New Release on Guardian Project

Our “Wind” project is a Mozilla-NSF challenge finalist!

Fri, 20 Jul 2018 14:28:23 -0400

For the last few years, we’ve been working on the Wind network concept, as a nearby, local, off-grid companion, or alternative, to the Web. This year, we decided to participate in the Wireless Innovation Challenge, sponsored by Mozilla and the National Science Foundation. Today, it was announced that we are a finalist in, as they put it, “A Science Fair with $1.6 Million in Prizes”.

Watch the video below to learn more about Wind, or jump right over to the Wind project page.

Orbot v16: a whole new look, and easier to use!

Fri, 05 Jan 2018 13:14:17 -0400

Orbot: Tor for Android has a new release (tag and changelog), with a major update to the user experience and interface. This is the 16th major release of Orbot, since it was launched in late 2009.

The main screen of the app now looks quite different, with all the major features and functions exposed for easy access. We have also added a new onboarding setup wizard for first time users, that assists with configuring connections to the Tor network for users in places where Tor itself is blocked. This release also continues to support users looking to use Orbot to unblock specific apps, that may not be available on their network or country. From the main screen, users can activate Orbot’s built-in VPN feature, and easily choose which specific apps they want to be routed over the Tor network. You can also refresh your Tor identity, rebuilding all circuit connections through the network, using the circular reload icon in the expanded notification provided by Orbot.

Haven: Building the Most Secure Baby Monitor Ever?

Fri, 22 Dec 2017 09:07:00 -0400

About eight months ago, friends at the Freedom of the Press Foundation reached out to us, to see if we were interested in prototyping an idea they had been batting around. They knew that from projects like CameraV and Proofmode, that we knew how to tap into the sensors on smartphones to do interesting things. They also knew we could connect devices together using encrypted messaging and onion routing, through our work on ChatSecure and Tor (Orbot!). They also knew of our deep interest in bringing ideas to life that can solve real problems faced by people out on the front lines (both at home and abroad), who often are more in danger from physical threats, than digital. They had a concept that would bring all of these things together, and just wanted to see if it was even possible. We were game, and well, here we are today, announcing a real working public beta, and a new open-source project, that we are extremely excited about.

No more “Root” features in Orbot… use Orfox & VPN instead!

Fri, 27 Oct 2017 13:02:02 -0400

Since I first announced the available of Orbot: Tor for Android about 8 years ago (wow!), myself and others have been working on various methods in which to make the capabilities of Tor available through the operating system. This post is to announce that as of the next, imminent release, Orbot v15.5, we will no longer be supporting the Root-required “Transproxy” method. This is due to many reasons.

First, it turns out that allowing applications to get “root” access on your device seems like a good idea, it can also be seen as huge security hole. I am on the fence myself, but considering that the ability to access root features hasn’t been standardized as part of Android, which 8 years ago I hoped it would, it means there are a whole variety of ways that this capability is managed and safeguarded (or not, in most cases). At this point in time, given the sophistication we are seeing mobile malware and rootkits, it seems like a capability that we did not want to focus time and energy on promoting.

Combating “Fake News” With a Smartphone “Proof Mode”

Fri, 24 Feb 2017 02:10:47 -0400

We have been working for many years with our partners at WITNESS, a leading human rights media training and advocacy organization, to figure out how best to turn smartphone cameras into tools of empowerment for activists. While it is often enough to use the visual pixels you capture to create awareness or pressure on an issue, sometimes you want those pixels to actually be treated as evidence. This means, you want people to trust what they see, to know it hasn’t been tampered with, and to believe that it came from the time, place and person you say it came from.

OpenArchive: Free & Secure Mobile Media Sharing #DWebSummit

Tue, 07 Jun 2016 15:37:03 -0400

I am excited to share another new “mini app” effort we have joined up with, as part of work we are doing to create simple, focused tools that solve a single issue. We also are aiming to builds apps that are 1 to 3MB in size, and work on Android phones back to version 2.3, in order to maximize accessibility for a global audience. OpenArchive is one of these efforts. It is a project led by Natalie Cadranel, who received a Knight Foundation prototype grant in 2014. The initial work was done by our partners at Scal.io, and continued now by the core Guardian Project team. The app is now in stable beta and ready for wider testing.

Copperhead, Guardian Project and F-Droid Partner to Build Open, Verifiably Secure Mobile Ecosystem

Mon, 28 Mar 2016 13:42:36 -0400

Three open-source projects haved joined together to announce a new partnership to create an open, verifiably secure mobile ecosystem of software, services and hardware. Led by the work of the Toronto-based CopperheadOS team on securing the core Android OS, Guardian Project and F-Droid have joined in to partner on envisioning and developing a full mobile ecosystem. The goal is to create a solution that can be verifiably trusted from the operating system, through the network and network services, all the way up to the app stores and apps themselves. Through a future planned crowdfunded and commercial offering, the partnership will provide affordable off-the-shelf solutions, including device hardware and self-hosted app and update distribution servers, for any individual and organizations looking for complete mobile stacks they can trust.

