Repomaker Usability Trainers Worldwide, June 2017
Posted on June 29, 2017
| Carrie Winfrey
Repomaker Usability, Trainers Worldwide Study
Prepared by Carrie Winfrey and Tiffany Robertson, Okthanks, in partnership with F-Droid and Guardian Project
OK Thanks – Guardian Project For more information, contact carrie@okthanks.com.
Purpose The purpose of this study was to understand the following things.
Are users able to complete basic tasks including, creating a repo, adding apps from other repos, removing apps, editing app details, and creating a second repo?
[Read More]
Tracking usage without tracking people
Posted on June 8, 2017
| Hans-Christoph Steiner
One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software.
[Read More]
fdroidserver UX Testing Report
Posted on June 1, 2017
| Seamus Tuohy
We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation.
Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be measured and that exploratory behavior within the app should take place after the tasks are completed.
[Read More]
F-Droid User Testing, Round 2
Posted on May 1, 2017
| Carrie Winfrey
#by Hailey Still and Carrie Winfrey
**** Here we outline the User Testing process and plan for the F-Droid app store for Android. The key aims of F-Droid are to provide users with a) a comprehensive catalogue of open-source apps, as well as b) provide users with the the ability to transfer any app from their phone to someone in close physical proximity. With this User Test, we are hoping to gain insights into where the product design is successful and what aspects need to be further improved.
[Read More]
F-Droid Lubbock Report – What We Want to Know
Posted on April 17, 2017
| Carrie Winfrey
F-Droid LBK Usability Study Report – What We Want to Know
Prepared by Carrie Winfrey
Preliminary Version – April 17, 2017
Introduction When planning this user test, the team outlined features and flows within the app on which we wanted feedback. From there, we created tasks for participants to complete that would access these areas, and produce insights related to our inquires.
This document is organized by the tasks participants completed.
[Read More]
Imagining the challenges of developers in repressive environments
Posted on January 26, 2017
| Seamus Tuohy
The Guardian Project team spends a lot of time thinking about users. In our work we focus on easy-to-use applications for users in high-risk scenarios. Because of this we are very focused on security. In our current work with the FDroid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments we have started to become more aware of the challenges and risks facing software developers who build software in high-risk environments.
[Read More]
HOWTO: get all your Debian packages via Tor Onion Services
Posted on July 31, 2016
| Hans-Christoph Steiner
Following up on some privacy leaks that we looked into a while back, there are now official Debian Tor Onion Services for getting software packages and security updates, thanks to the Debian Sys Admin team. This is important for high risk use cases like TAILS covers, but also it is useful to make it more difficult to do some kinds of targeted attacks against high-security servers. The default Debian and Ubuntu package servers use plain HTTP with unencrypted connections.
[Read More]
How to Migrate Your Android App’s Signing Key
Posted on December 29, 2015
| Abel Luck
It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated.
What? The Android OS requires that every application installed be signed by a digital key. The purpose behind this signature is to identify the author of the application, allow this author and this author alone to make updates to the app, as well as provide a mechanism to establish inter-application trust.
[Read More]
First Reproducible Builds Summit
Posted on December 9, 2015
| Hans-Christoph Steiner
I was just in Athens for the “Reproducible Builds Summit“, an Aspiration-run meeting focused on the issues of getting all software builds to be reproducible. This means that anyone starting with the same source code can build the exact same binary, bit-for-bit. At first glance, it sounds like this horrible, arcane detail, which it is really. But it provides tons on real benefits that can save lots of time. And in terms of programming, it can actually be quite fun, like doing a puzzle or sudoku, since there is a very clear point where you have “won”.
[Read More]
Orfox: Aspiring to bring Tor Browser to Android
Posted on June 30, 2015
| n8fr8
Update 24 September, 2015: Orfox BETA is now on Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.orfox
In the summer of 2014 (https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html{.external}), we announced that the results of work by Amogh Pradeep (https://github.com/amoghbl1{.external}), our 2014 Google Summer of Code student, has proven we could build Firefox for Android with some of the settings and configurations from the Tor Browser desktop software. We called this app Orfox, in homage to Orbot and our current Orweb browser.
[Read More]
Recent news on Orweb flaws
Posted on June 30, 2014
| n8fr8
August 2014: New browser development news here, including Orfox, our Firefox-based browser solution: https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html
On Saturday, a new post was relased by Xordern entitled IP Leakage of Mobile Tor Browsers. As the title says, the post documents flaws in mobile browser apps, such as Orweb and Onion Browser, both which automatically route communication traffic over Tor. While we appreciate the care the author has taken, he does make the mistake of using the term “security” to lump together the need for total anonymity up with the needs of anti-censorship, anti-surveillance, circumvention and local device privacy.
