Overview of all pages with the tag #Jobs, such as: Seeking Ruby/Jekyll contractors to start ASAP| Guardian Project
Overview of all pages with the tag #Free Software, such as: 7ASecurity Completes Security Audit of Círculo| Guardian Project
Overview of all pages with the tag #Mobifree, such as: Seeking Ruby/Jekyll contractors to start ASAP| Guardian Project
Overview of all pages with the tag #Microg, such as: First Time Using CalyxOS Review| Guardian Project
Overview of all pages with the tag #Calyxos, such as: First Time Using CalyxOS Review| Guardian Project
Tăng cường sự riêng tư và phá vỡ tường lửa.| Guardian Project
Overview of all pages with the tag #Tracking the Trackers, such as: Scanning apps, off the record| Guardian Project
Overview of all pages with the tag #Open Source, such as: 7ASecurity Completes Security Audit of Círculo| Guardian Project
Overview of all pages with the tag #Nlnet, such as: The Search for Ethical Apps: Let's start with governments| Guardian Project
Overview of all pages with the tag #Ngi0 Pet, such as: New Data Sources: API Key Identifiers and BroadcastReceiver Declarations| Guardian Project
Overview of all pages with the tag #Proxy, such as: Tor Project: Orfox Paved the Way for Tor Browser on Android| Guardian Project
Overview of all pages with the tag #Security, such as: IOCipher 1.0 community reboot| Guardian Project
Overview of all pages with the tag #Distribution, such as: Distribution in Depth: Mirrors as a Source of Resiliency| Guardian Project
Overview of all pages with the tag #Debian, such as: Debian over HTTPS| Guardian Project
Update: now you can do this with Tor Onion Services Many software update systems use code signing to ensure that only the correct software is downloaded and installed, and to prevent the code from being altered. This is an effective way to prevent the code from being modified, and because of that, software update systems often use plain, unencrypted HTTP connections for downloading code updates. That means that the metadata of what packages a machine has installed is available in plain text f...| Guardian Project
Overview of all pages with the tag #Usability, such as: First Time Using CalyxOS Review| Guardian Project
Overview of all pages with the tag #Android, such as: IOCipher 1.0 community reboot| Guardian Project
IOCipher update to version 1.0 We are thrilled to announce that a community contributor has picked up maintaining a fork of IOCipher and updated to IOCipher 1.0, designed to enhance your development experience and empower you to create more secure applications with ease. Here’s what’s new and why it matters to you: 1. Enhanced Features We introduced a few new features. Most notably IOCipher is also available on Desktop Java for Linux and Windows now.| Guardian Project
With 2024 now behind us, we wanted to take a moment to reflect on the growth and achievements we accomplished as a community last year, and celebrate the incredible support we received from the FOSS community throughout the journey. This year has been a milestone for us, with significant strides in decentralizing app distribution, expanding the F-Droid ecosystem, and solidifying our infrastructure. All of these advancements were made possible thanks to donations, grants, our volunteers and re...| Guardian Project
At first, the idea of encrypting more of the metadata found inside the initial packet (the “ClientHello”) of a TLS connection may seem simple and obvious, but there are of course reasons that this wasn’t done right from the start. In this post I will describe the flow of a connection using Encrypted Client Hello (ECH) to protect the metadata fields, and present a working code example using a fork of CPython built with DEfO project’s OpenSSL fork to connect to ECH-enabled HTTPS servers.| Guardian Project
Guardian Project is seeking Ruby/Jekyll contractors for mobile/free software and privacy work! We’re looking for self-motivated, free software hackers to work with Guardian Project on privacy and internet freedom for mobile devices. Our work is 100% free software and we have a steady stream of projects that tie into F-Droid, Debian, Android, Fastlane, Mobifree and other exciting projects. We work to support people and communities around the world. This is a flexible, remote position but we ...| Guardian Project
Location: Fully remote (African/European time zone) or Vienna, Austria. Type: Part-time contractor. About us Guardian Project is a small organization working to make a big impact in data privacy and secure communications. From the average person looking to use the internet and their mobile device more securely, to journalists needing to safely communicate with sources, to activists looking for secure communication channels, Guardian Project creates solutions that focus on privacy so you have ...| Guardian Project
“But how are you planning on using the phone?” he asked me. I paused, a bit confused. “As a replacement for my iPhone. I want to do everything with this phone that I can do with my iPhone, and use it as I normally would.” He took a beat to respond, “Wow, alright. Well let’s give it a shot.” I would describe myself as tech-curious, but the reality is I am not your typical CalyxOS user.| Guardian Project
