From #HOPE9: Your Cell Phone Is Covered in Spiders! – Practical Android Security
Posted on July 19, 2012
| n8fr8
Cooperq gave a great talk on Android security late Saturday night at the recent Hackers on Planet Earth Number 9 aka Hope9 gathering. You can find the slides/src on Github and video up on Vimeo. Cooper wrote some notes, as well:
This talk was given at hope 9. Please feel free to give it yourself, repourpose it, add to it or do whatever you want. I release this talk to the public domain.
[Read More]
Threats and Usability of Secure Voice
Posted on July 10, 2012
| patch
In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple.
[Read More]
A Network Analysis of Encrypted Voice over OSTN
Posted on July 5, 2012
| patch
Introduction to OSTN
The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable.
[Read More]
Freebird Flys High
Posted on June 28, 2012
| mark
Freebird: Rio group picture via Obscuracam for Android What happens when you gather coders with privacy and security activists from around the world? Freebird! We held a simultaneous event in NYC and Rio, a one-day barcamp aimed to empower users to be more informed and engaged around their use of mobile technology, while engaging with developers to promote interest in open-source tools, security and privacy. Freebird was a pre-event for RightsCon:Rio, which allowed us to continue and extend conversations and ideas into the larger context of information technologies and human rights.
[Read More]
Orbot Data Tax (Updated!)
Posted on June 20, 2012
| patch
Update (6/26/12): I Found Orbot to have lower idle usage then previously recorded. The post now reflects the new statistics. The previous stats were based on idle usage at 92 bytes/s
There have been many inquiries about the cost of Orbot’s data usage. I ran five different tests to record the types of data tax a user might encounter. Heavy usage of Orbot combined with a low monthly data allotment could be an issue.
[Read More]
Auditing Twitter With Orbot
Posted on June 13, 2012
| patch
Twitter’s new Android application provides a proxy option that supports Orbot. It is a great way to access Twitter, particularly if Twitter is blocked. Check out the Orbot Your Twitter blog post! That post explains how to set up Orbot with Twitter, however, it came with an important disclaimer:
WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time.
[Read More]
<!--:en-->A Partnership for Open Secure Mobile Messaging between iOS and Android<!--:-->
Posted on June 8, 2012
| n8fr8
We believe in protocols, not products. We believe in partnerships, not proprietary fiefdoms. We believe in building a community of collaborators, not a cacophony of criticism and unnecessary competition. We believe in practical solutions to perilous problems.
With all of this in mind, we are very happy to announce our partnership and support of the ChatSecure for iOS open-source free software project. Through our our two year history, we have been lucky to receive support from a variety of donors and funders, and we are now using what influence and opportunities we have to endorse other projects that we feel are compatible with our outlook and goals.
[Read More]
<!--:en-->OSTN secure VoIP wizard now built into CSipSimple for Android<!--:-->
Posted on May 26, 2012
| n8fr8
If you saw our last post about how to
setup your own secure voice-over-IP server instance, then this news is for you.
If you are an Android user looking for the best open-source VoIP app, and really need one that can support secure communications, then this post is ALSO for you.
CSipSimple, the previously mentioned “best VoIP app”, now includes a wizard for setting up an account configuration for any server which complies with our Open Secure Telephony Network specification.
[Read More]
<!--:en-->Bye, bye, BBM! Facebook Allows Verifiable Encrypted Mobile Messaging for Android and iOS; Mobile Revenue Threatened?<!--:-->
Posted on May 16, 2012
| n8fr8
Yes, yes, we are trying to get in on all of the Facebook pre-IPO buzz. Fortunately, the headline is true – through
Facebook’s support for open-standards messaging, our secure mobile messaging app, Gibberbot for Android, can be used to communicate securely with any other friend on Facebook who is ALSO using a secure messaging app. Whether it is Gibberbot, ChatSecure for iOS, Adium (Mac), Pidgin (Windows/Linux), or one of the many secure messaging apps that support the Off-the-Record encryption capability, Facebook allows encrypted messaging between mobile and desktops alike.
[Read More]
Cross-Domain calling, or “toll-free long distance VoIP”
Posted on May 4, 2012
| lee
In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node.
