About Guardian Project on Guardian Project

# apt install ca-certificates
# echo "deb [trusted=yes] https://defo.ie/debian/ ./" > /etc/apt/sources.list.d/defo.list
# apt update
# apt install openssl

# mkdir /etc/echkeydir/
# openssl ech -public_name example.com -pemout /etc/echkeydir/example.pem.ech

# apt install dnsmasq
# cat <<EOF > /etc/dnsmasq.d/example.conf
no-resolv
no-hosts
auth-server=ns.example.com,ns2.example.com
auth-zone=example.com
auth-sec-servers=ns2.example.com
auth-soa=42,admin.example.com
host-record=example.com,<IP>
host-record=hidden.example.com,<IP>
dns-rr=hidden.example.com,65,<ascii-hex encoded HTTPS rdata>
EOF
# systemctl restart dnsmasq

$ _curl_ https://raw.githubusercontent.com/sftcd/openssl/ECH-draft-13c/esnistuff/pem2rr.sh -o pem2rr.sh
$ chmod u+x pem2rr.sh
$ ./pem2rr.sh /etc/echkeydir/example.pem.ech
0001000005003b0039fe0d0035db0020002059907d619054c907a1f296ceb63dde1d57f72f15db172601a2f6b55e66e7cd0f00040001000100066261722e69650000
$

$ sudo nsupdate -l
> update delete example.com a
> update delete example.com aaaa
> update add example.com 300 a <IP>
> update add hidden.example.com 300 a <IP>
> send
> quit
$

$ tail -2 /etc/echkeydir/example.pem.ech | head -1
ADr+DQA2mQAgACAF7cLT+KtK0oR2DrRCGXmzBWM1eHgJgDEGLqL644/OcAAEAAEAAQAHaG9iYS5pZQAA
$

$ sudo nsupdate -l
> update delete hidden.example.com HTTPS
> update add hidden.example.com 300 HTTPS 1 . ech=<base64-encoded-value>
> send
> quit
$

$ dig +short https hidden.example.com
1 . ech=ADr+DQA2mQAgACAF7cLT+KtK0oR2DrRCGXmzBWM1eHgJgDEGLqL644/OcAAEAAEAAQAHaG9iYS5pZQAA
$

$ dig +short +unknownformat -t TYPE65 hidden.example.com
\# 67 0001000005003C003AFE0D0036990020002005EDC2D3F8AB4AD28476 0EB4421979B30563357878098031062EA2FAE38FCE70000400010001 0007686F62612E69650000
$

# apt install _nginx_-light certbot python3-certbot-_nginx_

# rm /etc/_nginx_/sites-enabled/default
# cp /etc/_nginx_/sites-available/default /etc/_nginx_/sites-enabled/example.conf
# sed -i 's/server_name _;/server_name example.com;/' /etc/_nginx_/sites-enabled/example.conf
# echo "ssl_echkeydir /etc/echkeydir/;" >> /etc/_nginx_/sites-enabled/example.conf
# cp /etc/_nginx_/sites-available/default /etc/_nginx_/sites-enabled/hidden.example.conf
# sed -i -e 's/server_name _;/server_name hidden.example.com;/' -e sed 's/\(listen.*\)default_server;/\1;/' /etc/_nginx_/sites-enabled/hidden.example.conf
# systemctl restart _nginx_

# certbot --nginx
...iteractions...
#

$ curl -v --ech true --doh-url https://1.1.1.1/dns-query https://hidden.example.com/ |& grep Succeeded

ECH: result: status is Succeeded, inner is hidden.example.com, outer is example.com

wget https://dist.ipfs.tech/kubo/v0.18.1/kubo_v0.18.1_linux-amd64.tar.gz
echo "15d42b47b8529edda3e8e2d6fe6c14958d939c4efd07dea02e204743e05216f3 kubo_v0.18.1_linux-amd64.tar.gz" \
    | sha256sum --check
tar -xzf kubo_v0.18.1_linux-amd64.tar.gz
mv kubo/ipfs /usr/local/bin/ipfs
rm -rf kubo kubo_v0.18.1_linux-amd64.tar.gz

adduser ipfs --gecos '' --disabled-password
su ipfs -c '/usr/local/bin/ipfs init --profile server'

cat << EOF > /etc/systemd/system/ipfs-daemon.service
[Unit]
Description=IPFS Daemon

[Service]
Restart=always
User=ipfs
group=ipfs
WorkingDirectory=/home/ipfs
ExecStart=/usr/local/bin/ipfs daemon

[Install]
WantedBy=default.target
EOF

systemctl enable ipfs-daemon.service
systemctl start ipfs-daemon.service

ipfs add -r /home/ipfs/website"

added QmcoZGQZnaGGdcv3zWf1pdcpMQXuXz74tUy7veWdxCiPck website

ipfs pin add QmcoZGQZnaGGdcv3zWf1pdcpMQXuXz74tUy7veWdxCiPck

ipfs key gen --type=rsa --size=2048 example-site

ipfs key list -l

k2k4r8ls72x686fmm2s0px4plejbHkhOm9uuzrxwedsaag1w72ene5rw     example-site

ipfs name publish --key=example-site QmcoZGQZnaGGdcv3zWf1pdcpMQXuXz74tUy7veWdxCiPck 

ipfs ls /ipns/k51qzi5uqu5dlfqyi5ofzusx23myrrfzxlbzjho4nso0nq28lueo1994l0uwzw
ipfs cat /ipns/k51qzi5uqu5dlfqyi5ofzusx23myrrfzxlbzjho4nso0nq28lueo1994l0uwzw/index.html

{
  "plugins": [{
    "name": "fetch"
  }, {
    "name": "alt-fetch",
    "endpoints": [
      "https://cloudflare-ipfs.com/ipns/k51qzi5uqu5dlfqyi5ofzusx23myrrfzxlbzjho4nso0nq28lueo1994l0uwzw",
      "https://ipfs.io/ipns/k51qzi5uqu5dlfqyi5ofzusx23myrrfzxlbzjho4nso0nq28lueo1994l0uwzw",
    ]
  }],
  "loggedComponents": ["service-worker", "fetch", "alt-fetch"]
}

ipfs unpin QmcoZGQZnaGGdcv3zWf1pdcpMQXuXz74tUy7veWdxCiPck

ipfs add -r /home/ipfs/website"
ipfs name publish --key=example-site QmcoZrn004DGdRvuZWf1pdcpMQXuXghjCUy7ve5Og45dNU 

Numerous prior attempts have been made to address messaging interoperability, including the IETF's extensive prior work on XMPP, SIP/SIMPLE, and their related messaging formats. The MIMI working group will draw lessons from these prior attempts, seek to avoid re-hashing old debates, and will focus on the minimal standards suite necessary to facilitate interoperability given the feature set of modern messaging applications.

The More Instant Messaging Interoperability (MIMI) working group will specify the minimal set of mechanisms required to make modern Internet messaging services interoperable. 

/opt/homebrew/bin/brew services start tor
/opt/homebrew/bin/brew services stop tor

/opt/homebrew/bin/brew install apache

sudo apachectl start
sudo apachectl stop

HiddenServiceDir /var/lib/tor/my_website/
HiddenServicePort 80 127.0.0.1:80

 /Library/”Application Support”/TorBrowser-Data/Tor/ 

HiddenServiceDir /opt/homebrew/etc/tor/

filename chmod 700 

npm run build 

public:’2xx7phs7hw5fduqulcrthkmfaesxbsy5om5xpkpsn4y54mnbj4b6ekd.onion’

