News on Guardian Project

Kindness Mode: Help People Connect to Tor on World Kindness Day

Thu, 13 Nov 2025 00:00:00 +0000

Today is World Kindness Day. As stated on Wikipedia, “World Kindness Day is to highlight good deeds in the community focusing on the positive power and the common thread of kindness for good which binds us.”

Now that word bind is particularly meaningful to use in a technical way - when a remote computer connects to another computer over a network, whether peer-to-peer or a server, one way to state what happens is “binding to their socket port”. The decentralized, privacy-focused tor network is powered by volunteer organizations and inviduals around the world sharing their network resources. On Tor, there is a great deal of positive, community “good which binds us” going on.

7ASecurity Completes Security Audit of Círculo

Mon, 17 Mar 2025 00:00:00 +0000

Over the last six months, we’ve been working with 7ASecurity through support from the Open Technology Fund’s Security Safety Audits, to complete an audit of our Círculo project. The public report on that is now available. You can also read the blog post on the audit from 7ASecurity.

If you don’t know about Circulo, this is a physical check-in safety app we have developed, alongside Article 19’s Mexico City team, for a number of years, focused on providing secure location sharing and urgent notifications within small trusted groups, for people under threat of physical violence. The free and open-source code we have developed includes iOS and Android mobile apps, as well as server infrastructure, largely based on the Matrix Protocol, including the mobile software development kits (SDKs), MegaOLM encryption, and Synapse Server. You can read about the last round of work we completed on Circulo, including design, development, and community building, in a public report released in November.

IOCipher 1.0 community reboot

Sat, 01 Feb 2025 00:00:00 +0000

IOCipher update to version 1.0

We are thrilled to announce that a community contributor has picked up maintaining a fork of IOCipher and updated to IOCipher 1.0, designed to enhance your development experience and empower you to create more secure applications with ease. Here’s what’s new and why it matters to you:

1. Enhanced Features

We introduced a few new features. Most notably IOCipher is also available on Desktop Java for Linux and Windows now. (Although not all IOCipher features are fully supported on Windows). The latest release even includes some example code for accessing IOCipher VFS using Python.

A Look Back at 2024: F-Droid's Progress and What’s Coming in 2025

Tue, 21 Jan 2025 00:00:00 +0000

With 2024 now behind us, we wanted to take a moment to reflect on the growth and achievements we accomplished as a community last year, and celebrate the incredible support we received from the FOSS community throughout the journey.

This year has been a milestone for us, with significant strides in decentralizing app distribution, expanding the F-Droid ecosystem, and solidifying our infrastructure. All of these advancements were made possible thanks to donations, grants, our volunteers and regular contributors. So thank you again to everyone who helped make 2024 another great year for F-Droid. Now let’s take a closer look at what we accomplished.

Using TLS ECH from Python

Fri, 10 Jan 2025 00:00:00 +0000

At first, the idea of encrypting more of the metadata found inside the initial packet (the “ClientHello”) of a TLS connection may seem simple and obvious, but there are of course reasons that this wasn’t done right from the start. In this post I will describe the flow of a connection using Encrypted Client Hello (ECH) to protect the metadata fields, and present a working code example using a fork of CPython built with DEfO project’s OpenSSL fork to connect to ECH-enabled HTTPS servers.

The future of our fdroid-compatible app repository

Sat, 24 Feb 2024 00:00:00 +0000

Guardian Project has been running its own fdroid-compatible app repository since 2012. Up until now, we worked to ensure that our repository had the same standards of free software as the official F-Droid repository. Therefore, the Guardian Project repository was included in the official F-Droid client app by default. A lot has changed since then, for the better. F-Droid has long since stopped shipping pre-built binaries from any provider. Back in the day, F-Droid shipped some binaries, like Mozilla’s Firefox APKs, and allowed some non-free libraries in apps. The free software ecosystem on Android has since blossomed, so F-Droid no longer needs to make those kinds of compromises. And F-Droid is completing a big update on how repositories are handled.

Quick set up guide for Encrypted Client Hello (ECH)

Fri, 10 Nov 2023 00:00:00 +0000

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project has developed an implementation of ECH for OpenSSL, and proof-of-concept implementations of various clients and servers that use OpenSSL, and other TLS libraries, as a demonstration and for interoperability testing. DEfO is funded by the Open Technology Fund (OTF).

DEfO - Developing ECH for OpenSSL (round two)

Thu, 09 Nov 2023 00:00:00 +0000

Encrypted ClientHello (ECH) plugs a privacy-hole in TLS, hiding previously visible details from network observers. The most important being the name of the web-site the client wishes to visit (the Server Name Indication or SNI). This can be a major privacy leak, like when accessing a dissident news source hosted on a Content Delivery Network (CDN). A visible domain name also provides a straightforward method for censors to block websites and internet services. Tolerant Networks Limited and the Guardian Project successfully ran the OTF-funded DEfO project that developed interoperable implementations of ECH for OpenSSL, Conscrypt and, via those libraries, a range of ECH-enabled web servers and clients. This second funded project, DEfO-2, is a timely continuation of that project from the same the team. As needed for disambiguation, we use DEfO-1 to refer the completed project and DEfO-2 for this current project. When there’s no ambiguity, we use the DEfO acronym to cover both past and future work related to ECH for OpenSSL, related applications and other TLS stacks.

FIFA2023 Report

Fri, 03 Nov 2023 00:00:00 +0000

Forum on Internet Freedom in Africa (FIFAfrica) organized by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) took place in September 26-29, 2023 in Dar es Salaam, Tanzania at the Hyatt Regency Hotel.

The first two days - the 26th and 27th of September - were invite only. The rest of the days - 28th and 29th of September - were meant for all the other participating attendees.

The theme of the event was “The Internet Freedom we want for Africa” which was highlighted during the opening ceremony. It was well organized with a dedicated media and photography team who did a great job in their coverage. Attendees and attending organizations were diverse coming from all over the world. They were not only limited to digital security folks but also there were attendees from academia, law, policy and government.

F-Droid's Community-controlled Backup Ceremony

Sat, 15 Jul 2023 00:00:00 +0000

(Guest post from F-Droid, originally on f-droid.org)

Seven core contributors and one board member met in Scotland, the birthplace of F-Droid, for the first in-person F-Droid team meeting. One of the most pressing tasks we needed to take care of was setting up a contributor-controlled backup of all of our signing keys. The requirements made it necessary to have a lengthy, in-person, consensus-driven planning session. We found no good documentation of such a procedure, so we’re going out on a limb here and publishing the general outline of our process. This process was informally audited by multiple people with varying expertise before the public key was used to encrypt anything.

Improving website resilience with LibResilient and IPFS

Thu, 15 Jun 2023 00:00:00 +0000

We’re always looking for techniques to make services more resilient to all sorts of issues. That’s why we took special interest in LibResilient and mapped out it’s capabilities. It’s a JavaScript library for decentralized content delivery in web-browsers and markets itself as easy to deploy to any website. We’ve looked at LibResilient primarily in the context of static websites. While it should work with dynamic websites too, that was out of focus for us.

Arti, next-gen Tor on mobile

Sat, 04 Mar 2023 10:00:00 -0400

For software projects with recurring bugs, efficiency or security issues there’s a joke making the rounds in the software industry: “Let’s re-write it in Rust!” It’s a fairly new low-level programming language with the declared goal to help developers avoid entire classes of bugs, security issues and other pitfalls. Re-writing software is very time consuming, so it rarely happens, especially when just one more fix will keep a project up and running.

Steps towards trusted VPNs

Tue, 28 Feb 2023 00:00:00 +0000

VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection. Then once users are connected, all of their traffic that goes over the VPN will see the internet from the point of view of the VPN’s server. That is how VPNs “unblock” the internet. In contrast, some are using VPNs to selectively block things, like making a system-wide adblocker.

Scanning apps, off the record

Wed, 28 Sep 2022 00:00:00 +0000

Smart phones have brought us so many wonderful capabilities. They let people around the world access vast realms of information. They let app developers solve problems large and small in a way most relevent to their local context. They are personal computers for the world. They also have given surveillance capitalism an unprecedented reach into everyone’s lives. Repressive governments use them in ways that the East German Stasi secret police could only have dreamed of. And as promising as artificial intelligence is, it is also threatening humanity. People around the world are pushing back. This public interest work requires technical inspection of apps. There are organizations highlighting algorithmic transparency and calling out surveillance capitalism. Journalists are linking apps into key stories about the misdeeds of powerful companies. Activists are exposing the hidden machinations of their governments. All of these people require technical skills to see what a given app is going.

The Search for Ethical Apps: Let's start with governments

Thu, 01 Sep 2022 00:00:00 +0000

Governments across the world are moving services to mobile apps. The vast majority of these apps are only available in the Google Play store or in the Apple App store. Installing apps from these services requires users to agree to their terms of service. This means governments require their citizens to sign opaque and privacy invading contracts with foreign Big Tech in order to use digital services. This feeds ever more into Big Tech data control, filtering, and information bubbles. There are some exceptions here, like China has multiple app stores that are popular. Chinese Big Tech also require restrictive terms of service agreements. Additionally, many of apps are developed by the same firms that are tied into the surveillance capitalism ecosystem. So they include features that track the end users. The governments are not demanding data transparency, and these firms have not been delivering it.

Privacy Preserving Analytics in the Real World: Mailvelope Case Study

Mon, 28 Feb 2022 00:00:00 +0000

We love Mailvelope. It’s a popular browser extension for encrypting email messages. Now, Clean Insights is helping Mailvelope understand which webmail providers are most popular with their users so they can prioritize their development efforts.

Anyone who has written software knows it takes hard work to craft a great user experience. That’s even more challenging in Mailvelope’s case. Their browser extension integrates with more than a dozen ever-changing third party webmail interfaces. The Mailvelope team asks itself questions like, “Is time better spent improving the GMail integration or the mailbox.org one?” The answer often hinges on which providers are most popular among Mailvelope users, information not yet readily available to the Mailvelope team.

Spearphishing for developers

Wed, 23 Feb 2022 00:00:00 +0000

I received an interesting email that points to a new direction in targeting developers to exploit them. This email is a reply to a message that I actually wrote to an email list in 2012, that was posted on a public thread on a public list. It also uses the name of a person that posted on that thread: “Paul Eggers”. Oddly, it did not use that person’s actual email from the original thread. Especially considering that I replied to the message to ask for more info, but got no answer. I guess this was just to ensure that the real “Paul Eggers” did not respond.

