Archives for 29 Feb,2016

You are browsing the site archives by date.

IFF Tool Showcase #2: Code of Conduct builder

Usually, those who are most hurt by censorship, surveillance and a lack of Internet freedom are the most marginalised members of society; people who have been too often excluded from the world of tech, policy and other important areas which impact Internet freedom and human rights. To face this problem, many groups have taken inspiration from the women’s liberation movement of the 60s and 70s, creating Codes of Conduct as a set of shared behavioural guidelines to ensure that the physical or virtual space they’re acting in becomes a safe space.

The Code of Conduct builder has been created to help community leaders implement a Code of Conduct that is both customized and has the ability to support all members of that community. Thoroughness and an understanding of the issues is key to successful implementation of a Code of Conduct, however, and that is why each section in this web-based tool features a clear explanation of the reasons for inclusion, live preview of the customized text and tips for enforcement.

Safe-Space-Sticker

Currently, resources for building a Code of Conduct for online and offline spaces (such as conferences and repositories) take the form of blog posts and copyable policies. There are lots of details, opinions (sometimes lacking consensus) and supporting processes to consider when creating a Code of Conduct, and the task of a good implementation can be overwhelming.

Unfortunately, because of this, organizers decide to either not have a Code of Conduct, or to copy and paste an existing one without properly considering how to support it. Both are poor solutions that fail to support attendees and can give them a false sense of security. The Code of Conduct builder is the first tool of its kind that goes beyond a customized Code of Conduct by also aiming to educate users on the various aspects of a well-implemented and supported policy.

By making the process of implementing a Code of Conduct more efficient and considered, the Code of Conduct builder helps event organizers, repository maintainers and other leaders to create a more inclusive community. This inclusivity helps to bring a wider range of voices, backgrounds and skills to the fight against censorship and surveillance. The end result being that the solutions produced are better suited to protect not just the majority, but really everyone’s digital and human rights.

Read More

IFF Tool Showcase #11: StoryMaker

StoryMaker is an open source app helping anyone learn to make great multimedia stories and safely produce and publish them with their mobile device, in a privacy-preserving fashion that ensures they can share and publish their stories where they wish, despite the threat of censorship. The final release out of beta comes with the inclusion of a Catalog of new content packs. Content packs provide Lessons, Guides, and Templates for creating new stories. Once templates, guides, or lessons have been downloaded, the user may learn and make stories completely offline, as well as sharing stories via bluetooth or other means that don’t require the Internet. Users may publish their stories online to a variety of outlets, with built-in support for Tor. Currently users can publish over Tor to Facebook, YouTube, Flickr, Soundcloud, Archive.org and private SSH servers.

hqdefault

StoryMaker is brought to you by the StoryMaker Coalition. The StoryMaker Coalition is a collaboration between Small World News, Scal.io, The Guardian Project and Free Press Unlimited to develop and implement the StoryMaker application. The Coalition has trained more than 700 journalists, human rights defenders, and aid workers active in more than 20 countries. At the time of writing, the StoryMaker app has been downloaded by more than 140,000 users around the world, including journalists, civil society members, and activists.

StoryMaker’s libraries provide open source tools for others to add functionalities to publish content safely and securely to a variety of platforms, as well as distribute interactive learning content directly to individual users. StoryMaker enables citizens anywhere to tell their stories despite the threat of surveillance and censorship. The app puts the work of many developers and organizations on digital security into a specific and important context: amplifying the voices of marginalized communities by providing them the skills to tell their stories and the access to ensure they are heard. To underscore this point, Natasha Msonza from Zimbabwe, one of the many trainers using StoryMaker around the world, will join the speakers from the StoryMaker Coalition in the presentation.

Read More

IFF Tool Showcase #13: uProxy

uProxy is an open source browser extension for Chrome and Firefox that lets users share their route to the Internet with each other. uProxy has been made for people in two situations: those who need to get safe and unrestricted access to the Internet and those who have an unrestricted connection that they would like to share with their friends. With uProxy, those who have a restricted access to the Internet can get access to the same sites their friends with unrestricted connection have access to.

uproxy_logo

uProxy can make it much harder for a third party to monitor or interfere with the traffic of the user who is getting access to the Web thanks to the extension. It can be compared to a personalized VPN service that you can use to provide secure access to friends and family, and to yourself when you travel. But since VPNs generally rely on shared servers, they can often be identified and blocked, or they can slow down at peak times. Because uProxy users connect to each other, rather than to common servers, uProxy connections may be harder to identify, and the network scales naturally.