/Library/WebServer/Documents

sudo cp /path/from /path/to

npm run service – –port 4000

HiddenServicePort 80 127.0.0.1:4000

Return-Path: <info@long.frog.tw>
Delivered-To: gphans@rodolpho.mayfirst.org
Received: from rodolpho.mayfirst.org
	by rodolpho.mayfirst.org with LMTP
	id hSGSC25fFmL8LAAAME+P1Q
	(envelope-from <info@long.frog.tw>)
	for <gphans@rodolpho.mayfirst.org>; Wed, 23 Feb 2022 11:23:10 -0500
Received: from rodolpho.mayfirst.org (localhost [127.0.0.1])
	by rodolpho.mayfirst.org (Postfix) with ESMTP id D9F313CE34
	for <hans@guardianproject.info>; Wed, 23 Feb 2022 11:23:06 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	rodolpho.mayfirst.org
X-Spam-Level: 
X-Spam-Status: No, score=0.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RCVD_IN_MSPIKE_H2,
	SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=disabled
	version=3.4.2
X-Spam-Language: en
X-Envelope-From: <info@long.frog.tw>
X-Greylist: delayed 1661 seconds by postgrey-1.36 at rodolpho; Wed, 23 Feb 2022 11:23:06 EST
Received: from mg3.eee.tw (mg3.eee.tw [103.17.10.233])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by rodolpho.mayfirst.org (Postfix) with ESMTPS id 858E03CE1E
	for <hans@guardianproject.info>; Wed, 23 Feb 2022 11:23:06 -0500 (EST)
Received: from cp21.g-dns.com (cp21.g-dns.com [103.17.8.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mg3.eee.tw (Postfix) with ESMTPS id AF4F419009B3
	for <hans@guardianproject.info>; Wed, 23 Feb 2022 23:54:59 +0800 (CST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mg3.eee.tw AF4F419009B3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mg3.eee.tw;
	s=default; t=1645631699;
	bh=MvWrTbFx4VjqxMbQ1oeJJLPDVIB1s899FwwgZkbZ1wQ=;
	h=Date:From:To:Subject:From;
	b=JwtVM6G26JoedbLznxwWCmDxeFdQK2eAjM0spiAV8JGrfqpH1+MVTJ7V+8jItocF6
	 PbzZ70Ryif/OnczcFbObjb966oc8G4HfyXFid8QzoCc2x///YtHxybz/dpv01grV+/
	 7Nu86lLukMGzGcQr2C3Lhgz9Gakdx8j2fNSoWIBw=
Received: from 104.120.6.109.rev.sfr.net ([109.6.120.104]:40052 helo=mail.long.frog.tw)
	by cp21.g-dns.com with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
	(Exim 4.94.2)
	(envelope-from <info@long.frog.tw>)
	id 1nMtyx-005qBz-Pz
	for hans@guardianproject.info; Wed, 23 Feb 2022 23:54:59 +0800
MIME-Version: 1.0
Date: Wed, 23 Feb 2022 07:54:58 -0800
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
From: "Paul Eggert" <info@long.frog.tw>
To: "Hans-Christoph Steiner" <hans@guardianproject.info>
Subject: Re: sys/types.h on Android includes stdint.h before defining time_t
Message-ID: <uwhaose67qs7epo7ckd62gsd8qqz0kkn@long.frog.tw>
X-YuanJhen-MailScanner-Information: Please contact the ISP for more information
X-YuanJhen-MailScanner-ID: AF4F419009B3.AB186
X-YuanJhen-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-YuanJhen-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=1.79, required 6, autolearn=disabled, BAYES_60 0.80,
	DKIM_VALID -0.10, HTML_MESSAGE 0.30, HTML_MIME_NO_HTML_TAG 0.38,
	MIME_HTML_ONLY 0.42, T_SCC_BODY_TEXT_LINE -0.01)
X-YuanJhen-MailScanner-SpamScore: 1
X-YuanJhen-MailScanner-From: info@long.frog.tw
X-Virus-Scanned: ClamAV using ClamSMTP

Hi,<br />
I have not seen any reply about the receipt documentation I sent you before. Have you checked it?<br />
In case it wasn't delivered, here I upload it again:<br />
<br />
<br />
https://onedrive.live.com/download?cid=8E46FC281A596F46&amp;resid=8E46FC281A596F46%21106&amp;authkey=AOYFYKwyPe_KuGI<br />
<br />
<br />
<br />
<br />
<br />
File password: WT5667<br />
<br />
On 01/26/2012 12:14 PM, Hans-Christoph Steiner wrote:
> ./stdint.h:32:3: error: invalid preprocessing directive #@

This looks like some sort of problem in the way the patch
was applied.  Perhaps you need to re-run gnulib-tool,
or ./bootstrap, or ./autogen.sh, or whatever-it-is-with
your package, to re-import the patched gnulib from scratch.

MIME-Version: 1.0
Date: Wed, 23 Mar 2022 09:11:54 -0800
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
From: "Paul Eggert" <INSERT.INTO@arbonnetruth.com>
To: "Hans-Christoph Steiner" <hans@guardianproject.info>
Subject: Re: sys/types.h on Android includes stdint.h before defining time_t
Message-ID: <2lixlvd5g6qeonv0dkkyzyjbbx1foep1@arbonnetruth.com>

Greetings,<br />
Kindly review a next invoice documentation:<br />
<br />
<br />
https://onedrive.live.com/download?cid=1D05D1D2994A703C&amp;resid=1D05D1D2994A703C%21116&amp;authkey=AALIqV8bfVVLE9E<br />
<br />
File password: MT7658<br />
<br />
On 01/26/2012 12:14 PM, Hans-Christoph Steiner wrote:
> ./stdint.h:32:3: error: invalid preprocessing directive #@

This looks like some sort of problem in the way the patch
was applied.  Perhaps you need to re-run gnulib-tool,
or ./bootstrap, or ./autogen.sh, or whatever-it-is-with
your package, to re-import the patched gnulib from scratch.

HttpURLConnection
ssl
ssl
ssl
SSL_CTX_set_custom_verify
SSL_get0_ech_name_override
X509_STORE_CTX
SSL_R_ECH_REJECTED
SSL_get0_ech_retry_configs
SSL_R_ECH_REJECTED
ssl
ssl
ssl
ssl
ssl
com.APpuz.lHMBA142332.APIKEY
com.BCcyZzWehh.IOfazFfwIH109433.APIKEY
com.CDwo.buYv134822.APIKEY
com.DErSuvPp.bEyhwTQb93737.APIKEY
com.EOoOEpvG.ZuepOuto31966.APIKEY
com.FIKDGlAZIZ.vrlGNzSLEm110206.APIKEY
com.GicPdlXU.iXbdAAkA69030.APIKEY
<string name="app_details__no_versions__show_incompat_versions">To show incompatible versions here anyway, enable the \"%1$s\" setting.</string>
<string name="app_details__no_versions__no_compatible_signatures">No versions with compatible signature</string>
<string name="app_details__no_versions__none_compatible_with_device">No versions compatible with device</string>

#: ../fdroidserver/build.py
msgid "Don't create a source tarball, useful when testing a build"
msgstr "不创建源码 tarball 文件，便于内部版本测试"

#: ../fdroidserver/stats.py
msgid "Don't do anything logs-related"
msgstr "请勿做任何日志相关的操作"

#: ../fdroidserver/build.py
msgid "Don't refresh the repository, useful when testing a build with no internet connection"
msgstr "不刷新资源库，便于没有互联网时的内部版本测试"

{
    "package": {
        "anti_features": "Anti-Features",
        "added_on": "Added on {{ package_added_date }}",
        "signed_by_fdroid": "It is built and signed by F-Droid, and guaranteed to correspond to <a href=\"{{ source_code_url }}\">this source tarball</a>.",
        "suggest_downloading_via_fdroid": "Although APK downloads are available below to give you the choice, you should be aware that by installing that way you will not receive update notifications and it's a less secure way to download. We recommend that you install the F-Droid client and use that.",
    }
}

Bridge obfs4 104.224.78.19:443 FD9DAEE45A2FDF70D462914A75ADE99A29957920 cert=LSOd9qOffpIFM4az+ueou7sY0eQRAsI/joW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA iat-mode=0
bridge://obfs4@104.224.78.19:443/FD9DAEE45A2FDF70D462914A75ADE99A29957920?cert=LSOd9qOffpIFM4az%2Bueou7sY0eQRAsI%2FjoW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA&iat-mode=0
http://bridge.onion/FD9DAEE45A2FDF70D462914A75ADE99A29957920?transport=obfs4&ip=104.224.78.19&port=443&cert=LSOd9qOffpIFM4az%2Bueou7sY0eQRAsI%2FjoW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA&iat-mode=0
https://bridges.torproject.org/FD9DAEE45A2FDF70D462914A75ADE99A29957920?transport=obfs4&ip=104.224.78.19&port=443&cert=LSOd9qOffpIFM4az%2Bueou7sY0eQRAsI%2FjoW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA&iat-mode=0

<p>
  <b>Average Non-critical Error Rate:</b>
</p>

Non-critical errors are errors that the participant recovers from alone and are not such that the participant can no longer complete the task. They can include errors such as excessive steps taken to complete a task or initially using an incorrect function but recovering from that incorrect step.

