Projects: Brainstorming Thread #1
Comments
Signal
|
TorTor is at least partially blocked in several parts of the world (e.g., China). I know that Pluggable Transports try to get around this. What other anti-censorship techniques are being used? |
GPGUsability is a gigantic hurdle to getting more people to use GPG, but I talked to a core team member and he pointed out that the UIs through which non-technical people use GPG are mail clients, and the core GPG people don't really work on mail clients. EDIT: If we're interested in contributing to GPG directly, we can start off by checking out https://bugs.gnupg.org/ and https://lists.gnupg.org/pipermail/gnupg-devel/ . MailpileMailpile is an open source (Python + Tornado), crowd-funded mail client that integrates GPG encryption in from the start and aims to be very user-friendly. Its core contributor recently asked for code review help here! https://www.mailpile.is/blog/2016-09-23_Rebooting_Mailpile_Development.html Mailpile has tons of potential and is nearing a 1.0 release. I've reached out to the core dev to see how interested he is in our help! EDIT: talked to the lead dev (Twitter convo) and he pointed me to these "Low Hanging Fruit" issues: https://github.com/mailpile/Mailpile/issues?q=is%3Aissue+is%3Aopen+label%3A%22Low+Hanging+Fruit%22 |
Buoy
|
Briar/Bramble
|
IPFS
|
Sandstorm
|
Secure Polling System
|
CrypTag
|
Ricochet
|
Idea: off-device encrypted video recordings
EDIT: at our first event (and afterward, but Lizzie at Noisebridge), someone mentioned the ACLU has has apps for recording the police, and they send the video footage to the ACLU. So if we added encryption to these apps, that might be the best/fastest way to solve this secure-video-recording problem for people! |
Cryptpad
|
Journalist request: encrypted audio recording mobile app
|
SecureDrop
|
OrbotTor for Android https://guardianproject.info/apps/orweb/ EDIT: People semi-close to Orbot tell me that Orbot could use some help! |
ObscuraCamAutomatic identity redaction for Android |
VeraCrypt
|
Tails
EDIT: In this tweet they link to the work they want done -- https://twitter.com/Tails_live/status/802521323545198592 Contribution InstructionsHere are the Tails issues marked as Easy, which is where some core Tails developers said we should start: https://labs.riseup.net/code/projects/tails/issues?query_id=112 Tails contribution guide: https://tails.boum.org/contribute/how/code/ To chat live with the Tails developers, check out https://tails.boum.org/contribute/chat/ Here are all the Tails open issues on their Redmine ticketing system (not just the Easy ones): https://labs.riseup.net/code/projects/tails/issues?query_id=108 Some non-Easy Tails tickets will require building Tails. Instructions for doing that are here: https://tails.boum.org/contribute/build/#index2h1 |
Response to: off-device encrypted video recordings
|
Idea: Database of Signed hashes of Binaries for Reproducible OSS Projects
|
Jitsi
|
Idea: Combining "off-device encrypted video recordings" and "encrypted audio recording mobile app" into a single mobile app. |
PirateBox/LibraryBox + Secure Voip(Mumble?)+ Anon/Priv ServicesUse of a local content device to facilitate on the ground information dissemination and offer secure avenues of communication. Addons - Local FM transmission, Streaming Audio, Calibre Book Server PirateBox - https://piratebox.cc/ Anyfesto - Example project of Piratebox moded to run on a Pi or CHIP with Mumble, Local FM transmission, Streaming Audio server , Calibre Book Server and local wikimedia - Needs.
|
Encrypted MicroSD cardsProposal: (re)code firmware for a MicroSD card to provide asymmetric encryption of stored data. Motivation: for journalists, whistleblowers and anyone wanting secure storage on SD cards, for use in devices that do not encrypt (most any A/V device). Background: A few years back, Bunnie Huang was bringing the Chumby to production (an internet appliance), and ran into quality issues with MicroSD cards from some manufacturers. This led to a teardown of cards to learn how they work, the discovery that all contain microcontrollers to manage the mapping of bad blocks and moving data, and finally the release of a toolchain for building a firmware for certain manufacturer's cards. News coverage: http://boingboing.net/2010/02/16/sleuthing-uncovers-t.html Details: |
Asymmetric encrypted browser proxyProvides bidirectional OpenPGP encryption as a browser extension. Basically a VPN but not utilising OS VPN features. Would require a proxy server equipped with matching software. There exists a number of "pure" JavaScript OpenPGP implementations, plus there are Node.js wrappers for pgp/gpg on the server. |
|
Let's build a mixnet! A high latency network for anonymized messaging. Lately I've been cleaning up the sphinx mixnet packet format python reference implementation written by Ian Goldberg and George Danezis: https://github.com/david415/sphinxmixcrypto However we recently noticed these: https://github.com/UCL-InfoSec/sphinx Mixnets can in theory resist the traffic corelation attacks by global passive adversaries. There's a huge amount of literature about mixnets. These are my favorite papers so far: |
ZeroNet
|
Tox
|
Copperhead+Torhttps://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy Tons of projects are possible, involving the following skills:
EDIT: Lizzie contacted a core Copperhead developer for us and he pointed us toward these issues that we could contribute to -- https://github.com/copperhead/bugtracker/issues?q=is%3Aopen+is%3Aissue+label%3Aproject EDIT: A Copperhead developer said that ^^Lizzie's^^ link is still a great place to start, and that we can join them in IRC: https://twitter.com/_copperj/status/804489672093270016 . |
pretty Easy privacy (p≡p)A peer-to-peer cross-platform approach with an engine and adapters to automatically drive different crypto standards (including automatic key management & peer-to-peer key synchronization across devices) in a way that for a user no special steps need be taken to use end-to-end crypto and such that trust can easily be checked by strings in the user's natural language ("Trustwords") instead of hexadecimal fingerprints. The principle is that of Privacy by Default. The software is to be integrated in existing software or to be the crypto base for new applications. Currently GnuPG and NetPGP are used for crypto (PGP). The plan is to easily encrypt everything text-based, including meta-data encryption (encryption for XMPP/OTR, with Axolotl, over Tox and GNUnet to be supported anytime soon). Everything is Free Software under the GNU GPL v3.
|
Idea: Canary Check
|
neosphereA concept for a crypto based social network that allows groups of people to disappear off of the internet ;) |
No passwordsI am looking for fellow Crypto Programmers would like to work on the ultimate Internet password manager that means people dont need remember or create internet passwords anymore ! Contact me [email protected] if you are interested |
|
current mixnet project, enjoy! |
Which projects deserve our attention?
Projects that could (or already do) impact a large number of users, or projects that could (or do) affect many particularly vulnerable users (e.g., activists, journalists, Muslims, etc).
The text was updated successfully, but these errors were encountered: