The Guardian Project team spends a lot of time thinking about users. In our work we focus on easy-to-use applications for users in high-risk scenarios. Because of this we are very focused on security. In our current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to…
Category: Research
HOWTO: get all your Debian packages via Tor Onion Services
Following up on some privacy leaks that we looked into a while back, there are now official Debian Tor Onion Services for getting software packages and security updates, thanks to the Debian Sys Admin team. This is important for high risk use cases like TAILS covers, but also it is useful to make it more difficult to do some kinds…
How to Migrate Your Android App’s Signing Key
It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated. What? The Android OS requires that every application installed be signed by a digital key. The purpose behind this signature is to identify the author of the application, allow this author and this author alone…
First Reproducible Builds Summit
I was just in Athens for the “Reproducible Builds Summit“, an Aspiration-run meeting focused on the issues of getting all software builds to be reproducible. This means that anyone starting with the same source code can build the exact same binary, bit-for-bit. At first glance, it sounds like this horrible, arcane detail, which it is really. But it provides tons…

Orfox: Aspiring to bring Tor Browser to Android
Update 24 September, 2015: Orfox BETA is now on Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.orfox In the summer of 2014 (https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html), we announced that the results of work by Amogh Pradeep (https://github.com/amoghbl1), our 2014 Google Summer of Code student, has proven we could build Firefox for Android with some of the settings and configurations from the Tor Browser desktop software. We called this…