Category: Research

Recent news on Orweb flaws

August 2014: New browser development news here, including Orfox, our Firefox-based browser solution:¬†https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html   On Saturday, a new post was relased by Xordern entitled IP Leakage of Mobile Tor Browsers. As the title says, the post documents flaws in mobile browser apps, such as Orweb and Onion Browser, both which automatically route communication traffic over Tor. While we appreciate the…

Continue reading

Improving trust and flexibility in interactions between Android apps

Android provides a flexible system of messaging between apps in the form of Intents. It also provides the framework for reusing large chunks of apps based on the Activity class. Intents are the messages that make the requests, and Activitys are the basic chunk of functionality in an app, including its interface. This combination allows apps to reuse large chunks…

Continue reading

Four Ways InformaCam Powers Mobile Media Verification

Note: A big discussion topic of 2013 was about how hard cryptography and security is for average people, journalists and others. With that in mind, we’d like to sub-title this post “Making Mobile Crypto Easy for Eyewitnesses”, as the InformaCam software and process described below includes the full gamut of security and cryptography tools all behind a streamlined, and even…

Continue reading

Integrating Crypto Identities with Android

ver the past couple of years, Android has included a central database for managing information about people, it is known as the ContactsContract (that’s a mouthful). Android then provides the People app and reusable interface chunks to choose contacts that work with all the information in the ContactsContract database. Any time that you are adding an account in the Settings…

Continue reading

Keys, signatures, certificates, verifications, etc. What are all these for?

For the past two years, we have been thinking about how to make it easier for anyone to achieve private communications. One particular focus has been on the “security tokens” that are required to make private communications systems work. This research area is called internally Portable Shared Security Tokens aka PSST. All of the privacy tools that we are working…

Continue reading