The Open Technology Fund is pleased to announce the release of its Fiscal Year (FY) 2019/2020 Annual Report. In this report, you will find the projects, fellows, and labs (with an exception for highly sensitive activities) that OTF supported with FY2019 and FY2020 funds from October 2019 to March 2022.
During this period, OTF funded over 70 innovative projects that combat repressive censorship and surveillance, 13 fellowships that examined censorship mechanisms and provided comprehensive support to those affected by internet freedom violations, and over 30 rapid response interventions that provided emergency response to individuals and organizations facing digital attacks.
While this report catalogs the projects that OTF has funded over the past two years, it more importantly captures the incredible efforts and accomplishments of the OTF community and partners all around the world, who have continued to advance internet freedom in the face of extraordinary odds.
While authoritarians have become far more adept at using the internet to control information, the internet is still far and away the medium through which most information reaches audiences in highly restricted information contexts. To a first approximation, the contemporary samizdat is an entirely online phenomenon. Equipping citizens of authoritarian states with the tools and technologies they need to access objective, global news and information, despite their governments’ attempts to restrict access to such information, is core to OTF’s work.
Over the past two years, OTF has continued to fund an increasingly robust and sophisticated suite of network measurement technologies that has enabled technologists, activists and journalists to track in real time the evolution of censorship techniques and targets across the globe. With funding from the period covered by this report, the Internet Outage Detection & Analysis project (IODA), which documents and verifies instances of politically-motivated interference with internet access, increased the accuracy and breadth of detection and made its platform more useful and accessible to non-technical users. This proved vital in tracking specific regional internet outages in Ukraine following the Russian invasion. Investments in the Open Observatory of Network Interference (OONI) improved the monitoring of website censorship, expanded the breadth of global coverage and granularity of censorship events, and empowered community participation in censorship measurement research. This allowed testers in the weeks after the invasion of Ukraine to chart the rapid evolution of Russian censorship of ISPs and allowed digital security practitioners to respond in a quick and informed manner. Funding to Netalitica during this period also improved the data OONI relies upon for maximum testing efficacy.
The challenge of circumvention in the context of the contemporary internet is defined by the growing sophistication of censors and the diverse needs and technical aptitudes of users. Over the past two years, OTF invested substantially in a range of trusted, intuitive anti-censorship tools appropriate for contexts of various users while also keeping technical pace with the most sophisticated global censorship tactics. Support for VPN-style circumvention tools such as Psiphon, Lantern and NthLink have provided direct circumvention life-lines to tens of millions of users in censored countries from Cuba to Belarus to Myanmar, particularly in periods of political and social unrest. In addition to these large-scale circumvention tools, OTF has also supported the development of new circumvention technologies for high-risk use cases. The first is MassBrowser, a technology through which users in uncensored areas serve as bespoke circumvention proxies for users in censored areas. The second is oLink, a censorship circumvention tool that does not require any software installation and allows users to access blocked content from a standard web browser by mirroring blocked sites in a way that is difficult to censor.
In addition to supporting circumvention tools themselves, OTF has also invested in improving the state-of-art of circumvention more broadly. OTF support for Wireguard fundamentally improved the VPN landscape, as Wireguard’s far simpler and more secure protocol now makes it far easier to debug and secure compared to standard VPNs and has, by default, raised the security posture for millions of internet users globally in the background without any additional action on their part. The WireGuard protocol’s state-of-the-art cryptography and lightweight 4,000 line code base has consistently proven to be easier to set up and securely maintain than existing options, such as IPsec or OpenVPN. Unlike other popular VPN protocols, which can have over 100,000 lines of code that must be monitored and debugged in order to be secure, WireGuard provides security through the most lightweight codebase possible. As a result of these integrations, WireGuard is now used by over a billion people worldwide. In addition, OTF support for DEfO, and its component Tolerant Networks Limited (TN), provided client and server-side support for Encrypted Server Name Indication (ESNI) in OpenSSL. Encryption of SNI values provides a way to circumvent the blocking of specific websites, and has made it easier for users to navigate the open internet.
During this period, OTF also supported new efforts to reduce the cost and increase the efficiency of circumvention efforts by investing in new machine-learning techniques. In order to meet the resources imbalance between highly resourced nation-state censors and far less resourced internet freedom tech developers, OTF has invested in technologies that leverage AI to automate the discovery of censorship evasion strategies without the need to hypothesize and build them first. Geneva, a genetic algorithm that has trained against real-world censors in China, India, Iran, and Kazakhstan to automatically identify new censorship techniques and evasion strategies. To date, the tool has discovered dozens of previously unknown strategies to defeat state-level censorship.
Mitigating Internet Shutdowns
Until recently, the common belief was that internet shutdowns were too costly, both politically and economically, to be deployed by governments as a means of controlling information on a national scale, with routine frequency, or for reasons less than the politically existential. This assumption has been completely and categorically disproven by numerous politically motivated shutdowns of a previously unthinkable size and scale, perpetrated by regimes that bore the associated costs and normalized a new form of control. It is no longer just specific content that is subject to censorship, it is the flow of data itself. In addition, similar to more traditional forms of censorship, “shutdowns” now take many forms that necessitate highly context-specific solutions.
