IOCipher 1.0 community reboot

 Posted on February 1, 2025  |  Zoff

IOCipher update to version 1.0 We are thrilled to announce that a community contributor has picked up maintaining a fork of IOCipher and updated to IOCipher 1.0, designed to enhance your development experience and empower you to create more secure applications with ease. Here’s what’s new and why it matters to you: 1. Enhanced Features We introduced a few new features. Most notably IOCipher is also available on Desktop Java for Linux and Windows now. [Read More]
Android  JNI  iocipher  security 

Achieve Onion Layers of Security with the Triad of Apple-tizing Apps!

 Posted on July 25, 2023  |  Intern Alfred

Our summer intern Alfred just graduated high-school and is preparing to attend a major university to focus on a technical degree. He has a personal interest in privacy and security, and is working with us on a variety of projects this summer as part of a broad, crash-course in all things Guardian Project! Last week, I worked with three different apps for the iPhone that, when they work together, allow for a secure and private mobile internet experience. [Read More]
usability  torproject  orbot  ios  iphone  apple 

Improving Usability of Tor on Smartphones in Latin America

 Posted on June 2, 2023  |  Fabiola, Carrie, and Nathan

Between 2022 and 2023 Guardian Project, with support from Okthanks and the Tor Project, organized and participated in a total of 12 workshops in Ecuador, Mexico and Brazil with the participation of 161 people. The workshops focused both on the broad topic of “Tor for Smartphones”, while also taking deeper dives into specific topics like virtual private networks VPNs) and anonymous web browsing. Through a variety of methods, we gathered feedback from the participants in each of those sessions. [Read More]
usability  torproject  orbot  latinamerica 

Privacy Preserving Analytics in the Real World: Mailvelope Case Study

 Posted on February 28, 2022  |  John

We love Mailvelope. It’s a popular browser extension for encrypting email messages. Now, Clean Insights is helping Mailvelope understand which webmail providers are most popular with their users so they can prioritize their development efforts. Anyone who has written software knows it takes hard work to craft a great user experience. That’s even more challenging in Mailvelope’s case. Their browser extension integrates with more than a dozen ever-changing third party webmail interfaces. [Read More]
analytics  Clean Insights  open source 

Implementing TLS Encrypted Client Hello

 Posted on November 30, 2021  |  Hans-Christoph Steiner

As part of the DEfO project, we have been working on accelerating the development Encrypted Client Hello (ECH) as standardized by the IETF. ECH is the next step in improving Transport Layer Security (TLS). TLS is one of the basic building blocks of the internet, it is what puts the S in HTTPS. The ECH standard is nearing completion. That is exciting because ECH can encrypt the last plaintext TLS metadata that it is possible to encrypt. [Read More]
Android  Apache  BoringSSL  Conscrypt  DEfO  ECH  ESNI  IETF  metadata  nginx  OpenSSL  privacy  TLS 

New insights into clean analytics

 Posted on March 2, 2021  |  Hans-Christoph Steiner

There is a giant problem with the “collect it all” status quo that pervades on the Internet, this has been clear for a long time. Tracking people has become so widespread that organizations, communities, projects and university labs have sprung up dedicated to detecting and publicizing their presence. Data and analytics are clearly useful for software creators and funders, but they also easily lead to harming people’s privacy and well-being. [Read More]
analytics  Clean Insights  metadata  PII  privacy  tracking 

Usability: the wonderful, powerful idea that betrayed us

 Posted on February 18, 2021  |  Hans-Christoph Steiner

Usability triggered a revolution in computing, taking arcane number crunching machines and making them essential tools in so many human endeavors, even those that have little to do with mathematics. It turned the traditional design approach on its head. Initially, experts first built a system then trained users to follow it. User experience design starts with goals, observes how people actually think and act in the relevant context, then designs around those observations, and tests with users to ensure it fits the users’ understanding. [Read More]
analytics  Clean Insights  privacy  surveillance capitalism  tracking  Tracking the Trackers  usability 

Clean Insights: February 2021 Update on Privacy-Preserving Measurement

 Posted on February 10, 2021  |  Nathan (n8fr8)

Greetings, all. I hope this finds you healthy and well, finding ways to enjoy the season (whichever it may be). While everyday still provides new challenges in the life of our team at Guardian Project, we continue to strive to be productive as productive as we can be in our professional and personal lives. I’ve just posted an updated presentation on Clean Insights, reflecting on the symposium in May, and the work we have done since then. [Read More]
tracking  Clean Insights  IETF  Tracking the Trackers  developers  metrics  analytics  sdks 

New Data Sources: API Key Identifiers and BroadcastReceiver Declarations

 Posted on December 15, 2020  |  Hans-Christoph Steiner

A central focus of the Tracking the Trackers project has been to find simple ways to detect whether a given Android APK app file contains code which tracks the user. The ideal scenario is a simple program that can scan the APK and tell a non-technical user whether it contains trackers, but as decades of experience with anti-virus and malware scanners have clearly demonstrated, scanners will always contain a large degree of approximation and guesswork. [Read More]
Android  Exodus Privacy  F-Droid  fdroid  feature extraction  NGI0 PET  NLnet  tracking  Tracking the Trackers 

εxodus ETIP: The Canonical Database for Tracking Trackers

 Posted on December 11, 2020  |  Hans-Christoph Steiner

There is a new story to add to the list of horrors of Surveillance Capitalism: the United States’ Military is purchasing tracking and location data from companies that track many millions of people. We believe the best solution starts with making people aware of the problem, with tools like Exodus Privacy. Then they must have real options for stepping out of “big tech”, where tracking dominates. F-Droid provides Android apps that are reviewed for tracking and other “anti-features”, and F-Droid is built into mobile platforms like CalyxOS that are free of proprietary, big tech software. [Read More]
Android  Exodus Privacy  F-Droid  fdroid  feature extraction  NGI0 PET  NLnet  tracking  Tracking the Trackers 

Distribution in Depth: Mirrors as a Source of Resiliency

 Posted on December 7, 2020  |  Hans-Christoph Steiner

There are many ways to get the apps and media, even when the Internet is expensive, slow, blocked, or even completely unavailable. Censorshop circumvention tools from ShadowSocks to Pluggable Transports can evade blocks. Sneakernets and nearby connections work without any network connection. Hosting on Content Delivery Networks (CDNs) can make hosting drastically cheaper and faster. One method that is often overlooked these days is repository mirrors. Distribution setups that support mirrors give users the flexibility to find a huge array of solutions for problems when things are not just working. [Read More]
Android  distribution  F-Droid  fdroid  pluto  Wind 

Managing offline maps with F-Droid and OsmAnd

 Posted on November 28, 2020  |  Hans-Christoph Steiner

When disaster strikes, our mobile devices can provide us with many tools to deal with a wide variety of problems. The internet is not available in every corner of the planet, and large scale outages happen. Digital maps allow us to carry detailed maps of the entire planet in our pockets. And the good map apps allow the user to download entire regions to the device so that they operate without internet at all. [Read More]
F-Droid  fdroid  offline  OsmAnd  Wind  WINS 

Easy translation workflows and the risks of translating in the cloud

 Posted on June 8, 2020  |  Hans-Christoph Steiner

Crowdsourced translation has opened up software and websites to whole new languages, regions, and uses. Making translating easier has brought in more contributors, and deploying those languages requires less work. A number of providers now offer “live”, integrated translation, speeding up the process of delivering translated websites. On the surface, this looks like a big win. Unfortunately, the way such services have been implemented opens up a big can of worms. [Read More]
Hugo  Jekyll  Linguine  localization  poedit  privacy  tracking  translation  Weblate  Wordpress 

Free Software Tooling for Android Feature Extraction

 Posted on May 6, 2020  |  Hans-Christoph Steiner

As part of the Tracking the Trackers project, we are inspecting thousands of Android apps to see what kinds of tracking we can find. We are looking at both the binary APK files as well as the source code. Source code is of course easy to inspect, since it is already a form that is meant to be read and reviewed by people. Android APK binaries are a very different story. [Read More]
Android  debian  Exodus Privacy  feature extraction  free software  machine learning  NGI0 PET  NLnet  open source  Tracking the Trackers 

"Features" for Finding Trackers

 Posted on April 28, 2020  |  Hamilton Kaplan

One key component of the Tracking the Trackers project is building a machine learning (ML) tool to aide humans to find tracking in Android apps. One of the most important pieces of developing a machine learning tool is figuring out which “features” should be fed to the machine learning algorithms. In this context, features are constrained data sets derived from the whole data set. In our case, the whole data set is terabytes of APKs. [Read More]
Android  Exodus Privacy  feature extraction  machine learning  NGI0 PET  NLnet  research  tracking  Tracking the Trackers 

Figuring Out Crowdsourced Translation of Websites

 Posted on April 23, 2020  |  Hans-Christoph Steiner

Crowdsourced translation platforms like Weblate, Transifex, Crowdin, etc. have proven to be a hugely productive way to actively translate apps and desktop software. Long form texts like documentation and websites remain much more work to translate and keep translated. Many translation services currently support Markdown and HTML, but very basically, which means much more work for translators and webmasters. Translators can inadvertently break things, either with a typo or because of a lack of knowledge of a specific syntax. [Read More]
Linguine  localization  po4a  translation  usability  weblate 

Tracking the Trackers: using machine learning to aid ethical decisions

 Posted on January 16, 2020  |  Hans-Christoph Steiner

F-Droid is a free software community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It has become the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. [Read More]
Android  Exodus Privacy  F-Droid  fdroid  machine learning  NGI0 PET  NLnet  privacy  research  surveillance  tracking  Tracking the Trackers 

IOCipher 64-bit builds

 Posted on October 7, 2019  |  Hans-Christoph Steiner

IOCipher v0.5 includes fulil 64-bit support and works with the latest SQLCipher versions. This means that the minimum supported SDK version had to be bumped to android-14, which is still older than what Google Play Services and Android Support libraries require. One important thing to note is that newer SQLCipher versions require an upgrade procedure since they changed how the data is encrypted. Since IOCipher does use a SQLCipher database, and IOCipher virtual disks will have to be upgraded. [Read More]
Android  iocipher  security 

Tor Project: Orfox Paved the Way for Tor Browser on Android

 Posted on September 3, 2019  |  n8fr8

Last month, we tagged the final release of Orfox, an important milestone for us in our work on Tor. Today, we pushed this final build out to all the Orfox users on Google Play, which forces them to upgrade to the official Tor Browser for Android.. Our goal was never to become the primary developer or maintainer of the “best” tor-enabled web browser app on Android. Instead, we chose to act as a catalyst to get the Tor Project and the Tor Browser development team themselves to take on Android development, and upstream our work into the primary codebase. [Read More]
Android  tor  orfox  proxy  security  tor  firefox 

NetCipher update: global, SOCKS, and TLSv1.2

 Posted on June 25, 2019  |  Hans-Christoph Steiner

NetCipher has been relatively quiet in recent years, because it kept on working, doing it was doing. Now, we have had some recent discoveries about the guts of Android that mean NetCipher is a lot easier to use on recent Android versions. On top of that, TLSv1.2 now reigns supreme and is basically everywhere, so it is time to turn TLSv1.0 and TLSv1.1 entirely off. A single method to enable proxying for the whole app As of Android 8. [Read More]
Android  netcipher  orbot  proxy  security  tor  webkit