A Network Analysis of Encrypted Voice over OSTN
Posted on July 5, 2012
| patch
Introduction to OSTN
The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable.
[Read More]
Our Research
Posted on July 3, 2012
| n8fr8
You can track our latest work on our public research wiki located at https://guardianproject.info/wiki or through the links below.
EVENTS Head to the Events page for a full list of past and future events that we’ll be attending or featured at.
RESEARCH & DEVELOPMENT In addition to our open software development projects, we’re actively engaged in a number of research projects focused on critical unsolved mobile security problems. Solving these problems with freely available, open source software has the potential to greatly benefit activists, human rights defenders and journalists worldwide.
[Read More]
Freebird Flys High
Posted on June 28, 2012
| mark
Freebird: Rio group picture via Obscuracam for Android What happens when you gather coders with privacy and security activists from around the world? Freebird! We held a simultaneous event in NYC and Rio, a one-day barcamp aimed to empower users to be more informed and engaged around their use of mobile technology, while engaging with developers to promote interest in open-source tools, security and privacy. Freebird was a pre-event for RightsCon:Rio, which allowed us to continue and extend conversations and ideas into the larger context of information technologies and human rights.
[Read More]
Orbot Data Tax (Updated!)
Posted on June 20, 2012
| patch
Update (6/26/12): I Found Orbot to have lower idle usage then previously recorded. The post now reflects the new statistics. The previous stats were based on idle usage at 92 bytes/s
There have been many inquiries about the cost of Orbot’s data usage. I ran five different tests to record the types of data tax a user might encounter. Heavy usage of Orbot combined with a low monthly data allotment could be an issue.
[Read More]
Auditing Twitter With Orbot
Posted on June 13, 2012
| patch
Twitter’s new Android application provides a proxy option that supports Orbot. It is a great way to access Twitter, particularly if Twitter is blocked. Check out the Orbot Your Twitter blog post! That post explains how to set up Orbot with Twitter, however, it came with an important disclaimer:
WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time.
[Read More]
<!--:en-->A Partnership for Open Secure Mobile Messaging between iOS and Android<!--:-->
Posted on June 8, 2012
| n8fr8
We believe in protocols, not products. We believe in partnerships, not proprietary fiefdoms. We believe in building a community of collaborators, not a cacophony of criticism and unnecessary competition. We believe in practical solutions to perilous problems.
With all of this in mind, we are very happy to announce our partnership and support of the ChatSecure for iOS open-source free software project. Through our our two year history, we have been lucky to receive support from a variety of donors and funders, and we are now using what influence and opportunities we have to endorse other projects that we feel are compatible with our outlook and goals.
[Read More]
<!--:en-->OSTN secure VoIP wizard now built into CSipSimple for Android<!--:-->
Posted on May 26, 2012
| n8fr8
If you saw our last post about how to
setup your own secure voice-over-IP server instance, then this news is for you.
If you are an Android user looking for the best open-source VoIP app, and really need one that can support secure communications, then this post is ALSO for you.
CSipSimple, the previously mentioned “best VoIP app”, now includes a wizard for setting up an account configuration for any server which complies with our Open Secure Telephony Network specification.
[Read More]
<!--:en-->Build your own Open Secure Telephony Network, some assembly required<!--:-->
Posted on May 17, 2012
| lee
The Open Secure Telephony Network is a standard that defines how to configure a VoIP softswitch with the capability to have secure two-way VoIP conversations if both parties are using the same server. The system requires both backend and frontend components, which makes OSTN is a little different than some of the other Guardian apps. Unlike Gibberbot, there are few public SIP services that support secure signalling for a mobile app to connect with.
[Read More]
IOCipher lives! encrypted virtual file system for Android
Posted on May 17, 2012
| Hans-Christoph Steiner
Nathan and I just got the first complete test of IOCipher working in the IOCipherServer/SpotSync app. We created a filesystem sqlite.db file, then mounted it and got all the files via HTTP. In the test suite, I have lots of operations all running fine and encrypting! The core idea here is a java.io API replacement that transparently writes to an encrypted store. So for the most part, just change your import statements from:
[Read More]
<!--:en-->Bye, bye, BBM! Facebook Allows Verifiable Encrypted Mobile Messaging for Android and iOS; Mobile Revenue Threatened?<!--:-->
Posted on May 16, 2012
| n8fr8
Yes, yes, we are trying to get in on all of the Facebook pre-IPO buzz. Fortunately, the headline is true – through
Facebook’s support for open-standards messaging, our secure mobile messaging app, Gibberbot for Android, can be used to communicate securely with any other friend on Facebook who is ALSO using a secure messaging app. Whether it is Gibberbot, ChatSecure for iOS, Adium (Mac), Pidgin (Windows/Linux), or one of the many secure messaging apps that support the Off-the-Record encryption capability, Facebook allows encrypted messaging between mobile and desktops alike.