[Read More]
Singing and Dancing for Encryption
Posted on April 19, 2012
| mark
If you see me dancing or singing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy?
[Read More]
Call My Email
Posted on March 22, 2012
| mark
What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN).
The internet is already structured to be able to do this. That’s why I can have all of my emails point to one email box if I want to.
[Read More]
Acrobits Groundwire – OSTN supports iPhone
Posted on March 21, 2012
| lee
The Guardian Project develops open source software primarily for the Android platform but we strive for security by design to be a part of all platforms. With OSTN, there are two major components. The the first is the server, which operates as the primary user directory and call switch. The other is the client, which is the program you interact with to send and receive calls.
While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws.
[Read More]
Adventures in Porting: GnuPG 2.1.x to Android!
Posted on March 15, 2012
| Hans-Christoph Steiner
PGP started with Phil Zimmerman’s Pretty Good Privacy, which is now turned into an open IETF standard known as OpenPGP. These days, the reference OpenPGP platform seems to be GnuPG: its used by Debian and all its derivatives in the OS itself for verifying packages and more. It is also at the core of all Debian development work, allowing the very diffuse body of Debian, Ubuntu, etc developers to communicate and share work effectively while maintaining a high level of security.
[Read More]
February 2012: Project Update
Posted on February 9, 2012
| n8fr8
Through coordination with the Tor Project, we released Orbot 1.0.7, which includes an embedded version of OpenSSL to assure we have the latest security enhancements for this critical cryptographic library. In addition, compatibility testing was done on Android 4.0 (Ice Cream Sandwich) and with the latest versions of Firefox Mobile. As always you can learn more and download Orbot in the Android Market and at https://guardianproject.info/apps/orbot
With the public awareness of internet censorship and surveillence growing thanks to SOPA, PIPA and CarrierIQ, not to mention the ongoing unrest in many regions if the world, we have seen a huge spike in interest and download of Orbot, Orweb and Gibberbot.
[Read More]
Introducing InformaCam
Posted on January 20, 2012
| harlo
These are interesting times, if you go by Times Magazine as an indicator. The magazine’s person of the year for 2011 was The Protester, preceded in 2010 by Facebook founder Mark Zuckerberg. Both entities partners with equal stake in freely sharing the digital content that shows the world what’s going on in it, at any time, from behind any pair of eyes.Also casting in their lot with the others is Time Magazine’s 2006 person of the year, You: the You that puts the “you” in “user-generated content;” the You whose miasma of bits, bytes, and the powerful images they express are becoming increasingly problematic.
[Read More]
Thoughts on Mobile Video for Activism
Posted on December 22, 2011
| n8fr8
I’ve co-written a blog post with Bryan Nunez of WITNESS, on some important concepts around using mobile video technology within activists and protest situations. It is up now on their blog, but here is a short excerpt:
Activists all over the world have turned to mobile phones to organize, coordinate and document their struggle. Images and videos shot on mobile phones have been the standard for what revolution looks like in the public imagination.
[Read More]
SQLCipher for Android v1 FINAL!
Posted on November 29, 2011
| n8fr8
Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.
If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:
SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files.
[Read More]
Don’t Get Burned, Anonymize Your Fire
Posted on November 16, 2011
| n8fr8
Thanks to Jesse Vincent, aka @obra of the K-9 mail project, we can say that Orbot (Tor on Android) and Orweb (Privacy Browser) work just fine on the new Amazon Kindle Fire. This means that while everything you do through Amazon’s store and browser are tracked and accounted for by Team Bezos, you can use our apps to more safely and privately access web content through the Tor network. While we are mostly Nook Color fans around here, we know that the Kindle Fire is going to be quite popular this Christmas, and are glad to see that mobile privacy now has a toehold on the device from Seattle.
[Read More]
Two years in…
Posted on October 25, 2011
| n8fr8
Greetings mobile believers,
I am about to head into the first ever Silicon Valley Human Rights Conference, aka #RightsCon, and though I would post some thoughts about the state of the Guardian Project, and the world in which we operate. RightsCon looks to be an amazing event (live streaming here: https://www.rightscon.org/), by an amazing organization (Access), and it comes at an interesting time in the world, and for our project.
[Read More]