Decentralizing Distribution

Sat, 05 Feb 2022 00:00:00 +0000

Guardian Project has been awarded a grant from the Filecoin Foundation for the Decentralized Web (FFDW) to work on decentralizing veracity and distribution (DVD). FFDW’s Mission is to “ensure the permanent preservation of humanity’s most important information by stewarding the development of open source software and open protocols for decentralized data storage and retrieval networks.” Filecoin is built on top of IPFS, which is “a distributed system for storing and accessing files”. The distribution component of the FFDW-DVD project is focused on improving F-Droid’s free, open, and decentralized mobile app ecosystem. On top of the flagship unified experience offered by this website and the F-Droid official app, F-Droid provides all the pieces for anyone to create, build, remix, publish, reproduce, redistribute and review mobile apps.

Debian over HTTPS

Wed, 08 Dec 2021 00:00:00 +0000

Debian’s package manager apt has a time-tested method of securely providing packages from the network built on OpenPGP signatures. Even though this signing method works well for verifying the indexes and package files, there are new threats that have become relevant as man-in-the-middle attacks and data mining become ever easier. Since 2013, apt developers have supported encrypted transport methods HTTPS and Tor Onion Service. We have been recommending their use since 2013.

Most major mirrors already support HTTPS, and now https://security.debian.org has finally joined the party. That means it is possible to use HTTPS on all of the official repositories. On top of that, many Debian Developers are working on making HTTPS the default for new installs.

Implementing TLS Encrypted Client Hello

Tue, 30 Nov 2021 00:00:00 +0000

As part of the DEfO project, we have been working on accelerating the development Encrypted Client Hello (ECH) as standardized by the IETF. ECH is the next step in improving Transport Layer Security (TLS). TLS is one of the basic building blocks of the internet, it is what puts the S in HTTPS. The ECH standard is nearing completion. That is exciting because ECH can encrypt the last plaintext TLS metadata that it is possible to encrypt. So ECH will bring some real improvements in privacy and censorship resistance.

New insights into clean analytics

Tue, 02 Mar 2021 00:00:00 +0000

There is a giant problem with the “collect it all” status quo that pervades on the Internet, this has been clear for a long time. Tracking people has become so widespread that organizations, communities, projects and university labs have sprung up dedicated to detecting and publicizing their presence. Data and analytics are clearly useful for software creators and funders, but they also easily lead to harming people’s privacy and well-being. The past year of work on Clean Insights has clarified our goals to make analytics possible without injuring the very people we aim to serve. Clean Insights takes the world of data analytics and turns it on its head. The Clean Insights approach starts with thinking about the data, then choosing only the data that is clearly safe to use. A user’s location, complete device description, or other identifying information is dangerous to gather. A simple count of how many times a feature was used, or a webpage was visited, can be gathered without links to people.

Usability: the wonderful, powerful idea that betrayed us

Thu, 18 Feb 2021 00:00:00 +0000

Usability triggered a revolution in computing, taking arcane number crunching machines and making them essential tools in so many human endeavors, even those that have little to do with mathematics. It turned the traditional design approach on its head. Initially, experts first built a system then trained users to follow it. User experience design starts with goals, observes how people actually think and act in the relevant context, then designs around those observations, and tests with users to ensure it fits the users’ understanding. These ideas were pioneered in the Silicon Valley. This was driven by the unusual confluence of a pioneering spirit and deep engineering skills. That merged with a strong counter-culture looking to empower individuals and communities. So much of the best of digital technology has its roots in these ideas. I feel fortunate to have grown up immersed in these ideas in the Silicon Valley of the 70s and 80s, and still feel that sense of idealism that these ideas can truly make the world a better place.

Clean Insights: February 2021 Update on Privacy-Preserving Measurement

Wed, 10 Feb 2021 00:00:00 +0000

Greetings, all. I hope this finds you healthy and well, finding ways to enjoy the season (whichever it may be). While everyday still provides new challenges in the life of our team at Guardian Project, we continue to strive to be productive as productive as we can be in our professional and personal lives.

I’ve just posted an updated presentation on Clean Insights, reflecting on the symposium in May, and the work we have done since then. You can see and share it from here:

New Data Sources: API Key Identifiers and BroadcastReceiver Declarations

Tue, 15 Dec 2020 00:00:00 +0000

A central focus of the Tracking the Trackers project has been to find simple ways to detect whether a given Android APK app file contains code which tracks the user. The ideal scenario is a simple program that can scan the APK and tell a non-technical user whether it contains trackers, but as decades of experience with anti-virus and malware scanners have clearly demonstrated, scanners will always contain a large degree of approximation and guesswork. Tracking the Trackers grew out of experiments in using machine learning to detect malware. This provided the spark to apply this to privacy issues.

εxodus ETIP: The Canonical Database for Tracking Trackers

Fri, 11 Dec 2020 00:00:00 +0000

There is a new story to add to the list of horrors of Surveillance Capitalism: the United States’ Military is purchasing tracking and location data from companies that track many millions of people. We believe the best solution starts with making people aware of the problem, with tools like Exodus Privacy. Then they must have real options for stepping out of “big tech”, where tracking dominates. F-Droid provides Android apps that are reviewed for tracking and other “anti-features”, and F-Droid is built into mobile platforms like CalyxOS that are free of proprietary, big tech software.

Distribution in Depth: Mirrors as a Source of Resiliency

Mon, 07 Dec 2020 00:00:00 +0000

There are many ways to get the apps and media, even when the Internet is expensive, slow, blocked, or even completely unavailable. Censorshop circumvention tools from ShadowSocks to Pluggable Transports can evade blocks. Sneakernets and nearby connections work without any network connection. Hosting on Content Delivery Networks (CDNs) can make hosting drastically cheaper and faster. One method that is often overlooked these days is repository mirrors. Distribution setups that support mirrors give users the flexibility to find a huge array of solutions for problems when things are not just working. Mirrors on local networks can be much cheaper. Mirrors in specific countries are often not blocked or filtered. Mirrors can be copied onto portable storage and moved to where the users are.

Free Software Tooling for Android Feature Extraction

Wed, 06 May 2020 00:00:00 +0000

As part of the Tracking the Trackers project, we are inspecting thousands of Android apps to see what kinds of tracking we can find. We are looking at both the binary APK files as well as the source code. Source code is of course easy to inspect, since it is already a form that is meant to be read and reviewed by people. Android APK binaries are a very different story. They are first and foremost a machine-executable format. On top of that, many developers deliberately obfuscate as much as possible in the APK to resist inspection.

"Features" for Finding Trackers

Tue, 28 Apr 2020 00:00:00 +0000

One key component of the Tracking the Trackers project is building a machine learning (ML) tool to aide humans to find tracking in Android apps. One of the most important pieces of developing a machine learning tool is figuring out which “features” should be fed to the machine learning algorithms. In this context, features are constrained data sets derived from the whole data set. In our case, the whole data set is terabytes of APKs. This post is an outline of the features that we are focusing on in this current project.

Figuring Out Crowdsourced Translation of Websites

Thu, 23 Apr 2020 00:00:00 +0000

Crowdsourced translation platforms like Weblate, Transifex, Crowdin, etc. have proven to be a hugely productive way to actively translate apps and desktop software. Long form texts like documentation and websites remain much more work to translate and keep translated. Many translation services currently support Markdown and HTML, but very basically, which means much more work for translators and webmasters. Translators can inadvertently break things, either with a typo or because of a lack of knowledge of a specific syntax. This can make the whole page layout break. Webmasters and documentation maintainers must carefully check the process to ensure everything is working smoothly. With the spread of Markdown as a standard format, there is now hope! Software developers can focus efforts on the Markdown translation workflow, and Markdown is more tolerant of syntax errors than HTML.

The Promise and Hazards of COVID Contact Tracing Apps

Thu, 09 Apr 2020 00:00:00 +0000

There has been increasing interest in the possibilities of tracking people who are infected with Coronavirus using all of the various methods that smart phones provide. There is good reason: “contact tracing” has been a pillar of public health efforts for decades. It is an effective means to curtail the spread of infectious disease. At the same time, governments, companies, and organizations are acting fast to offer services to help end this current pandemic. The problem is that many of these are taking advantage of these times to introduce more tracking of people, more data collection, and more control over people. We must not let contact tracing be used to reduce privacy and increase unnecessary data collection.

We Support the Open COVID Pledge

Thu, 09 Apr 2020 00:00:00 +0000

Please join this Open COVID Pledge by committing to freely share technology for all work that aims to end the Coronavirus Disease 2019 (COVID-19) pandemic.

We believe that free software licenses like the GNU GPL and the Apache License already provide these key benefits. We are making this statement to make it clear that all of our code is available for any effort to end the COVID Pandemic.

We grant to every person and entity that wishes to accept it, a non-exclusive, royalty-free, worldwide, fully paid-up license to fully use, practice and exploit all our patent and copyright rights, for the sole purpose of ending the COVID-19 pandemic and minimising the impact of the disease, including diagnosis, prevention, containment, and treatment.

Improving Crowdsourced Translation of Long Form Text

Thu, 05 Mar 2020 00:00:00 +0000

We are happy to announce the start of work on another step in improving crowdsourced localization, funded by the ISC Project. This is the second part of our ongoing “Linguine” collaboration to move crowdsourced translation to privacy-respecting free software.

Crowdsourced translation has proven enormously successful getting apps and website software translated into many languages. Using tools like Weblate or Transifex, developers can quite easily incorporate translated app strings into their mobile apps and websites. Any kinds of text that is easily broken down into phrases and sentences will fit easily into the crowdsourced workflow. Localization Lab enables a wide range of volunteers to contribute to the most important projects in a wide array of languages.

Tracking the Trackers: using machine learning to aid ethical decisions

Thu, 16 Jan 2020 00:00:00 +0000

F-Droid is a free software community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It has become the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. F-Droid already has tools to aide contributors in this process, visible in the app submission and Request For Packaging (RFP) issue trackers. We also have functional prototypes of using machine learning to drastically speed up this process by augmenting humans, rather than replacing them.

NetCipher + Conscrypt for the best possible TLS

Tue, 17 Dec 2019 00:00:00 +0000

A new NetCipher library has recently been merged: netcipher-conscrypt. In the same vein as the other NetCipher libraries, netcipher-conscrypt wraps the Google Conscrypt library, which provides the latest TLS for any app that includes it. netcipher-conscrypt lets apps then disable old TLS versions like TLSv1.0 and TLSv1.1, as well as disable TLS Session Tickets. This is an alpha release because it only works on recent Android versions (8.1 or newer). The actual functionality works well, the hard part remains making sure that it is possible to inject netcipher-conscrypt as the TLS provider on all Android devices and versions. And the last missing piece is finding the right place in Conscrypt to configure proxying to support Tor or other privacy proxies

Trusted Update Channels vs. Scratching Your Itch

Mon, 02 Dec 2019 00:00:00 +0000

One of the great things about free software is that people can easily take a functional program or library and customize it as they see fit. Anyone can come along, submit bug fixes or improvements, and they can be easily shared across many people, projects, and organizations. With distribution systems like Python’s pypi, there is an update channel that the trusted maintainers can publish fixes so consumers of the library can easily get updates. When talking about update channels and code, it is unavoidable to also talk about people and trust. One key piece is the trust relationship between the consumer and the maintainer. The ideal software distribution system would be a blind, trustworthy pipe between the software maintainers and each end user.