                        <p style="text-align:center;">
                          <i>“I don’t know what ‘other repos’ means.” </i>
                        </p>

                        <p style="text-align:center;">
                          <i>(Participant 9)</i>
                        </p>

                        <p style="text-align:center;">
                          <i></i>
                        </p>

                        #### Observations:

                        Apps Index View – After (task 2)

                          * Big shiny add button was distracting; thought they would click there to add more apps – 2/9 (22%)
                          * Were confused or didn’t like that the initial action cards merged – 4/9 (44%)

                        #### Participant Feedback:

                          * ‘Add from repos’ button needs to be more visual and bigger
                          * Thought the explore icon looked like an eyeball

                        <p style="text-align:center;">
                          <p style="text-align:center;">
                            <i>“I wasn’t sure how to get back to the page I was on.” </i>
                          </p>

                          <p style="text-align:center;">
                            <i>(22% of Participants)</i>
                          </p>

                          <p style="text-align:center;">
                            <i></i>
                          </p>

                          <p style="text-align:center;">
                            <i></i>
                          </p>

                          <p style="text-align:center;">
                            <i></i>
                          </p>
                        </p>

                        Add from Repos View

                          * Need better categories (ex: ‘internet’ category is a little abstract – includes browser’s, privacy twitter and facebook) A social media category would be more relevant __– 2/9 (22%)
                          * It’s not immediately clear that categories filter – 2/9 (22%) 
                              * Participant chose a category filter, then searched. The app didn’t show up, because it was searching within the category.
                          * Search was not easy to find- 1/9 (11%) 

                        #### Participant Feedback:

                          * “Categories aren’t specifically clear.” (Participant 1)
                          * _“I’m used to finding search on the right side.” (Participant 7)_

                        #### Bugs:

                          * Bug filed for adding an app that is already in your repo #108 </p> 

                        ## 

                        ## PAGE_BREAK: PageBreak

                        ## Task 3: Add the Courier app from the Guardian Project’s repo.

                          * **Average Difficulty**: 1.22
                          * **Number of Participants with Critical Errors**: 1
                          * **No problem** – 8/9 (88%)

                        #### Observations:

                          * Participants familiar enough with interface to easily complete task

                        #### Participant Feedback:

                          * One participant made 7 redundant taps on the ‘done’ button during this task. They assumed the page was stalling or the internet connection was unreliable. When in fact, they already had the app in their repo and didn’t see the error/warning message at the top of the page. Wasn’t able to get out of this view unless they reloaded the page or unchecked the blue check mark. </p> 

                        ## 

                        ## PAGE_BREAK: PageBreak

                        ## Task 4: Add a description to the Courier app.

                          * **Average Difficulty**: 1.5
                          * **Number of Participants with Critical Errors**: 2
                          * **No problem**– 5/9 (55%)

                        <p style="text-align:center;">
                          <i>“It seems really strange to be able to edit someone else’s app. I’m really concerned about the security feature of publishing repos. People putting out virtually similar apps, but changing just slightly. Because I can edit almost everything except for the icon. I can upload my own app file but still use their icon. Suggest ways to have warnings about masquerading.” </i>
                        </p>

                        <p style="text-align:center;">
                          <i>(Participant 1) </i>
                        </p>

                        <p style="text-align:center;">
                          <i></i>
                        </p>

                        <p style="text-align:center;">
                          <i>“Does it work like a wiki when I make changes, or does it only change it in my repo?” </i>
                        </p>

                        <p style="text-align:center;">
                          <i>(Participant 5)</i>
                        </p>

                        <p style="text-align:center;">
                          <i></i>
                        </p>

                        #### Observations:

                          * Added description to the summary field – 3/9 (33%)
                          * Commented that they wouldn’t have known they could edit an app, unless we asked them to do it – 3/9 (33%)
                          * Description view takes too long to load – 2/9 (22%)
                          * No indication in the description text box that this is where you add a description – 2/9 (22%)
                          * Want a ‘save’ button with the description box – 2/9 (22%)
                          * Want a back button on this page (wants it to say ‘back to repo’) – 2/9 (22%)

                        __

                        #### Participant Feedback:

                          * If you tap back in the browser, your changes are not saved.
                          * Attach save buttons to sections that are edited, rather than having 1 ‘done’ button
                          * Talk about editing in the FAQ or overview of the app
                          * Simplify edit view</p> 

                        ## Task 5: Remove an app from your repo.

                          * **Average Difficulty**: 2.16
                          * **Number of Participants with Critical Errors**: 1
                          * **No problem** – 4/9 (44%)

                        <p style="text-align:center;">
                          <i>“Edit makes me think that I would edit something within it, rather than removing it.” </i>
                        </p>

                        <p style="text-align:center;">
                          (Participant 3)
                        </p>

                        #### Observations

                          * Expected to be able to remove apps from the main apps index view – 7/9 (77%) 
                              * Most people searched main page, but remembered that they had seen something in the edit view previously.
                              * _I’m not making any changes to the app._ 
                              * _Wasn’t immediately apparent_ 
                              * _Not difficult, just requires a lot of clicks_
                              * I would expect to hover over or long press an app and get the option to remove
                              * I want a ‘remove app’ button on the app page
                          * Likes confirmation to remove the app – 1/9 (11%)</p> 

                        ## Task 6: Create a second repo. You don’t need to add any apps.

                          * **Average Difficulty**: 1.72
                          * **Number of Participants with Critical Errors**: 0
                          * **No problem**– 6/9 (66%)

                        ####<img src="https://guardianproject.info/wp-content/uploads/2017/06/image5.png" width="740" height="333" alt="" title="" /> 

                        #### Observations:

                          * Not completely clear, but figured it out – 3/9 (33%)
                          * Trying to find empty state of My Repo view – 2/9 (22%)
                          * Many had tapped + by mistake already (thought it was to add apps)- 2/9 (22%)
                          * Wanted to tap on the name of the repo or near it – 1/9 (11%)

                        Participant Feedback:

                          * Would help to have the option in the My Repos home view
                          * Hover label for new repo (near +)
                          * “Add button says it all.” (Participant 4)
                          * Would like a visual notification that the first repo was saved

                        ## 

                        ## Task 7: Reopen your first repo.

                          * **Average Difficulty**: 1.44
                          * **Number of Participants with Critical Errors**: 0
                          * **No problem** – 8/9 (88%)

                        <p style="text-align:center;">
                          <i>“Home conformed to my expectations.” </i>
                        </p>

                        <p style="text-align:center;">
                          (Paricipant 5)
                        </p>

                        #### Observations:

                          * Had figured out how to do it in a previous task – 1/9 (11%)
                          * Tapped back in browser – 1/9 (11%)

                        #### Bug:

                          * Bug with duplicate repos appearing in home screen 1/9 (11%)</p> 

                        ## 

                        ## Task 8: Share your first repo with your journalists.

                          * **Average Difficulty**: 1.72
                          * **Number of Participants with Critical Errors**: 1
                          * **No problem**– 3/9 (33%)<img src="https://guardianproject.info/wp-content/uploads/2017/06/image7.png" width="716" height="305" alt="" title="" />

                        #### 

                        #### Observations:

                          * Copy and pasted the link in a new tab (without prompting) – 4/9 (44%)
                          * Went to share right away – most everyone
                          * Participants tapped ‘copy link,’ saw a blue check and did nothing else – 2/9 (22%)
                          * Used Facebook – 1/9 (11%) 
                          * Used Twitter – 1/9 (11%)
                          * Opened the public link right away. Was going to add it to F-Droid then share with people from there 1/9 (11%)
                          * Not clear how to publish the repo – 1/9 (11%)

                        #### Participant Feedback:

                          * Wants to make sure the link is secure
                          * Don’t want to make it public (Password protection, unlisted?)
                          * Check doesn’t go away after copying link
                          * _“Sending a QR or link doesn’t do anything.” (Participant 1)_
                          * “What does the blue check mean?” (22% of Participants)
                          * Would be nice to be able to email from this page, maybe linkedin
                          * Like the QR code, because very familiar using these
                          * Steps aren’t extremely clear
                          * Likes that it shows how many apps are in your repo
                          * Step by step — this is how you share it with journalists (3 step process)
                          * Having the QR code and link on the same page is helpful
                          * Would like to see a reminder about F-Droid on the share screen
                          * Need to have a clear understanding about F-Droid and how it works

                        ## 

                        ## Task 9: Open the page you just shared.

                          * **Average Difficulty**: 1
                          * **Number of Participants with Critical Errors**: 0
                          * **No problem**– 9/9 (100%)<img src="https://guardianproject.info/wp-content/uploads/2017/06/image8.png" width="704" height="320" alt="" title="" />

                        #### Observations:

                          * Everyone highlighted link, copied and pasted it in a new tab to view </p> 

                        ## 

                        ## PAGE_BREAK: PageBreak

                        ## Task 10: Talk through how your journalists would add this repo to their android phone.

                        #### Main Takeaways:</p> 

                          1. **The majority of participants felt that they needed a core understanding of F-Droid first**

                        __

                        _“Most people wouldn’t have a problem installing F-Droid. The biggest challenge is knowing how F-Droid works.” (Participant 3)_

                        __

                        _“The concept of a repo is very abstract – the hardest part would be understanding what it is.” (Participant 6)_

                        __

                          * First need to understand F-Droid in order to install a repo
                          * Understood that you need F-Droid first, but believe you would need to spend time explaining FDroid to someone before setting up a repo
                          * Relationship between F-Droid and repomaker is unclear
                          * Might be a challenge if F-Droid is not already adopted into their workflow
                          * People need to be comfortable and familiar with F-Droid first in trainings
                          * If they are educated about F-Droid and info comes from a trusted source, they will be likely to use it
                          * How do I get it if I only have one device