ChatSecure for Android v14 is FINALLY here!

Wed, 10 Sep 2014 08:35:39 -0400

I am so happy to announce that ChatSecure for Android v14 IS FINALLY HERE!

BUT This is our first “release candidate” of v14 for public use, and while we love it dearly, you may want to wait for 14.0.1 for us to work out any hiccups.

The update should be out on Google Play shortly, and FDroid in the next few days. Otherwise, you can always download the APK direct from us:

ChatSecure 13.2: Important Beta!

Tue, 05 Aug 2014 11:35:54 -0400

Today is the first public beta of ChatSecure v13.2, an important update of the user interface, networking code, and overall stability. We’ve spent the last six months tracking down crashes, memory leaks and performance issues, and have reached a stable, functional point which we want to share for public use. Reliability and simplicity our the goals, as we move towards v14 in the next few months.

This beta also features a new account setup wizard that we are eager for feedback on. Our goal is to enable new users to have a much simpler experience in setting up ChatSecure to connect to existing or create new accounts. We have also provided a “one-click burner” option to quickly create throwaway accounts, that require Tor and OTR encryption always, for chatting with a single contact or even just a single conversation.

Turn Your Device Into an App Store

Mon, 18 Nov 2013 16:27:30 -0400

As we’ve touched upon in previous blog posts the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded. Often there is a need to quickly bootstrap users during training sessions in countries with unreliable/restricted data connectivity, or in extreme cases, no internet connectivity at all.

ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look

Thu, 24 Oct 2013 01:50:13 -0400

ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look

The Guardian Project’s award-winning open-source app “Gibberbot” for Android, has been rebranded to “ChatSecure” for its version 12 release, unifying the branding with the iPhone and iPad apps, while offering major updates in security from the device through the network.

Download on Google Play or Direct Download now.

October 20, New York, NY – The Guardian Project, a New York-based open-source mobile security incubator, has launched version 12 of its well-regarded secure messaging app for Android, rebranding it to “ChatSecure” to unify branding with existing open-source iPhone and iPad apps. The new upgrade brings an entirely new fluid user interface, and unprecedented security features for users looking to protect their message content (what they are saying) and their metadata (who, why and where) from malicious adversaries and apps, hostile network operators, and dragnet surveillance. It is completely open-source, utilizes interoperable protocols, and has undergone third-party security audits and code reviews.

Gibberbot’s “ChatSecure” MakeOver: Almost Done!

Fri, 20 Sep 2013 17:19:54 -0400

In a previous post with the mouthful of a title “Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement”, I spoke about all of the necessary security features a modern mobile messaging app should have. These include encrypted local storage, end-to-end verifiable encryption over the network, certificate pinning for server connections and a variety of other features. I am VERY happy to report that the latest v12 beta release of the project formerly known as Gibberbot, now called ChatSecure, has all of the features described in that post implemented. From a feature perspective, it is the most security mobile messaging app ever. We also hope that in reality, in practice, it also is, as we have spent a great deal of effort on security code audits, penetration testing, and responding to the outcomes of those effort, to further harden our app.

Our Newest App: PixelKnot

Thu, 18 Jul 2013 13:14:49 -0400

Have you ever hidden in plain sight? Worn camouflage in the woods or an invisibility cloak in a narrow crooked alley? It’s really hard to do properly. We’re hoping that all changes with PixelKnot.

PixelKnot is an app for hiding secret messages in pictures. Sort of like invisible ink on the back of a painting, updated to the present. The ancient art known as steganography, now updated for the 21st century and requiring a more rigorous set of safety standards.

GnuPG for Android progress: we have an command line app!

Thu, 09 May 2013 10:48:52 -0400

This alpha release of our command-line developer tool brings GnuPG to Android for the first time!

GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME.

Gibberbot v11 is not just secure, its also simple, snappy and super fun!

Fri, 08 Mar 2013 12:54:50 -0400

Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39

Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/

If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”?), and then finally settled down into the name and app it is known as now. Really it was a proof of concept, showing that you could indeed use the OTR4J library built for desktops app, on Android.