It’s Opening Day of the 119th IETF meeting in Brisbane Australia. This post commences a daily rundown of privacy and Internet Freedom activities at this IETF meeting. For the rundown on IETF119 Hackathon, see my Hackathon report Dispatch IETF meetings don’t often kick off with the open dispatch but this time it happened. Dispatch sessions are meant to help specification authors find a home for their work if a home isn’t obvious.| Guardian Project
Hackathon Weekend at the 119th IETF meeting in Brisbane Australia. This post commences a daily rundown of privacy and Internet Freedom activities at this IETF meeting. IETF’s Hackathon, held at each face-to-face IETF meeting, is designed to encourage interoperability testing of standards under development. See this meeting’s wiki page for a description ofthis year’s twenty-four projects. The The HTTP Signature Authentication Scheme has been winding its way through the HTTPbis Working Gr...| Guardian Project
Guardian Project has been running its own fdroid-compatible app repository since 2012. Up until now, we worked to ensure that our repository had the same standards of free software as the official F-Droid repository. Therefore, the Guardian Project repository was included in the official F-Droid client app by default. A lot has changed since then, for the better. F-Droid has long since stopped shipping pre-built binaries from any provider. Back in the day, F-Droid shipped some binaries, like ...| Guardian Project
Ehita oma privaatsust, murda läbi tulemüüride ja suhelda turvaliselt.| Guardian Project
Overview of all pages with the tag #Tracking, such as: The Search for Ethical Apps: Let's start with governments| Guardian Project
Overview of all pages with the tag #Tor, such as: Arti, next-gen Tor on mobile| Guardian Project
Overview of all pages with the tag #Privacy, such as: 7ASecurity Completes Security Audit of Círculo| Guardian Project
Overview of all pages with the tag #Nginx, such as: Quick set up guide for Encrypted Client Hello (ECH)| Guardian Project
Overview of all pages with the tag #Metadata, such as: DEfO - Developing ECH for OpenSSL (round two)| Guardian Project
Overview of all pages with the tag #Fdroid, such as: A Look Back at 2024: F-Droid's Progress and What’s Coming in 2025| Guardian Project
Overview of all pages with the tag #F Droid, such as: A Look Back at 2024: F-Droid's Progress and What’s Coming in 2025| Guardian Project
Overview of all pages with the tag #Data, such as: Tracking usage without tracking people| Guardian Project
Overview of all pages with the tag #Clean Insights, such as: Privacy Preserving Analytics in the Real World: Mailvelope Case Study| Guardian Project
Overview of all pages with the tag #Bazaar, such as: Building a Signing Server| Guardian Project
Overview of all pages with the tag #Apache, such as: DEfO - Developing ECH for OpenSSL (round two)| Guardian Project
For software projects with recurring bugs, efficiency or security issues there’s a joke making the rounds in the software industry: “Let’s re-write it in Rust!” It’s a fairly new low-level programming language with the declared goal to help developers avoid entire classes of bugs, security issues and other pitfalls. Re-writing software is very time consuming, so it rarely happens, especially when just one more fix will keep a project up and running.| Guardian Project
Mejore su privacidad y rompa los cortafuegos.| Guardian Project
Mejore su privacidad y rompa los cortafuegos.| Guardian Project
Enhance your privacy and break through firewalls.| Guardian Project
Smart phones have brought us so many wonderful capabilities. They let people around the world access vast realms of information. They let app developers solve problems large and small in a way most relevent to their local context. They are personal computers for the world. They also have given surveillance capitalism an unprecedented reach into everyone’s lives. Repressive governments use them in ways that the East German Stasi secret police could only have dreamed of.| Guardian Project
Close your eyes and imagine. You are sitting, designing the next game-changing innovative idea; however, you are not worried about any information leakage or spread, as you are in control. You not only hold ownership of your data, but with each online activity, your fear of being tracked dissipates more. This new internet you explore on understands each input, tailoring the content to your specific needs as it no longer runs on basic commands, but rather uses the combination of technologies a...| Guardian Project
Day Four of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Three, see my daily report. At IETF112 (online) a formal Birds of a Feather (BoF) session was held on the concept of Privacy Preserving Measurement. A Working Group was chartered and, at IETF113 in Vienna, we were treated to an incredibly detailed presentation on Prio, an academic concept for supporting privacy in the context of Internet-scale measurement.| Guardian Project