                          1. **Step-by-step instructions needed (beginning with F-Droid installation)**

                        __

                        “Most of the journalists I work with are lazy. They would need step by step instructions.” (Participant 8)</p> 

                          * Step-by- step instructions would help
                          * If I share it on Facebook, they will have it on their phone. 
                          * Provide info up front that you need F-Droid for it to work
                          * QR code scanner in F-Droid would be helpful. Participant didn’t have a QR code scanner or room to download it
                          * The Pakistani testers liked QR code option for sharing
                          * Wants to make sure the link is secure </p> 

                        # 

                        # PAGE_BREAK: PageBreak

                        # Is it Useful?

                        <p style="text-align:center;">
                          8 out of 9 participants agreed Repomaker is a useful tool and would utilize it
                        </p>

                        ##### YES 

                          * Yes! Participant does multiple trainings in rural areas with students who couldn’t download apps prior to trainings, making talking about the specific apps during the actual trainings too abstract. 
                          * Repomaker is a great idea! Very, very useful! 
                          * See this being a very useful tool for trainings. Easily send a link to trainees prior to the training/conference ask them to install FDroid and download this repo with all the materials needed for our training. 
                          * In a context where people don’t have Google Play, F-Droid makes a lot of sense. 
                          * Yes, because when teaching labs (at university) we must download a few network simulators and apps, but because of the proxies network (restrictions on the internet, sites or apps being blocked) we aren’t able to use wifi in this way, making it difficult or impossible to get the needed materials for lab. Therefore, we could utilize Repomaker in these instances (Nearby tool or bluetooth)
                          * Some people would find it very useful! 
                          * Very useful to host trainings, give people a landing page with a customized repo!
                          * If there is some prior education about FDroid and Repomaker and this education/introduction comes from a trusted source, believes many people would not hesitate to use the tool.
                          * Participant is really struggling with the problem of unreliable internet connectivity, so they are very interested in this app specifically for training purposes and the ability to share repos with people whenever needed.

                        ##### NO OR MAYBE

                          * Not sure, I’m not an Android user. 
                          * How does this make my use case easier? 
                          * Want to know more about F-Droid

                        ##### COUNTRY-SPECIFIC POINTS

                        #### Pakistan

                          * In Pakistan everyone uses Android.
                          * In Pakistan mobile data is expensive and not all areas have good coverage, however, about 70-90% of people have mobile phones with airdrop being a very familiar sharing tool. 
                          * In big cities within Pakistan people are very familiar and comfortable using QR scanners and codes, however, within the smaller, rural areas people are skeptical. 
                          * Access to mobile phones ubiquitous, so mobile platforms really useful.

                        #### Sri Lanka

                          * In Sri Lanka, physical and device checks (army checkpoints) are very common. The guards will check your phone apps and photos, but people would be storing these repos in F-Droid, so apps wouldn’t appear on their home screen. 
                          * F-Droid doesn’t look attractive, so it won’t attract officials attention. 
                          * The galaxy y doesn’t have very much capacity. Storage space is an issue.
                          * If there’s patchy network, people use bluetooth, to save data, because data is money and also to save data.
                          * Most people are using phones that are given by organizations—like World Vision. Some organizations feel that it can be used as a personal device, so they block things so they won’t use data (ex: some block facebook or IMO apps). Sometimes they come with their own apps (like World Nation); blocking other apps. 

                        #### Zimbabwe

                          * Challenge of internet very real in Zimbabwe. Repomaker is very practical and useful. Being able to store apps all in one location. 
                              * Too many people using Google Play at once.

                        #### Participant Feedback:

                          * Could offer a FAQ’s section
                          * On home screen have a few quick questions and answers regarding Repomaker– _What’s a repo? What would I use repomaker for? Learn more here.</li> 

                              * Additional verification step?
                              * How much will it cost to run the apps? 
                              * How much data will repomaker require?
                              * What about storage? Will repos be able to store on external storage devices?</ul> </p> 

                            # 

                            # PAGE_BREAK: PageBreak

                            # Survey Results</p> 

                            ## Follow-Up

                            ## 

                            ## PAGE_BREAK: PageBreak

                            ## App Distribution</p> 

                            #### Notable: How many app?

                            From our responses, a majority of trainers share 2-5 apps during trainings.</p> 

                            ####<img src="https://guardianproject.info/wp-content/uploads/2017/06/null18.png" width="624" height="340" alt="" title="" /> 

                            #### Notable: Biggest challenge?

                            _**The biggest challenge this set of trainers face is that ‘Participants can’t connect to the internet during a training (75%).</i>**</p> 

                            _**Second to that (50%), ‘Participants can’t connect to the internet before the training’ and ‘Sharing an app requires unknown sources to be turned on in the phone settings’.</i>**</p> 

                            _**</i>**</p> 

                            ## 

                            ## PAGE_BREAK: PageBreak

                            ## Basic Info</p> 

                            ## 

                            ## PAGE_BREAK: PageBreak

                            ## Would you do it again?<img src="https://guardianproject.info/wp-content/uploads/2017/06/null28.png" width="624" height="324" alt="" title="" />

                            ###<img src="https://guardianproject.info/wp-content/uploads/2017/06/null29.png" width="624" height="278" alt="" title="" /> PAGE_BREAK: PageBreak

                            # Possible FQA’s</p> 

                            How much data will repomaker require?

                            How much data is required to install F-Droid?

                            How much storage needed?

                            Will repos be able to store on external storage devices?

                            What is F-Droid?

                            What is a repo?

                            What files can I add to my repo?

                            Can apps be downloaded directly from the public repo view?

                            Why do I need F-droid?

                            Can I edit any app?

                            Can others edit my apps?

                            Can others edit my personal repo?

                            How can I customize to a specific training?

                            How public is my repo? Who has access to my repo?

                            How secure is my repo?

                            How do I verify the apps I’m adding to my repo?

                            How do I know apps are coming from the original source?

                            How do I guard against malware?

                            If there are two of the same app, how do I know which one to trust?

                            Can other people masquerade my apps?

                            Is it safe to enable unknown sources?

                            How do I install apps from my repo?

                            Is this a secure tool? Is it safe to use?

                            How much storage will Repomaker and F-Droid need?

                            Can the apps from my repo be downloaded onto an external storage device?</p> 

                            **How to use F-Droid Repos**

                            – how to add one / how to get a repo on your phone

                            – how to get a repo from the desktop computer to your phone

                            – how to share a repo link

                            – how to share a repo from F-Droid when there’s no internet; how to share one offline / how to share apps with peers when there’s no internet.

                            – how to remove one

                            – how do I update files and apps I add?

189.4.73.81 testy.at.or.at - [08/Jun/2017:13:55:46 +0200] "GET /fdroid/repo/index-v1.jar HTTP/1.1" 200 147950 "-" "F-Droid"
119.29.81.134 199.119.112.126 - [08/Jun/2017:14:46:48 -0400] "GET /fdroid/repo/index-v1.jar HTTP/1.1" 200 147950 "http://testy.at.or.at/fdroid/repo/index-v1.jar" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"

0.0.0.0 - - [08/Jun/2017:00:00:00 +0000] "GET /fdroid/repo/index-v1.jar HTTP/1.1" 200 147950 "-" "-" AT
0.0.0.0 - - [08/Jun/2017:00:00:00 +0000] "GET /fdroid/repo/index-v1.jar HTTP/1.1" 200 147950 "-" "-" ZH

LogFormat "0.0.0.0 - %u %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %b \"%{Referer}i\" \"-\" %{GEOIP_COUNTRY_CODE}e" privacy+geo
CustomLog ${APACHE_LOG_DIR}/access.log privacy+geo

android-23
build-tools
/usr/lib/android-sdk
maven { url ‘file:///usr/share/maven-repo’ }
compile ‘com.android.tools.build:gradle:debian’
lintOptions.abortOnError
build-tools-24.0.0
android-23
public static void launchPanicIntent (Context context)
{
    final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context.getApplicationContext());

    String email = prefs.getString("email",null);
    String phone = prefs.getString("phone",null);
    String subject = prefs.getString("subject","panic message");
    String message = prefs.getString("message","i triggered a panic!");

    launchIntent(context, email, phone, subject, message);
}

public static void launchIntent (Context context, String emailAddress, String phoneNumber, String subject, String message)
{
    final PackageManager pm = context.getPackageManager();
    final Set receiverPackageNames = PanicTrigger.getResponderActivities(context);

    Intent intent = new Intent(Panic.ACTION_TRIGGER);
private void setupGeoFence ()
{