IOCipher beta: easy encrypted file storage for your Android app

Thu, 07 Feb 2013 14:45:28 -0400

At long last, we are proud to announce the first beta release of IOCipher, an easy framework for providing virtual encrypted disks for Android apps.

does not require root or any special permissions at all
the API is a drop-in replacement for the standard java.io.File API, so if you have ever worked with files in Java, you already know how to use IOCipher
works easiest in an app that stores all files in IOCipher, but using standard java.io with IOCipher is possible
supports android-7 v2.1 and above
licensed under the LGPL v3+

You can download it here:

Orbot v11 is out!

Fri, 26 Oct 2012 06:37:23 -0400

After previous fits and starts, we’ve stabilized Orbot v11 now with the RC6 release. Our core testers and public users via the Google Play distribution are back to happy and stable states of being.

The latest version can be found:

In Google Play:
https://play.google.com/store/apps/details?id=org.torproject.android
In our F-Droid repo:
https://guardianproject.info/2012/03/15/our-new-f-droid-app-repository/
Our via direct APK here:
https://guardianproject.info/releases/Orbot-release-0.2.3.23-rc-1.0.11-RC6.apk
(.asc)

As always you can file bugs on trac.torproject.org or the guardian
tracker: https://dev.guardianproject.info/projects/orbot/issues/new

Our new F-Droid App Repository (out of date!)

Thu, 15 Mar 2012 01:27:43 -0400

Update: this blog post has been changed to reference our new FDroid repository at https://guardianproject.info/fdroid. If you are still using the old one originally described here which has the URL https://guardianproject.info/repo, you should switch to the new repo as soon as possible!

For all of you out there looking for a safe way to find and download apps outside of the Play Store (aka Android Market) or random, sketchy third-party app stores and file sharing sites, then your wait is over:

SQLCipher for Android v1 FINAL!

Tue, 29 Nov 2011 18:17:47 -0400

Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.

If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:

SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.

Announcing ObscuraCam v1 – Enhance Your Visual Privacy!

Thu, 23 Jun 2011 21:28:20 -0400

We’re very happy to announce the beta release of ObscuraCam for Android. This is the first release from the SecureSmartCam project, a partnership with WITNESS, a leading human rights video advocacy and training organization. This is the result of an open-source development cycle, comprised of multiple sprints (and branches), that took place over the last five months. This “v1” release is just the first step towards the complete vision of the project.

The goal of the SecureSmartCam project to to design and develop a new type of smartphone camera app that makes it simple for the user to respect the visual privacy, anonymity and consent of the subjects they photograph or record, while also enhancing their own ability to control the personally identifiable data stored inside that photo or video. Also, we think an app that allows you to pixelize your friends, disguise their faces and otherwise defend their privacy just a little bit, is a lot of fun and helps raise awareness about an important issue. In this first release we have focused on ‘obscura’ by optimizing the workflow of identity obfuscation in still images. Future releases will look at ‘informa,’ the process of properly gaining and recording informed consent from subjects, while also moving to video.

Orbot 1.0.5.2 now available

Tue, 17 May 2011 19:43:30 -0400

Our flagship app, Orbot: Tor on Android, has been updated to version 1.0.5.2. It is available in the Android Market, or through direct download from the Tor Project’s website.

This release fixes a number of long standing bigs, includes the latest and greatest release of Tor itself, cleans up the user interface a bit, and adds some new advanced options (you can specify your exit node country!). It also fixes an issue with our “Tor Everything” capability, that allowed some Android system network traffic to leak and bypass the Tor routing. Finally, it provides for compatibility for CyanogenMOD 7, as well as Android Gingerbread and Honeycomb.

Announcing: SQLCipher for Android, Developer Preview r1

Mon, 09 May 2011 22:45:09 -0400

After some major breakthroughs during last week’s development sprint, we’re extremely excited to announce SQLCipher for Android, Developer Preview r1. SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. To date, it has been open-sourced, sponsored and maintained by Zetetic LLC, and we are glad to be able to extend their efforts to a new mobile platform. In the mobile space, SQLCipher has enjoyed widespread use in Apple’s iOS, as well as Nokia / QT for quite some time. Given that Android by default provides integrated support for SQLite databases, our goal was to create an almost identical API for SQLCipher, so that developers of all skill level could use it, without a steep learning curve.

Proxy Mobile Add-on 0.0.7 for Firefox on Android

Fri, 04 Mar 2011 00:01:24 -0400

We’ve updated our Proxy Mobile add-on for Firefox on Android that allows user to configure their proxy settings. We first released this back in November of last year, and have done our best to keep up with all the various beta updates of the browser. There are no features in this release, just a few small changes to make sure everything is running smoothly out there.

To install the add-on, just search for “Proxy” from the add-on search menu within the Firefox settings screen. You can also point your Firefox mobile browser to this link: https://guardianproject.info/downloads/proxymob-addon-0.0.7.xpi