Onions on Apples: A New Release of Onion Browser for iOS

Tue, 08 Oct 2019 00:00:00 +0000

During 2019, Guardian Project has been working with developer Mike Tigas to make improvements to his Tor-enabled web browser for iOS, Onion Browser. Here we re-cap the major improvements currently - and soon-to-be - available.

Mike developed Onion Browser on his own, in close collaboration with the Tor Project. Though we’ve worked with Mike in the recent-past, this 2019 project – funded by the Open Technology Fund – gave us significantly more bandwidth to address the challenges of running Tor on iOS, especially alongside a full web-browsing feature set.

IOCipher 64-bit builds

Mon, 07 Oct 2019 00:00:00 +0000

IOCipher v0.5 includes fulil 64-bit support and works with the latest SQLCipher versions. This means that the minimum supported SDK version had to be bumped to android-14, which is still older than what Google Play Services and Android Support libraries require.

One important thing to note is that newer SQLCipher versions require an upgrade procedure since they changed how the data is encrypted. Since IOCipher does use a SQLCipher database, and IOCipher virtual disks will have to be upgraded. That can be done by directly using the SQLCipher migration method on your IOCipher database files before opening them again. It should be possible to stick with SQLCipher v3.5.9 to avoid this, but this has not been tested.

Tor Project: Orfox Paved the Way for Tor Browser on Android

Tue, 03 Sep 2019 00:00:00 +0000

Last month, we tagged the final release of Orfox, an important milestone for us in our work on Tor. Today, we pushed this final build out to all the Orfox users on Google Play, which forces them to upgrade to the official Tor Browser for Android..

Our goal was never to become the primary developer or maintainer of the “best” tor-enabled web browser app on Android. Instead, we chose to act as a catalyst to get the Tor Project and the Tor Browser development team themselves to take on Android development, and upstream our work into the primary codebase. This has happened, and it is a great news for everyone. The work for developing and updating Tor Browser on the desktop and Android are now coordinated and synchronized, and end-users benefit from more frequent updates and improvements.

NetCipher update: global, SOCKS, and TLSv1.2

Tue, 25 Jun 2019 00:00:00 +0000

NetCipher has been relatively quiet in recent years, because it kept on working, doing it was doing. Now, we have had some recent discoveries about the guts of Android that mean NetCipher is a lot easier to use on recent Android versions. On top of that, TLSv1.2 now reigns supreme and is basically everywhere, so it is time to turn TLSv1.0 and TLSv1.1 entirely off.

A single method to enable proxying for the whole app

As of Android 8.0 (26 aka Oreo), it is now possible to set a URLStreamHandlerFactory, which creates URLConnection instances with custom configurations. If an app is using the built-in HttpURLConnection API for its networking, it is now possible to enable global proxying with a single method call when the app starts: NetCipher.useGlobalProxy(). Then the actual proxy configuration can be set dynamically, using things like NetCipher.useTor() or NetCipher.clearProxy().

PanicKit 1.0: built-in panic button and full app wipes

Tue, 04 Jun 2019 00:00:00 +0000

Panic Kit is 1.0! After over three years of use, it is time to call this stable and ready for widespread use.

Built-in panic button

This round of work includes a new prototype for embedding PanicKit directly into Android. Android 9.0 Pie introduced a new “lockdown” mode which follows some of the patterns laid out by PanicKit. There is an Enter lockdown button available on the power button menu, so it is rapidly available. This is a great panic trigger button, so we made a prototype of a System Settings app that lets users connect the full flexibility of PanicKit responses to this Enter lockdown button. The functionality that Google links to this new button is extremely limited, it seems to be a one time restriction on how you login. The PanicKit responses are in addition to what Google included. CalyxOS is working to integrate this, look for test releases soon!

Exploring possibilities of Pluggable Transports on Android

Tue, 16 Apr 2019 15:00:00 -0400

Pluggable Transports (PT) give software developers the means to establishing reliable connections in DPI-filtered network scenarios. A variety of techniques are supported, all available by implementing just one standard. We looked into how this can be put to work in Android Apps. Hence we crafted 3 fully functional PT-enabled prototype Apps based on well known open source projects.

All our prototypes rely on obfs4 which is a stable PT implementation widely deployed by Tor. Guardian Project published a library called AndroidPluggableTransports for giving Android developers access easy access to PT. Since we could not find any easily accessible sample code, we created a minimal demo project, illustrating a minimal setup for sending a HTTP-request through a OBFS4 connection.

Use Onions/HTTPS for software updates

Wed, 23 Jan 2019 06:35:40 -0400

There is a new vulnerability in Debian’s apt that allows anything that can Man-in-the-Middle (MITM) your traffic to get root on your Debian/Ubuntu/etc boxes. Using encrypted connections for downloading updates, like HTTPS or Tor Onion Services, reduces this vulnerability to requiring root on the mirror server in order to exploit it. That is a drastic reduction in exposure. We have been pushing for this since 2014, and Debian, mirror operators, and others in the ecosystem have taken some big steps towards making this the standard. This should finally put to rest the idea that plain HTTP is enough for software updates with signed metadata.

Wind is a Mozilla & National Science Foundation Grand Prize Winner

Wed, 26 Sep 2018 10:54:38 -0400

On August 14th, members of the Guardian Project team traveled to Mountain View to compete in the final round of the Wireless Innovation for a Networked Society (WINS) Challenge. We learned in July that our Wind project was a finalist, and we now had the opportunity to compete for one of the grand prizes, in a TED-meets-SharkTank style event, at Mozilla HQ.

Wind is a network designed for opportunistic communication and sharing of local knowledge that provides off-grid services for everyday people, using the mobile devices they already have. In the Wind network, Chime is the hyperlink, but one that exists in time and space, discoverable through beacon broadcasts and human-to-human sharing. All of this is powered by free and open-source software, running on readily available consumer hardware, and can be deployed at little to no cost, in a very short amount of time.

Our “Wind” project is a Mozilla-NSF challenge finalist!

Fri, 20 Jul 2018 14:28:23 -0400

For the last few years, we’ve been working on the Wind network concept, as a nearby, local, off-grid companion, or alternative, to the Web. This year, we decided to participate in the Wireless Innovation Challenge, sponsored by Mozilla and the National Science Foundation. Today, it was announced that we are a finalist in, as they put it, “A Science Fair with $1.6 Million in Prizes”.

Watch the video below to learn more about Wind, or jump right over to the Wind project page.

Orbot: Over 20 Million Served, Ready for the Next Billion

Wed, 16 May 2018 07:42:38 -0400

We recently published the latest release of Orbot (16.0.2!), and as usual, we make it available via Google Play, as well F-Droid, and through direct download on our website. Whether we like it or not, Google keeps tracks of things like total installs and active installs (i.e. not uninstalled), and reports on that for us through their dashboard. While publishing this release, we noticed a milestone that made us a bit proud… so pardon this humblebrag.

Orbot v16: a whole new look, and easier to use!

Fri, 05 Jan 2018 13:14:17 -0400

Orbot: Tor for Android has a new release (tag and changelog), with a major update to the user experience and interface. This is the 16th major release of Orbot, since it was launched in late 2009.

The main screen of the app now looks quite different, with all the major features and functions exposed for easy access. We have also added a new onboarding setup wizard for first time users, that assists with configuring connections to the Tor network for users in places where Tor itself is blocked. This release also continues to support users looking to use Orbot to unblock specific apps, that may not be available on their network or country. From the main screen, users can activate Orbot’s built-in VPN feature, and easily choose which specific apps they want to be routed over the Tor network. You can also refresh your Tor identity, rebuilding all circuit connections through the network, using the circular reload icon in the expanded notification provided by Orbot.

No more “Root” features in Orbot… use Orfox & VPN instead!

Fri, 27 Oct 2017 13:02:02 -0400

Since I first announced the available of Orbot: Tor for Android about 8 years ago (wow!), myself and others have been working on various methods in which to make the capabilities of Tor available through the operating system. This post is to announce that as of the next, imminent release, Orbot v15.5, we will no longer be supporting the Root-required “Transproxy” method. This is due to many reasons.

First, it turns out that allowing applications to get “root” access on your device seems like a good idea, it can also be seen as huge security hole. I am on the fence myself, but considering that the ability to access root features hasn’t been standardized as part of Android, which 8 years ago I hoped it would, it means there are a whole variety of ways that this capability is managed and safeguarded (or not, in most cases). At this point in time, given the sophistication we are seeing mobile malware and rootkits, it seems like a capability that we did not want to focus time and energy on promoting.

Ostel.co is permanently offline

Thu, 10 Aug 2017 17:16:51 -0400

We are sad to announce that the Ostel service is officially discontinued and permanently offline. While Guardian Project had a hand in its conception and initial implementation, the actual operation of the service was spun out long ago to be run by a new venture a member of our original team. They have kept Ostel running free of charge for many years of reliable service, but at this point it seems, they have decided they can no longer do so.

Tracking usage without tracking people

Thu, 08 Jun 2017 10:58:53 -0400

One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software. Even in the case of advertisers, they mostly do not care exactly who you are, they want to know what you are interested in so that they can more effectively promote things to you.

Announcing new libraries: F-Droid Update Channels

Wed, 31 May 2017 11:40:27 -0400

In many places in the world, it is very common to find Android apps via a multitude of sources: third party app stores, Bluetooth transfers, swapping SD cards, or directly downloaded from websites. As developers, we want to make sure that our users get secure and timely update no matter how they got our apps. We still recommend that people get apps from trusted sources like F-Droid or Google Play.

F-Droid: A new UX 6 years in the making

Mon, 17 Apr 2017 10:19:19 -0400

(post by Peter Serwylo)

F-Droid has been a part of the Android ecosystem for over 6 years now.
Since then, over 2000 apps have been built for the main repository,
many great features have been added, the client has been translated into over 40 different languages, and much more.

However, the F-Droid UX has never changed much from the original three tab layout:

Announcing the Developer Challenges Survey

Tue, 21 Mar 2017 11:32:22 -0400

In the Guardian Project‘s current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to become more aware of the challenges and risks facing software developers who build software in around the world.

There are a wealth of resources available on how to support and collaborate with high-risk users. Surprisingly, we could not find any guidance on how to support and collaborate with developers where the internet is heavily monitored and/or filtered, let alone developers who might be at risk because of the software they develop.

Build Android apps with Debian: apt install android-sdk

Mon, 13 Mar 2017 10:03:30 -0400

In Debian stretch, the upcoming new release, it is now possible to build Android apps using only packages from Debian. This will provide all of the tools needed to build an Android app targeting the “platform” android-23 using the SDK build-tools 24.0.0. Those two are the only versions of “platform” and “build-tools” currently in Debian, but it is possible to use the Google binaries by installing them into /usr/lib/android-sdk.