On the other hand, uProxy also has limitations: not only should the level of trust between users sharing a connection be very high to avoid the risk of being caught at accessing restricted resources in censored areas, but furthermore uProxy, being a browser extension, is only capable of handling web traffic in Chrome and Firefox and cannot secure other applications connected to the Internet. Nevertheless, for people dealing with nationwide censorship and state surveillance, uProxy can be a precious tool for accessing online resources.

Read More

IFF Tool Showcase #6: OnionShare

OnionShare is a desktop application to share files anonymously and securely using the Tor network. It’s incredibly simple and uses the anonymity-protecting and firewall-slicing properties of hidden services. It supports a diversity of use cases such as sending a screenshot to a friend, or leaking classified documents to a journalist.

onionshare

As long as both the sender and the receiver have access to the Tor network (which just requires installing and launching the Tor Browser), OnionShare is censorship and surveillance resistant. Third parties don’t have access to files being shared, network eavesdroppers can’t spy on files in transit, and the anonymity of sender and recipient are protected by Tor.

OnionShare was originally built by Micah Lee to solve the “David Miranda problem”: If you have super secrets files that you need to give to someone, it’s often safer to use the Internet than to physically carry a USB stick. OnionShare makes the using-the-internet option simple, user-friendly and convenient. Micah Lee himself says he uses it all the time for a variety of purposes at The Intercept.

Read More

IFF Tool Showcase #1: CENO

CENO (Censorship.NO!) is an innovative approach to censorship circumvention, based on P2P storage networks, and in particular on Freenet. CENO maintains strong privacy and anonymity features as well as offering users plausible deniability in an emergency situation. CENO is built in advance of aggressive Internet filtering and the establishment of national intranets to fence off citizens from the wicked Web, so it’s a tool to access restricted information and resources when everything else fails.

 

CENO Components

The main purpose of CENO is to deliver content that otherwise would not be available because of Internet censorship. When CENO has been launched, users can anonymously request a web page that is inaccessible from their country by entering a normal URL in CENO’s customized browser profile. Their request will reach a so-called bridge node, a peer node that also acts as a CENO server, bridging the p2p network with the World Wide Web. The bridge node will then fetch the requested web page, bundle it and insert it in the distributed storage in the p2p network, where it can be eventually retrieved by the user. While the users wait for the requested page to be delivered, which can take some time, they can read the selection of news feeds that can be reached from the “CENO Portal”. These selected feeds are inserted by default in CENO and are updated on a daily basis.

At the moment CENO bridges are all managed by the CENO team, but users can set up their own bridge nodes, independently from CENO team’s Insertion Authority. No knowledge of the global network topology is required in order to retrieve bundles or send a message to a bridge, and no CENO node can know where the other nodes are located. Last but not least, CENO is a resilient solution to censorship circumvention: in cases of nationwide Internet throttling, content will remain available to the peers given that a copy of that bundle is cached in the in-country network of peers. Read more about CENO here.

Read More

IFF Tool Showcase #5: NetAidKit

The NetAidKit is a pocket size, USB powered router that connects everything to everything, designed specifically for non-technical users. The easy to use web interface will allow you to connect the NetAidKit to a wireless or wired network and share that connection with your other devices, such as a phone, laptop or tablet.
Once the NetAidKit is connected to a wireless or wired network, you can make it connect to a Virtual Private Network or to Tor at the click of a button. Any devices connected to the NetAidKit will use these extra security features automatically, without needing to configure each of the devices separately.
NetAidKit
By providing an easy to use tool that can either send traffic over secure VPN tunnels, fighting surveillance, or over the Tor network, circumventing censorship, the NetAidKit brings the Internet Freedom Festival‘s goals of “Joining Forces to Fight Censorship and Surveillance” to everyone.
Free Press Unlimited has developed the NetAidKit to give non-technical users an easy way to secure their connections with VPNs or route around censorship with Tor, so that journalists, activists and others can use these technologies without needing to install and set up complicated software. The NetAidKit is an open source, non-profit project, and proceeds from sales will be used to support the project itself and for future development, with the aim of offering to the masses this open source, reliable and easy to use solution for circumventing censorship and fighting surveillance.
Read More

IFF Tool Showcase: the projects

During the Internet Freedom Festival, which will take place in Valencia, Spain, from the 1st to the 6th March 2016, eQualit.ie will host a tool showcase and award ceremony on Thursday 3rd March, starting from 7 pm.

