On Verifying Identity Using Cryptography
Posted on March 19, 2012
| Hans-Christoph Steiner
One of the most important uses of cryptography these days is verifying the identity of the other side of a digital conversation. That conversation could be between two people using OTR-encrypted IM, a web browser showing a bank website, a Debian Developer uploading a package to the Debian build server, an ssh client logging into an ssh server, and on and on. In all of these cases, cryptography is used to ensure that the software is indeed receiving replies from the expected entity.
[Read More]
Adventures in Porting: GnuPG 2.1.x to Android!
Posted on March 15, 2012
| Hans-Christoph Steiner
PGP started with Phil Zimmerman’s Pretty Good Privacy, which is now turned into an open IETF standard known as OpenPGP. These days, the reference OpenPGP platform seems to be GnuPG: its used by Debian and all its derivatives in the OS itself for verifying packages and more. It is also at the core of all Debian development work, allowing the very diffuse body of Debian, Ubuntu, etc developers to communicate and share work effectively while maintaining a high level of security.
[Read More]
Our new F-Droid App Repository (out of date!)
Posted on March 15, 2012
| n8fr8
Update: this blog post has been changed to reference our new FDroid repository at https://guardianproject.info/fdroid. If you are still using the old one originally described here which has the URL https://guardianproject.info/repo, you should switch to the new repo as soon as possible!
For all of you out there looking for a safe way to find and download apps outside of the Play Store (aka Android Market) or random, sketchy third-party app stores and file sharing sites, then your wait is over:
[Read More]
VoIP Survey Results of NGOs, Human Rights Groups and Activists
Posted on March 7, 2012
| n8fr8
In November 2011, 25 individuals were surveyed using an online form, representing typical end-users, global journalists, activist and human rights organization perspectives (Thank you to all the participants!). The goal of the survey was to establish a baseline understanding of the types of tools and expectations our target user community has around making “telephone calls” over the internet, otherwise known as Voice over Internet Protocol (VoIP).
This survey is part of our work on the Open Secure Telephony Net (OSTN).
[Read More]
ObscuraCam v2 ALPHA (with video!)
Posted on March 2, 2012
| n8fr8
We’ve been making exciting progress with our work on ObscuraCam, part of the SecureSmartCam project with our partner WITNESS. The biggest jump forward is the addition of video support, including automated face detection, pixelization and redaction.
Screenshots below, and soon a video below (also at: http://youtu.be/9hi4c_DCrkw)
Source code branch is here: https://github.com/guardianproject/securesmartcam/tree/obscurav2
Latest ALPHA test build at: https://github.com/guardianproject/SecureSmartCam/ObscuraCam-2.0-Alpha-2.apk/qr_code
How many ways to store 5 numbers?
Posted on February 23, 2012
| Hans-Christoph Steiner
At the core of all software that aims to be secure, private and anonymous is encryption, or as I think of it, amazing math tricks with really large numbers. These really large numbers can serve as a token of identity or the key to information locked away behind the encryption math. There are a number of different encryption methods commonly used based on different mathematical ideas, but they all rely on people managing sets of really large numbers, usually known as keys.
[Read More]
Free SIP Providers with ZRTP support
Posted on February 22, 2012
| lee
This post is part of a series on our work researching the Open Secure Telephony Network. After you have CSipSimple installed on your mobile handset, you will need a place to register a SIP username so you can contact others. The fastest way to get started with this is to use one of a handful of free SIP providers. I like the Ekiga free SIP service.
The only drawback to this service is the userbase is large enough that the namespace of easy to remember words is frequently occupied.
[Read More]
Open Source SIP Client for Android
Posted on February 22, 2012
| lee
The first step in the Open Secure Telephony Network (OSTN) is a client. We can’t make a phone call without a phone. In this case there are three primary goals and a number of optional features. The primary goal is an application which speaks the SIP protocol for signalling. It must also speak the ZRTP protocol for peer to peer encryption key exchange. Finally the client must have source code freely available with a license that allows free redistribution.
[Read More]
Open Secure Telephony Network
Posted on February 22, 2012
| lee
Over the last two months, I have been working on a project to research and develop a set of tools to provide secure peer to peer Voice over IP on the Android mobile platform. It is called the Open Secure Telephony Network, or OSTN. This work is done under the umbrella of The Guardian Project.
this is not the type of “open” we mean, and definitely not secure
The project will continue for another four months and I will post my public findings here.
[Read More]
February 2012: Project Update
Posted on February 9, 2012
| n8fr8
Through coordination with the Tor Project, we released Orbot 1.0.7, which includes an embedded version of OpenSSL to assure we have the latest security enhancements for this critical cryptographic library. In addition, compatibility testing was done on Android 4.0 (Ice Cream Sandwich) and with the latest versions of Firefox Mobile. As always you can learn more and download Orbot in the Android Market and at https://guardianproject.info/apps/orbot
With the public awareness of internet censorship and surveillence growing thanks to SOPA, PIPA and CarrierIQ, not to mention the ongoing unrest in many regions if the world, we have seen a huge spike in interest and download of Orbot, Orweb and Gibberbot.