F-Droid now supports APK Expansion Files aka OBB

Wed, 22 Feb 2017 10:24:53 -0400

Many games, mapping, and other apps require a large amount of data to work. The APK file of an Android app is limited to 100MB in size, yet it is common for a single country map file to be well over 100MB. Also, in order to get users running as quickly as possible, they should not have to wait for huge amounts of data to download in order to just start the app for the first time.

Build Your Own App Store: Android Media Distribution for Everyone

Wed, 22 Feb 2017 09:45:11 -0400

Most people get their Android apps from Google Play. It is usually the simplest and most secure option for them. But there are also many people who do not have access to Google Play. This might be due to lack of a proper internet connection or simply because Google Play is blocked within their country.

The F-Droid project already offers tools to create independent app distribution channels for Android apps. These tools are ready for production, but require expert knowledge and the command-line to be used. Now, we want to build upon this foundation and develop curation tools that can also be used by people with little technical knowledge, thus making the app distribution technology more broadly available.

How can we learn without watching?

Mon, 30 Jan 2017 14:40:05 -0400

What kind of measurement, tracking or analytics do you use, and can you sleep at night with your decision?

As part of the Berkman-Klein Assembly program at Harvard, I am working with a team to imagine a next-generation mobile and IoT analytics system that has privacy, confidentiality and anonymity at its core. The hope is we can find ways to learn what our users like and understand how our apps are performing without having to rely on proprietary cloud services, logging liability, network vulnerabilities, and invasive app permissions.

Imagining the challenges of developers in repressive environments

Thu, 26 Jan 2017 09:56:59 -0400

The Guardian Project team spends a lot of time thinking about users. In our work we focus on easy-to-use applications for users in high-risk scenarios. Because of this we are very focused on security. In our current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to become more aware of the challenges and risks facing software developers who build software in high-risk environments.

New Partnership with Circle of 6 mobile safety app

Thu, 19 Jan 2017 06:00:34 -0400

Circle of 6 Focuses on Security with Guardian Project Partnership

Safety App Will Get End-to-End Encryption and More To Support High-Risk Communities

New York, NY: Two innovative organizations have partnered to bring increased digital security and privacy capabilities to users interested in improved safety for their mobile devices. Tech 4 Good, the developer of Circle of 6, a highly regarded mobile safety app developed to promote safety and health through networks of trust, has partnered with Guardian Project, a leader in mobile security and privacy technologies. The two organizations will work to upgrade the capabilities of the Circle of 6 app to provide users with secure messaging, private identities and improved physical security of device data.

Orfox 1.2.1 released

Fri, 02 Dec 2016 00:50:40 -0400

We’ve released a new version of Orfox, our Tor Browser for Android, that contains an an important security update to Firefox.

This update is based on the latest release of Tor Browser, which was announced with this message:

The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately.

Orfox 1.2: An Overdue Update to Our Privacy-Focused Browser!

Sun, 25 Sep 2016 00:43:54 -0400

Primarily this release is the first in a long while after improving our ability to stay up-to-date with core Tor Browser development. In addition, as Mozilla adds more and more features to the core Firefox, we must review them for any issues related to increased permission request, access to data, and privacy and network leaks. This is a slow, tedious job, so thank you for your patience. We expect to have more frequent, regular releases moving forward.

OpenArchive: Free & Secure Mobile Media Sharing #DWebSummit

Tue, 07 Jun 2016 15:37:03 -0400

I am excited to share another new “mini app” effort we have joined up with, as part of work we are doing to create simple, focused tools that solve a single issue. We also are aiming to builds apps that are 1 to 3MB in size, and work on Android phones back to version 2.3, in order to maximize accessibility for a global audience. OpenArchive is one of these efforts. It is a project led by Natalie Cadranel, who received a Knight Foundation prototype grant in 2014. The initial work was done by our partners at Scal.io, and continued now by the core Guardian Project team. The app is now in stable beta and ready for wider testing.

Building the most private app store

Thu, 02 Jun 2016 11:08:52 -0400

App stores can work well without any tracking at all

Attackers are increasingly seeing app stores as a prime attack vector, whether it is aimed at the masses like XCodeGhost or very targeted like in FBI vs Apple. When we install software from an app store, we are placing a lot of trust in a lot of different parties involved in getting the source code from the original developer delivered to our device in a useful form. Most people are entirely unaware of how much trust they are putting into this system, which they are entrusting with their personal data. Even for people who do understand the technical details involved, figuring out whether the people and the system itself is trustworthy is difficult to do.

PanicKit: making your whole phone respond to a panic button

Tue, 12 Jan 2016 08:59:41 -0400

Our mobile devices do so many things for us, making it easy to communicate with people in all manners while giving us access to all sorts of information wherever we are. But in times of anxiety and panic, it is difficult to quickly use them. Will you be too shaky to type in your PIN or lock pattern? Will you have enough time to find your trusted contacts and send them a message? On top of that, our mobile devices carry massive amounts of private information in them: banking details, pictures, all of our messages and call logs.

Good translations are essential to usability

Wed, 09 Dec 2015 17:20:15 -0400

All too often, translation of an app are treated as an afterthought. It is not something that the app developers see, since they create the software in languages that work best for them. So the software looks complete to the developers. But for anyone using the software in a different language, translation is essential in order for the app to be useful. If you can’t understand the words that you see in the app’s interface, it is going to be difficult or impossible to use that app.

First Reproducible Builds Summit

Wed, 09 Dec 2015 05:02:48 -0400

I was just in Athens for the “Reproducible Builds Summit“, an Aspiration-run meeting focused on the issues of getting all software builds to be reproducible. This means that anyone starting with the same source code can build the exact same binary, bit-for-bit. At first glance, it sounds like this horrible, arcane detail, which it is really. But it provides tons on real benefits that can save lots of time. And in terms of programming, it can actually be quite fun, like doing a puzzle or sudoku, since there is a very clear point where you have “won”.

CipherKit reproducible builds

Mon, 21 Sep 2015 10:54:05 -0400

We have been on a kick recently with making our build process support “reproducible builds” aka “deterministic builds”. What is this reproducible thing? Basically, what that means is that you can run a script and end up with the exact same binary file as our official releases, be it a APK, JAR, AAR, whatever. That lets anyone verify that our releases are produced only from the source in git, without including anything else, whether deliberately or accidentally (like malware).

Orfox: Aspiring to bring Tor Browser to Android

Tue, 30 Jun 2015 15:32:16 -0400

Update 24 September, 2015: Orfox BETA is now on Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.orfox

In the summer of 2014 (https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html{.external}), we announced that the results of work by Amogh Pradeep (https://github.com/amoghbl1{.external}), our 2014 Google Summer of Code student, has proven we could build Firefox for Android with some of the settings and configurations from the Tor Browser desktop software. We called this app Orfox, in homage to Orbot and our current Orweb browser. This was a good first step, but we were doing the build on Mozilla’s Firefox code repository, and then retrofitting pieces from Tor Browser’s code, which wasn’t the right way to do things, honestly.

Building a trustworthy app store that respects privacy

Tue, 02 Jun 2015 16:38:03 -0400

One core piece of our approach is thinking about very high risk situations, like Ai Weiwei or Edward Snowden, then making the tools for operating under that pressure as easy to use as possible. That means that we might occasionally come across as a little paranoid. It is important to dive into the depths of what might be possible. That is an essential step in evaluating what the risks and defenses are, and how to prioritize them. Making usable software is not just making things easy, but rather making tools for real world situations that are a simple as possible.

Getting Android tools into Debian

Thu, 30 Apr 2015 11:13:26 -0400

As part of Debian’s project in Google Summer of Code, I’ll be working with two students, Kai-Chung Yan and Komal Sukhani, and another mentor from the Debian Java Team team, Markus Koschany. We are going to be working on getting the Android SDK and tools into Debian, as part of the Debian Android Tools team, building upon the existing work already included from the Java and Android Tools teams. This project is in conjunction with the Java team since there is overlap between Android and Java tools, like gradle, maven, etc. Since this work is in Debian, all of the Debian-derivatives will automatically inherit this work. That includes: Ubuntu, Mint, Elementary, and many more.

Phishing for developers

Tue, 24 Feb 2015 04:41:29 -0400

I recently received a very interesting phishing email directed at developers with apps in Google Play. One open question is, how targeted it was: did anyone else get this?

It turns out that Google has been recently stepping up enforcement of certain terms, so it looks like some people are taking advantage of that. It is a pretty sophisticated or manually targeted phishing email since they got the name of the app, email address, and project name all correct. The one detail that gives it away is that the From: address uses the fake domain, even though it would have been possible to send the email using the actual Google account in the From: field. But this likely would have triggered spam and malware detection algorithms. So they took a subtly different approach by using a real Google address in the Reply-To:. But they were clever enough to use the same sub-domain, gooogle.com.de, in the From: address as in the phishing link accounts.gooogle.com.de, following a Google pattern of subdomains. They also included other real Google links for support and as a “follow up” URL.

Complete, reproducible app distribution achieved!

Wed, 11 Feb 2015 14:51:22 -0400

With F-Droid, we have been working towards getting a complete app distribution channel that is able to reproducibly build each Android app from source. while this may sound like a mundane detail, it does provide lots of tangible benefits. First, it means that anyone can verify that the app that they are using is 100% built from the source code, with nothing else added. That verifies that the app is indeed 100% free, open source software.

Experimental app to improve privacy in location sharing

Thu, 29 Jan 2015 07:36:58 -0400

As part of the T2 Panic effort, I’ve recently been diving deep into the issues of sharing location. It is unfortunately looking really bad, with many services, including Google, frequently sharing location as plain text over the network. I’ve started to write up some of the issues on this blog.

As part of this, I’ve put together an experimental Android app that aims to act as a privacy filter for all ways of sharing location. Mostly, that means it accepts all sorts of URLs from location services, and tries to parse the location from the URL, then rewrites it into a geo: URI, which is the standard way to share location in Android (and hopefully soon all others). As of ChatSecure v14.1.0, these geo: URLs are also clickable.

First working test of IOCipher for Obj-C

Mon, 26 Jan 2015 04:32:29 -0400

Every so often, we revisit our core libraries in the process of improving our existing apps, and creating new ones. IOCipher has become a standard part of our apps since it provides a really easy way to include encrypted file storage in Android apps. And we are now working on spreading it to iOS as well, headed up by Chris Ballinger, with the first preliminary tests of IOCipher for Obj-C. Testing and contributions are most welcome! Find us in our chat room or mailing list for questions, or just post a comment below! Since the iOS version is based on the exact same core library, libsqlfs, the container files they produce will also be fully compatible with each other.