[Read More]
Cross-Domain calling, or “toll-free long distance VoIP”
Posted on May 4, 2012
| lee
In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node.
[Read More]
Orbot Your Twitter!
Posted on May 2, 2012
| n8fr8
In some ways, Twitter is the perfect application to run over the Tor network. It works with small bits of data, it is asynchronous, works naturally in a “store and forward” queue model, and in general, has a decent amount of default security built-in through HTTP/S support and OAuth. Compared to the problem-child of the open web, which often involves large websites, streaming video, flash embeds, and malicious javascript, Twitter is a nearly perfect candidate for use over a secure, anonymous (but sometimes high latency) network.
[Read More]
Mobile mesh in a real world test
Posted on May 2, 2012
| Hans-Christoph Steiner
Nathan, Mark, Lee, and I tried some OLSR mesh testing during the May Day protests and marches. We were able to get 4 devices to associate and mesh together, but not without some trials and travails. Two pairs of devices setup two separate BSSIDs, so were on separate networks. We turned them all off, then associated them one at a time, and then they all got onto the same BSSID and olsrd started doing its thing.
[Read More]
Singing and Dancing for Encryption
Posted on April 19, 2012
| mark
If you see me dancing or signing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy?
[Read More]
User scenarios to guide our crypto development
Posted on April 14, 2012
| Hans-Christoph Steiner
At Guardian Project, we find user-centered development to be essential to producing useful software that addresses real world needs. To drive this, we work with user stories and scenarios as part of the process of developing software. One particular development focus is the Portable Shared Security Token (PSST) project, which aims to make it easy to use encryption across both mobile and desktop computers, as well as keep the stores of cryptographic identities (i.
[Read More]
How We Help
Posted on April 10, 2012
| n8fr8
While we think that a secure, privacy-enhanced mobile phone is a good thing for just about anybody going about their daily lives, we like to also consider the extreme cases, where this technology might change the course of someones life.
The Economist covered our work with WITNESS on Secure Smart Cameras, and the “Future of Protest Video”.
Below are a few ideas of how Guardian phones might be used in the real world.
[Read More]
Transparent encrypted virtual disks for Android (we call it IOCipher)
Posted on April 3, 2012
| Hans-Christoph Steiner
When using phones, laptops, computers, etc. it feels like a private experience, as if our screen was the same as a piece of paper, and when that paper is gone, then no one can see it anymore. Digital media works very differently. While the user interface portrays the deletion of files as very final, for someone with the right tools, it is actually not hard to recover deleted files. Also, digital information takes up so little space, we now regularly carry vast amounts of information in our pockets.
[Read More]
Knight News funding of SecureSmartCam = a #WIN for open-source mobile security
Posted on March 29, 2012
| n8fr8
Along with our partner WITNESS, we’ve entered our SecureSmartCam project into the Knight News Challenge, and we need your support to get to the next round.
Here’s a bit more about the challenge:
The Knight News Challenge, an international media innovation contest, is evolving – and will be offered three times, with three different topics. The first challenge will be centered on networks, and will accept applications Feb. 27 – March 17.
[Read More]
Call My Email
Posted on March 22, 2012
| mark
What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN).
The internet is already structured to be able to do this. That’s why I can have all of my emails point to one email box if I want to.
[Read More]
Acrobits Groundwire – OSTN supports iPhone
Posted on March 21, 2012
| lee
The Guardian Project develops open source software primarily for the Android platform but we strive for security by design to be a part of all platforms. With OSTN, there are two major components. The the first is the server, which operates as the primary user directory and call switch. The other is the client, which is the program you interact with to send and receive calls.
While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws.
[Read More]