Posts Tagged ‘information technology’

Jigsaw designed software (“Outline”) for self-controlled VPNs

March 21, 2018


A VIRTUAL PRIVATE NETWORK (VPN), that core privacy tool that encrypts your internet traffic and bounces it through a faraway server, has always presented a paradox: Sure, it helps you hide from some forms of surveillance, like your internet service provider’s snooping and eavesdroppers on your local network. But it leaves you vulnerable to a different, equally powerful spy: Whoever controls the VPN server you’re routing all your traffic through.

To help solve that quagmire, Jigsaw, the Alphabet-owned Google sibling that serves as a human rights-focused tech incubator, will now offer VPN software that you can easily set up on your own server—or at least, one you set up yourself, and control in the cloud. And unlike older homebrew VPN code, Jigsaw says it’s focused on making the setup and hosting of that server simple enough that even small, less savvy organizations or even individual users can do it in minutes.

Jigsaw says that the free DIY proxy software, called Outline, aims to provide an alternative to, on the one hand, stronger anonymity tools like Tor that slow down web browsing by bouncing connections through multiple encrypted hops around the world and, on the other hand, commercial VPNs that can be expensive, and also put users’ private information and internet history at risk.

The core of the product is that people can run their own VPN,” says Santiago Andrigo, the Jigsaw product manager who led Outline’s development. “You get the reassurance that no one else has your data, and you can rest easier in that knowledge.”

..A Swedish NGO, Civil Rights Defenders, has been testing Outline since last fall with the group of sensitive internet users it works to protect, who include journalists, lawyers, human rights defenders and LGBT communities in 18 repressive regimes around the world. ..

see also:

2017 was a grim year for imprisoned technologists

December 29, 2017

Prison Hands

Since its founding, EFF has highlighted and defended cases of injustice and fearmongering perpetrated against innocent technologists. We advocate for unjustly imprisoned technologists and bloggers with our Offline project. In 2017, we continue to see fear being whipped up against those who oppose oppression with modern tools—as well as those who have done nothing more than teach and share technology so that we can all use and understand it better:

Dmitry Bogatov, software developer and math lecturer at Moscow’s Finance and Law University. Bogatov ran a volunteer Tor relay, allowing people around the world to protect their identities as they used the Internet. It was one part of his numerous acts of high-tech public service, which include co-maintaining Xmonad and other Haskell software for the Debian project. For his generosity, Bogatov has now spent over a hundred days in pretrial detention, wrongfully accused of posting extremist materials that were allegedly sent via through Tor server. Law enforcement officials around the world understand that data that appears to originate from a particular Tor machine is, in fact, traffic from its anonymised users. But that didn’t stop Bogatov’s prosecutors in Russia from accusing him of sending the data himself, under a pseudonym, to foment riots—and added new charges of “inciting terrorism” when a judge suggested the earlier charge was too weak to hold Bogatov in pre-trial detention.

Ahmed Mansoor, of the United Arab Emirates. Mansoor has been a tireless voice for victims of human rights abuses in the United Arab Emirates. In 2011, amidst the Arab uprisings, he was one of five Emirati citizens to be sentenced to prison for his social media postings. That case provoked international condemnation, and the group was soon pardoned. Mansoor was subsequently targeted with sophisticated government spyware on his iPhone; he recognised and passed on the malware link to experts, which led to the discovery of three previously unknown vulnerabilities in Apple’s iOS. In April, Mansoor was seized by the UAE authorities again. On the day of his arrest, the UAE’s official news agency saying that he had been arrested on the orders of the Public Prosecution for Cybercrimes and accused of using social media to promote sectarianism and hate, among other charges. Mansoor’s family did not hear from him for two weeks, and he has been denied access to a lawyer. Just a year ago, Apple was able to roll out a security fix to their users because of Mansoor’s swift, transparent, and selfless actions. Millions of people are safer because of Ahmed’s actions, even as his family fears for his own physical and mental safety. []

Alaa abd el-Fattah ran Linux installfests across the Middle-East and was a key online voice in the Egyptian uprising. Since then he has been jailed, in turn, by the democratically elected Islamist President Mohammed Morsi, and then when Morsi was overthrown in a coup, by incoming President Abdel Fattah El-Sisi. Alaa’s appeal against a five year prison sentence for protesting—widely seen as a means to silence him on social media—was refused in November of this yearAmnesty and the UN Working Group on Arbitrary Detention have both condemned Alaa’s continuing imprisonment.