During the showcase, 15 tools will be introduced with a short presentation to the entire room and then be assigned to their own tables for a continuing discussion with the audience, who will then vote their favourite projects for three different categories – “You did whaaaat?”, “Wish I’d thought of that!”, and “You get a biscuit”.

Here is the complete list of the presented projects, with a link to the posts we have dedicated to each of them:

  • CENO – an innovative approach to censorship circumvention, based on P2P storage networks.
  • CGIProxy – a clientless web proxy that supports Javascript and Flash, enabling access even to the most complex websites.
  • Code of Conduct builder – an interactive tool for building a Code of Conduct for a community’s offline and online spaces.
  • CoyIM – a safe and secure Jabber/XMPP client with built-in support for Tor, OTR and TLS.
  • FreedomBox – a free software stack that can be installed in inexpensive hardware to turn it into a personal server that protects your privacy.
  • NetAidKit – a pocket size, USB powered router that connects everything to everything, designed specifically for non-technical users.
  • OnionShare – a desktop application to share files anonymously and securely using the Tor network.
  • Peerio – a tool to send encrypted messages and files, developed with the aim of making encrypted communications attractive and accessible.
  • Psiphon – a widely-used free censorship circumvention tool.
  • Qubes OS – a free and open source security-oriented operating system that implements security by compartmentalization.
  • SecurePost – an Android App that allows a group to share a Twitter account or Facebook page without sharing the account password.
  • StingWatch – a tool enabling ordinary people to monitor and map police use of IMSI-Catchers, aka Stingrays.
  • StoryMaker – an open source app helping anyone learn to make great multimedia stories and safely produce and publish them with their mobile device.
  • Umbrella – a free and open source Android app to help journalists and activists manage their security on the move.
  • uProxy – an open source browser extension for Chrome and Firefox that lets users share their route to the Internet with each other.
Read More

IFF Tool Showcase #12: Umbrella

Umbrella is a free and open source Android app to help journalists and activists manage their security on the move. Subdivided in several sections addressing not only digital and physical, but also psycho-social and operational security issues, Umbrella offers simple, practical advice on what to do and what tools to do it with – covering everything from sending a secure email to conducting physical counter-surveillance. Users can choose their level of ability or type of protection needed and get answers that reflect their needs. Users can mark, customise and share simple checklists for quick reminders. Umbrella also has a series of security information feeds from places like the UN and Centers for Disease Control, to keep users updated as they travel.
umbrella
Launched in September 2015, Umbrella is being constantly developed by Security First with the help and input of the NGO, human rights, humanitarian aid and open source technology communities. With the purpose of making easily accessible resources on security that are as numerous as they are difficult to find when needed, the app gathers together all the information that can help manage individual and organizational security and makes it available not only to journalists and human rights defenders, but to a whole range of activists who may be less aware of the threats they are facing and the strategies they can adopt.
At the moment, Umbrella is being localized on Transifex into Spanish, Arabic and Mandarin, and volunteers are helping with many other languages. The app already has the support of the Guardian Project’s Ripple panic button, and in the future it will add new features with advice on security planning and the possibility of sharing checklists with others based on an already existing FOSS encryption protocol. The project shares the principles of free and open source software, and all the resources are shared on Github, with the hope to foster even more a positive cooperation among creators of resources for security.
Read More

IFF Tool Showcase #10: StingWatch

An IMSI-catcher is a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially a “fake” mobile tower acting between the target mobile phone and the service provider’s real towers, it is considered a man-in-the-middle (MITM) attack. Wikipedia article

Employed, among others, by the US federal government and by state and local police departments across the USA, the Stingray is a mobile technology that simulates a cell phone tower and can intercept call and SMS text content, including the call histories of all mobile hand sets within range as well as their location.

StingWatch

Racial bias in police violence has sparked a heated discussion in the US in recent years and cell-cite sumulators, also known as Stingrays, have gained increased media and some public attention as recent reports indicate their frequent use in criminal investigations and at political demonstrations such as Black Lives Matter.

The tools required to discover and investigate the presence and location of theses Stingrays have so far been difficult to obtain and operate, most of them either closed source or requiring root access on your smart phone. The goal of StingWatch is to be a platform independent tool that anybody can use, with the purpose of enabling ordinary people to employ their phones in monitoring and then mapping the use of Stingrays in their vicinity.

