December 2019 Monthly Report

Wed, 2020-01-22 20:00

In December, OTF began reviewing the 95 concept notes submitted during the January 1 round for the Internet Freedom and Core Infrastructure Funds. In addition, the annual application window for the Information Controls Fellowship Program (ICFP) is now open, with a submission deadline of February 24, 2020; more details can be found here.

Notable accomplishments

  • Delta Chat, a unique, server-less messenger tool that utilizes existing email provider infrastructure to allow the exchange of end-to-end encrypted messages, released Delta Chat version 1.0, with this beta version now available on the Google Play store. The app is now available on all major platforms: Android, Windows, Linux, and most recently, iOS and MacOS. This release marks the completion of the migration of Delta Chat’s code library to Rust (a programming language considered relatively robust and safe) and also features the addition of user experience improvements, such as the ability to set customizable profile pictures and receive important app update information as an in-app chat. All of the new features are built with “privacy by design,” including no extra cloud server involvement aside from your email provider. In addition, several non-severe security flaws identified in an earlier Red Tam Lab-supported security audit have been fully addressed. You can read more about the Delta Chat 1.0 release here (Android) and here (iOS).
  • Amir Houmansadr of the MassBrowser project co-authored a report on how China detects and blocks Shadowsocks, one of the most popular circumvention tools in China. Researchers found that China’s Great Firewall (GFW) combines passive and active detection methods in order to block Shadowsocks. Specifically, the GFW “passively monitors the network for suspicious connections that may be Shadowsocks, then actively probes the corresponding servers to test whether its guess is correct.” The research further indicates that blocking Shadowsocks is “likely controlled by human factors that increase the severity of blocking during politically sensitive times.” From these findings, the report highlights how a software tool called Brdgrd can be run on a Shadowsocks server to modify packet sizes and therefore obfuscate its traffic in order to avoid blocking. More details can be found in the full report, available in both English and Chinese.
  • WireGuard, a more secure, resilient and fast VPN protocol, is on track to be included in a Linux release candidate in early 2020, Ars Technica reported in December: “This is a major step forward for the WireGuard VPN project,” the report says, as “this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability… While WireGuard is most frequently seen in a Linux context right now, it’s available and very capable on all major platforms, including Windows, Mac, Android, iOS, and BSD…the userland implementation typically still handily outperforms traditional VPNs such as IPSEC and OpenVPN, with faster connection times, lower latency, and significantly decreased battery usage.”
  • The Open Observatory of Network Interference (OONI) made a series of improvements to how OONI’s censorship detection platform functions, including releasing a new version of Measurement Kit, adding support for filtering out incomplete test results, and improving the performance of the OONI API. OONI also partnered with OutRight Action International to encourage OONI Probe testing of LGBTQI websites around the world, as such sites are often the target of censors in repressive human rights contexts. Throughout December, the OONI Probe censorship detection tool was run 9,270,932 times from 5,564 different vantage points in 209 countries around the world.
  • OTF published a blog post summarizing recent support for GlobaLeaks, a secure open-source submission platform that enables human rights, advocacy, and media organizations to safely collect sensitive information from sources. The post was produced through OTF’s Learning Lab with an aim of increasing transparency and insight into the efforts OTF supports and their outcomes. If you are an OTF-supported project or fellow, you can apply for Learning Lab support here.
  • Several new projects and fellows are now working on OTF-supported efforts, including:
    • Security Training and Support for LGBTIQ Communities and Allies in Indonesia, a project that will provide security support for several LGBTIQ organizations in the country amid increasing scrutiny and threats over their work, resulting in attacks both online and off in the country.
    • Information Controls fellow Kris Ruijgrok, who will work with the Software Freedom Law Center to document the social and political circumstances that lead to an Internet shutdown in India – regularly a world leader in shutdown events.
    • An Information Controls fellow who will work with the University of Michigan to investigate the surveillance and censorship capacities of the government and military in Myanmar, where these threats have proliferated against journalists, activists, and other human rights defenders in recent years.

Projects Mentioned