One form of internet shutdown — exemplified by Iran’s National Information Network – is a shutdown in which national communications infrastructure remains functional but is cut off from all points of global connectivity presents several avenues for meaningful mitigation. OTF support for Ouinet has created peer-to-peer content distribution networks that can serve a variety of cached content to users within areas cut-off from global networks. The former via its CENO Browser is already deployed in some of the world’s much shutdown prone areas such as Iran and Myanmar while the latter has already been integrated into USAGM newsreader apps. In addition, OTF-supported Delta Chat leverages an email backend and encryption to create an adaptable, decentralized secure messenger that enables privacy features and resilience to interception that is vital for users in repressive contexts even if only national email servers are available. Delta Chat is available for download and use everywhere on Apple and Android devices.
Another form of shutdown – illustrated by the Junta in the days following the military coup in Myanmar – is to shutdown the internet and mobile data but allow cellular calling and SMS in order to drastically restrict the flow of information but allow some basic communications to continue. While this may be preferable to a total network shutdown, many of the communication functionalities and security securing messaging apps are lost. OTF support to Frontline Local and additional investments that build off that foundation attempt to extend some of the functionality and security guarantees of secure messengers to SMS-based communications for these types of shutdown situations.
Finally, OTF is also supporting the development of tools for total network shutdowns. In addition to offline device-to-device messagers, During the period covered by this report, OTF also supported Awala (formerly Relaynet) to create a technology whereby human courriers with an app can securely and privately collect data to be sent from areas without connectivity. When the courriers move physically to a connected area the data is automatically transmitted and then data received in response can be transported back into the disconnected area where it automatically syncs with the original senders – in effect physically carrying bursts of vital connectivity into completely disconnected areas.
As authoritarian regimes frequently enact offline reprisals for online activities, security and privacy online have become necessary preconditions for exercising the right to free expression online in many repressive countries. As a result of these stakes as well as the increasing availability of technically sophisticated surveillance technologies to authoritarians on any budget, OTF invests in improvements to the overall security of the internet and supports the development of tools for the specially most targeted users. Seeking to mitigate a common vector for man-in-the-middle attacks, OTF support helped develop a more secure domain validation protocol known as multiple vantage point domain validation (MVP-DV). According to the Electronic Frontier Foundation OTF’s support to implement this protocol into Let’s Encrypt “helped protect the 227 million sites using Let’s Encrypt from BGP attacks, a favorite technique of nation-states that hijack websites for censorship and propaganda purposes.” In this report period, the DL-ISAC project further modernized and extended DDoS protections to hundreds of civil society and journalistic sites. Building on novel vulnerabilities discovered through William Tolley’s ICFP fellowship, Breakpointing Bad revealed inherent flaws in VPN’s security and privacy properties and educated vulnerable populations about the flaws of VPN technology, disclosing to necessary parties all vulnerabilities found, and examining potential fixes for VPN issues. In recognition of the surveillance risks posed by IMSI-catchers, which pose as fake cell phone towers, the FADE Project expanded studies to detect the use of IMSI-Catchers in a standardized way in Latin America to further develop the detection methodology, technical tools, and mitigation strategies for the civil society actors and journalists in the region.
Research plays a crucial role in protecting internet freedom. It informs frontline defenders about the developing threat landscape, identifies new challenges on the horizon, and supports the development of novel internet freedom tools and ways to improve existing ones. OTF supported a number of researchers working on the urgent threats to Internet freedom identified above. These applied research projects supported through OTF’s Internet Freedom Fund and its Information Controls Fellowship Program provide direct feedback, insight, or applicability to technology development processes. This research includes how, why, or where censorship is happening or understanding how the threat of targeted surveillance is evolving across the globe and how we can fight back against it. It also includes developing new methodologies for studying Internet freedom, for instance through applying machine learning techniques, to advance knowledge around what types of content censors target and how they do so, or assessing threats to Internet freedom in a specific geographic context through on the ground research.
OTF continues to lead the field in internet freedom research by supporting expert researchers through its Information Controls Fellowship Program (ICFP). During the report period, OTF supported its seventh and eighth classes of ICFP fellows. Fellows conducted research on a variety of critical topics related to internet censorship, including techniques to identify and monitor censorship technologies, investigations into the underlying mechanisms used to identify and block censorship circumvention protocols, and understanding and centralizing internet shutdown data. For example, with OTF support, researchers developed a measurement platform that continuously monitors the Chinese government’s DNS filtering mechanism and identifies changes to censorship tactics over time. In addition, OTF-supported researchers developed computational methodologies to better identify and analyze internet shutdowns. Researchers also investigated DNS-poisoning, the role of ISPs in internet shutdowns, website encryption, interference with VPN connections, and new circumvention techniques.
OTF is proud to be able to support the incredible work of so many committed defenders of a free and open internet, and we look forward to all we’ll be able to accomplish in the coming years together.
The full Open Technology Fund FY2019/2020 Annual Report can be found here.
An accessible copy of the OTF FY2019/2020 Annual Report can be found here.