I received an interesting email that points to a new direction in targeting developers to exploit them. This email is a reply to a message that I actually wrote to an email list in 2012, that was posted on a public thread on a public list. It also uses the name of a person that posted on that thread: “Paul Eggers”. Oddly, it did not use that person’s actual email from the original thread.| Guardian Project
Debian’s package manager apt has a time-tested method of securely providing packages from the network built on OpenPGP signatures. Even though this signing method works well for verifying the indexes and package files, there are new threats that have become relevant as man-in-the-middle attacks and data mining become ever easier. Since 2013, apt developers have supported encrypted transport methods HTTPS and Tor Onion Service. We have been recommending their use since 2013.| Guardian Project
As part of the DEfO project, we have been working on accelerating the development Encrypted Client Hello (ECH) as standardized by the IETF. ECH is the next step in improving Transport Layer Security (TLS). TLS is one of the basic building blocks of the internet, it is what puts the S in HTTPS. The ECH standard is nearing completion. That is exciting because ECH can encrypt the last plaintext TLS metadata that it is possible to encrypt.| Guardian Project
There is a giant problem with the “collect it all” status quo that pervades on the Internet, this has been clear for a long time. Tracking people has become so widespread that organizations, communities, projects and university labs have sprung up dedicated to detecting and publicizing their presence. Data and analytics are clearly useful for software creators and funders, but they also easily lead to harming people’s privacy and well-being.| Guardian Project
In this tutorial we’re going to talk about the best practices to browse the web securely on iOS using Onion Browser Release 2.6 and the Tor network. Onion Browser for iOS is a free, open-source web browser app developed originally by Mike Tigas, with Release 2.6 as a collaboration with the Guardian Project. Onion Browser has Tor built-in and uses Tor to protect your web activity. You can also watch the Onion Browser Video Tutorial on YouTube.| Guardian Project
This position paper tries to outline a framework for defining trackers in smart phones and lists mechanisms for identifying them. It hopes to serve as the foundation for the work done in the Tracking-the-Trackers project. In section 1 we start with an abstract analysis of levels of unwanted behaviour in the context of tracking. Next, in section 2, we focus on an attacker’s perspective, on anonymity and pseudonymity. This foundation allows us to define terms which are needed throughout the p...| Guardian Project
One key component of the Tracking the Trackers project is building a machine learning (ML) tool to aide humans to find tracking in Android apps. One of the most important pieces of developing a machine learning tool is figuring out which “features” should be fed to the machine learning algorithms. In this context, features are constrained data sets derived from the whole data set. In our case, the whole data set is terabytes of APKs.| Guardian Project
NetCipher has been relatively quiet in recent years, because it kept on working, doing it was doing. Now, we have had some recent discoveries about the guts of Android that mean NetCipher is a lot easier to use on recent Android versions. On top of that, TLSv1.2 now reigns supreme and is basically everywhere, so it is time to turn TLSv1.0 and TLSv1.1 entirely off. A single method to enable proxying for the whole app As of Android 8.| Guardian Project
There is a new vulnerability in Debian’s apt that allows anything that can Man-in-the-Middle (MITM) your traffic to get root on your Debian/Ubuntu/etc boxes. Using encrypted connections for downloading updates, like HTTPS or Tor Onion Services, reduces this vulnerability to requiring root on the mirror server in order to exploit it. That is a drastic reduction in exposure. We have been pushing for this since 2014, and Debian, mirror operators, and others in the ecosystem have taken some big...| Guardian Project
The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the recommended lifetype of an Android signing key: 20+ years. On top of that, it is difficult to migrate an app to a new key. Since the signing key is an essential part to preventing APKs from impersonating another, Android signing keys must be kept safe for the entire life of the app.| Guardian Project
We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation. Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be meas...| Guardian Project
VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection.| Guardian Project
Governments across the world are moving services to mobile apps. The vast majority of these apps are only available in the Google Play store or in the Apple App store. Installing apps from these services requires users to agree to their terms of service. This means governments require their citizens to sign opaque and privacy invading contracts with foreign Big Tech in order to use digital services. This feeds ever more into Big Tech data control, filtering, and information bubbles.| Guardian Project
One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software.| Guardian Project