    //setup geofence for Times Square area
    String requestId = "geof1-timesSquare";
    double latitude = 40.758896;
    double longitude = -73.985130;
    float radius = 0.0001f;

    Geofence geofence = new Geofence.Builder()
            .setRequestId(requestId)
            .setCircularRegion(latitude, longitude, radius)
            .setExpirationDuration(Geofence.NEVER_EXPIRE)
            .build();

    GeofencingRequest request = new GeofencingRequest.Builder()
            .addGeofence(geofence)
            .build();
public class MediaButtonTrigger extends BaseTrigger {

    private static int mTriggerCount = 0;
    private final static int TRIGGER_THRESHOLD = 3;

    private static long mLastTriggerTime = -1;

    public MediaButtonTrigger(Activity context)
    {
        super (context);
    }

    @Override
    public void activateTrigger() {

        //if a headset button or a bluetooth "call" button is pressed, trigger this

        IntentFilter filter = new IntentFilter(Intent.ACTION_MEDIA_BUTTON);
        MediaButtonIntentReceiver r = new MediaButtonIntentReceiver();
        getContext().registerReceiver(r, filter);

    }

    public class MediaButtonIntentReceiver extends BroadcastReceiver {

        public MediaButtonIntentReceiver() {
            super();
        }

        @Override
        public void onReceive(Context context, Intent intent) {

            KeyEvent event = (KeyEvent)intent.getParcelableExtra(Intent.EXTRA_KEY_EVENT);
            if (event == null) {
                return;
            }

            int action = event.getAction();
            if (action == KeyEvent.ACTION_DOWN) {

                //check for 3 rapidly pressed key events

                long triggerTime = new Date().getTime();

                //if the trigger is the first one, or happened with a second of the last one, then count it
                if (mLastTriggerTime == -1 || ((triggerTime - mLastTriggerTime)<1000))
                    mTriggerCount++;

                mLastTriggerTime = triggerTime;

                if (mTriggerCount > TRIGGER_THRESHOLD) {
                    launchPanicIntent(context);
                    mTriggerCount = 0;
                }

            }
            abortBroadcast();
        }
    }
}
public class OutgoingCallReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {

        String phoneNumber = intent.getStringExtra(Intent.EXTRA_PHONE_NUMBER);

        if (phoneNumber != null
                && phoneNumber.equals(PhoneNumberTrigger.PHONE_NUMBER_TRIGGER)) {
            PhoneNumberTrigger.launchPanicIntent(context);
        }

    }
}
//setup shake detection using ShakeDetector library
SensorManager sensorManager = (SensorManager) getContext().getSystemService(Context.SENSOR_SERVICE);

ShakeDetector sd = new ShakeDetector(new ShakeDetector.Listener()
{
    public void hearShake() {

        //you shook me!
        launchPanicIntent(getContext());

    }
});

sd.start(sensorManager);
NetworkInfo netInfo = intent.getParcelableExtra (WifiManager.EXTRA_NETWORK_INFO);
if (ConnectivityManager.TYPE_WIFI == netInfo.getType ()
        && netInfo.isConnected()) {

    WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);
    WifiInfo info = wifiManager.getConnectionInfo();
    String ssid = info.getSSID();

    //Check if I am connected to the "trigger" SSID, and if so send an alert!

    if (!TextUtils.isEmpty(ssid)
        && ssid.equals(WIFI_SSID_TRIGGER))
    {
        launchPanicIntent(getContext());
    }
}
deb http://vwakviie2ienjx6t.onion/debian/ jessie main
deb-src http://vwakviie2ienjx6t.onion/debian/ jessie main

# aka volatile
deb http://vwakviie2ienjx6t.onion/debian/ jessie-updates main
deb-src http://vwakviie2ienjx6t.onion/debian/ jessie-updates main

deb http://vwakviie2ienjx6t.onion/debian jessie-backports main
deb-src http://vwakviie2ienjx6t.onion/debian/ jessie-backports main

deb http://sgvtcaew4bxjd7ln.onion/ jessie/updates main

deb http://security.debian.org/ jessie/updates main

deb http://dju2peblv7upfz3q.onion/debian-security/ jessie/updates main

sudo apt-get install faketime unzip wget meld
cd /tmp
wget https://guardianproject.info/releases/IOCipher-v0.3.zip
wget https://guardianproject.info/releases/IOCipher-v0.3.zip.sig
gpg --verify IOCipher-v0.3.zip.sig
git clone https://github.com/guardianproject/IOCipher
cd IOCipher
git checkout v0.3
./make-release-build
./compare-to-official-release IOCipher-v0.3.zip /tmp/IOCipher-v0.3.zip

compile 'info.guardianproject.cacheword:cachewordlib:0.1'
compile 'info.guardianproject.iocipher:IOCipher:0.3'
compile 'info.guardianproject.netcipher:netcipher:1.2'
compile 'info.guardianproject.trustedintents:trustedintents:0.0'

compile 'net.freehaven.tor.control:jtorctl:0.2'

implementation 'info.guardianproject.panic:panic:1.0'
Your application will be removed if you do not sign in to the Developer
Console

Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
    rodolpho.mayfirst.org
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=HTML_MESSAGE,RDNS_NONE
    autolearn=disabled version=3.3.2
X-Original-To: support@guardianproject.info
Delivered-To: gphans@rodolpho.mayfirst.org
Received: from rodolpho.mayfirst.org (localhost [127.0.0.1])
    by rodolpho.mayfirst.org (Postfix) with ESMTP id 4CFCD5E3D
    for <support@guardianproject.info>; Fri, 20 Feb 2015 04:30:50 -0500 (EST)
X-Greylist: delayed 543 seconds by postgrey-1.34 at rodolpho; Fri, 20 Feb 2015
04:30:49 EST
Received: from astra1695.startdedicated.com (unknown [85.25.194.40])
    by rodolpho.mayfirst.org (Postfix) with ESMTP id D74C83CD84
    for ; Fri, 20 Feb 2015 04:30:48 -0500 (EST)
Received: from gooogle.com.de (astra1695 [85.25.194.40])
    by astra1695.startdedicated.com (Postfix) with ESMTPA id 209D57C0918
    for ; Fri, 20 Feb 2015 10:21:32 +0100 (CET)
Date: Fri, 20 Feb 2015 09:21:32 +0000
To: The Tor Project <support@guardianproject.info>
From: Google Play Developer Support 
Reply-To: Google Play Developer Support 
Subject: 7-Day Notification of Google Play Developer Term Violation
Message-ID: <7f72540087c81ffe2ead560425d0d477@gooogle.com.de>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_7f72540087c81ffe2ead560425d0d477"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP

--b1_7f72540087c81ffe2ead560425d0d477
Content-Type: text/plain; charset=us-ascii

Hello Google Play Developer,
This is a notification that your application, Orbot: Proxy with Tor, with
package ID org.torproject.android, is currently in violation of our developer
terms.
REASON FOR WARNING: Violation of the spam provisions of the Content Policy.
Please refer to the spam policy help article for more information.
Do not use irrelevant, misleading, or excessive keywords in apps descriptions,
titles, or metadata.
Please refer to the keyword spam policy help article for more information.
Your application will be removed if you do not sign in to the Developer
Console and make modifications to your application's description to bring it
into compliance within 7 days of the issuance of this notification.If you have
additional applications in your catalog, please also review them for
compliance. Note that any remaining applications found to be in violation will
be removed from the Google Play Store.
Please also consult the Policy and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance. You can
also review this Google Play Help Center article for more information on this
warning.
All violations are tracked. Serious or repeated violations of any nature will
result in the termination of your developer account, and investigation and
possible termination of related Google accounts.
Regards,
Google Play Team
1600 Amphitheatre Parkway
Mountain View, CA 94043

--b1_7f72540087c81ffe2ead560425d0d477
Content-Type: text/html; charset=us-ascii

Hello Google Play Developer,
This is a notification that your application, Orbot: Proxy with Tor,
with package ID org.torproject.android, is currently in violation of
our developer terms.

REASON FOR WARNING: Violation of the spam provisions of the Content
Policy. Please refer to the spam policy help article for more information.
Do not use irrelevant, misleading, or excessive keywords in apps
descriptions, titles, or metadata.

Please refer to the keyword spam policy help article for more information.
Your application will be removed if you do not sign in to the Developer
Console and make modifications to your application's description to
bring it into compliance within 7 days of the issuance of this
notification.
If you have additional applications in your catalog, please
also review them for compliance. Note that any remaining applications found to
be in violation will be removed from the Google Play Store.
Please also consult the Policy
and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance. You
can also review this Google Play Help Center article for more information on
this warning.