Another long-term case is that of Saeed Malekpour, who has been in jail in Iran since 2008. Malekpour returned from Canada to visit his sick Iranian father in October of that year, at a time when the Iranian Revolutionary Guard was starting to target technologists and Internet experts. As an open source coder, Malekpour had written a free front-end image management utility for websites. The Guard found this software on a Farsi pornography site, and used it to as a pretext to seize Malekpour from the streets of Tehran, charge him with running the web site, and sentencing him to death. Malekpour’s death sentence has been anulled twice following international pressure, but a change of government in his home country of Canada risked reducing the level of support for Malekpour. A campaign to encourage the new Trudeau administration to continue to advocate for Malekpour, even as Canada seeks to normalize relations with Iran, seems to be working. One of Malekpour’s advocates, former Liberal MP Irwin Cotler, has said that the Canadian government is now working on the case. The continuing monitoring of Malekpour’s life sentence is a small consolation, but better than the alternative.

Peter Steudtner and Ali Gharavi travel the world, teaching and advising Internet users on how to improve their privacy and digital security online (Ali was an advisor for EFF’s Surveillance Self-Defence project). The two were arrested in a raid by Turkish police on a digital security workshop in July in Istanbul, along with Amnesty Turkeys’ director, Idil Eser, and eight other human rights defenders. The two technology consultants have been accused of aiding terrorists, despite the long history of both as peaceful advocates for secure online practices. After months of detention, concentrated diplomatic and public pressure led to both being released to join their families in Germany and Sweden. We’re delighted that they are free, but their unjust prosecution—and that of their Turkish colleagues—continues in the Turkish courts. 

Bassel Khartabil, the Syrian free culture advocate. Before his arrest and torture in 2012, Bassel was the driving force behind countless projects to turn technology for the public good in his country. He founded a hackerspace in Damascus, translated Creative Commons into a Middle Eastern context, and built out Wikipedia and Mozilla for his fellow Syrians. Bassel’s generosity brought him notability and respect. His prominence and visibility as a voice outside the divided political power-bases of Syria made him an early target when the Syrian civil war became violent. Bassel was killed by the Syrian government in 2015, shortly after he was removed from a civilian prison and sent into the invisibility of Syria’s hidden security complexes.

Snowden claims his Haven is safe

December 28, 2017

US whistle-blower Edward Snowden has helped create an Android app designed to protect the possessions of journalists and human rights defenders. The software uses sensors – including a phone’s camera, microphone, gyroscope and accelerometer – to detect intruders tampering with someone’s possessions. It is open source, meaning its code can be inspected. It is designed to be used on a “second” smartphone that can be left with the possessions a user wishes to monitor. The app was created as a joint venture between The Guardian Project and Freedom of the Press Foundation, of which Edward Snowden is board president.

Haven turns any spare android phone into a safe room that fits in your pocket,” claims Edward Snowden. In an age where our digital security is at more risk than our physical security, Snowden claims that Haven will change the game of cyber surveillance.

Here’s how it works: once you install the app, it uses the smartphone’s in-built equipment, like cameras, light sensor and microphones, to monitor for any motion, sound or disturbance of the phone. As explained by WIRED: “Leave the app running in your hotel room, for instance, and it can capture photos and audio of anyone entering the room while you’re out, whether an innocent housekeeper or an intelligence agent trying to use his alone time with your laptop to install spyware on it.” Alerts can be sent to your phone, via SMS, Signal or to a Tor-based website.

