Open elimisteve opened 7 years ago
Tor is at least partially blocked in several parts of the world (e.g., China). I know that Pluggable Transports try to get around this. What other anti-censorship techniques are being used?
Usability is a gigantic hurdle to getting more people to use GPG, but I talked to a core team member and he pointed out that the UIs through which non-technical people use GPG are mail clients, and the core GPG people don't really work on mail clients.
EDIT: If we're interested in contributing to GPG directly, we can start off by checking out https://bugs.gnupg.org/ and https://lists.gnupg.org/pipermail/gnupg-devel/ .
Mailpile is an open source (Python + Tornado), crowd-funded mail client that integrates GPG encryption in from the start and aims to be very user-friendly.
Its core contributor recently asked for code review help here! https://www.mailpile.is/blog/2016-09-23_Rebooting_Mailpile_Development.html
Mailpile has tons of potential and is nearing a 1.0 release. I've reached out to the core dev to see how interested he is in our help!
EDIT: talked to the lead dev (Twitter convo) and he pointed me to these "Low Hanging Fruit" issues: https://github.com/mailpile/Mailpile/issues?q=is%3Aissue+is%3Aopen+label%3A%22Low+Hanging+Fruit%22
cryptagd
, a local JSON API that handles encryption/decryption/fetching/storing/etccryptag
CLI tool
go get github.com/cryptag/cryptag/cmd/cryptag
EDIT: at our first event (and afterward, but Lizzie at Noisebridge), someone mentioned the ACLU has has apps for recording the police, and they send the video footage to the ACLU. So if we added encryption to these apps, that might be the best/fastest way to solve this secure-video-recording problem for people!
Tor for Android
https://guardianproject.info/apps/orweb/
EDIT: People semi-close to Orbot tell me that Orbot could use some help!
EDIT: In this tweet they link to the work they want done -- https://twitter.com/Tails_live/status/802521323545198592
Here are the Tails issues marked as Easy, which is where some core Tails developers said we should start: https://labs.riseup.net/code/projects/tails/issues?query_id=112
Tails contribution guide: https://tails.boum.org/contribute/how/code/
To chat live with the Tails developers, check out https://tails.boum.org/contribute/chat/
Here are all the Tails open issues on their Redmine ticketing system (not just the Easy ones): https://labs.riseup.net/code/projects/tails/issues?query_id=108
Some non-Easy Tails tickets will require building Tails. Instructions for doing that are here: https://tails.boum.org/contribute/build/#index2h1
Use of a local content device to facilitate on the ground information dissemination and offer secure avenues of communication. Addons - Local FM transmission, Streaming Audio, Calibre Book Server
PirateBox - https://piratebox.cc/ LibraryBox - http://jasongriffey.net/librarybox/building.php
Anyfesto - Example project of Piratebox moded to run on a Pi or CHIP with Mumble, Local FM transmission, Streaming Audio server , Calibre Book Server and local wikimedia - https://github.com/tomhiggins/anyfesto
Needs.
Proposal: (re)code firmware for a MicroSD card to provide asymmetric encryption of stored data.
Motivation: for journalists, whistleblowers and anyone wanting secure storage on SD cards, for use in devices that do not encrypt (most any A/V device).
Background: A few years back, Bunnie Huang was bringing the Chumby to production (an internet appliance), and ran into quality issues with MicroSD cards from some manufacturers.
This led to a teardown of cards to learn how they work, the discovery that all contain microcontrollers to manage the mapping of bad blocks and moving data, and finally the release of a toolchain for building a firmware for certain manufacturer's cards.
News coverage: http://boingboing.net/2010/02/16/sleuthing-uncovers-t.html
Details: https://www.bunniestudios.com/blog/?page_id=1022 https://www.bunniestudios.com/blog/?p=2297 https://www.bunniestudios.com/blog/?p=3554
Provides bidirectional OpenPGP encryption as a browser extension. Basically a VPN but not utilising OS VPN features. Would require a proxy server equipped with matching software.
There exists a number of "pure" JavaScript OpenPGP implementations, plus there are Node.js wrappers for pgp/gpg on the server.
Let's build a mixnet! A high latency network for anonymized messaging.
Lately I've been cleaning up the sphinx mixnet packet format python reference implementation written by Ian Goldberg and George Danezis:
https://github.com/david415/sphinxmixcrypto
However we recently noticed these:
https://github.com/UCL-InfoSec/sphinx https://github.com/UCL-InfoSec/loopix
Mixnets can in theory resist the traffic corelation attacks by global passive adversaries. There's a huge amount of literature about mixnets. These are my favorite papers so far:
https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy A hardened privacy preserving phone that supports Nexus and Pixel devices.
Tons of projects are possible, involving the following skills:
EDIT: Lizzie contacted a core Copperhead developer for us and he pointed us toward these issues that we could contribute to -- https://github.com/copperhead/bugtracker/issues?q=is%3Aopen+is%3Aissue+label%3Aproject
EDIT: A Copperhead developer said that ^^Lizzie's^^ link is still a great place to start, and that we can join them in IRC: https://twitter.com/_copperj/status/804489672093270016 .
A peer-to-peer cross-platform approach with an engine and adapters to automatically drive different crypto standards (including automatic key management & peer-to-peer key synchronization across devices) in a way that for a user no special steps need be taken to use end-to-end crypto and such that trust can easily be checked by strings in the user's natural language ("Trustwords") instead of hexadecimal fingerprints. The principle is that of Privacy by Default.
The software is to be integrated in existing software or to be the crypto base for new applications. Currently GnuPG and NetPGP are used for crypto (PGP). The plan is to easily encrypt everything text-based, including meta-data encryption (encryption for XMPP/OTR, with Axolotl, over Tox and GNUnet to be supported anytime soon).
Everything is Free Software under the GNU GPL v3.
A concept for a crypto based social network that allows groups of people to disappear off of the internet ;) The crypto techniques are highly original and maybe being used by some on the internet but no one is known to know ;) Contact me if you have the first stage of this process and we can work on implementing it aaronngray@gmail.com
I am looking for fellow Crypto Programmers would like to work on the ultimate Internet password manager that means people dont need remember or create internet passwords anymore ! This would be a an unpaid side project but would lead to a making money via a commercial version I am looking for Google Chome (Microsoft Edge) App programmers who are Crypto aware. JavaScript and Node.js Programmers who are Node.js aware. Familurity with Bruce Schneier's Password Safe code or simular projects. Knowledge of X.509, RSA, and AES.
Contact me aaronngray@gmail.com if you are interested
current mixnet project, enjoy! https://github.com/katzenpost
Which projects deserve our attention?
Projects that could (or already do) impact a large number of users, or projects that could (or do) affect many particularly vulnerable users (e.g., activists, journalists, Muslims, etc).