Sharing your location privately

Fri, 23 Jan 2015 15:00:10 -0400

Facebook location sharing embeds the location in every single message, providing a detailed log to the recipient, Facebook, and anyone Facebook shares that data with

One handy feature that many smartphones give us is the ability to easily share our exact position with other people. You can see this feature in a lot of apps. Google Maps lets you click “Share” and send a URL via any method you have available. In Facebook Messenger, you can click a button and the people on the other side of the chat will receive a little embedded map showing the received location. Of course, the question we always ask is: how can we do this in a privacy-preserving way? And the follow up question: what kinds of information are apps leaking, storing, using, etc? Location is especially valuable and sensitive metadata, especially when there is a lot of it, because it can be used to derive so much information about a person. Most people do not want to publicly post their phone number or home address on the internet, yet are unwittingly giving away far more detailed information by using the various location-based services that are available. There is a lot of specific location information that people do not want to publicize that they visit: a cancer specialist, an abortion clinic, a criminal court, a mistress’ house, or any location information to an abusive spouse. For a great illustration of the power of location metadata, you can watch an animation of German politician Malte Spitz’s life, based on his telephone metadata that his telecom had stored.

Reducing metadata leakage from software updates

Thu, 16 Oct 2014 12:48:04 -0400

Update: now you can do this with Tor Onion Services

Many software update systems use code signing to ensure that only the correct software is downloaded and installed, and to prevent the code from being altered. This is an effective way to prevent the code from being modified, and because of that, software update systems often use plain, unencrypted HTTP connections for downloading code updates. That means that the metadata of what packages a machine has installed is available in plain text for any network observer, from someone sitting on the same public WiFi as you, to state actors with full network observation capabilities.

CipherKit updates: IOCipher and CacheWord

Fri, 26 Sep 2014 21:39:54 -0400

We’ve been on a big kick recently, updating the newest members of our CipherKit family of frameworks: IOCipher and CacheWord. There also are is a little news about the original CipherKit framework: SQLCipher-for-Android.

IOCipher v0.2

IOCipher is a library for storing files in an encrypted virtual disk. It’s API is the exact same as java.io for working with files, and it does not need root access. That makes it the sibling of SQLCipher-for-Android, both are native Android APIs that wrap the SQLCipher database.

Question: central server, federated, or p2p? Answer: all!

Thu, 18 Sep 2014 00:30:57 -0400

There are many ideas of core architectures for providing digital services, each with their own advantages and disadvantages. I break it down along the lines of central servers, federated servers, and peer-to-peer, serverless systems.

a central service with clients connecting to it

Most big internet companies operate in effect as a central server (even though they are implemented differently). There is only facebook.com, there are no other services that can inter-operate with facebook.com. Have a single, central repo makes problems of finding the service and finding people within the service a lot easier. Once you are in Facebook, you just need to know the name of the person you want to contact and you are connected. The Facebook apps just need to talk to facebook.com, so the user does not need to know which service they are using in order to configure the app.

Introducing TrustedIntents for Android

Wed, 30 Jul 2014 23:29:23 -0400

Following up on our research on secure Intent interactions, we are now announcing the first working version of the TrustedIntents library for Android. It provides methods for checking any Intent for whether the sending and receiving app matches a specified set of trusted app providers. It does this by “pinning” to the signing certificate of the APKs. The developer includes this “pin” in the app, which includes the signing certificate to trust, then TrustedIntents checks Intents against the configured certificate pins. The library includes pins for the Guardian Project and Tor Project signing certificates. It is also easy to generate the pin using our new utility Checkey (available in our FDroid repo and in Google Play).

New Official Guardian Project app repo for FDroid!

Mon, 30 Jun 2014 20:26:39 -0400

We now have an official FDroid app repository that is available via three separate methods, to guarantee access to a trusted distribution channel throughout the world! To start with, you must have FDroid installed. Right now, I recommend using the latest test release since it has support for Tor and .onion addresses (earlier versions should work for non-onion addresses):

https://f-droid.org/repo/org.fdroid.fdroid_710.apk

In order to add this repo to your FDroid config, you can either click directly on these links on your devices and FDroid will recognize them, or you can click on them on your desktop, and you will be presented with a QR Code to scan. Here are your options:

Our first deterministic build: Lil’ Debi 0.4.7

Mon, 09 Jun 2014 16:41:34 -0400

We just released Lil’ Debi 0.4.7 into the Play Store and f-droid.org. It is not really different than the 0.4.6 release except in has a new, important property: the APK contents can be reproduced on other machines to the extent that the APK signature can be swapped between the official build and builds that other people have made from source, and this will still be installable. This is known as a “deterministic build” or “reproducible build”: the build process is deterministic, meaning it runs the same way each time, and that results in an APK that is reproducible by others using only the source code. There are some limitations to this, like it has to be built using similar versions of the OpenJDK 1.7 and other build tools, for example. But this process should work on any recent version of Debian or Ubuntu. Please try the process yourself, and let us know if you can verify or not:

Orbot now at v14.0.0 build 100!

Sat, 07 Jun 2014 23:45:17 -0400

The latest Orbot is out soon on Google Play, and by direct download from the link below:
Android APK: https://guardianproject.info/releases/orbot-latest.apk
(PGP Sig)

The major improvements for this release are:

Uses the latest Tor 0.2.42.22 stable version
Fix for recent OpenSSL vulnerabilities
Addition of Obfuscated Bridges 3 (Obfs3) support
Switch from Privoxy to Polipo (semi-experimental)

and much more… see the CHANGELOG link below for all the details.

The tag commit message was “updating to 14.0.0 build 100!”
https://gitweb.torproject.org/orbot.git/commit/81bd61764c2c300bd1ba1e4de5b03350455470c1

and the full CHANGELOG is here: https://gitweb.torproject.org/orbot.git/blob_plain/81bd61764c2c300bd1ba1e4de5b03350455470c1:/CHANGELOG

Automatic, private distribution of our test builds

Fri, 06 Jun 2014 17:17:01 -0400

One thing we are very lucky to have is a good community of people willing to test out unfinished builds of our software. That is a very valuable contribution to the process of developing usable, secure apps. So we want to make this process as easy as possible while keeping it as secure and private as possible. To that end, we have set up an FDroid repository of apps generated from the test builds that our build server generates automatically every time we publish new code.

Reset The Net!

Wed, 04 Jun 2014 19:07:14 -0400

We’re making the Internet more secure, by taking part in #ResetTheNet https://resetthenet.org

Security in a thumb drive: the promise and pain of hardware security modules, take one!

Fri, 28 Mar 2014 16:54:39 -0400

Hardware Security Modules (aka Smartcards, chipcards, etc) provide a secure way to store and use cryptographic keys, while actually making the whole process a bit easier. In theory, one USB thumb drive like thing could manage all of the crypto keys you use in a way that makes them much harder to steal. That is the promise. The reality is that the world of Hardware Security Modules (HSMs) is a massive, scary minefield of endless technical gotchas, byzantine standards (PKCS#11!), technobabble, and incompatibilities. Before I dive too much into ranting about the days of my life wasted trying to find a clear path through this minefield, I’m going to tell you about one path I did find through to solve a key piece of the puzzle: Android and Java package signing.

Eric Schmidt Awards Guardian Project a “New Digital Age” Grant

Mon, 10 Mar 2014 12:22:34 -0400

An interesting turn of events (which we are very grateful for!)

FOR IMMEDIATE RELEASE
Diana Del Olmo, diana@guardianproject.info
Nathan Freitas (in Austin / SXSW) +1.718.569.7272
nathan@guardianproject.info

Get press kit and more at: https://guardianproject.info/press

Permalink:
https://docs.google.com/document/d/1kI6dV6nPSd1z3MkxSTMRT8P9DcFQ9uOiNFcUlGTjjXA/edit?usp=sharing

GOOGLE EXECUTIVE CHAIRMAN ERIC SCHMIDT AWARDS GUARDIAN PROJECT A “NEW DIGITAL AGE” GRANT

The Guardian Project is amongst the 10 chosen grantee organizations to be awarded a $100,000 digital age grant due to its extensive work creating open source software to help citizens overcome government-sponsored censorship.

Tweaking HTTPS for Better Security

Wed, 12 Feb 2014 19:14:59 -0400

The HTTPS protocol is based on TLS and SSL, which are standard ways to negotiate encrypted connections. There is a lot of complexity in the protocols and lots of config options, but luckily most of the config options can be ignored since the defaults are fine. But there are some things worth tweaking to ensure that as many connections as possible are using reliable encryption ciphers while providing forward secrecy. A connection with forward secrecy provides protection to past transactions even if the server’s HTTPS private key/certificate is stolen or compromised. This protects your users from large scale network observers that can store all traffic for later decryption, like governments, ISPs, telecoms, etc. From the server operator’s point of view, it means less risk of leaking users’ data, since even if the server is compromised, past network traffic will probably not be able to be encrypted.

SQLCipher has 100M+ Mobile Users (Thanks to WeChat!)

Tue, 10 Dec 2013 16:38:02 -0400

(Note: Originally this post had a title claiming 300 Million WeChat users… that would have included iOS and Android, and we don’t know if the WeChat iOS app also includes SQLCipher encryption or not. That said, there are 50-100M Google Play downloads of WeChat for Android, which does not include all of the users inside China)

Through some of our own recent sluething, Citizen Lab’s research into “Asia Chats” security, and now via this detailed look at WeChat security from Emaze.com, it has been recently discovered that WeChat for Android uses SQLCipher for local data encryption in its app. We co-developed SQLCipher for Android with Zetetic, and have been working to promote its adoption among Android developers who need to protect data stored locally on a device. While many people would point to Android’s Full Disk Encryption feature as a solution for that, only a small percentage of users ever enable it, and even then, once a device is unlocked, then all data is accessible by someone looking to extract it. With SQLCipher, the application can ensure its own data is encrypted, and if the app is closed, then the data is secured.

Ostel.co secure VoIP network partners with Open Hosting

Tue, 03 Dec 2013 17:56:18 -0400

Ostel.co began as a R&D effort sponsored by The Guardian Project. The question: Is a peer-to-peer secure voice and video call network possible to build with open Internet standards and Open Source software? After two years and tens of thousands of users later, the answer is a resounding YES!

Two of the crucial components of any standards based VoIP service are infrastructure to route calls and a database to locate end users. Open Hosting’s service was a perfect fit, so we’ve teamed up for ongoing support of ostel.co. Open Hosting has a high speed, low-latency network in the southern USA, which hosts the backend to route calls over the ostel.co domain. It also has a clearly defined, concise Privacy Policy and Terms of Service.

VoIP security architecture in brief

Thu, 21 Nov 2013 19:07:17 -0400

Voice over IP (VoIP) has been around for a long time. It’s ubiquitous in homes, data centers and carrier networks. Despite this ubiquity, security is rarely a priority. With the combination of a handful of important standard protocols, it is possible to make untappable end to end encryption for an established VoIP call.