You shouldn’t have to be saving the world to benefit from Haven,said Snowden, though the app’s primary users are meant to be investigative journalists, human rights defenders, and other people at risk of forced disappearance.

see also:


Have a smartphone – become a human rights defender!

August 10, 2017

Witness’ Asia-Pacific team adapted this video from WITNESS’ tip sheet on Filming Hate – a primer for using video to document human rights abuses. “Filming Hate” guides activists through documenting abuses safely, providing context, verifying footage, and sharing that footage responsibly. It may help millions of bystanders become witnesses, and hence human rights defenders, spurred to combat hatred by wielding a powerful weapon: their smartphone. Published on 6 August 2017. Full tipsheet available on our Library at:…     Music credit: ‘India’ — Creative Commons Attribution licence (reuse allowed)

WEBINARS on best practices for digitising documents in March 2017

March 7, 2017

Why digitise? Digitising your documents greatly improves access to your information, whether you are building an online public library to share documents related to corruption, or making documents searchable for your team. Digitisation also helps to preserve and protect important human rights information. Many defenders run the risk that malevolent groups seeking to destroy or confiscate witness testimony, evidence of abuse, and other sensitive information. Others run the risk of documents being subject to harmful storage conditions, such as humidity, insects, and rodents. These are just a few reasons for digitising your documents. However, figuring out the most efficient, affordable, and responsible way to digitise thousands of documents can be a daunting task especially for human rights defenders in the field.

  • When:
  • Where: ReadyTalk (use the access code 2458641 to join)
  • Who: Open to anyone who wants to learn more about digitizing documents

Whether you are a seasoned digitization expert or a human rights defender just starting to think about digitisation, this is a good occasion to learn and share.

If you are interested, please contact Kristin Antin at kristin@huridocs.orgHere is an example of a webinar hosted in January on managing contact information.

Source: Community Discussion: Best practices for digitising documents | HURIDOCS

HURIDOCS: finally new Director and now searching for other staff

February 16, 2017

On 15 February 2017, the chair of HURIDOCS, Gisella Reina announced the appointment of Friedhelm Weinberg as the new Executive Director. She added: “HURIDOCS has a young and energetic director that listens and leads. His experience with our global network, having worked in Asia, Africa and the Former Soviet Union region, gives him the firm understanding of what our community thinks and wants. Friedhelm has proven his capacity to strengthen and motivate our international and distributed team to be creative and effective.”

Friedhelm Weinberg first joined HURIDOCS in 2012. Over the years, he has taken on a variety of roles, including communications and project management and most recently as Deputy Director. Previously, he has worked as a journalist in his native Germany. []


huridocs-signature-logois also looking to fill two positions: Read the rest of this entry »

Security Without Borders offers free security help to human rights defenders

January 10, 2017

Network World of 3 January 2017 carried an interesting piece on Claudio Guarnieri who launched Security Without Borders which offers free cybersecurity help to journalists, activists and human rights defenders.

For all the wonderful things that the internet has given us, the internet also has been turned into a tool for repression. Nation states have deep pockets and use the imbalance to their own advantage. Technology has been used “to curb dissent, to censor information, to identify and monitor people.” ..Billions of dollars have been poured into surveillance—both passive and active.”Sadly, electronic surveillance and censorship have become so commonplace that nowadays people can get arrested for a tweet. There are places were dissidents are hunted down, using crypto is illegal, where sites are blocked and even internet access can be cut off. “Those who face imprisonment and violence in the pursuit of justice and democracy cannot succeed if they don’t communicate securely as well as remain safe online.”

Security “is a precondition for privacy, which is the key enabler for freedom of expression.” He was not implying that the security should come from big firms, either, since big security businesses often need contracts with the government and are dependent on the national security sector. So, Guarnieri turned to the hacker community and launched Security Without Borders, which “is an open collective of hackers and cybersecurity professionals who volunteer with assisting journalists, human rights defenders, and non-profit organizations with cyber security issues.”

security without borders

The website Security Without Borders has a big red button labeled “Request Assistance.” Activists, journalists and human rights defenders are encouraged to reach out for help. The group of “penetration testers, malware analysts, developers, engineers, system administrators and hackers” from all walks of life offer cybersecurity help. We can assist with web security assessments, conduct breach investigations and analysis, and generally act as an advisor in questions pertaining to cybersecurity. As security services are often expensive to come by, SWB offers these services free to organizations and people fighting against human rights abuse, racism, and other injustices.

