In December, the Open Technology Fund continued to both receive a large number of support requests and to support a diverse portfolio of internet freedom projects and fellows addressing Internet censorship and surveillance threats in closed societies around the world. This month, OTF began reviewing the 124 concept notes received during the January 1 round. The Information Controls Fellowship Program (ICFP) also began accepting applications for its next cohort of fellows, with a final deadline of February 24, 2019. Click here to learn more about the ICFP program and access the application.
- Mailvelope, a browser extension that facilitates email encryption for users of browser based email, released Mailvelope version 3.0, a major new release with new features including the ability to access a local GnuPG keyring and process all encryption operations in GnuPG, granting users a (more secure) alternative to in-browser encryption; the ability to encrypt online web forms to ensure that only their intended recipient can access its contents; and support for the Web Key Directory, allowing public keys to be retrieved directly from the domain of the mail provider, ensuring a simplified, user-friendly process. Read more about the Mailvelope version 3.0 release in this Mailvelope blog post.
- The Open Observatory of Network Interference (OONI) released version 2.0 of their mobile censorship detection app, OONI Probe, a major release featuring new and improved UX and design elements; a dashboard-style view showing all previously run tests at a glance; easier website and country-specific testing options; and the option to run tests to detect censorship by topic, including News Media, Anonymization and circumvention tools, and Social Networking. You can read more about the OONI Probe version 2.0 release in this OONI blog post. To try the app out, download OONI Probe for Android or iOS. During December, the app was run 298,455 times from 4,527 different vantage points in 209 countries around the world.
- Tor Metrics released a technical report, “Towards modernising data collection and archive for the Tor network,” which provides an overview of CollecTor, a tool developed “for archiving data relating to the public Tor network and applications developed by Tor.” The report details the requirements for a Tor data collection prototype, including assessments of available code libraries and frameworks which would reduce the cost of such a system. Read the report in full here.
- DeltaChat, a unique, server-less messenger tool that utilizes existing email provider infrastructure to allow users to exchange end-to-end encrypted messages, published a needsfinding report (pdf) based off consultation with 16 journalists, activists, and trainers in Ukraine. The report’s findings, along with the results of previously conducted users tests, are informing technical DeltaChat developments by incorporating features and functionality specified by target users.
- GoodbyeDPI, an autonomous censorship circumvention software tool, is now working under OTF support. The focus of GoodbyeDPI’s OTF-supported project will be on making the tool available on new operating systems (it’s currently Windows-only), improving the tool’s usability such as by creating an installer tool and auto-update mechanism, and implementing new circumvention techniques.
- BIND9 QNAME Minimization, a Core Infrastructure project focused on adding new security features to BIND, one of the most widely-used open source software applications for running a DNS resolver, completed development work on the QNAME minimization feature, with “Phase 2” work on the feature completed in November and included in the release of BIND version 9.13.4. The feature enhances user privacy by removing excess metadata leakage via queries from the popular BIND 9 DNS recursive resolver. The next stable version is planned to be released later this month. BIND is available for download here. BIND is open source and is maintained on GitLab here.
- Two new ICFP fellows started work on their OTF-supported projects this month: Valentin Weber is researching the diffusion of the Russian and Chinese information control models out of Harvard University’s Berkman Klein Center for Internet & Society, and Gabrielle Lim is working with host organization Data & Society to investigate the tools and tactics used by state and non-state actors in Southeast Asia to manipulate the media ecosystem, and identifying the resultant threats to online information access. You can read about the entire cohort of new ICFP fellows and the focus of their projects in this summary blog post.
- Sub-Saharan Africa Cyber-Threat Modeling’s Arthur Gwagwa co-authored a piece that appeared on the Council on Foreign Relations’ Net Politics blog outlining China’s export of AI surveillance technology through the African continent. Read “Exporting Repression? China's Artificial Intelligence Push into Africa” here.
- OTF’s Rapid Response service provider Qurium Media recently published an analysis of a major Distributed Denial of Service (DDoS) attack against Azerbaijani independent media outlet Azadliq.info. Qurium also published a detailed forensic report outlining collaboration between network traffic management company Sandvine and the Azerbaijani government to censor Azadliq.info and other independent media websites.
- OTF supported the Ukranian organization Digital Security Lab to provide urgent digital security assistance, including security audits and post-audit consultations, for a human rights organization with staff operating in Kyiv and Crimea. The staff were experiencing many incidents of device seizure, phishing, malware attacks, and criminal cases based on information obtained by Russian security agencies.
- Localization Lab facilitated the translation and review of the new OONI Probe release into Persian, Portuguese (Brazil), Spanish, French, Turkish, Arabic, and Albanian, among other languages; Mailvelope into Spanish, Japanese, Russian, and Traditional Chinese; and Signal into Kichwa, a Quechuan language spoken in Ecuador, as well as Hindi and Welsh. Those languages will be available in the next Signal release. Overall, during December Lab volunteers translated a total of 88,875 words, edited 29,650 words and reviewed 23,562 words across all projects in the Localization Lab Hub.
- The Red Team Lab announced the additional capabilities being offered by service partners, including support for bug bounties, independent validation of a project’s anti-censorship, privacy, security claims, and supporting internet freedom projects efforts to remediate discovered serious vulnerabilities. In this month, the received a dozen requests for support, approving four. In 2018, twenty internet freedom projects -- that are regularly used by millions people -- were served by the lab, which found over 50 vulnerabilities that could have been used to repress internet freedom.
- Usability Lab service provider Ura Design conducted usability testing for decentralized messaging app Briar, which is working on adding a new feature that would allow users to add contacts remotely. That issue can be tracked on Briar’s GitLab instance. Ura also began working on remodeling the Preferences interface for the Thunderbird email client, focusing on simplifying the underlying information architecture and, consequently, the user-facing elements as well.
- The Reproducible Builds Summit, supported by the Community Lab, took place in December 2018 in Paris, France. By adopting use of Reproducible builds, it’s possible to independently verify that software used by journalists, activists, and other at-risk individuals has not had backdoors or other vulnerabilities injected during the process of converting the source code into the form used by a computer or other electronic device. The 3-day workshops provided an opportunity for various projects to work on solutions, improve collaborations, and discuss how reproducible builds can be improved and further implemented moving forward.
- The Internet Freedom Festival (IFF), supported by the Community Lab, launched a weekly online meetup designed to help the IFF community connect, collaborate, and share updates year-round. For information on how to participate in the IFF Glitter Meetup, check out IFF on Twitter. IFF also announced the Festival’s first-ever cohort of Community Development Fellows, comprised of 13 fellows from 12 countries who bring expertise in technology, policy, media, and human rights. The fellows will help shape the 2019 IFF’s themes.
- The Engineering Lab announced the additional capabilities new service partners are now able to offer to applicants. In December, the lab received multiple applications requesting support to integrate mature circumvention technologies into existing applications. One effort moving forward will focus on mitigating Pakistan's recent block of VOA’s Urdu website.
- OTF is proud to announce that two individuals recently joined the OTF team: Fiona Krakenbürger, Program Manager, and Di Luong, Program Specialist. We are excited to welcome Fiona and Di to the OTF team!
- Program Update
- OONI : Open Observatory of Network Interference
- Tor Metrics
- BIND9 QNAME minimization
- Sub-Saharan Africa Cyber Threat Modeling