My Apply
My Apply

Engineering Lab

noun_It engineering_1567420_fe3a5e.png

What is the purpose of the Engineering Lab?

The goals of this lab are to:

  • Facilitate easier widespread adoption of underlying privacy, security, and circumvention technologies that advance Internet freedom (many of which OTF has incubated in the past);
  • Gain a better sense of the effort and costs required to enhance existing systems (i.e., web and mobile apps relied upon by high-risk folks) with these technologies; and
  • Support greater availability of alternate core infrastructures that address the unique needs of Internet freedom software developers, the people who deploy and maintain the technology, and the community of end-users who rely upon it.

The lab focuses on supporting the implementation and inclusion of established technologies into existing applications, organizations, and communities that are advancing Internet freedom, supporting the initial/bootstrap operating and infrastructure costs associated with getting deployments online, and, finally, conducting one-off assessments of existing apps or websites for recommended privacy, security, or anti-censorship improvements. All of this work will be conducted either by service partners or applicants themselves—with triage and oversight by an OTF.

Challenges the lab seeks to address:

  • A growing number of applications are being submitted to our open funds (e.g., the Internet Freedom, Core Infrastructure, and Rapid Response funds), where the overall effort is within remit, but only specific aspects align with our current priorities. These specific aspects are within OTF’s interest and would help folks on the front lines, in areas such as implementing privacy, security, or circumvention technologies into their existing systems. Tools that document human right violations are one example of something that OTF is less inclined to support outright, but would be interested in helping with in order to address systematic targeting or vulnerabilities being exploited by repressive governments.
  • There is now a mature set of anti-censorship technologies that OTF has incubated and supported, which are ready-made for widespread 3rd party deployment. Unfortunately, many groups lack the knowledge and capacity to conduct the initial deployments.
  • A growing number of projects with goals that are within our Internet freedom remit are looking to OTF for support of an engineering objective that is very specific; minimal in time, money, or other resources; and, as such, doesn’t warrant the burdensome application process of our other funds (but would have notable impact).
  • Many cloud providers’ service offerings are missing critical security or privacy features needed in the Internet freedom field (such as encrypted disk storage, Software Guard Extensions, etc), some of which will never be offered by a solely commercially driven provider (such as minimized account information).
  • There are additional costs associated with supporting providers through each project individually versus making arrangements with providers on behalf of the field of practitioners advancing Internet freedom within OTF’s remit (and then getting volume discounts).

Who will the Engineering Lab support?

The lab will prioritize supporting the following kinds of projects:

  1. Current and past Internet freedom efforts supported with public funds from OTF, BBG, the Department of State; and,
  2. Efforts that fit with OTF’s overall mission and goals but, for various reasons, may not be current or previous supported Internet freedom efforts.

In response to the above challenges, the lab will provide specific short-term implementation and deployment support to people or organizations representing apps and communities conducting work within OTF’s Internet freedom remit who apply to the lab for support. The lab will offer access to services made available by 3rd party consultants OTF has contracted with, or access to the lab’s service providers, or will make funds available directly to applicants capable of demonstrating the ability to accomplish the work themselves. The ideal applicant is a software developer or project lead for an app, a systems administrator, or an information security technologist for an organization or community able to demonstrate the ability to adequately maintain the lab’s output after the support is concluded.

If an applicant appears to be unable to support the ongoing maintenance of the lab-supported effort, the application may not be considered competitive, may be dismissed, and/or may be directed to apply to one of OTF’s other more appropriate funds.

What kinds of outcomes will the Engineering Lab support?

This lab could be useful for application makers who:

  • Want to build common circumvention or security mechanisms into their applications (pluggable transports, ShadowSocks, NetCipher, Psiphon, Enterprise Onion Toolkit, OnionBoat, CGIProxy, etc.);
  • Seek funds to support and expand their underlying operations and infrastructure capacity (not software maintenance: if that is needed, consider the Internet Freedom Fund or Core Infrastructure Fund);
  • Seek support to containerize or package apps for easy deployment on common IaaS/PaaS providers;
  • Want access to OTF-supported secure cloud infrastructure (, etc); and
  • Need support for DevOp or SysAdmins to maintain supporting crucial infrastructure needed to advance Internet freedom projects.
  • If you don’t see the outcome you have in mind, feel free to let us know or apply.