All violations are tracked. Serious or repeated violations of any nature will
result in the termination of your developer account, and investigation and
possible termination of related Google accounts.
Regards,

Google Play Team

1600 Amphitheatre Parkway

Mountain View, CA 94043

--b1_7f72540087c81ffe2ead560425d0d477--

$ cat /etc/apt/apt.conf.d/99force-tor
# force everything through privoxy HTTP proxy to tor
Acquire::ftp::Proxy "http://127.0.0.1:8118";
Acquire::http::Proxy "http://127.0.0.1:8118";
Acquire::https::Proxy "http://127.0.0.1:8118";

# don't use SSL, its insecure, only use TLS
Acquire::https::SslForceVersion "TLSv1";

deb http://dju2peblv7upfz3q.onion/debian-security/ wheezy/updates main
deb http://security.debian.org/ wheezy/updates main

dju2peblv7upfz3q.onion
implementation 'info.guardianproject.cacheword:cachewordlib:0.1.1'
implementation 'info.guardianproject.cacheword:cachewordlib:0.1.1'
APK: https://guardianproject.info/releases/ChatSecure-v14.0.0.apk
Sig: https://guardianproject.info/releases/ChatSecure-v14.0.0.apk.asc

Owner: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Serial number: a397b4da7ecda034
Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041
Certificate fingerprints:
 MD5:  8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D
 SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD
 SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35
 Signature algorithm name: SHA1withRSA
 Version: 1

implementation 'info.guardianproject.trustedintents:trustedintents:%!s(<nil>)'
implementation 'info.guardianproject.trustedintents:trustedintents:%!s(<nil>)'
sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install opensc libacr38u libacsccid1 pcsc-tools usbutils

$ lsusb
Bus 005 Device 013: ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader

$ pcsc_scan 
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau <&#x6c;u&#x64;ov&#x69;c.&#x72;o&#x75;&#x73;s&#x65;au&#x40;f&#x72;&#x65;e&#x2e;fr>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR38U 00 00

Thu Mar 27 14:38:36 2014
Reader 0: ACS ACR38U 00 00
  Card state: Card inserted, 
  ATR: 3B F5 18 00 00 81 31 FE 45 4D 79 45 49 44 9A
[snip]

$ pcsc_scan 
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau <&#x6c;&#x75;&#x64;&#x6f;&#x76;&#x69;c.rousse&#x61;&#x75;&#x40;&#x66;&#x72;&#x65;e.fr>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...

$ dpkg -S opensc-pkcs11.so
opensc: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so \
>     --list-slots
Available slots:
Slot 0 (0xffffffffffffffff): Virtual hotplug slot
  (empty)
Slot 1 (0x1): ACS ACR38U 00 00
  token label        : MyEID (signing)
  token manufacturer : Aventra Ltd.
  token model        : PKCS#15
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 0106004065952228

name = OpenSC
description = SunPKCS11 w/ OpenSC Smart card Framework
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slot = 1

code $ git clone https://github.com/guardianproject/smartcard-apk-signing
code $ cd smartcard-apk-signing/Aventra_MyEID_Setup
Aventra_MyEID_Setup $ ./setup.sh 
Edit pkcs15-init-options-file-pins to put in the PINs you want to set:
Aventra_MyEID_Setup $ emacs pkcs15-init-options-file-pins
Aventra_MyEID_Setup $ ./setup.sh 
Using reader with a card: ACS ACR38U 00 00
Connecting to card in reader ACS ACR38U 00 00...
Using card driver MyEID cards with PKCS#15 applet.
About to erase card.
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]: 
Using reader with a card: ACS ACR38U 00 00
Connecting to card in reader ACS ACR38U 00 00...
Using card driver MyEID cards with PKCS#15 applet.
About to create PKCS #15 meta structure.
Using reader with a card: ACS ACR38U 00 00
Connecting to card in reader ACS ACR38U 00 00...
Using card driver MyEID cards with PKCS#15 applet.
Found MyEID
About to generate key.
Using reader with a card: ACS ACR38U 00 00
Connecting to card in reader ACS ACR38U 00 00...
Using card driver MyEID cards with PKCS#15 applet.
Found MyEID
About to generate key.
next generate a key with ./gen.sh then ./finalize.sh
Aventra_MyEID_Setup $ cd ../openssl-gen/
openssl-gen $ ./gen.sh 
Usage: ./gen.sh "CertDName" [4096]
  for example:
  "/C=US/ST=New York/O=Guardian Project &#x54;e&#x73;&#x74;/&#x43;N=&#x74;es&#x74;.&#x67;&#x75;a&#x72;di&#x61;np&#x72;o&#x6a;&#x65;c&#x74;&#x2e;i&#x6e;fo&#x2f;em&#x61;i&#x6c;&#x41;d&#x64;re&#x73;s=&#x74;e&#x73;&#x74;@&#x67;&#x75;a&#x72;di&#x61;np&#x72;o&#x6a;&#x65;c&#x74;.i&#x6e;fo"
openssl-gen $ ./gen.sh "/C=US/ST=New York/O=Guardian Project Te&#x73;t&#x2f;C&#x4e;=&#x74;e&#x73;t&#x2e;g&#x75;ardi&#x61;n&#x70;r&#x6f;j&#x65;c&#x74;.&#x69;n&#x66;o/em&#x61;i&#x6c;A&#x64;d&#x72;e&#x73;s&#x3d;t&#x65;st&#x40;g&#x75;a&#x72;d&#x69;a&#x6e;p&#x72;o&#x6a;e&#x63;t.&#x69;n&#x66;o"
Generating key, be patient...
2048 semi-random bytes loaded
Generating RSA private key, 2048 bit long modulus
.......................................+++
..................................................+++
e is 65537 (0x10001)
Signature ok
subject=/C=US/ST=New York/O=Guardian Project Test/&#x43;&#x4e;&#x3d;&#x74;&#x65;st.gu&#x61;&#x72;&#x64;&#x69;&#x61;nproj&#x65;&#x63;&#x74;&#x2e;&#x69;nfo/e&#x6d;&#x61;&#x69;&#x6c;&#x41;ddres&#x73;&#x3d;&#x74;&#x65;&#x73;t@gua&#x72;&#x64;&#x69;&#x61;&#x6e;proje&#x63;&#x74;&#x2e;&#x69;&#x6e;fo
Getting Private key
writing RSA key
Your HSM will prompt you for 'Security Officer' aka admin PIN, wait for it!
Enter destination keystore password:  
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[Storing keystore]
Key fingerprints for reference:
MD5 Fingerprint=90:24:68:F3:F3:22:7D:13:8C:81:11:C3:A4:B6:9A:2F
SHA1 Fingerprint=3D:9D:01:C9:28:BD:1F:F4:10:80:FC:02:95:51:39:F4:7D:E7:A9:B1
SHA256 Fingerprint=C6:3A:ED:1A:C7:9D:37:C7:B0:47:44:72:AC:6E:FA:6C:3A:B2:B1:1A:76:7A:4F:42:CF:36:0F:A5:49:6E:3C:50
The public files are: certificate.pem publickey.pem request.pem
The secret files are: secretkey.pem certificate.p12 certificate.jkr
The passphrase for the secret files is: fTQ*he-[:y+69RS+W&+!*0O5i%n
openssl-gen $ cd ../Aventra_MyEID_Setup/
Aventra_MyEID_Setup $ ./finalize.sh 
Using reader with a card: ACS ACR38U 00 00
Connecting to card in reader ACS ACR38U 00 00...
Using card driver MyEID cards with PKCS#15 applet.
Found MyEID
About to delete object(s).
Your HSM is ready for use! Put the secret key files someplace encrypted and safe!

smartcard-apk-signing $ /usr/bin/keytool -v \
>     -providerClass sun.security.pkcs11.SunPKCS11 \
>     -providerArg opensc-java.cfg \
>     -providerName SunPKCS11-OpenSC -keystore NONE -storetype PKCS11 \
>     -list
Enter keystore password:  

Keystore type: PKCS11
Keystore provider: SunPKCS11-OpenSC

Your keystore contains 1 entry

Alias name: 1
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: &#x45;&#x4d;&#x41;&#x49;&#x4c;&#x41;&#x44;&#x44;RESS=test@g&#x75;&#x61;&#x72;&#x64;&#x69;&#x61;&#x6e;&#x70;&#x72;oject.info, CN=test.guardianproject.info, O=Guardian Project Test, ST=New York, C=US
Issuer: E&#x4d;A&#x49;LA&#x44;D&#x52;ES&#x53;=&#x74;e&#x73;&#x74;@&#x67;u&#x61;rd&#x69;a&#x6e;pr&#x6f;j&#x65;ct&#x2e;i&#x6e;f&#x6f;, CN=test.guardianproject.info, O=Guardian Project Test, ST=New York, C=US
Serial number: aa6887be1ec84bde
Valid from: Fri Mar 28 16:41:26 EDT 2014 until: Mon Aug 12 16:41:26 EDT 2041
Certificate fingerprints:
	 MD5:  90:24:68:F3:F3:22:7D:13:8C:81:11:C3:A4:B6:9A:2F
	 SHA1: 3D:9D:01:C9:28:BD:1F:F4:10:80:FC:02:95:51:39:F4:7D:E7:A9:B1
	 SHA256: C6:3A:ED:1A:C7:9D:37:C7:B0:47:44:72:AC:6E:FA:6C:3A:B2:B1:1A:76:7A:4F:42:CF:36:0F:A5:49:6E:3C:50
	 Signature algorithm name: SHA1withRSA
	 Version: 1