StingWatch is a simple app for Android that will do a couple of things:

  1. It will notify its users when Stingray use is detected, so that they can put their phones into airplane mode and avoid having their information collected.
  2. It will send detection locations to a central server so that Stingray use can be mapped on a public website, eventually combining with Census data to examine the demographics of those being targeted.
  3. By exposing use of this secret technology, Stingwatch will hopefully contribute to public pressure to limit its use.

Ultimately, StingWatch is a tool for policy change. Its main purpose is to prove that Stingray technology is often misused to disproportionately target certain minority groups and other civil groups. The developers hope this information will reinforce the larger debate around these devices and ultimately lead to their abolition.

Read More

IFF Tool Showcase #9: Qubes OS

Qubes OS is a free and open source security-oriented operating system that implements security by compartmentalization. Its architecture is built to enable a user to define different security environments on her computer and visually manage their interaction with each other. While the most common operating systems like Windows, Mac or Linux are “monolithic”, which means that if an attacker manages to hack into the system, they will have access to the whole machine, Qubes OS greatly reduces this risk by isolating every domain (or qube) from each other, so that if one qube is compromised, the others – and the system – will remain unaffected.

qubes-plus-purism

Each qube can run applications from Debian, Fedora, Whonix, and even Windows. The visual interface to separate domains makes it very easy to manage multiple identities online: each virtual persona, pseudonym or activity can get its own dedicated qube, and Qubes integrates the Tor network so that users can easily create one or more domains with all the software they need for anonymizing their communications and online activities. Simultaneous and non-interacting VPN, Tor, and other proxy connections to the web can be set up, and one can easily route applications through these networks even if they weren’t built for it, such as Pidgin, Chromium, etc.

Separating and isolating social domains can be particularly important for high-risk individuals who could be targeted with surveillance malware. In case the attacker manages to compromise the user’s browser or email client, e.g. through a vulnerable plug-in in a browser or a malicious email attachment, the malware will only be able to access that particular qube and will not affect the whole system – and deleting the affected qube and creating a new, clean one is very easy. With Qubes OS, the user can easily open attachments by default in non-networked disposable domains, so if the attachment contains malware, it is deleted as soon as the PDF or Word document is closed and had no ability to “phone home”. In a similar way, Qubes OS by default can protect the user from USB and wifi-based attacks by isolating the USB and wifi stacks.

Qubes OS was first launched in 2012 and has a growing base of over 9,000 users. While it still requires a rather powerful computer, the Qubes team is concentrating its efforts on increasing usability and outreach, and a training prototype addressed at human rights defenders and activists will be presented within the Training & Best Practices track at the Internet Freedom Festival on Friday 4th March at 6pm.

Read More

IFF Tool Showcase #8: Psiphon

Psiphon is a free censorship circumvention tool. Its robust network is made of more than thousand active servers, which can provide you with quick access to any blocked content on the Internet. Psiphon is an open source tool that does not require installation and automatically selects the best performance settings. More than 15 million people around the world and the largest information agencies have put their trust in Psiphon.

psiphon_hero

Psiphon helps millions of netizens around the world to connect to blocked social media and censored websites. Hundreds of thousands used Psiphon in Turkey, Egypt and Iraq to learn about and protest against governmental policies curtailing human rights, including fostering censorship and surveillance. Psiphon also aids human rights organizations and independent media outlets whose websites are blocked in various censorship hotspots. Liberal-minded organizations from Iran, China, the Middle East, the CIS, Latin America and Asia use Psiphon to stay connected to their audiences, propagate ideas of free speech and help people join movements fighting against censorship and surveillance. Many of these organizations are the only independent voices in their regions, who thanks to circumvention technologies like Psiphon manage to survive censorship policies of authoritarian regimes and remain financially viable.

Psiphon was developed as an anti-censorship tool by the Citizen Lab (University of Toronto) back in 2006. Ten years later, it remains true to its original mission, namely, to empower netizens around the world to fight back against oppressive regimes that illegitimately censor information on the Internet.

Read More

IFF Tool Showcase #4: FreedomBox

FreedomBox is a personal server that protects your privacy. It is a free software stack, a subset of the Debian universal operating system, that can be installed in many flavors of inexpensive and power-efficient hardware. FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by “onion routing” your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home. It can also be carried along with your laptop and used to connect to public networks at work, school, or office to avail its services. It could be used in a village to provide communications throughout the village. In future, FreedomBox intends to provide support for alternative ways of connecting to the Internet such as Mesh networks.

freedombox

FreedomBox provides services: to your computers and mobile devices in your home and to computers and mobile devices of other people who are your friends. It provides file sharing like Dropbox, shared calendaring like Google or Yahoo and photo sharing. FreedomBox provides instant messaging and secure voice conference calling that works on low bandwidth providing high quality. FreedomBox has a blog and wiki to let you publish your content and collaborate with the rest of the world. Coming soon, a personal email server and federated social networking using GNU Social and Diaspora, providing privacy-respecting alternatives to Gmail and Facebook.

