In June, the Open Technology Fund continued to both receive a large number of support requests and to support a diverse portfolio of Internet freedom projects and fellows addressing Internet censorship and surveillance threats in closed societies around the world. As June came to a close, OTF accepted submissions for its latest round, which had a deadline of July 1. For the July 1 round, OTF received 113 concept notes in total; reviews are actively underway.
Notable accomplishments
- The PyPI Improvements project released two-factor login via WebAuthn for all PyPI users. This will allow PyPI users to further secure their accounts through use of physical U2F (universal second factor) tokens like Yubikeys. PyPI is the official software repository for the Python programming language, and many Internet freedom projects rely upon the third-party packages hosted on PyPi – which makes it a high-value target for bad actors who want to inject malware into popular Python-run applications. This update will help make the platform more secure, helping users but also any project that makes use of the PyPI platform.
- Wireguard released a Windows version which is available for download here. The Windows release for Wireguard, a simple yet fast and modern VPN protocol, is especially notable as developer Jason Donenfeld developed a new virtual adapter called Wintun that can be used not only by Wireguard but by other, similar projects as well. a much improved user interface. You can read more about the Windows release in this Ars Technica article: WireGuard on Windows early preview. The article states that while the release is “still in pre-alpha…it’s looking very good.”
- For the first time, Apple’s latest transparency report included the number of App Store takedown requests it received from 11 governments worldwide. Of the 634 app takedown requests received, 517 came from China, Apple said. The disclosure serves to further highlight the work of efforts like the OTF-supported App Store Censorship project, which as of June 2019 had identified over 1,100 apps that are currently unavailable in China.
- The Open Observatory of Network Interference (OONI) released a report in collaboration with Jordan Open Source Association (JOSA) detailing Facebook live-streaming interference during protests in Jordan between December 2018 to January 2019. The report is available via the OONI or JOSA sites. In the report, findings and methodologies are reported in detail so that future, similar incidents can be similarly investigated. OONI also published a report analyzing censorship in Ethiopia during mid-June, confirming the blocking of WhatsApp and Telegram in the country. OONI also released the OONI Probe Mobile app version 2.1.0 for Android and iOS. Over the course of the month, OONI Probe was run 352,807 times from 5,033 different vantage points in 209 countries around the world.
- Research conducted by the Securing Domain Validation project was cited by CloudFlare as a key factor in the content delivery network (CDN)’s decision to deploy multipath domain control validation. The new tool for certificate authorities (CAs) offered by CloudFlare is designed to help CAs further secure their certificate issuance process and safeguard against off-path DNS attacks and Border Gateway Protocol (BGP) hijacking, a type of attack wherein a malicious actor reroutes legitimate Internet traffic by falsely claiming ownership over a network prefix, a group of IP addresses.
- Delta Chat, a unique, server-less messenger tool that utilizes existing email provider infrastructure to allow users to exchange end-to-end encrypted messages, was released in stable form for Android, featuring numerous UX and stability improvements. It was also released as stable on Linux and Mac, with a first version available on Windows. Delta Chat allows anyone to exchange messages (even if only one user is on the Delta Chat app) so long as they have a compatible email address; most major email providers are supported, including Gmail, Yahoo!, mail.ru, and Riseup, among others.
- OpenArchive, a secure open source media archiving ecosystem designed to preserve materials otherwise censored and deleted by repressive actors, released its Save app in beta for iOS; it is available for testing here. This effort is critical for preservation of data and evidence needed for accountability.
- ICFP Fellow Valentin Weber’s recent article on Mobile App Store Censorship is now also available in the ACM Digital Library here: https://dl.acm.org/citation.cfm?id=3324965
- ICFP Fellow Nguyen Phong Hoang contributed to a research paper on ICLab, a new “Internet measurement platform specialized for censorship research.”
- Several new projects are now under OTF support, including:
- DEfO, a project which will work on Encrypted Server Name Indication (ESNI) for the OpenSSL library – the most commonly used software for providing TLS encryption. The Internet Engineering Task Force (IETF) TLS working group is now working on making Encrypted Server Name Indication (ESNI) part of the TLS standards. ESNI is a way to plug a privacy-hole that remains in the TLS protocol that’s used as the security layer for the web. OpenSSL is a widely used library that provides an implementation of the TLS protocol. The DEfO project is developing an implementation of ESNI for OpenSSL, and an ESNI-enabled web server as a demonstration and for interoperability testing. Over time, DEfO will demonstrate integration of ESNI with other tools that use TLS.
- RAWRR (Risk Assessment Workflow for Recommendation Roadmaps), a project focused on developing a single tool where users can do data gathering, report generation, and roadmap development for audits and assessments – processes that at present are disparate and take place through use of a mixture of non-specific tools. The developed RAWRR tool will aim to simplify and consolidate this process.
- A project focused on mapping holes in China’s surveillance state, using censored content to study and draw conclusions around certain elements of China’s intensifying surveillance practices.
- Localization Lab held a Thai language sprint, translating tools including Tor Browser, Mailvelope, TunnelBear and KeePassXC into Thai. Participants also successfully localized the Tor User Manual and Mailvelope Help Documentation to offer Thai users step-by-step guides for using both tools.