When requesting help, you are asked to give your name or organization’s name, an email address, a description of the work you do and what kind of help you need. Hackers and computer security geeks who support freedom of speech are also encouraged to reach out and volunteer their skills.

There is still on-going discussions on the mailing list on issues such as trust and where to draw the line for extending free help to specific groups. Security Without Borders is just getting off the ground, and will have to deal with some of the same problems that earlier efforts in this area face, see e.g: and


Security Without Borders: Free security help for dissidents | Network World

12 January: Community Discussion by HURIDOCS on Managing human rights contacts

January 9, 2017


huridocs-signature-logoFrom mobilizing supporters, to organizing interviews, to fundraising, to persuading decision-makers, relationships are at the heart of human rights work. This is why it’s so important to have a system to document and manage these relationships. There are many Constituent Relationship Management (CRM) systems out there to help manage this information, but human rights groups often require additional attention to security, sustainability, and other custom features. So what CRM systems are human rights groups using today? What’s working well, and what are the challenges?

This HURIDOCS community discussion is an opportunity for CRM users, developers and advocates to share their experiences, knowledge and advice on contact management. A summary of the discussion will be written and shared on the HURIDOCS website.

When: 12 January 2017 at 4pm GMT
Where: Watch the webinar below from the embedded Hangout On Air, and participate via Twitter.
Who: open to anyone who wants to learn more about managing human rights contacts
So far, HURIDOCS has recruited human rights practitioners to present on their experiences using:

Civi (a CiviCRM distribution)

If you have CRM experience you want to share, please contact:! To ask questions or make comments, use the #HURIDOCS hashtag on Twitter:

Source: Community Discussion: Managing human rights contacts | HURIDOCS

Protecting human rights defenders from hackers and improving digital security

October 31, 2016

Joshua Oliver on 14 October, 2016 interviewed for NY City Lens, Kim Burton of Access Now about the digital security dangers faced by human rights defenders. A recent example is what happened to Ahmed Mansoor [] but there are many other cases. The staff of the Digital Security Helpline offers free, 24/7 technical support and advice on digital security to activists, journalists, and human rights defenders around the world. It is a project of Access Now, an NGO that promotes human rights online. The interview ends with 3 simple practical steps that any person can do to improve their security.

Kim Burton, security education coordinator at Access Now, works on the digital security helpline.

Kim Burton, security education coordinator at Access Now, works on the digital security helpline.

What makes the kind of targeted digital threat that a human rights defender or an activist might experience different from the threats that ordinary users might face?

The goal is different. When you’re targeting the average individual often these campaigns are really large. They’ll be interested in getting a lot of cash. When someone’s trying to compromise a human rights defender or activist or journalist, it’s usually because they want that person’s information. They want that person’s contacts. They want to be able to intimidate that person so they stop doing the work that they’re doing.

What type of things might prompt someone to contact the helpline?

They could receive an unfriendly email that scares them, and so they’ll bring that email to us. With journalists it’ll be more about protecting information that they’re trying to move out of the country, or it can just be protecting their publishing while they’re online. Often when we get contacted it’s for people who have had their accounts actually hacked. Where the account is posting information that the owner did not post, or it’s completely defaced.

Can you describe the difference between the support that’s typically available for someone in a corporate or government environment with a digital security problem as compared to someone in a non-governmental organization working on human rights or activism?

I think one of the major things is just having someone to call. In a corporate environment they have either an IT group or a person or systems administrator. So you already know who to call. In NGOs [non-governmental organizations], often times, there isn’t an IT person at all. There’s not a systems administrator. The tech support is not available. And part of that is funding. Corporate environments are able to spend a lot more money on salaries, so they’re able to pay the tech people a lot more than they would get in the NGO space.