Too many of us live in a world where our use of the network is mediated by organizations that often do not have our best interests at heart. By building software that does not rely on a central service, we can regain control and privacy. By keeping our data in our homes, we gain useful legal protections over it. By giving back power to the users over their networks and machines, we are returning the Internet to its intended peer-to-peer architecture. In order to bring about the new network order, it is paramount that it is easy to convert to it. The hardware it runs on must be cheap. The software it runs on must be easy to install and administrate by anybody. It must be easy to transition from existing services. There are a number of projects working to realize a future of distributed services; FreedomBox aims to bring them all together in a convenient package available for everybody.

Read More

IFF Tool Showcase #3: CoyIM

Despite the fact that one of the most efficient ways of encrypting communications is OTR with Jabber/XMPP, the clients that support these protocols are either flawed from a security point of view or excessively hard to use. This is the reason why CoyIM is being developed. Based on Adam Langley’s xmpp-client, and written in the Go language to avoid  many common types of vulnerabilities that come from using unsafe  languages, CoyIM is a standalone program that runs on Windows, Linux and OS X and only supports one chat protocol – Jabber/XMPP.

coyim

CoyIM tries to be safe and secure by default. The developers’ ambition is that it should be possible for even the most high-risk people on the planet to safely use CoyIM, without having to make any configuration changes. To achieve this, CoyIM has a built-in support for Tor, OTR and TLS. The Tor support allows users to become anonymous when chatting; OTR makes end-to-end encryption of communication possible; and TLS adds another layer of encryption to the communication with the chat servers. These features have been built to be core parts of the application – they are not plugins or extras as in some of the most popular Jabber/XMPP clients.

Started in October 2015, CoyIM is still a very young project. There have been no security audits of the code, and you should currently not use it for anything sensitive. Being at a very early stage of development, the tool still lacks many features that users could expect in a Jabber client. The developers are working eagerly to add the needed functionalities, but for the sake of security and efficiency some other features (like hyperlinks and emoticons) will never be there. With time, CoyIM has good chances of filling an important gap in the range of communication tools that can be used in high-risk contexts.

Read More

IFF Tool Showcase #7: Peerio

Until recently, if someone wanted to be sure that their communications could only be read by themselves and their addressees, they had to face the steep learning curve required by encryption tools like GPG or OTR. As efficient as they are in enabling an end-to-end encrypted communication, these tools are problematic for anyone who needs to communicate efficiently and securely in a high-risk or emergency setting where there is no time for learning how to use a complicated technology. To solve this problem, a range of new, more usable encryption tools has started to be developed. This is where Peerio enters the scene.

peerio-encrypted-secure-messenger

First launched in January 2014 and currently counting 17,000 users, Peerio is a tool to send encrypted messages and files, developed with the aim of making encrypted communications attractive and accessible to people of all skill sets and backgrounds. From its intuitive interface to its rapid search of messages and documents, up to its passphrase generator, Peerio puts a strong emphasis on usability in every possible detail, thus simplifying the workflow and mitigating the risks related to user error that are often connected to traditional end-to-end encryption tools.

The encryption of messages and files (which is client-side, so the server cannot decrypt anything) does not rely on a private key that could get lost, but on a mechanism based on the user’s passphrase. When you create a Peerio account, a long random passphrase is generated for you. This passphrase is made up of 5 words selected by the client’s passphrase generator from a dictionary of 12,000 commonly used words, which makes it easier to remember (but you can also generate a shorter password that will only work in the device where you’ve generated it and store the longer passphrase in a password manager). The 5-words passphrase and your user name are all you need to access your account wherever you are, from any computer.

Localized in 12 languages, and available for Mac, Windows and Linux, the client will be soon released for Android and iOS too. Peerio’s development is particularly oriented towards facilitating collaboration and group communication: already groups can share files in Peerio and easily search through them, and in the future Peerio’s team is planning to add new features such as shared folders and documents and collective notes. Peerio client’s code has been audited (PDF) and is available on Github.

Read More