[Read More]
Introducing InformaCam
Posted on January 20, 2012
| harlo
These are interesting times, if you go by Times Magazine as an indicator. The magazine’s person of the year for 2011 was The Protester, preceded in 2010 by Facebook founder Mark Zuckerberg. Both entities partners with equal stake in freely sharing the digital content that shows the world what’s going on in it, at any time, from behind any pair of eyes.Also casting in their lot with the others is Time Magazine’s 2006 person of the year, You: the You that puts the “you” in “user-generated content;” the You whose miasma of bits, bytes, and the powerful images they express are becoming increasingly problematic.
[Read More]
Strong Mobile Passwords with Yubikey USB Token
Posted on January 4, 2012
| n8fr8
We have been experimenting with the Yubikey, a USB hardware password token, a bit over the last few weeks and would like to share our initial findings. We have not received any financial support or donation from Yubico for this work. We simply think they have a very affordable, interesting product that, due to its design, does *not* require any on-device driver software and can easily work with any Android device that supports USB Host/HID mode.
[Read More]
Thoughts on Mobile Video for Activism
Posted on December 22, 2011
| n8fr8
I’ve co-written a blog post with Bryan Nunez of WITNESS, on some important concepts around using mobile video technology within activists and protest situations. It is up now on their blog, but here is a short excerpt:
Activists all over the world have turned to mobile phones to organize, coordinate and document their struggle. Images and videos shot on mobile phones have been the standard for what revolution looks like in the public imagination.
[Read More]
SQLCipher for Android v1 FINAL!
Posted on November 29, 2011
| n8fr8
Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.
If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:
SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files.
[Read More]
Don’t Get Burned, Anonymize Your Fire
Posted on November 16, 2011
| n8fr8
Thanks to Jesse Vincent, aka @obra of the K-9 mail project, we can say that Orbot (Tor on Android) and Orweb (Privacy Browser) work just fine on the new Amazon Kindle Fire. This means that while everything you do through Amazon’s store and browser are tracked and accounted for by Team Bezos, you can use our apps to more safely and privately access web content through the Tor network. While we are mostly Nook Color fans around here, we know that the Kindle Fire is going to be quite popular this Christmas, and are glad to see that mobile privacy now has a toehold on the device from Seattle.
[Read More]
Two years in…
Posted on October 25, 2011
| n8fr8
Greetings mobile believers,
I am about to head into the first ever Silicon Valley Human Rights Conference, aka #RightsCon, and though I would post some thoughts about the state of the Guardian Project, and the world in which we operate. RightsCon looks to be an amazing event (live streaming here: https://www.rightscon.org/), by an amazing organization (Access), and it comes at an interesting time in the world, and for our project.
[Read More]
Progress on Mobile Video Privacy Tools
Posted on September 10, 2011
| n8fr8
If you are a developer you may just want to skip all the prose below, and just jump over to Github to find our new FFMPEG on Android project{.vt-p} and build system. You can also check out our SSCVideoProto Project{.vt-p} to understand how we are using it to redact faces and other identifying areas of HD video right on the Android phone itself. For more context, read on…
Last October at the Open Video Conference 2010, the idea of a camera application that could be designed to understand the needs and requirements of the human rights community was born.
[Read More]
CACertMan app to address DigiNotar & other bad CA’s
Posted on September 5, 2011
| n8fr8
As I expect many of you are aware, there was a major compromise to a Dutch Certificate Authority named “DigiNotar” recently, where they allowed SSL certs for domains like *.google.com, *.torproject.org and even *.cia.gov as well as *.*.com to be issued.
It was brought up to the contribs of CyanogenMOD that they should probably remove the DigiNotar CA cert from the built-in Android OS keystore (located at /system/etc/security/cacerts.bks). Since they have 500k+ users, and can be more nimble than other ROM/device distributors, it was seen as a way to quickly address the problem, at least within their community.
[Read More]
ACLU believes “Software Developers Can Put Privacy First!” (and so do we!)
Posted on August 19, 2011
| n8fr8
A bit more on our big win in the Develop4Privacy contest, from Brian Robick at the ACLU of Washington State:
When software developers put privacy first, everybody wins!
Too often, user privacy is an afterthought in the design of computer software and online services. In recent months, social networks have rolled back changes, cell phone manufacturers have altered the way that location tracking data is stored, and most recently, mobile application developers have been caught inappropriately collecting children’s personal data.
[Read More]
Announcing ObscuraCam v1 – Enhance Your Visual Privacy!
Posted on June 23, 2011
| Derek
We’re very happy to announce the beta release of ObscuraCam for Android. This is the first release from the SecureSmartCam project, a partnership with WITNESS, a leading human rights video advocacy and training organization. This is the result of an open-source development cycle, comprised of multiple sprints (and branches), that took place over the last five months. This “v1” release is just the first step towards the complete vision of the project.
[Read More]