[Read More]
Improving trust and flexibility in interactions between Android apps
Posted on January 21, 2014
| Hans-Christoph Steiner
Activity1 sending an Intent that either Activity2 or Activity3 can handle. Android provides a flexible system of messaging between apps in the form of `Intent`s. It also provides the framework for reusing large chunks of apps based on the `Activity` class. `Intent`s are the messages that make the requests, and `Activity`s are the basic chunk of functionality in an app, including its interface. This combination allows apps to reuse large chunks of functionality while keeping the user experience seamless and fluent.
[Read More]
Four Ways InformaCam Powers Mobile Media Verification
Posted on January 6, 2014
| n8fr8
Note: A big discussion topic of 2013 was about how hard cryptography and security is for average people, journalists and others. With that in mind, we’d like to sub-title this post “Making Mobile Crypto Easy for Eyewitnesses”, as the InformaCam software and process described below includes the full gamut of security and cryptography tools all behind a streamlined, and even attractive application user experience we are quite proud of….
[Read More]
Integrating Crypto Identities with Android
Posted on December 28, 2013
| Hans-Christoph Steiner
ver the past couple of years, Android has included a central database for managing information about people, it is known as the ContactsContract (that’s a mouthful). Android then provides the People app and reusable interface chunks to choose contacts that work with all the information in the ContactsContract database. Any time that you are adding an account in the Settings app, you are setting up this integration. You can see it with Google services, Skype, Facebook, and many more.
[Read More]
Keys, signatures, certificates, verifications, etc. What are all these for?
Posted on December 12, 2013
| Hans-Christoph Steiner
For the past two years, we have been thinking about how to make it easier for anyone to achieve private communications. One particular focus has been on the “security tokens” that are required to make private communications systems work. This research area is called internally Portable Shared Security Tokens aka PSST. All of the privacy tools that we are working on require “keys” and “signatures”, to use the language of cryptography, and these are the core of what “security tokens” are.
[Read More]
Turn Your Device Into an App Store
Posted on November 18, 2013
| cpu
As we’ve touched upon in previous blog posts the Google Play model of application distribution has some disadvantages. Google does not make the Play store universally available, instead limiting availability to a subset of countries. Using the Play store to install apps necessitates both sharing personal information with Google and enabling Google to remotely remove apps from your device (colloquially referred to as having a ‘kill switch’). Using the Play store also requires a functional data connection (wifi or otherwise) to allow apps to be downloaded.
[Read More]
Your own private dropbox with free software
Posted on November 12, 2013
| Hans-Christoph Steiner
There are lots of file storage and sharing software packages out there that make it easy for a group of people to share files. Dropbox is perhaps the most well known of the group, it provides an easy way for a group of people to share files. The downside of Dropbox is that it is not a private service, just like any cloud-based service. Dropbox has total access to your files that you store there.
[Read More]
Gibberbot’s “ChatSecure” MakeOver: Almost Done!
Posted on September 20, 2013
| n8fr8
In a previous post with the mouthful of a title “Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement”, I spoke about all of the necessary security features a modern mobile messaging app should have. These include encrypted local storage, end-to-end verifiable encryption over the network, certificate pinning for server connections and a variety of other features. I am VERY happy to report that the latest v12 beta release of the project formerly known as Gibberbot, now called ChatSecure, has all of the features described in that post implemented.
[Read More]
Keeping data private means it must be truly deletable!
Posted on August 23, 2013
| Hans-Christoph Steiner
There are lots of apps these days that promise to keep your data secure, and even some that promise to wipe away private information mere seconds or minutes after it has been received. It is one thing to keep data out of view from people you don’t want seeing it, it is also important to be able to truly delete information. Unfortunately computers make it very difficult to make data truly disappear.
[Read More]
Jitsi, ostel.co and ISP censorship
Posted on July 22, 2013
| lee
Earlier last week n8fr8 suspected something changed on the ostel.co server, due to many users emailing support specifically about Jitsi connectivity to ostel.co. The common question was “why did it work a few weeks ago and now it doesn’t anymore?”
The tl;dr follows, skip to keyword CONCLUSION to hear only the punch line.
To support n8fr8’s hypothesis, there was a small change to the server but I wan’t convinced it effected anything since all my clients continued to work properly, including Jitsi.
[Read More]