Advisory

Bruce Schneier was kind enough to post about our work on ProofMode to his blog. A decent set of comments ensued, which we have considered, measured and weighed. We posted the response below on the post, and now also here. We also received an excellent set of feedback from the Lieberbiber blog. Below are responses to the various concerns raised, and links to work completed or in progress. At a high level, securely dating files, digital notarization, easy capture of sensor metadata, among other things, are not solved problems. [Read More]

Over the last few months, the Guardian Project team has been thinking about how to approach the next five years of our work. An idea of “security so easy and seamless, that it is boring” came to the surface through some discussions. This led us to look for inspiration in important inventions and innovations of the past, that provide safety and security to all on a day-to-day basis, without the users of these technologies hardly thinking about them. [Read More]

ChatSecure v12 Provides Comprehensive Mobile Security and a Whole New Look The Guardian Project’s award-winning open-source app “Gibberbot” for Android, has been rebranded to “ChatSecure” for its version 12 release, unifying the branding with the iPhone and iPad apps, while offering major updates in security from the device through the network. Download on Google Play or Direct Download now. October 20, New York, NY – The Guardian Project, a New York-based open-source mobile security incubator, has launched version 12 of its well-regarded secure messaging app for Android, rebranding it to “ChatSecure” to unify branding with existing open-source iPhone and iPad apps. [Read More]

The Orweb browser app is vulnerable to leak the actual IP of the device it is on, if it loads a page with HTML5 video or audio tags on them, and those tags are set to auto-start or display a poster frame. On some versions of Android, the video and audio player start/load events happen without the user requesting anything, and the request to the URL for the media src or through image poster is made outside of the proxy settings. [Read More]