What can be the direct consequences to the people who are targeted by this kind of threat? 

Unfortunately people can die. That’s one of the things that we have to be aware of every day on the helpline. People do get killed for the information that they have out there. The other consequences are: people’s lives can be ruined, people can be imprisoned, people can have to leave countries, their families can be hurt. The stakes are very high.

Can you define what phishing is?

It’s those emails that say something like “You’ve won a million dollars, click here to receive.” Or something that is a little bit more scary, like “This is your co-worker, I need the password to this account.” It can get more targeted. But everyone receives these — this isn’t unique to the people that we work with. It’s just that the people that we work with might have a higher chance of receiving a more targeted phishing campaign.

What are three easy things people can do to improve their own digital security? 

Number one, always install software updates. Updates are often released to address security vulnerabilities; updating is your first line of defense.

Two, use unique, long, and strong passwords. If your password is leaked in one place, and you have used the same password somewhere else, that other account can be compromised as well. Avoid remembering each of these unique passwords with a password manager, like KeePassX or LastPass. Password managers keep your credentials in an encrypted database and assist you in generating unpredictable strings to use as sturdy logins.

Three, use two-factor authentication when available. Instead of only using a password to protect your account, two-factor requires another “factor” to log in. Like a bank that needs your card and PIN to withdraw from an ATM, you’ll need your password and something else (like a SMS text, generated code, or fingerprint) to access your account. All of the major email providers provide multi-factor authentication, as do many other accounts, like Amazon, Twitter and Facebook; look for it in your security settings.

see also:

Source: Protecting Activists from Hackers – NY City Lens

Executive Director of HURIDOCS needs to have the following:

September 6, 2016

 (Human Rights Information and Documentation Systems, International) has started its search for a new  Executive Director as envisaged in my post of 5 August:

HURIDOCS expects:

  • A willingness to embrace new challenges with HURIDOCS’ partners while ensuring continuity and quality in our work and products.
  • Some travelling will be required, but Geneva will be the base for the most part of the working time.
  • An open management style, with regular contact and ongoing communication and dialogue with all staff members regardless of their physical location. [HURIDOCS employs 17 staff members with a total of 13 full time positions with many staff members operating remotely]

General Duties include:

  • Lead strategic planning and implementation of strategy
  • Fundraising
  • General management of HURIDOCS resources, including financial and human resource
  • Representing HURIDOCS to the human rights community, and to the public at large
  • Maintaining knowledge of the needs in relation to information and documentation of organisations in the human rights space, as well as an understanding of technology trends and directions from a management perspective

Specific Duties:

  • Overall supervision and guidance of the software development process
  • Identifying and understanding the needs of the organisations HURIDOCS serves, and available opportunities
  • Cultivating the ground for HURIDOCS‘ powerhouses’ – organisations in different regions to serve as focal points for HURIDOCS’ human rights solutions in different regions of the world


  • University education: Preferably at least a master’s degree in a discipline relating to the work of HURIDOCS, or its equivalent in a relevant field
  • A background in the Human Rights environment and knowledge of how legal systems operate is highly desirable
  • An ability to communicate about complex topics in engaging ways

Skills include:

  • Proven ability to raise funds and to secure strategic relationships with key actors (Required)
  • Fluency in both written and spoken English and proficiency in another language (Required)
  • Familiarity with different types of technology and their application in a human rights context (Required)
  • Strong interpersonal skills and the ability to manage a diverse international and multicultural workplace (Required)
  • Ability to lead negotiations (Required)


  • Experience in the successful management of a non-profit organisation (Required)
  • At least 5 years experience in the human rights field (Strongly desired)

The new Executive Director should be in place in Geneva in January 2017. Visit for more information. If you have any specific questions you may contact HURIDOCS Board Member Douglas Arellanes at Your application and CV should be sent to no later than 15 October 2016.