Seeking Ruby/Jekyll contractors to start ASAP

Guardian Project is seeking Ruby/Jekyll contractors for mobile/free software and privacy work! We’re looking for self-motivated, free software hackers to work with Guardian Project on privacy and internet freedom for mobile devices. Our work is 100% free software and we have a steady stream of projects that tie into F-Droid, Debian, Android, Fastlane, Mobifree and other exciting projects. We work to support people and communities around the world. This is a flexible, remote position but we also like to work in person when possible. [Read More]

Seeking part-time Grant Administrator

Location: Fully remote (African/European time zone) or Vienna, Austria. Type: Part-time contractor. About us Guardian Project is a small organization working to make a big impact in data privacy and secure communications. From the average person looking to use the internet and their mobile device more securely, to journalists needing to safely communicate with sources, to activists looking for secure communication channels, Guardian Project creates solutions that focus on privacy so you have true freedom. [Read More]

The future of our fdroid-compatible app repository

Guardian Project has been running its own fdroid-compatible app repository since 2012. Up until now, we worked to ensure that our repository had the same standards of free software as the official F-Droid repository. Therefore, the Guardian Project repository was included in the official F-Droid client app by default. A lot has changed since then, for the better. F-Droid has long since stopped shipping pre-built binaries from any provider. Back in the day, F-Droid shipped some binaries, like Mozilla’s Firefox APKs, and allowed some non-free libraries in apps. [Read More]

Quick set up guide for Encrypted Client Hello (ECH)

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project has developed an implementation of ECH for OpenSSL, and proof-of-concept implementations of various clients and servers that use OpenSSL, and other TLS libraries, as a demonstration and for interoperability testing. [Read More]

DEfO - Developing ECH for OpenSSL (round two)

Encrypted ClientHello (ECH) plugs a privacy-hole in TLS, hiding previously visible details from network observers. The most important being the name of the web-site the client wishes to visit (the Server Name Indication or SNI). This can be a major privacy leak, like when accessing a dissident news source hosted on a Content Delivery Network (CDN). A visible domain name also provides a straightforward method for censors to block websites and internet services. [Read More]

Improving website resilience with LibResilient and IPFS

We’re always looking for techniques to make services more resilient to all sorts of issues. That’s why we took special interest in LibResilient and mapped out it’s capabilities. It’s a JavaScript library for decentralized content delivery in web-browsers and markets itself as easy to deploy to any website. We’ve looked at LibResilient primarily in the context of static websites. While it should work with dynamic websites too, that was out of focus for us. [Read More]

Steps towards trusted VPNs

VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection. [Read More]

Free Software Tooling for Android Feature Extraction

As part of the Tracking the Trackers project, we are inspecting thousands of Android apps to see what kinds of tracking we can find. We are looking at both the binary APK files as well as the source code. Source code is of course easy to inspect, since it is already a form that is meant to be read and reviewed by people. Android APK binaries are a very different story. [Read More]

The Promise and Hazards of COVID Contact Tracing Apps

There has been increasing interest in the possibilities of tracking people who are infected with Coronavirus using all of the various methods that smart phones provide. There is good reason: “contact tracing” has been a pillar of public health efforts for decades. It is an effective means to curtail the spread of infectious disease. At the same time, governments, companies, and organizations are acting fast to offer services to help end this current pandemic. [Read More]

Improving Crowdsourced Translation of Long Form Text

We are happy to announce the start of work on another step in improving crowdsourced localization, funded by the ISC Project. This is the second part of our ongoing “Linguine” collaboration to move crowdsourced translation to privacy-respecting free software. Crowdsourced translation has proven enormously successful getting apps and website software translated into many languages. Using tools like Weblate or Transifex, developers can quite easily incorporate translated app strings into their mobile apps and websites. [Read More]

Setting up your own app store with F-Droid

(_This blog post as now been cooked into an updated HOWTO_) The Google Play Store for Android is not available in all parts of the world, US law restricts its use in certain countries like Iran, and many countries block access to the Play Store, like China. Also, the Google Play Store tracks all user actions, reporting back to Google what apps have been installed and also run on the phone. [Read More]