In November, the Open Technology Fund continued to support its diverse portfolio of Internet freedom projects and fellows. In November, OTF received 24 new concept notes requesting over $5 million in support as new versions of OTF-supported tools became publicly available, an OTF-supported tool publicly released a security audit, and OTF launched a new initiative to improve security tool tool usability. (Details below)
OTF launched the Usability Lab, providing open source digital security tools with free audits to improve their usability, an often overlooked but crucially important factor in privacy and security tool adoption. OTF has partnered with UX experts Simply Secure for the service, free of charge and open to any tool whose aim is to safeguard user communications, enable access to an open Internet via circumvention technologies, or otherwise making digital security best practices more widely known and used. See the announcement here: https://www.opentech.fund/article/usability-audits-now-available-digital-security-tools
ASL19 (Persian for Article 19), an Iranian human rights organization focused on access to information and freedom of expression, convened a group of network measurement researchers and circumvention tool developers at Princeton University to discuss various information controls scenarios potentially employed by the Iranian regime ahead of and during the Iranian elections in February 2016. Participants mapped out resources and data sets, identified ways to monitor information controls, and began developing rapid response strategies centered around the development of creative workarounds to government blocking of circumvention tools in the lead up to the election.
Signal, a secure calling and messaging platform made by Open Whisper Systems, is now available on Android devices. Additionally, OWS announced the consolidation of what had previously been several different apps (RedPhone, TextSecure, Signal) into a single multifunctional app capable of both secure messaging and calling, making the security and privacy enhancing app easier and more accessible than ever. Signal has over a million downloads from the Google Play store and is available here: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Security First, maker of the Umbrella app, a tool which provides human rights defenders with the information they need to operate safely online, publicly released the results of a code audit conducted in order to improve the security of the app. The audit, conducted by iSEC Partners, identified several vulnerabilities which Umbrella was able to address and make their tool a more secure one. Read more about the audit findings on the Security First blog: https://secfirst.org/blog.html or a complete review of the audit can be read in .pdf form here: https://secfirst.org/150922_iSEC_Security%20First_Umbrella_Final_2015-06-26_v1.1.pdf
A new version of USB data transfer security tool Kitten Groomer was released. Kitten Groomer ‘sanitizes’ data and files during a USB data transfer by scanning for malware present on the USB. In many repressive countries, USB data transfer is a common but vulnerable method of data transfer. The new version verifies the content of transfer files and marks them as dangerous if anything malicious is detected, improving the tool’s effectiveness and reliability.
Information Controls fellow Will Scott released an initial version of his Activist.js WordPress plugin. The plugin offers website owners a tool to help their users access their website by enabling client-side caching, allowing for access even if a site’s server is unavailable.
Multiple Information Controls fellows led sessions at the Internet Governance forum around issues of digital rights.
Information Controls fellow Serene Han has begun preparing a version of flashproxy that can easily traverse Network Address Translations (NATs) while using WebRTC, which will be an important development in increasing the usability of widespread circumvention tools such as Tor.
Information Controls fellow Jeffrey Knockel is in touch with Chinese-controlled Baidu to fix the numerous privacy and security issues discovered during the course of his research. The full report will be publicly available next month.
NoScript, the Firefox browser plugin used by millions to block malicious scripts, is preparing for major changes to the Firefox browser as Firefox switches to a new multiprocess operating system. In preparation for the switch, NoScript announced the final version of its current plugin this week, which integrates numerous components necessary to ensure NoScript’s millions of users experience a smooth transition.
Select news collected by OTF from the month of November. Get the full feed live @OpenTechFund
In Venezuela, 140 Characters Can Land You in Jail | Global Voices Advocacy
Authorities go after Iranian cyber spy group | The Hill
Tanzania cracks down on media and online expression | Washington Post
Apple Is Self-Censoring in China. Is Facebook Next? | Motherboard
China Censors Your Internet | Wall Street Journal
- Program Update