Overview of all pages with the category #Research

Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement

Posted on July 16, 2013 | n8fr8

The tl;dr of this lengthy (tho entertaining and immensely important!) post is this: Stopping with “We support OTR” or “We support PGP” is not enough anymore. There are at least seven, if not more, very important security features that any app claiming to provide secure messaging must implement as soon as possible, to truly safeguard a user’s communication content, metadata and identity. Note: The names “Gibberbot” and “ChatSecure” are used interchangeabley below, as we are in the midst of an app rebrand. [Read More]

Android encryption mobile otr pgp wechat whatsapp

A Weather Report On Security

Posted on June 14, 2013 | mark

How’s the weather outside? Sunny with a chance of IP blocking. We recently launched a new initiative we’re calling: The Weather Repo. The goal of the project is for organizations to have a more accurate method of understanding whether the apps they’re using are “safe”. It’s hard to know whether apps that claim to be secure really are. Have they been vetted by a third party? Are there existing case studies? [Read More]

api metadata privacy security weatherrepo

Carrier Grade, Verizon and the NSA

Posted on June 12, 2013 | lee

Last week Glenn Greenwald at The Guardian broke the news that Verizon has been providing the NSA with metadata about all of the calls over a subsidiary’s network. This subsidiary is called Verizon Business Network Services. It is a privately held company that “owns, operates, monitors, and maintains data and Internet networks in North America, Europe, Asia, Latin America, Australia, Japan, and Africa. The company provides converged communication solutions, such as local and long-distance voice, messaging, and Internet access services. [Read More]

metadata ostel ostn voice voip

Gibberbot v11 is not just secure, its also simple, snappy and super fun!

Posted on March 8, 2013 | n8fr8

Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39 _Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/_ If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”? [Read More]

messaging otr usability xmpp

Mumble and the Bandwidth – Anonymous CB radio with Mumble and Tor

Posted on January 31, 2013 | lee

The journey towards anonymous and secure voice communication is a long one. There’s lots of roadblocks to get your voice from point A to point B over the Internet if you need to prevent eavesdropping or censorship. There is the limited bandwidth of mobile data connections. There is the high latency of the TCP protocol. To achieve anonymity via Tor, there’s even more latency added to each packet. Mumble is a non-standard protocol that was originally designed for realtime voice chat for video games. [Read More]

anonymity ostn push-to-talk tor voice voip

Proposal for Secure Connection Notification on Android

Posted on November 15, 2012 | n8fr8

A major problem of mobile applications being increasingly used over web-based applications, is that there is no standard established for notifying the user of the state of security on the network connection. With a web browser, the evolution of the “lock” icon when an HTTPS connection is made, has been one that evolved originally out of Netscape’s first implementation, to an adhoc, defact industry-standard way of letting the user know if their connection is secure. [Read More]

Android https man in the middle mobile ssl strong cryptography tls

ToFU/PoP in your Android App! (a.k.a. extending Orlib to communicate over Tor)

Posted on September 20, 2012 | harlo

In doing my research for InformaCam, I learned a couple of neat tricks for getting an app to communicate over Tor. Here’s a how-to for app developers to use depending on your threat model, and how you have your web server set-up. Enjoy, and please post your comments/questions/suggestions below… Before we begin… You’re going to need some basic stuff up-and-running for this to work. Before you get coding, make sure you have the following: [Read More]

Call My Email

Posted on March 22, 2012 | mark

What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN). The internet is already structured to be able to do this. That’s why I can have all of my emails point to one email box if I want to. [Read More]

open source ostn security telephony zrtp

VoIP Survey Results of NGOs, Human Rights Groups and Activists

Posted on March 7, 2012 | n8fr8

In November 2011, 25 individuals were surveyed using an online form, representing typical end-users, global journalists, activist and human rights organization perspectives (Thank you to all the participants!). The goal of the survey was to establish a baseline understanding of the types of tools and expectations our target user community has around making “telephone calls” over the internet, otherwise known as Voice over Internet Protocol (VoIP). This survey is part of our work on the Open Secure Telephony Net (OSTN). [Read More]

ostn sip skype voip