This lab could be useful for community and organization leaders who:

  • Need initial support to deploy common applications relied upon by Internet freedom groups (OwnCloud, Globaleaks, SecureDrop, Ionosphere, Mattermost, VPNs such as Outline/Streisand/Algo, Jitsi, etc.);
  • Want access to OTF-supported secure cloud infrastructure;
  • Want access to OTF’s network of 3rd party VPN providers;
  • Want to support the deployment and expansion of networks commonly used for anti-censorship purposes (high-capacity Tor relays, Tor bridges, OONI test nodes, CENO bridges, IPFS nodes, etc.); and
  • Seek support for Dev(Sec)Ops for initial deployments of applications.
  • If you don’t see something that you have in mind, feel free to let us know or apply.

The lab does not focus on the development of new features (including software maintenance) for existing technologies, the creation of new technologies, or emergencies and other rapid response needs. The Internet Freedom Fund, Core Infrastructure Fund, and Rapid Response Fund are the more appropriate support mechanisms for these needs.

Below are a selection of scenarios to illustrate the focus of the Engineering Lab compared to other OTF funds:

  • Ongoing operating expenses for secure hosting services would be supported through the Engineering Lab.
  • Advancing the functionality and features offered by a secure hosting service would be supported through the Core Infrastructure Fund.
  • A human rights reporting app being actively targeted by censors, which wants support for a discrete, one-off effort to integrate Psiphon, Tor, or domain-fronting into its app, would be supported through the Engineering Lab.
  • Psiphon, Tor, or domain-fronting software developers who want support to improve the software libraries they make available to better support 3rd party human rights reporting apps would be supported through the Core Infrastructure Fund.
  • An existing OTF project that wants to get a security audit of its mobile app would be supported through the Red Team Lab, which is focused on security audits.

Example scenarios

Scenario 1: An existing technology project, such as a blocked independent media outlet within a repressive country, wants to include a Tor client or hidden service in its application.

  • It applies to OTF or contact a service partner directly.
  • It creates an SoW or one is submitted by the service partner.
  • OTF supports a one-time contract to do the work.
  • The applicant will find other means to support the effort in the longer term.

Scenario 2: An Internet freedom-focused community group or organization wants to deploy its own server.

  • It applies to OTF or contacts a service partner directly.
  • It creates an SoW or one is submitted by the service partner.
  • OTF supports a one-time contract to do the work.
  • The applicant will find other means to support the effort in the longer term.

How will the lab offer these services?

Retain service partners.

Requested services and criteria for partners will be developed on an ongoing basis with feedback from lab applicants and the broader Internet freedom field. As needed, we will make Request for Partner opportunities available to ensure that we’re able to offer what is needed.

Offer an open application.

We will continue to make an always open application form available. The form will ask questions to ensure that the applicant’s overall effort is within remit, that they are requesting services we are capable of offering, and that they are capable of maintaining what we provide after OTF support has been concluded.


  • An applicant applies directly to OTF, or a service partner applies to OTF on behalf of a project or organization.
  • OTF reviews the application.
  • OTF and the applicant amend/edit the application as needed.
  • If the application is not from a service partner:
    • OTF approves the request for pre-scoping feedback with service partners.
    • OTF sends the application to service partners for their feedback and identifies who can best conduct the effort (based on availability, capacity, skills, etc.).
  • OTF and the applicant may need to amend/edit the application again before final approval with the service partner.
  • Work is conducted.
  • OTF receives a read-out from the service partner or applicant once the effort has been concluded.
  • Invoice for the effort is sent to OTF from the service partner or applicant.
  • The effort is concluded.

Who are the lab’s service partners?

Questions, comments, or feedback?

The best place to start is to review, join, and add to the public discussion at If there is a need to contact us directly, feel free to email [email protected].

Your cookie settings

This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.