July 2018 Monthly Report
In July, the Open Technology Fund (OTF) continued to receive a large number of support requests while supporting a diverse portfolio of Internet freedom projects and fellows addressing Internet censorship and surveillance threats in closed societies around the world. During the past month, OTF continued reviewing and responding to the 187 concept notes receiving during the July 1 round, while accepting new concept notes for the upcoming September 1 deadline.
In July, the Open Observatory of Network Interference (OONI)’s censorship detection app, OONI Probe, was run 217,316 times from 4,497 different vantage points in 210 countries around the world. Also this month, OONI released two reports, one examining the state of internet censorship in Egypt and the other focusing on internet disruptions during Mali’s 2018 presidential election. The Egypt report, co-authored with local civil society group Association for Freedom of Thought and Expression (AFTE), found ample evidence of censorship, including the blocking of more than 100 URLs belonging to media organizations - many times more than the 21 news websites the government ordered blocked last year. Numerous circumvention tool sites were also blocked, including those of the Tor Project and Psiphon. That report is available in both English and Arabic (pdf). OONI’s Mali report, co-authored with Internet Sans Frontieres, corroborates local reports of social media being inaccessible, finding WhatsApp and Twitter were blocked, as were two circumvention tool sites.
The most recent version of the “Best Current Practices” (BCP) document for DNS privacy operators, co-authored by DNS Privacy’s Sarah Dickinson, was presented at the Internet Engineering Task Force (IETF) 102 meeting and was subsequently adopted by the DNS PRIVate Exchange (dprive) working group.
Privacy and anonymity-enhancing operating system Tails released a beta version featuring the incorporation of open-source disk encryption software VeraCrypt into the GNOME user interface, seeking feedback from testers of the new feature. UX designers and developers at Tails will use this feedback in determining how the feature will function in its finalized version.
STARTTLS Everywhere, a Core Infrastructure effort focused on securing the delivery of email, followed its public launch in June with continued development and improvement of the platform, including work on a multi-target application (MTA) installer plugin, Postfix, for Certbot, which allows Certbot users to automatically set up their TLS encryption configuration and have it automatically point to the appropriate certificates being handled by Certbot. If you’re a developer, you can help test out the Postfix plugin (beta) here.
Secure submission platform GlobaLeaks completed work on a deliverable focused on simplifying the HTTPS integration process for users of the platform, making it seamless for GlobaLeaks operators to update their instance to the latest Let’s Encrypt HTTPS encryption protocol through an automated process without any need for manual fixes or changes.
Localization Lab led localization sprints in Myanmar and Indonesia, working on translating digital security tool guides into Burmese, in addition to translations for the Signal messaging app in both Android and iOS. The Indonesia sprint focused on finalizing translations for the IndonesiaLeaks platform, a local instance of the OTF-supported GlobaLeaks secure submission platform. Localization Lab also published four new glossaries to the Localization Lab wiki for public access and contribution, with the Khmer, Portuguese (Portugal), Ukrainian and Turkish glossaries now accessible. Additionally, the Thai language glossary received significant updates as a result of recent localization efforts that saw the Orbot, Lantern and Signal applications translated and reviewed.
Qurium conducted a Rapid Response investigation of a digital attack launched against the website of the Zimbabwe Electoral Commission (ZEC) website during the country’s presidential elections, which were held on July 30th. The ZEC website was hacked and defaced (seemingly in response to the military’s reported violent crackdown on protesters) as a result of poor website security, Qurium found in its forensic investigation, with the attackers able to access the website and maintain persistent access by exploiting vulnerabilities easily identifiable to an experienced penetration tester. Read the full report here: “The Cyber Attack Against the Zimbabwe Electoral Commission”
Several new projects are now under contract with OTF, including Server-Side Blocking (developing scientifically rigorous measurement methods to characterize and measure server-side blocking - when private companies prevent content they host from being accessed by users in certain locations), Securing Media Publishing in the Middle East (improving the digital security of independent media platforms in the region on both hosting and editorial levels to better guard against censorship and surveillance), and a new Rights Action Lab project focused on reducing and mitigating online threats in the Tibetan community while also expanding Tibetans’ technical research capacity on threats facing the community.
Two new Digital Integrity Fellowship Program (DIFP) Fellows are now under contract with OTF: Szeming will work with two Human Rights Defender organizations in Malaysia to build their digital security capacity from within and to strengthen their knowledge of digital security and responsiveness to emergency threats, and Iryna Chulivska will work with the investigative journalism team at Bihus.info in Ukraine, helping them to enhance their digital security practices.
Select news collected by OTF from the month of July 2018 - Get the full feed live @OpenTechFund or sign up to receive our daily newsletter.
Report: Defending Politically Vulnerable Organizations Online | Center for Long-Term Cybersecurity
India’s internet shutdowns cost the economy billions of dollars | Quartz
Chrome now marks all unencrypted websites as ‘not secure’ | The Verge
RSF publishes report on online harassment of journalists | Reporters Without Borders
Cambodia blocks 17 media websites before vote | Reuters
The Deleted WeChat Post That Fueled China’s Vaccine Scandal | The Atlantic
Africa’s Attack on Internet Freedom | Foreign Policy
Iran arrests 46 in fresh crackdowns on Instagram models | Associated Press
Egypt targets social media with new law | Reuters