Eric Schmidt Awards Guardian Project a “New Digital Age” Grant
Posted on March 10, 2014
| n8fr8
An interesting turn of events (which we are very grateful for!)
**
FOR IMMEDIATE RELEASE
Diana Del Olmo, diana@guardianproject.info
Nathan Freitas (in Austin / SXSW) +1.718.569.7272
nathan@guardianproject.info
Get press kit and more at: https://guardianproject.info/press
Permalink:
https://docs.google.com/document/d/1kI6dV6nPSd1z3MkxSTMRT8P9DcFQ9uOiNFcUlGTjjXA/edit?usp=sharing
GOOGLE EXECUTIVE CHAIRMAN ERIC SCHMIDT AWARDS GUARDIAN PROJECT A “NEW DIGITAL AGE” GRANT
The Guardian Project is amongst the 10 chosen grantee organizations to be awarded a $100,000 digital age grant due to its extensive work creating open source software to help citizens overcome government-sponsored censorship.
[Read More]
Tweaking HTTPS for Better Security
Posted on February 12, 2014
| Hans-Christoph Steiner
The HTTPS protocol is based on TLS and SSL, which are standard ways to negotiate encrypted connections. There is a lot of complexity in the protocols and lots of config options, but luckily most of the config options can be ignored since the defaults are fine. But there are some things worth tweaking to ensure that as many connections as possible are using reliable encryption ciphers while providing forward secrecy. A connection with forward secrecy provides protection to past transactions even if the server’s HTTPS private key/certificate is stolen or compromised.
[Read More]
SQLCipher has 100M+ Mobile Users (Thanks to WeChat!)
Posted on December 10, 2013
| n8fr8
(Note: Originally this post had a title claiming 300 Million WeChat users… that would have included iOS and Android, and we don’t know if the WeChat iOS app also includes SQLCipher encryption or not. That said, there are 50-100M Google Play downloads of WeChat for Android, which does not include all of the users inside China)
Through some of our own recent sluething, Citizen Lab’s research into “Asia Chats” security, and now via this detailed look at WeChat security from Emaze.
[Read More]
Ostel.co secure VoIP network partners with Open Hosting
Posted on December 3, 2013
| lee
Ostel.co began as a R&D effort sponsored by The Guardian Project. The question: Is a peer-to-peer secure voice and video call network possible to build with open Internet standards and Open Source software? After two years and tens of thousands of users later, the answer is a resounding YES!
Two of the crucial components of any standards based VoIP service are infrastructure to route calls and a database to locate end users.
[Read More]
VoIP security architecture in brief
Posted on November 21, 2013
| lee
Voice over IP (VoIP) has been around for a long time. It’s ubiquitous in homes, data centers and carrier networks. Despite this ubiquity, security is rarely a priority. With the combination of a handful of important standard protocols, it is possible to make untappable end to end encryption for an established VoIP call.
TLS is the security protocol between the signaling endpoints of the session. It’s the same technology that exists for SSL web sites; ecommerce, secure webmail, Tor and many others use TLS for security.
[Read More]
Turn Your Device Into an App Store
Posted on November 18, 2013
| cpu
As we’ve touched upon in previous blog posts the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded.
[Read More]
Issues when distributing software
Posted on October 31, 2013
| Hans-Christoph Steiner
There is currently a discussion underway on the Debian-security list about adding TLS and Tor functionality to the official repositories (repos) of Debian packages that is highlighting how we need to update how we think about the risks when distributing software. Mostly, we are used to thinking about making sure that the software that the user is installing is the same exact software that has been posted for distribution. This is generally handled by signing the software package, then verifying that signature on the user’s machine.
[Read More]
Open Office Hours Every Friday This Fall
Posted on October 16, 2013
| n8fr8
Fri, Oct 18, 1:00 PM EDT – 3:00 PM
Members of the Guardian Project will be hosting weekly public hangouts every Friday for the rest of year to answer questions about our apps (Orbot, Orweb, ChatSecure), building on our mobile security libraries (IOCipher, SQLCipher, NetCipher) and using services like OStel (including how to run your own secure phone service!).
We will also be live in IRC on Freenode at #guardianproject as always for those of you who don’t feel the need to be on camera.
[Read More]
Orbot v12 now in beta
Posted on July 24, 2013
| n8fr8
After much too long, we’ve got a new build of Orbot out, and it is… a stable beta! Nothing radically new here, just many small changes to continue to improve the experience of our hundreds of thousands of active users out in the world. There will likely be one or two more “beta” releases to iron out small issues in v12, but for now, this one is good to go.
