happen.
[Read More]
Gibberbot v11 is not just secure, its also simple, snappy and super fun!
Posted on March 8, 2013
| n8fr8
Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39
_Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/_
If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”?
[Read More]
Lower Bounds of The Narrow Bands
Posted on February 22, 2013
| lee
Voice is becoming a standard feature of any messaging app on mobile phones, in various forms using many different protocols. There’s the old guard, whom I will refer to as “Skype”. Some tough questions have been thrown their way by many groups who support a free Internet. There’s Google Voice, which is not really VoIP. Apple is playing around in the hedge maze inside their walled garden with iChat. There’s also Facebook, who is rolling out voice calling in Canada and the USA in their Messenger app on iOS.
[Read More]
IOCipher beta: easy encrypted file storage for your Android app
Posted on February 7, 2013
| Hans-Christoph Steiner
At long last, we are proud to announce the first beta release of IOCipher, an easy framework for providing virtual encrypted disks for Android apps.
does not require root or any special permissions at all the API is a drop-in replacement for the standard java.io.File API, so if you have ever worked with files in Java, you already know how to use IOCipher works easiest in an app that stores all files in IOCipher, but using standard java.
[Read More]
report on IOCipher beta dev sprint
Posted on January 31, 2013
| Hans-Christoph Steiner
We are just wrapping up an intensive dev sprint on IOCipher in order to get the first real beta release out, and it has been a wonderfully productive session on many levels! Before we started this, we had a proof-of-concept project that was crashy and ridiculously slow. We’re talking crashes every 100 or so transactions and 9 minutes to write 2 megs. Abel and I were plodding thru the bugs, trying to find the motivation to dive into the hard problems in the guts of some of the more arcane parts of the code.
[Read More]
Mumble and the Bandwidth – Anonymous CB radio with Mumble and Tor
Posted on January 31, 2013
| lee
The journey towards anonymous and secure voice communication is a long one. There’s lots of roadblocks to get your voice from point A to point B over the Internet if you need to prevent eavesdropping or censorship. There is the limited bandwidth of mobile data connections. There is the high latency of the TCP protocol. To achieve anonymity via Tor, there’s even more latency added to each packet.
Mumble is a non-standard protocol that was originally designed for realtime voice chat for video games.
[Read More]
InformaCam wins Knight News Challenge
Posted on January 27, 2013
| n8fr8
WITNESS and The Guardian Project, the mobile security and app development experts, have just been awarded a Knight News Challenge grant from the John S. and James L. Knight Foundation for InformaCam – the first app seeking to address issues of authentication for digital media. In total, the funding was for ~$320,000 USD, with about one third of the funding going directly to software development and testing. The rest of the funding will be applied to deployment, partnerships, awareness building, and all the other necessary things you must do to turn a “great idea” into something with real adoption and use.
[Read More]
Voice over Tor?
Posted on December 10, 2012
| patch
Voice calls over Tor are supposed to be impossible. It seems this may no longer be the case.
Without being able to do voice over IP (VOIP) conversations over the Tor network, people are prevented from being able to route calls outside of censored networks. People ask us if there is any way they can route voice traffic through Tor to avoid blocks. To our surprise, we tested Skype and found that it can work acceptably over Orbot.
[Read More]
Proposal for Secure Connection Notification on Android
Posted on November 15, 2012
| n8fr8
A major problem of mobile applications being increasingly used over web-based applications, is that there is no standard established for notifying the user of the state of security on the network connection. With a web browser, the evolution of the “lock” icon when an HTTPS connection is made, has been one that evolved originally out of Netscape’s first implementation, to an adhoc, defact industry-standard way of letting the user know if their connection is secure.
[Read More]
Orbot v11 is out!
Posted on October 26, 2012
| n8fr8
After previous fits and starts, we’ve stabilized Orbot v11 now with the RC6 release. Our core testers and public users via the Google Play distribution are back to happy and stable states of being.
The latest version can be found:
1) In Google Play:
https://play.google.com/store/apps/details?id=org.torproject.android
2) In our F-Droid repo:
https://guardianproject.info/2012/03/15/our-new-f-droid-app-repository/
3) Our via direct APK here:
https://guardianproject.info/releases/Orbot-release-0.2.3.23-rc-1.0.11-RC6.apk
(.asc)
As always you can file bugs on trac.torproject.org or the guardian
[Read More]
ToFU/PoP in your Android App! (a.k.a. extending Orlib to communicate over Tor)
Posted on September 20, 2012
| harlo
In doing my research for InformaCam, I learned a couple of neat tricks for getting an app to communicate over Tor. Here’s a how-to for app developers to use depending on your threat model, and how you have your web server set-up. Enjoy, and please post your comments/questions/suggestions below…
Before we begin… You’re going to need some basic stuff up-and-running for this to work. Before you get coding, make sure you have the following:
[Read More]
Sometimes the best solution is a library, not an app
Posted on August 27, 2012
| Hans-Christoph Steiner
Our general approach to software development starts with surveying existing solutions that are available and in use, to see if there is already enough of an ecosystem or whether we need to seed that. When there is already an adundance of tools and apps out there, we work to find the good ones, provide feedback and auditing, and then build apps and tools to fill in any gaps. For example, this was our approach in the Open Secure Telephony Network.
[Read More]
From #HOPE9: Your Cell Phone Is Covered in Spiders! – Practical Android Security
Posted on July 19, 2012
| n8fr8
Cooperq gave a great talk on Android security late Saturday night at the recent Hackers on Planet Earth Number 9 aka Hope9 gathering. You can find the slides/src on Github and video up on Vimeo. Cooper wrote some notes, as well:
This talk was given at hope 9. Please feel free to give it yourself, repourpose it, add to it or do whatever you want. I release this talk to the public domain.
[Read More]
Threats and Usability of Secure Voice
Posted on July 10, 2012
| patch
In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple.
[Read More]
A Network Analysis of Encrypted Voice over OSTN
Posted on July 5, 2012
| patch
Introduction to OSTN
The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable.
[Read More]
Our Research
Posted on July 3, 2012
| n8fr8
You can track our latest work on our public research wiki located at https://guardianproject.info/wiki or through the links below.
EVENTS Head to the Events page for a full list of past and future events that we’ll be attending or featured at.
RESEARCH & DEVELOPMENT In addition to our open software development projects, we’re actively engaged in a number of research projects focused on critical unsolved mobile security problems. Solving these problems with freely available, open source software has the potential to greatly benefit activists, human rights defenders and journalists worldwide.
[Read More]
Freebird Flys High
Posted on June 28, 2012
| mark
Freebird: Rio group picture via Obscuracam for Android What happens when you gather coders with privacy and security activists from around the world? Freebird! We held a simultaneous event in NYC and Rio, a one-day barcamp aimed to empower users to be more informed and engaged around their use of mobile technology, while engaging with developers to promote interest in open-source tools, security and privacy. Freebird was a pre-event for RightsCon:Rio, which allowed us to continue and extend conversations and ideas into the larger context of information technologies and human rights.
[Read More]
Orbot Data Tax (Updated!)
Posted on June 20, 2012
| patch
Update (6/26/12): I Found Orbot to have lower idle usage then previously recorded. The post now reflects the new statistics. The previous stats were based on idle usage at 92 bytes/s
There have been many inquiries about the cost of Orbot’s data usage. I ran five different tests to record the types of data tax a user might encounter. Heavy usage of Orbot combined with a low monthly data allotment could be an issue.
[Read More]