Advisory on Guardian Project

Proofmode critiques and progress

Thu, 30 Mar 2017 09:53:22 -0400

Bruce Schneier was kind enough to post about our work on Proofmode to his blog. A decent set of comments ensued, which we have considered, measured and weighed. We posted the response below on the post, and now also here. We also received an excellent set of feedback from the Lieberbiber blog. Below are responses to the various concerns raised, and links to work completed or in progress.

At a high level, securely dating files, digital notarization, easy capture of sensor metadata, among other things, are not solved problems. For every day activists around the world, who may only have a cheap smartphone as their only computing device, they have no easy way to do any of these things. Even for high-level war crimes investigators, they are often using consumer point and shoot digital cameras, and documenting everything on paper.

2015 is the Year of Bore-Sec

Fri, 02 Jan 2015 12:35:41 -0400

Over the last few months, the Guardian Project team has been thinking about how to approach the next five years of our work. An idea of “security so easy and seamless, that it is boring” came to the surface through some discussions. This led us to look for inspiration in important inventions and innovations of the past, that provide safety and security to all on a day-to-day basis, without the users of these technologies hardly thinking about them. This is no longer about James Bond super-spy technologies, it is about having as little impact on your day-to-day use of mobile technology while still providing the maximum protection to your data and communications, as possible.

ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look

Thu, 24 Oct 2013 01:50:13 -0400

ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look

The Guardian Project’s award-winning open-source app “Gibberbot” for Android, has been rebranded to “ChatSecure” for its version 12 release, unifying the branding with the iPhone and iPad apps, while offering major updates in security from the device through the network.

Download on Google Play or Direct Download now.

October 20, New York, NY – The Guardian Project, a New York-based open-source mobile security incubator, has launched version 12 of its well-regarded secure messaging app for Android, rebranding it to “ChatSecure” to unify branding with existing open-source iPhone and iPad apps. The new upgrade brings an entirely new fluid user interface, and unprecedented security features for users looking to protect their message content (what they are saying) and their metadata (who, why and where) from malicious adversaries and apps, hostile network operators, and dragnet surveillance. It is completely open-source, utilizes interoperable protocols, and has undergone third-party security audits and code reviews.

Orweb Security Advisory: Possible IP leakage with HTML5 video/audio

Wed, 21 Aug 2013 16:15:36 -0400

The Orweb browser app is vulnerable to leak the actual IP of the device it is on, if it loads a page with HTML5 video or audio tags on them, and those tags are set to auto-start or display a poster frame. On some versions of Android, the video and audio player start/load events happen without the user requesting anything, and the request to the URL for the media src or through image poster is made outside of the proxy settings.