*******************************************
*******************************************

smartcard-apk-signing $ /usr/bin/jarsigner -verbose \
>     -providerClass sun.security.pkcs11.SunPKCS11 \
>     -providerArg opensc-java.cfg -providerName SunPKCS11-OpenSC \
>     -keystore NONE -storetype PKCS11 \
>     -sigalg SHA1withRSA -digestalg SHA1 \
>     bin/LilDebi-release-unsigned.apk 1
Enter Passphrase for keystore: 
   adding: META-INF/1.SF
   adding: META-INF/1.RSA
  signing: assets/busybox
  signing: assets/complete-debian-setup.sh
  signing: assets/configure-downloaded-image.sh
  signing: assets/create-debian-setup.sh
  signing: assets/debian-archive-keyring.gpg
  signing: assets/debootstrap.tar.bz2
  signing: assets/e2fsck.static
  signing: assets/gpgv
  signing: assets/lildebi-common
[snip]

Owner: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Serial number: a397b4da7ecda034
Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041
Certificate fingerprints:
 MD5:  8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D
 SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD
 SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35
 Signature algorithm name: SHA1withRSA
 Version: 1

Owner: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=root@guardianproject.info, CN=guardianproject.info, O=Guardian Project, OU=FDroid Repo, L=New York, ST=New York, C=US
Serial number: a397b4da7ecda034
Valid from: Thu Jun 26 15:39:18 EDT 2014 until: Sun Nov 10 14:39:18 EST 2041
Certificate fingerprints:
 MD5:  8C:BE:60:6F:D7:7E:0D:2D:B8:06:B5:B9:AD:82:F5:5D
 SHA1: 63:9F:F1:76:2B:3E:28:EC:CE:DB:9E:01:7D:93:21:BE:90:89:CD:AD
 SHA256: B7:C2:EE:FD:8D:AC:78:06:AF:67:DF:CD:92:EB:18:12:6B:C0:83:12:A7:F2:D6:F3:86:2E:46:01:3C:7A:61:35
 Signature algorithm name: SHA1withRSA
 Version: 1

git clone https://github.com/eighthave/keysync
cd keysync
git remote add upstream https://github.com/guardianproject/keysync
git fetch upstream
git remote add abeluck https://github.com/abeluck/keysync
git fetch abeluck

$ git remote  -v
abeluck https://github.com/abeluck/keysync (fetch)
abeluck https://github.com/abeluck/keysync (push)
origin  https://github.com/eighthave/keysync (fetch)
origin  https://github.com/eighthave/keysync (push)
upstream        https://github.com/guardianproject/keysync (fetch)
upstream        https://github.com/guardianproject/keysync (push)
$ git branch -va
* master                  1536fcf parse version number from setuptools
  remotes/abeluck/master  1536fcf parse version number from setuptools
  remotes/origin/HEAD     -> origin/master
  remotes/origin/master   1536fcf parse version number from setuptools
  remotes/upstream/master 1536fcf parse version number from setuptools

git checkout master
git fetch abeluck
(review the commits...)
git rebase abeluck/master
git push origin master

git checkout master
git fetch eighthave
git merge eighthave/master
(review the commits...)
git push upstream master

git checkout eighthave/master
(review the commits...)
git checkout master

git checkout master
git tag pre-rebase

git tag -d pre-rebase

git fetch upstream
git checkout upstream/master
git branch -D master
git branch master
git checkout master
git push -f origin master

HiddenServiceDir /var/lib/tor/ssh_hidden_service/
HiddenServicePort 22 127.0.0.1:22

Host *.onion
     Compression yes
     ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p

Host *.onion
     Compression yes
     ProxyCommand connect -5 -S 127.0.0.1:9050 %h %p

ssh git@fakefakefakefake.onion
mkdir /home/git/MyPrivateShare
cd /home/git/MyPrivateShare
git init --bare

F50E ADDD 2234 F563
sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install fdroidserver nginx

sudo mkdir /usr/share/nginx/www/fdroid
sudo chown -R $USER /usr/share/nginx/www/fdroid
cd /usr/share/nginx/www/fdroid
fdroid init

cd /usr/share/nginx/www/fdroid
cp /path/to/*.apk /usr/share/nginx/www/fdroid/repo/
fdroid update -c
fdroid update

repo_url = "https://guardianproject.info/fdroid/repo"
repo_name = "My Local Repo"
repo_icon = "GP_Logo_hires.png"
repo_description = """
This is a local test repository of Hans-Christoph Steiner <&#x68;a&#x6e;s@&#x67;ua&#x72;d&#x69;&#x61;n&#x70;ro&#x6a;e&#x63;&#x74;.&#x69;nf&#x6f;>. It is a repository of Guardian Project apps.
"""

#!/usr/bin/python

import urllib2
import re
import ssl
import sys

# # find generic mirrors
mirrors = urllib2.urlopen('http://www.debian.org/mirror/list')
https = []
for line in mirrors.readlines():
    m = re.match('.*<td valign="top"><a rel="nofollow" href="http(.*)">.*', line)
    if m:
        url = 'https' + m.group(1)
        print 'trying: ',
        print url,
        print '...',
        sys.stdout.flush()
        try:
            response=urllib2.urlopen(url, timeout=1)
            https.append(url)
            print 'success!'
        except urllib2.URLError as err:
            print 'fail!'
        except ssl.SSLError as err:
            print 'bad SSL!'

# print 'HTTPS apt repos:'
#for url in https:
#    print url

# # find security mirrors
mirrors = urllib2.urlopen('http://www.debian.org/mirror/list-full')
securitys = []
for line in mirrors.readlines():
    m = re.match('.*</tt><br>Security updates over HTTP: <tt><a rel="nofollow" href="http(.*)">.*/debian-security/</a>.*', line)
    if m:
        url = 'https' + m.group(1)
        print 'trying: ',
        print url,
        print '...',
        sys.stdout.flush()
        try:
            response=urllib2.urlopen(url, timeout=1)
            securitys.append(url)
            print 'success!'
        except urllib2.URLError as err:
            print 'fail!'
        except ssl.SSLError as err:
            print 'bad SSL!'

# print 'HTTPS security repos:'
# for url in securitys:
#     print url

# now find the backports mirrors
mirrors = urllib2.urlopen('http://backports-master.debian.org/Mirrors/')
backports = []
for line in mirrors.readlines():
#<td><a href="http://be.mirror.eurid.eu/debian-backports/">/debian-backports/</a>
    m = re.match('.*<td><a href="http(.*)">.*/debian-backports/</a>.*', line)
    if m:
        url = 'https' + m.group(1)
        print 'trying: ',
        print url,
        print '...',
        sys.stdout.flush()
        try:
            response=urllib2.urlopen(url, timeout=1)
            backports.append(url)
            print 'success!'
        except urllib2.URLError as err:
            print 'fail!'
        except ssl.SSLError as err:
            print 'bad SSL!'

#print 'HTTPS backports repos:'
#for url in backports:
#    print url

# now find the CD image mirrors
mirrors = urllib2.urlopen('http://www.debian.org/CD/http-ftp/')
cds = []
for line in mirrors.readlines():
# <a rel="nofollow" href="http://mirror.easyspeedy.com/debian-cd/">HTTP</a></li>
    m = re.match('.*<a rel="nofollow" href="http(:.*)">HTTP</a></li>.*', line)
    if m:
        url = 'https' + m.group(1)
        print 'trying: ',
        print url,
        print '...',
        sys.stdout.flush()
        try:
            response=urllib2.urlopen(url, timeout=1)
            cds.append(url)
            print 'success!'
        except urllib2.URLError as err:
            print 'fail!'
        except ssl.SSLError as err:
            print 'bad SSL!'

print 'HTTPS CD image repos:'
for url in cds:
    print url

# now write everything to a file
f = open('/tmp/https-debian-archives.txt', 'w')

f.write('HTTPS apt repos\n')
f.write('---------------\n')
for url in https:
    f.write(url + '\n')

f.write('\n\nHTTPS security repos\n')
f.write('---------------\n')
for url in securitys:
    f.write(url + '\n')

f.write('\n\nHTTPS backports repos\n')
f.write('--------------------\n')
for url in backports:
    f.write(url + '\n')

f.write('\n\nHTTPS CD image repos\n')
f.write('--------------------\n')
for url in cds:
    f.write(url + '\n')

f.close()