TLS is the security protocol between the signaling endpoints of the session. It’s the same technology that exists for SSL web sites; ecommerce, secure webmail, Tor and many others use TLS for security. Unlike web sites, VoIP uses a different protocol called the Session Initiation Protocol (SIP) for signaling: actions like ringing an endpoint, answering a call and hanging up. This is the metadata of calls. SIP-TLS uses the standard Certificate Authorities for key agreement. This implies trust between the certificate issuer and the calling endpoints.

Turn Your Device Into an App Store

Mon, 18 Nov 2013 16:27:30 -0400

As we’ve touched upon in previous blog posts the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded. Often there is a need to quickly bootstrap users during training sessions in countries with unreliable/restricted data connectivity, or in extreme cases, no internet connectivity at all.

Issues when distributing software

Thu, 31 Oct 2013 15:51:19 -0400

There is currently a discussion underway on the Debian-security list about adding TLS and Tor functionality to the official repositories (repos) of Debian packages that is highlighting how we need to update how we think about the risks when distributing software. Mostly, we are used to thinking about making sure that the software that the user is installing is the same exact software that has been posted for distribution. This is generally handled by signing the software package, then verifying that signature on the user’s machine. This is how it works on Mac OS X, Windows, Debian, etc. etc.

Open Office Hours Every Friday This Fall

Wed, 16 Oct 2013 16:51:36 -0400

Fri, Oct 18, 1:00 PM EDT – 3:00 PM

Members of the Guardian Project will be hosting weekly public hangouts every Friday for the rest of year to answer questions about our apps (Orbot, Orweb, ChatSecure), building on our mobile security libraries (IOCipher, SQLCipher, NetCipher) and using services like OStel (including how to run your own secure phone service!).

      <p>
        We will also be live in IRC on Freenode at <a href="https://plus.google.com/s/%23guardianproject">#guardianproject</a>  as always for those of you who don’t feel the need to be on camera.
      </p>
      
      <p>
        Sound fun? You betcha it will be. This will be the <b>first</b> event on Friday, so please come and join. <a href="https://guardianproject.info/" rel="nofollow">https://guardianproject.info</a>
      </p>
    </div>
    
    <div>
      For EU, Africa, Asia: We’ll have some early sessions in the coming weeks. This is just our first test run. Thanks for understanding!
    </div>
    
    <div>
    </div>
    
    <div>
      <strong>Fri, Oct 18, 1:00 PM EDT – 3:00 PM</strong>
    </div>
    
    <div>
      RSVP the Google+ Event today: <a href="https://plus.google.com/events/cumq8tucoc31ap55iqdn7pq9abs">https://plus.google.com/events/cumq8tucoc31ap55iqdn7pq9abs</a> or we’ll just see you on IRC.
    </div>
  </div>
</div>

Orbot v12 now in beta

Wed, 24 Jul 2013 12:32:45 -0400

After much too long, we’ve got a new build of Orbot out, and it is… a stable beta! Nothing radically new here, just many small changes to continue to improve the experience of our hundreds of thousands of active users out in the world. There will likely be one or two more “beta” releases to iron out small issues in v12, but for now, this one is good to go.

Our Newest App: PixelKnot

Thu, 18 Jul 2013 13:14:49 -0400

Have you ever hidden in plain sight? Worn camouflage in the woods or an invisibility cloak in a narrow crooked alley? It’s really hard to do properly. We’re hoping that all changes with PixelKnot.

PixelKnot is an app for hiding secret messages in pictures. Sort of like invisible ink on the back of a painting, updated to the present. The ancient art known as steganography, now updated for the 21st century and requiring a more rigorous set of safety standards.

A Weather Report On Security

Fri, 14 Jun 2013 13:22:28 -0400

How’s the weather outside? Sunny with a chance of IP blocking.

We recently launched a new initiative we’re calling: The Weather Repo. The goal of the project is for organizations to have a more accurate method of understanding whether the apps they’re using are “safe”. It’s hard to know whether apps that claim to be secure really are. Have they been vetted by a third party? Are there existing case studies? Has a threat analysis been performed?

Carrier Grade, Verizon and the NSA

Wed, 12 Jun 2013 06:38:46 -0400

Last week Glenn Greenwald at The Guardian broke the news that Verizon has been providing the NSA with metadata about all of the calls over a subsidiary’s network. This subsidiary is called Verizon Business Network Services. It is a privately held company that “owns, operates, monitors, and maintains data and Internet networks in North America, Europe, Asia, Latin America, Australia, Japan, and Africa. The company provides converged communication solutions, such as local and long-distance voice, messaging, and Internet access services.” It is likely this company owns equipment that holds caller detail records for millions of customers. The order used section 215 of The Patriot Act, which allows the FBI to order any person or entity to turn over “any tangible things,” so long as the FBI “specif[ies]” that the order is “for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.” The “tangible things” could have been the physical servers or hard disks that store the logged details.

The Only Way to Visit Strongbox on a Phone

Thu, 16 May 2013 17:43:06 -0400

The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access the hidden site on a phone or tablet, and that’s with our Orweb app. Here’s a simple breakdown of how to do securely and anonymously blow the whistle, explained in an interactive tutorial:

Visit guardianproject.info/howto/strongbox for an interactive tutorial on using Strongbox on your phone.

GnuPG for Android progress: we have an command line app!

Thu, 09 May 2013 10:48:52 -0400

This alpha release of our command-line developer tool brings GnuPG to Android for the first time!

GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME.

Security Awareness Party

Fri, 26 Apr 2013 09:05:36 -0400

In the security world, there’s a pesky belief that a tool can either be secure or easy to use, but not both. Some experts also argue that training people to be safe online is too hard and doesn’t accomplish much (see Bruce Schneier’s recent post Security Awareness Training). Without a thoughtful approach, that’s usually how it plays out. But it doesn’t have to be that way! We’re committed to making online security fun to learn and fun to use, and we’re launching a new series of interactive tutorials to make it happen. Consider this post an invitation to our festive Security Awareness Party. Beer is encouraged, especially if it comes from an Android-powered kegbot.

Gibberbot v11 is not just secure, its also simple, snappy and super fun!

Fri, 08 Mar 2013 12:54:50 -0400

Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39

Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/

If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”?), and then finally settled down into the name and app it is known as now. Really it was a proof of concept, showing that you could indeed use the OTR4J library built for desktops app, on Android.

InformaCam wins Knight News Challenge

Sun, 27 Jan 2013 08:11:56 -0400

WITNESS and The Guardian Project, the mobile security and app development experts, have just been awarded a Knight News Challenge grant from the John S. and James L. Knight Foundation for InformaCam – the first app seeking to address issues of authentication for digital media. In total, the funding was for ~$320,000 USD, with about one third of the funding going directly to software development and testing. The rest of the funding will be applied to deployment, partnerships, awareness building, and all the other necessary things you must do to turn a “great idea” into something with real adoption and use.

Voice over Tor?

Mon, 10 Dec 2012 11:00:03 -0400

Voice calls over Tor are supposed to be impossible. It seems this may no longer be the case.

Without being able to do voice over IP (VOIP) conversations over the Tor network, people are prevented from being able to route calls outside of censored networks. People ask us if there is any way they can route voice traffic through Tor to avoid blocks. To our surprise, we tested Skype and found that it can work acceptably over Orbot.

From #HOPE9: Your Cell Phone Is Covered in Spiders! – Practical Android Security

Thu, 19 Jul 2012 14:53:21 -0400

Cooperq gave a great talk on Android security late Saturday night at the recent Hackers on Planet Earth Number 9 aka Hope9 gathering. You can find the slides/src on Github and video up on Vimeo. Cooper wrote some notes, as well:

This talk was given at hope 9. Please feel free to give it yourself, repourpose it, add to it or do whatever you want. I release this talk to the public domain. I have included here some additional resources that are worth checking out.

Threats and Usability of Secure Voice

Tue, 10 Jul 2012 12:48:18 -0400

In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple.

A Network Analysis of Encrypted Voice over OSTN

Thu, 05 Jul 2012 14:23:50 -0400

Introduction to OSTN

The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable. There are two main components that are required to use OSTN with encryption: a VOIP client that supports ZRTP for end-to-end encryption and user account with an OSTN provider.

Freebird Flys High

Thu, 28 Jun 2012 11:59:38 -0400

Freebird: Rio group picture via Obscuracam for Android

What happens when you gather coders with privacy and security activists from around the world? Freebird!

We held a simultaneous event in NYC and Rio, a one-day barcamp aimed to empower users to be more informed and engaged around their use of mobile technology, while engaging with developers to promote interest in open-source tools, security and privacy. Freebird was a pre-event for RightsCon:Rio, which allowed us to continue and extend conversations and ideas into the larger context of information technologies and human rights.

Orbot Data Tax (Updated!)

Wed, 20 Jun 2012 13:05:53 -0400

Update (6/26/12): I Found Orbot to have lower idle usage then previously recorded. The post now reflects the new statistics. The previous stats were based on idle usage at 92 bytes/s

There have been many inquiries about the cost of Orbot’s data usage. I ran five different tests to record the types of data tax a user might encounter. Heavy usage of Orbot combined with a low monthly data allotment could be an issue.

Auditing Twitter With Orbot

Wed, 13 Jun 2012 20:31:57 -0400

Twitter’s new Android application provides a proxy option that supports Orbot. It is a great way to access Twitter, particularly if Twitter is blocked. Check out the Orbot Your Twitter blog post! That post explains how to set up Orbot with Twitter, however, it came with an important disclaimer:

WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time. In particular, resolution of hostnames via DNS may not be properly routed through Tor (this is a common issue with proxied software). In addition, through other permissions that Twitter for Android may have you on your device, there may be a strong ability to correlate identity between your registered Google Account and your activities on Twitter.

A Partnership for Open Secure Mobile Messaging between iOS and Android

Fri, 08 Jun 2012 12:05:34 -0400

**We believe in protocols, not products. We believe in partnerships, not proprietary fiefdoms. We believe in building a community of collaborators, not a cacophony of criticism and unnecessary competition. We believe in practical solutions to perilous problems. **

With all of this in mind, we are very happy to announce our partnership and support of the ChatSecure for iOS open-source free software project. Through our our two year history, we have been lucky to receive support from a variety of donors and funders, and we are now using what influence and opportunities we have to endorse other projects that we feel are compatible with our outlook and goals.

OSTN secure VoIP wizard now built into CSipSimple for Android

Sat, 26 May 2012 21:14:52 -0400

If you saw our last post about how to

setup your own secure voice-over-IP server instance, then this news is for you.

If you are an Android user looking for the best open-source VoIP app, and really need one that can support secure communications, then this post is ALSO for you.