[Read More]
Our Newest App: PixelKnot
Posted on July 18, 2013
| mark
Have you ever hidden in plain sight? Worn camouflage in the woods or an invisibility cloak in a narrow crooked alley? It’s really hard to do properly. We’re hoping that all changes with PixelKnot.
PixelKnot is an app for hiding secret messages in pictures. Sort of like invisible ink on the back of a painting, updated to the present. The ancient art known as steganography, now updated for the 21st century and requiring a more rigorous set of safety standards.
[Read More]
A Weather Report On Security
Posted on June 14, 2013
| mark
How’s the weather outside? Sunny with a chance of IP blocking.
We recently launched a new initiative we’re calling: The Weather Repo. The goal of the project is for organizations to have a more accurate method of understanding whether the apps they’re using are “safe”. It’s hard to know whether apps that claim to be secure really are. Have they been vetted by a third party? Are there existing case studies?
[Read More]
Carrier Grade, Verizon and the NSA
Posted on June 12, 2013
| lee
Last week Glenn Greenwald at The Guardian broke the news that Verizon has been providing the NSA with metadata about all of the calls over a subsidiary’s network. This subsidiary is called Verizon Business Network Services. It is a privately held company that “owns, operates, monitors, and maintains data and Internet networks in North America, Europe, Asia, Latin America, Australia, Japan, and Africa. The company provides converged communication solutions, such as local and long-distance voice, messaging, and Internet access services.
[Read More]
The Only Way to Visit Strongbox on a Phone
Posted on May 16, 2013
| mark
The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access the hidden site on a phone or tablet, and that’s with our Orweb app. Here’s a simple breakdown of how to do securely and anonymously blow the whistle, explained in an interactive tutorial: Visit guardianproject.info/howto/strongbox for an interactive tutorial on using Strongbox on your phone. The website exists as a hidden site on what is widely known as the darknet, since you are going there hidden or “in the dark.
[Read More]
GnuPG for Android progress: we have an command line app!
Posted on May 9, 2013
| Hans-Christoph Steiner
This alpha release of our command-line developer tool brings GnuPG to Android for the first time!
GNU Privacy Guard Command-Line (gpgcli) gives you command line access to the entire GnuPG suite of encryption software. GPG is GNU’s tool for end-to-end secure communication and encrypted data storage. This trusted protocol is the free software alternative to PGP. GnuPG 2.1 is the new modularized version of GnuPG that now supports OpenPGP and S/MIME.
[Read More]
Security Awareness Party
Posted on April 26, 2013
| mark
In the security world, there’s a pesky belief that a tool can either be secure or easy to use, but not both. Some experts also argue that training people to be safe online is too hard and doesn’t accomplish much (see Bruce Schneier’s recent post Security Awareness Training). Without a thoughtful approach, that’s usually how it plays out. But it doesn’t have to be that way! We’re committed to making online security fun to learn and fun to use, and we’re launching a new series of interactive tutorials to make it happen.
[Read More]
Gibberbot v11 is not just secure, its also simple, snappy and super fun!
Posted on March 8, 2013
| n8fr8
Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39
_Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/_
If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”?
[Read More]
InformaCam wins Knight News Challenge
Posted on January 27, 2013
| n8fr8
WITNESS and The Guardian Project, the mobile security and app development experts, have just been awarded a Knight News Challenge grant from the John S. and James L. Knight Foundation for InformaCam – the first app seeking to address issues of authentication for digital media. In total, the funding was for ~$320,000 USD, with about one third of the funding going directly to software development and testing. The rest of the funding will be applied to deployment, partnerships, awareness building, and all the other necessary things you must do to turn a “great idea” into something with real adoption and use.
[Read More]
Voice over Tor?
Posted on December 10, 2012
| patch
Voice calls over Tor are supposed to be impossible. It seems this may no longer be the case.
Without being able to do voice over IP (VOIP) conversations over the Tor network, people are prevented from being able to route calls outside of censored networks. People ask us if there is any way they can route voice traffic through Tor to avoid blocks. To our surprise, we tested Skype and found that it can work acceptably over Orbot.
[Read More]
From #HOPE9: Your Cell Phone Is Covered in Spiders! – Practical Android Security
Posted on July 19, 2012
| n8fr8
Cooperq gave a great talk on Android security late Saturday night at the recent Hackers on Planet Earth Number 9 aka Hope9 gathering. You can find the slides/src on Github and video up on Vimeo. Cooper wrote some notes, as well:
This talk was given at hope 9. Please feel free to give it yourself, repourpose it, add to it or do whatever you want. I release this talk to the public domain.
[Read More]
Threats and Usability of Secure Voice
Posted on July 10, 2012
| patch
In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple.
[Read More]