OTF’s ninth cohort of ICFP fellows selected to advance research and analysis on information controls, specifically repressive censorship and surveillance.
The Open Technology Fund (OTF) has selected four individuals as the newest Information Controls Fellowship Program (ICFP) fellows. The group will focus on advancing research, analysis, and tool development on topics related to Internet censorship.
This latest ICFP cohort includes individuals from a variety of disciplines, crossing lines between computer science, reverse engineering, technology development, social sciences, human rights, and information security. The common thread uniting this diverse group is their focus on the various aspects of information controls, specifically repressive censorship and surveillance. You can check out the outputs of previous fellows for 2014, 2015, 2016, 2017,2018, 2019, and 2020. The ongoing 2021 class can be found here.
The incoming fellows and a brief description of their areas of focus are as follows:
Host organization: Citizen Lab
Duration: Nine months
With over 1.2 billion monthly active users, WeChat is the most popular messaging and social media platform in China, and third in the world. For vulnerable populations that must use WeChat (for instance, domestic journalists and foreign correspondents, grassroots and diaspora activists), precise threat modeling is of utmost importance. This kind of risk assessment requires a more granular security and privacy analysis, to understand the shape and nature of the risks. During her fellowship, Mona will reverse-engineer WeChat’s custom transport-layer encryption protocol and provide tooling for other researchers to intercept and decrypt network traffic. She will use this tooling to perform an in-depth security and privacy review of the application, including analysis of popular MiniPrograms on the WeChat application ecosystem.
Host organization: Censored Planet
Duration: Six months
During the course of this fellowship, Hammas aims to understand the censorship mechanisms around Tor bridges over IPv6. His previous work has revealed that there are censorship implementation gaps between DNS over IPv4 and IPv6 resulting in lesser DNS censorship over IPv6. This fellowship aims to find similar censorship gaps between Tor bridges over IPv4 and IPv6 and explore a possibility of creating censorship resistant Tor bridges using the vast address space of IPv6.
Host Organization: Citizen Lab
Duration: Twelve Months
Many service providers or telcos in Central America require “bloatware” applications to be installed on end-user devices for the network to be accessed. With the help of information security leaders in the region, a short list of high-impact applications have been identified that will be examined for security threats and potential privacy issues for the average user that is required to have one on their device. Bloatware applications are serious threats to the security of a device because they tend to have elevated permissions and typically cannot be removed by the user without gaining root access. During the fellowship, Beau will formulate a set of threat classes that are most serious in bloatware applications, produce an organized list of steps that a user in the information security field would be able to follow to investigate any similar bloatware app, and translate the findings for the target region.
Host organization: Censored Planet
Duration: Twelve months
Web PKI is designed to protect users' communications on the Internet from being intercepted by malicious actors. However, if a legitimate controller of a subset of the network infrastructure becomes malicious, they can abuse their power to circumvent the protection of web PKI and, for example, surveil internet users within their reach. This type of attack is called HTTPS Interception. During her fellowship, Alexandra plans to examine the global state of web PKI, specifically certificates deployed worldwide. She is working on a cross-regional collection of certificates, the close examination of which could reveal anomalies in the Web PKI. Such anomalies may also contain circumstantial evidence of further, previously unknown HTTPS interception attempts, which should be investigated further.
The Open Technology Fund (OTF)’s Information Controls Fellowship Program (ICFP) supports examination into how governments in countries, regions, or areas of OTF’s core focus are restricting the free flow of information, impeding access to the open Internet, and implementing censorship mechanisms, thereby threatening the ability of global citizens to exercise basic human rights and democracy. The program supports fellows to work within host organizations that are established centers of expertise by offering competitively paid fellowships for three, six, nine, or twelve months in duration.
To learn more about the ICFP, click here.