CSipSimple, the previously mentioned “best VoIP app”, now includes a wizard for setting up an account configuration for any server which complies with our Open Secure Telephony Network specification. In short, this means it uses TLS or SSL to secure the SIP signaling traffic, and supports proxying of the RTP media streams for the actual voice or video calls, without in any way interfering with the ZRTP encryption passing through it.

Bye, bye, BBM! Facebook Allows Verifiable Encrypted Mobile Messaging for Android and iOS; Mobile Revenue Threatened?

Wed, 16 May 2012 17:28:03 -0400

Yes, yes, we are trying to get in on all of the Facebook pre-IPO buzz. Fortunately, the headline is true – through

Facebook’s support for open-standards messaging, our secure mobile messaging app, Gibberbot for Android, can be used to communicate securely with any other friend on Facebook who is ALSO using a secure messaging app. Whether it is Gibberbot, ChatSecure for iOS, Adium (Mac), Pidgin (Windows/Linux), or one of the many secure messaging apps that support the Off-the-Record encryption capability, Facebook allows encrypted messaging between mobile and desktops alike.

Cross-Domain calling, or “toll-free long distance VoIP”

Fri, 04 May 2012 17:34:30 -0400

In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node.

Singing and Dancing for Encryption

Thu, 19 Apr 2012 09:30:48 -0400

If you see me dancing or singing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy?

Call My Email

Thu, 22 Mar 2012 16:31:45 -0400

What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN).

Acrobits Groundwire – OSTN supports iPhone

Wed, 21 Mar 2012 09:09:21 -0400

The Guardian Project develops open source software primarily for the Android platform but we strive for security by design to be a part of all platforms. With OSTN, there are two major components. The the first is the server, which operates as the primary user directory and call switch. The other is the client, which is the program you interact with to send and receive calls.

While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws.

Adventures in Porting: GnuPG 2.1.x to Android!

Thu, 15 Mar 2012 13:00:30 -0400

PGP started with Phil Zimmerman’s Pretty Good Privacy, which is now turned into an open IETF standard known as OpenPGP. These days, the reference OpenPGP platform seems to be GnuPG: its used by Debian and all its derivatives in the OS itself for verifying packages and more. It is also at the core of all Debian development work, allowing the very diffuse body of Debian, Ubuntu, etc developers to communicate and share work effectively while maintaining a high level of security. It is also used for email encryption in Thunderbird + Enigmail, Apple Mail + GPGMail, GNOME Evolution, KDE KMail, Microsoft Outlook + Gpg4win.

February 2012: Project Update

Thu, 09 Feb 2012 17:19:06 -0400

Through coordination with the Tor Project, we released Orbot 1.0.7, which includes an embedded version of OpenSSL to assure we have the latest security enhancements for this critical cryptographic library. In addition, compatibility testing was done on Android 4.0 (Ice Cream Sandwich) and with the latest versions of Firefox Mobile. As always you can learn more and download Orbot in the Android Market and at https://guardianproject.info/apps/orbot

With the public awareness of internet censorship and surveillence growing thanks to SOPA, PIPA and CarrierIQ, not to mention the ongoing unrest in many regions if the world, we have seen a huge spike in interest and download of Orbot, Orweb and Gibberbot. Here are some notable links:
http://mobileactive.org/howtos/user-guide-to-orbot
http://www.chinagfw.org/2012/01/orbot-tor.html
http://geeknews.cz/orbot-svobodnejsi-brouzdani-pro-android/352/
http://www.101hacker.com/2012/01/10-must-have-free-android-apps.html

Introducing InformaCam

Fri, 20 Jan 2012 13:58:26 -0400

These are interesting times, if you go by Times Magazine as an indicator. The magazine’s person of the year for 2011 was The Protester, preceded in 2010 by Facebook founder Mark Zuckerberg. Both entities partners with equal stake in freely sharing the digital content that shows the world what’s going on in it, at any time, from behind any pair of eyes. Also casting in their lot with the others is Time Magazine’s 2006 person of the year, You: the You that puts the “you” in “user-generated content;” the You whose miasma of bits, bytes, and the powerful images they express are becoming increasingly problematic. Problematic and exciting. As governments, police forces, and other power players here and abroad crack down on voices of dissent, it is only You, The Protester, armed not with a press pass, but with a smartphone and a Twitter account, who brings the rest of the world its news. You do it mainly without either the support or permission of those in power, and this makes you a very important person in the world.

Thoughts on Mobile Video for Activism

Thu, 22 Dec 2011 16:39:43 -0400

I’ve co-written a blog post with Bryan Nunez of WITNESS, on some important concepts around using mobile video technology within activists and protest situations. It is up now on their blog, but here is a short excerpt:

Activists all over the world have turned to mobile phones to organize, coordinate and document their struggle. Images and videos shot on mobile phones have been the standard for what revolution looks like in the public imagination. We have seen iconic moments, captured in low resolution on mobile phones, captivate global audiences. We have moved from a handful of grainy clips uploaded hours or days after events unfold, to multiple livestreams, showing different angles on something happening right now. The Arab Spring, the #Occupy Movement, as well less politicized events like the London and Vancouver riots have shown us that the mobile phone is the recording device used to document the next breaking news story, especially if that story involves any sort of protest or activism.

SQLCipher for Android v1 FINAL!

Tue, 29 Nov 2011 18:17:47 -0400

Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.

If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:

SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.

Don’t Get Burned, Anonymize Your Fire

Wed, 16 Nov 2011 22:37:24 -0400

Thanks to Jesse Vincent, aka @obra of the K-9 mail project, we can say that Orbot (Tor on Android) and Orweb (Privacy Browser) work just fine on the new Amazon Kindle Fire. This means that while everything you do through Amazon’s store and browser are tracked and accounted for by Team Bezos, you can use our apps to more safely and privately access web content through the Tor network. While we are mostly Nook Color fans around here, we know that the Kindle Fire is going to be quite popular this Christmas, and are glad to see that mobile privacy now has a toehold on the device from Seattle.

Two years in…

Tue, 25 Oct 2011 15:11:39 -0400

Greetings mobile believers,

I am about to head into the first ever Silicon Valley Human Rights Conference, aka #RightsCon, and though I would post some thoughts about the state of the Guardian Project, and the world in which we operate. RightsCon looks to be an amazing event (live streaming here: https://www.rightscon.org/), by an amazing organization (Access), and it comes at an interesting time in the world, and for our project.

One year ago, I was invited to attend the first Liberation Technology held at Stanford University, a forebearer of sorts, to the RightsCon event today. It was a novel event, being that is was so forthright about the possibility of liberation from oppressors through ones and zeros. It was also quite informative, in that brought together a wide array of participants, including from Egypt, Syria and Yemen, and allowed them to speak directly about the variety of tactics they were using to defeat censors, route around filters, connect diasporas to their homeland and ultimately find fissures in the system that could slowly be mined and widened.

ACLU believes “Software Developers Can Put Privacy First!” (and so do we!)

Fri, 19 Aug 2011 19:46:40 -0400

A bit more on our big win in the Develop4Privacy contest, from Brian Robick at the ACLU of Washington State:

When software developers put privacy first, everybody wins!

Too often, user privacy is an afterthought in the design of computer software and online services. In recent months, social networks have rolled back changes, cell phone manufacturers have altered the way that location tracking data is stored, and most recently, mobile application developers have been caught inappropriately collecting children’s personal data. For companies, the costs in lost consumer confidence, fines, and corrective measures can be substantial. Everyday users pay a price as well, and for victims of domestic violence, political protesters, whistleblowers, and others whose safety and livelihood could hinge on their privacy, those costs can be devastating.

Announcing ObscuraCam v1 – Enhance Your Visual Privacy!

Thu, 23 Jun 2011 21:28:20 -0400

We’re very happy to announce the beta release of ObscuraCam for Android. This is the first release from the SecureSmartCam project, a partnership with WITNESS, a leading human rights video advocacy and training organization. This is the result of an open-source development cycle, comprised of multiple sprints (and branches), that took place over the last five months. This “v1” release is just the first step towards the complete vision of the project.

The goal of the SecureSmartCam project to to design and develop a new type of smartphone camera app that makes it simple for the user to respect the visual privacy, anonymity and consent of the subjects they photograph or record, while also enhancing their own ability to control the personally identifiable data stored inside that photo or video. Also, we think an app that allows you to pixelize your friends, disguise their faces and otherwise defend their privacy just a little bit, is a lot of fun and helps raise awareness about an important issue. In this first release we have focused on ‘obscura’ by optimizing the workflow of identity obfuscation in still images. Future releases will look at ‘informa,’ the process of properly gaining and recording informed consent from subjects, while also moving to video.

Lil’ Debi: Easy Installer for Debian on Android

Sat, 18 Jun 2011 04:22:52 -0400

Have an Android phone and want an easy Debian chroot running it?

Alpha test our new app, Lil’ Debi. It builds up a whole Debian chroot on your phone entirely using debootstrap. You choose the release, mirror, and size of the disk image, and away it goes. It could take up to an hour, then its done. Then it has a simple chroot manager that mounts and unmounts things, and starts/stops sshd if you have it installed. You can also then use ‘apt-get’ to install any package that is released for ARM processors. This includes things like GPG, Tor, TraceRouteTCP and other security and crypto tools.

Announcing: SQLCipher for Android, Developer Preview r1

Mon, 09 May 2011 22:45:09 -0400

After some major breakthroughs during last week’s development sprint, we’re extremely excited to announce SQLCipher for Android, Developer Preview r1. SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. To date, it has been open-sourced, sponsored and maintained by Zetetic LLC, and we are glad to be able to extend their efforts to a new mobile platform. In the mobile space, SQLCipher has enjoyed widespread use in Apple’s iOS, as well as Nokia / QT for quite some time. Given that Android by default provides integrated support for SQLite databases, our goal was to create an almost identical API for SQLCipher, so that developers of all skill level could use it, without a steep learning curve.

Our Foolish Hackday!

Wed, 06 Apr 2011 21:51:12 -0400

We had a great group of people show up at our April 1st “Don’t Be Fooled” Hackday here at the OpenMobileLab in New York. There were users, there were devs, and all sorts of other people in between. We tracked some of the brainstormed ideas on an open etherpad at: http://piratepad.net/bQPFn6FOhN (text of this pasted in below).

The main outputs of the hacking were LilDebi, an updated Debian installer for Android, the beginnings of a Bitcoin digital currency client, and another called UpOn App, which uses the accelerometer and white noise generators in the device to stop your cellphone from spying on you.

April 26: “Advancing the New Machine” at UC Berkeley

Tue, 22 Mar 2011 20:20:56 -0400

I, along with a number of others from the Guardian Project core dev team, will be at the UC Berkeley’s Human Rights Center “Advancing the New Machine” conference at the end of April. I am on a panel regarding security in the context of human rights. We will also be presenting the Secure Smart Cam project with our partners at Witness. (https://guardianproject.info/apps/securecam/).

You can learn more about the event here:
http://www.law.berkeley.edu/HRCweb/events/TechConference2011/index.html

Guardian Project: General Update March 2011

Mon, 21 Mar 2011 05:18:48 -0400

We have recently updated our general presentation on the project, and thought we would share it with you here. Please post any comments, questions or feedback right here, and we will get back to you shortly.

You can find this presentation on Google Docs, where you can also find it in downloadable, offline formats.

Photos from our January Hackday

Thu, 10 Mar 2011 17:41:18 -0400

Back in January, we held a very excellent hackday at Eyebeam in New York. We rooted a NookColor, made encrypted calls over SIP, and generally had a full day of talking about the state of mobile security and privacy. Thanks to everyone who attended, and many thanks to _hc and Eyebeam for hosting!

View the full Flickr photo set.

Addressing a “Privacy Challenge” with Guardian

Wed, 02 Mar 2011 20:39:18 -0400

Organized by the ACLU, Tor Project, and PrivacyByDesign.ca, the “Develop for Privacy Challenge” is an interesting new software development challenge that was announced last month. Developers (teams or individuals) have until May 31st to come up with apps which address this goal:

Develop apps for smartphones or other mobile devices that educate users about mobile privacy and give them the ability to claim or demand greater control of their own personal information.

We don’t plan to compete in this contest ourselves, as we would rather support and encourage other developers to take a shot at it. Along those lines, we would really like to see developers use some of the apps we have built, and code we have released, as part of their solutions. We have been putting together a large number of “lego” building blocks over the last year, just waiting for someone to come and put them together in a revolutionary way. Here is a breakdown of some of our more useful components:

SECURED: HTC Wildfires get Guardian

Tue, 01 Mar 2011 23:23:14 -0400

As we’ve posted in the past, one of the services we provide at The Guardian Project is customizing off-the-shelf Android phones to be generally more secure, privacy minded and updated with a powerful suite of trusted apps. We’ve gotten our mitts on a number of devices over the last few months in this regard, including: myTouch 4G, Motorola Milestone (GSM Droid), HTC Desire GSM, TMobile G2, Samsung Galaxy S, Nook Color, and Viewsonic 10″ GTablet. Whew! And if there’s one thing we’ve learned, it’s that some devices are much much harder to crack than others (cough cough… Desire GSM’s hardened bootloader). With that in mind, we’ve recently added a Hardware page to our site that lists the devices that we recommend for ‘Guardianization’.

A note on funding and our mention in Wired

Wed, 23 Feb 2011 16:50:38 -0400

A message from Nathan Freitas, lead developer on Guardian, who has a life long bad habit of being misquoted or selectively quoted, a phenomenon he must now blame on himself, and not the reporters who interview him.

Some of you might have seen a story on Wired.com on which I am quoted, regarding the US State Department’s “Internet Freedom” agenda. In particular, I was asked to comment on the entrepreneurial angle they are taking. Overall, I think the article is good in laying out the challenges for activist technology projects to take funding from the Government. I also think the motivations of the State Department’s effort are authentic and there is great potential to benefit the overall health of the Internet.

Interviewed CHOMP.FM 007 Podcast

Sat, 19 Feb 2011 09:58:04 -0400

CHOMP.FM is a weekly broadcast on information freedom, internet privacy and cyberculture.

We were excited to be interviewed and including in the latest episode, CHOMP.FM 007. Many thanks to Nadim Kobeissi for featuring us in his super-interesting and relevant show.

You can listen to and download the mp3 directly.

Stickers!

Thu, 17 Feb 2011 13:44:05 -0400

If you see us in person, make sure to ask for one. Otherwise, if you really, really want some, we can mail them to you. Just fill out our “contact” form with your address, and we’ll do our best to pop a few in this thing called an envelope and they should get there in a week(!).

Create an encrypted file system on Android with LUKS

Wed, 02 Feb 2011 23:29:15 -0400

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it not only facilitates compatibility among distributions, but also provides secure management of multiple user passwords.

Building off the work from other great sources, the Guardian Project hack team decided to take a crack at porting LUKS to Android recently, with the goal of creating a proof of concept build process that can be easily adapted to future projects.

Proxy Settings Add-on for Firefox Mobile

Mon, 08 Nov 2010 03:43:24 -0400

The latest beta of Firefox 4 on Android is proving to be very usable, stable and an increasingly viable alternative to the built-in webkit browser. However, it is unfortunately lacking the ability to manually configure proxy settings through any sort of standard user interface. This is a common problem for Android, which also lacks the ability to set browser or system wide proxy settings. This has caused real issues for us with getting Orbot (aka “Tor on Android”) to work for un-rooted Android devices, because for routing through Tor to work, you must be able to set the HTTP or SOCKS proxy settings. Why this very basic feature keeps getting missed or ignored is a mystery to us.

Open Video Conference: Panel and Hackday

Thu, 30 Sep 2010 02:00:07 -0400

Nathan Freitas will be on a panel at the 2nd annual Open Video Conference in New York this Friday and Saturday. He will be on the panel entitled “Cameras Everywhere” led by our partners at Witness, on Saturday at 3pm.

Summary: Cameras Everywhere: Human Rights and Web Video – (2:45 PM – 3:30 PM)

Description: Once upon a time, video cameras were rare. Now they are ubiquitous—as are the opportunities to share, use, and re-use video. What are the limits and possibilities of an ethics of openness when it comes to human rights footage?

Orbot Release 1.0 in the Android Market!

Thu, 23 Sep 2010 22:21:06 -0400

It’s here! We’d like to officially announce the release of Orbot to the Android Market. After going beta back in March, we’ve seriously re-doubled our efforts for this release. By releasing Orbot to the Android Market, we suspect that our user base will eventually evolve towards the more ‘every day’ Android user – so our goal has been to create an experience that is simple yet informative, straightforward yet powerful. As a step towards that goal, we’ve spent some time creating a new setup wizard at Orbot start-up that walks you through the basics of what Orbot does and does not do. The last thing we want is for someone to be endangered because they didn’t understand how to protect themselves.

Calling all Guardians – Alpha Testers Needed!

Tue, 13 Jul 2010 20:50:31 -0400

Recently here at the Guardian Project we’ve been brainstorming & designing a new tool that we think will be core to enabling truly protected mobile communications . We think it will a big step in improving the user-friendliness of making your communications secure, anonymous and private , but we need your help to make it great.

While it may give some of us a certain satisfaction to manually cobble together a suite of secure applications that suites our needs, this is by no means a long-term, wider-market solution. The tech community often forget (willfully or otherwise) that there is a huge group of non tech-savvy users for whom security and privacy are top level priorities. The ability to secure ones mobile communications should be accessible to all, through a solution that is beautiful, engaging and idiot-proof in its design. As we try to build that solution, we’re looking for your help in making sure that it meets each of those criteria.

How To: Lockdown Your Mobile E-Mail

Fri, 09 Jul 2010 11:00:25 -0400

Update 2015-04-27: We now recommend OpenKeychain over APG, the app described in this blog post. The set up is drastically easier, so you probably don’t even need this HOWTO anymore. Start by downloading K-9 and OpenKeychain, then go into OpenKeychain and start the config there.

Over the past few years it’s become increasingly popular to sound the call that ‘email is dead{#y8a0}.’ And while many complementary forms of synchronous and asynchronous communication – from IM to social networking – have evolved since email first came on the scene, it’s hard to see email suddenly disappearing from its role as the most important way organizations communicate. I expect to be scooting around on my hoverboard by the time email goes the way of the dinosaur.

aPad / iRobot / Moons e7001 Teardown

Sat, 05 Jun 2010 13:38:23 -0400

This is the aPad or iRobot Android 7″ tablet device from www.hiapad.com. I decided to tear mine apart, as the unit I received has a battery issue, and I hoped to see if I could find a bad solder point. In addition, I was curious to see just how hackable or extensible the hardware was. In the end, I was mostly surprised by how much of the thing is put together with tape. I suppose that is what you get for < $200 Android tablet! You can find the full product overview on the Hiapad site. I have also pasted in the basic specs below.

Tor on a Tablet

Tue, 25 May 2010 16:22:01 -0400

We recently acquired a Moons e-7001 “iRobot” tablet which runs Android 1.5. This device is also known as the “aPad”. It is a very basic iPad-clone, though honestly, it can’t really compare with the iPad in terms of quality of screen, build or general use. However, it does only cost $185, supports USB host mode, has a built-in camera, and it is running Android, an actual open-source operating system! It should also be pointed out that you can also now get the Archos 7 Android tablet, which is basically the same thing as this, from Amazon for $199.

Orbot goes Beta

Thu, 04 Mar 2010 16:14:01 -0400

As announced on the Tor Blog, an important development:

The Tor Project has been working very closely with Nathan Freitas and The Guardian Project to create an Android release. This is an early beta release and is not yet suitable for high security needs. The Android web browser is not protected by Torbutton and we have not yet developed an anonymous browser on the Android platform. Please be cautious with this release, it’s probably pretty fragile and it’s certainly not ready for serious use.

MobileActive Helps Secure Citizen Journalists

Tue, 02 Mar 2010 17:28:30 -0400

While we appreciate the mention in this new guide from MobileActive, we appreciate even more the hard work put into documenting practical solutions for citizen journalists that are available today. This guide covers both low and hi-tech approaches to using a mobile phone to document and share media, while still trying to protect your identity and safeguarding communication:

Mobile phones are used to compose stories, capture multi-media evidence and disseminate content to local and international audiences. This can be accomplished extremely quickly, making mobile media tools attractive to citizens and journalists covering rapidly unfolding events such as protests or political or other crises. The rise of mobiles has also helped extend citizen journalism into transient, poor or otherwise disconnected communities.

Orbot main screen redesign

Mon, 01 Mar 2010 21:48:06 -0400

Here’s a few screenshots of the new “ACTIVATE ORBOT!” user interface. Just polishing up some of the features and doing a last few days of diligent testing before we release to the wider public.

Overall, we want Tor on Android to be a one touch type experience, while still offering all the necessary options for configuration of bridges, rate limiting, etc.

The coolest Android-only feature, which unfortunately requires your device to be rooted, is the ability to choose which apps on your device will be “Torified” automatically and transparently.

Orbot: Initial Release (repost)

Wed, 10 Feb 2010 20:26:23 -0400

This was originally posted in October 2009.

I’d like to make this post without much fanfare. Just looking to share information on the work I’ve been doing with the fantastically radical team over at the Tor Project, as part of my work on the Guardian Project. We have successfully ported the native C Tor app to Android and built an Android application bundle that installs, runs and provides the glue needed to make it useful to end users…. secure, anonymous access to the web via Tor on Android is now a reality. (Update: Tor doesn’t magically encrypt all of your Internet activities, though. You should understand what Tor does and does not do for you.)