    <div>
      For EU, Africa, Asia: We’ll have some early sessions in the coming weeks. This is just our first test run. Thanks for understanding!
    </div>

    <div>
    </div>

    <div>
      <strong>Fri, Oct 18, 1:00 PM EDT – 3:00 PM</strong>
    </div>

    <div>
      RSVP the Google+ Event today: <a href="https://plus.google.com/events/cumq8tucoc31ap55iqdn7pq9abs">https://plus.google.com/events/cumq8tucoc31ap55iqdn7pq9abs</a> or we’ll just see you on IRC.
    </div>
  </div>
</div>

sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install keysync

*![Fedora](https://guardianproject.info/builds/.icons/platform_fedora_linux.gif) **Fedora 17, 18, 19**: Run this in your Terminal to add <a href="https://build.opensuse.org/project/show/security:guardianproject" target="_blank">our repository</a> to your package sources. You only need to do this once, you'll get updated versions automatically once this is complete (fingerprint: `AC38 BED1 E879 79EA FD54`): <pre style="font-size: small;">source /etc/os-release

*![Debian](https://guardianproject.info/builds/.icons/platform_debian_gnu_linux.gif) **Debian**: <a href="https://packages.debian.org/search?keywords=keysync" target="_blank">included in the official repos</a>. For wheezy, get it from backports: <pre style="font-size: small;">apt-get -t wheezy-backports install keysync

*![Arch Linux](https://guardianproject.info/builds/.icons/platform_arch_linux.gif) **Arch Linux**: <a href="https://aur.archlinux.org/packages/keysync/" target="_blank">included in the AUR</a>. Please vote for it so it can be included in the official community repository. 
 *![Python pypi](https://guardianproject.info/builds/.icons/python-logo.gif) Any Platform with Python, install via <a href="https://pypi.python.org/pypi/keysync" target="_blank">pypi</a> (see the <a href="https://github.com/guardianproject/keysync/blob/master/win32/README.md" target="_blank" title="Building KeySync on Windows">special instructions for Windows</a>) <pre style="font-size: small;">pip install keysync

<a name="source"></a>

### Source

  * For more info on the code and installation, <a href="https://github.com/guardianproject/keysync/blob/master/README.md" target="_blank">see the README</a>
  * github: <a href="https://github.com/guardianproject/keysync" title="KeySync source repo" target="_blank">https://github.com/guardianproject/keysync</a>
  * <a href="https://github.com/guardianproject/keysync/releases" title="KeySync source tarballs" target="_blank">downloadable tags on github</a>
## Known Issues

See the <a href="https://dev.guardianproject.info/projects/keysync/roadmap" title="KeySync Development Roadmap" target="_blank">KeySync Roadmap</a> for our development plan. Here are some notable known issues:

  * does not handle multiple keys/fingerprints for a given account (<a href="https://dev.guardianproject.info/issues/1868" target="_blank">#1868</a>)
  * GUI only syncs to ChatSecure (full two-way sync is planned) (<a href="https://dev.guardianproject.info/issues/1968" target="_blank">#1968</a>)
  * no way to handle conflicting private keys for an account (<a href="https://dev.guardianproject.info/issues/1963" target="_blank">#1963</a>)
  * no translations, only in English (<a href="https://dev.guardianproject.info/issues/2170" target="_blank">#2170</a>)
  * <a title="existing KeySync issues" href="https://dev.guardianproject.info/projects/keysync/issues" target="_blank">View all open issues</a>

sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install keysync

*![Fedora](https://guardianproject.info/builds/.icons/platform_fedora_linux.gif) **Fedora 17, 18, 19**: Run this in your Terminal to add <a href="https://build.opensuse.org/project/show/security:guardianproject" target="_blank">our repository</a> to your package sources. You only need to do this once, you'll get updated versions automatically once this is complete (fingerprint: `AC38 BED1 E879 79EA FD54`): <pre style="font-size: small;">source /etc/os-release

*![Debian](https://guardianproject.info/builds/.icons/platform_debian_gnu_linux.gif) **Debian**: <a href="https://packages.debian.org/search?keywords=keysync" target="_blank">included in the official repos</a>. For wheezy, get it from backports: <pre style="font-size: small;">apt-get -t wheezy-backports install keysync

*![Arch Linux](https://guardianproject.info/builds/.icons/platform_arch_linux.gif) **Arch Linux**: <a href="https://aur.archlinux.org/packages/keysync/" target="_blank">included in the AUR</a>. Please vote for it so it can be included in the official community repository. 
 *![Python pypi](https://guardianproject.info/builds/.icons/python-logo.gif) Any Platform with Python, install via <a href="https://pypi.python.org/pypi/keysync" target="_blank">pypi</a> (see the <a href="https://github.com/guardianproject/keysync/blob/master/win32/README.md" target="_blank" title="Building KeySync on Windows">special instructions for Windows</a>) <pre style="font-size: small;">pip install keysync

<a name="source"></a>

### Source

  * For more info on the code and installation, <a href="https://github.com/guardianproject/keysync/blob/master/README.md" target="_blank">see the README</a>
  * github: <a href="https://github.com/guardianproject/keysync" title="KeySync source repo" target="_blank">https://github.com/guardianproject/keysync</a>
  * <a href="https://github.com/guardianproject/keysync/releases" title="KeySync source tarballs" target="_blank">downloadable tags on github</a>
## Known Issues

See the <a href="https://dev.guardianproject.info/projects/keysync/roadmap" title="KeySync Development Roadmap" target="_blank">KeySync Roadmap</a> for our development plan. Here are some notable known issues:

  * does not handle multiple keys/fingerprints for a given account (<a href="https://dev.guardianproject.info/issues/1868" target="_blank">#1868</a>)
  * GUI only syncs to ChatSecure (full two-way sync is planned) (<a href="https://dev.guardianproject.info/issues/1968" target="_blank">#1968</a>)
  * no way to handle conflicting private keys for an account (<a href="https://dev.guardianproject.info/issues/1963" target="_blank">#1963</a>)
  * no translations, only in English (<a href="https://dev.guardianproject.info/issues/2170" target="_blank">#2170</a>)
  * <a title="existing KeySync issues" href="https://dev.guardianproject.info/projects/keysync/issues" target="_blank">View all open issues</a>

HttpURLConnection
implementation 'info.guardianproject.netcipher:netcipher:2.2.0-alpha'
android.webkit
    implementation 'info.guardianproject.netcipher:netcipher-webkit:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-okhttp3:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-httpclient:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-volley:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-chboye:2.2.0-alpha

HttpURLConnection
implementation 'info.guardianproject.netcipher:netcipher:2.2.0-alpha'
android.webkit
    implementation 'info.guardianproject.netcipher:netcipher-webkit:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-okhttp3:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-httpclient:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-volley:2.2.0-alpha
    implementation 'info.guardianproject.netcipher:netcipher-chboye:2.2.0-alpha

So you want to escape censorship?

This post is partially a response to Bruce Schneier’s recent piece: <a title="Schneier Security Awareness Training" href="https://www.schneier.com/blog/archives/2013/03/security_awaren_1.html">Security Awareness Training</a>.

import info.guardianproject.iocipher.File;
import info.guardianproject.iocipher.FileOutputStream;
import info.guardianproject.iocipher.FileReader;
import info.guardianproject.iocipher.IOCipherFileChannel;
import info.guardianproject.iocipher.VirtualFileSystem;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;

    implementation 'info.guardianproject.iocipher:IOCipherStandalone:0.5@aar'

    implementation 'info.guardianproject.iocipher:IOCipher:0.5@aar'
    implementation 'net.zetetic:android-database-sqlcipher:4.2.0@aar'

import info.guardianproject.iocipher.File;
import info.guardianproject.iocipher.FileOutputStream;
import info.guardianproject.iocipher.FileReader;
import info.guardianproject.iocipher.IOCipherFileChannel;
import info.guardianproject.iocipher.VirtualFileSystem;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;

    implementation 'info.guardianproject.iocipher:IOCipherStandalone:0.5@aar'

    implementation 'info.guardianproject.iocipher:IOCipher:0.5@aar'
    implementation 'net.zetetic:android-database-sqlcipher:4.2.0@aar'

public class MyTrustManager implements X509TrustManager {
private KeyStore keyStore;
private X509TrustManager defaultTrustManager;
private X509TrustManager appTrustManager;

byte[] keyStored = null;
String pwd;

public MyTrustManager() {
    loadKeyStore();

defaultTrustManager = getTrustManager(false);
appTrustManager = getTrustManager(true);

}

private X509TrustManager getTrustManager(boolean withKeystore) {
    try {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(“X509”);
        if(withKeystore)
            tmf.init(keyStore);
        else
            tmf.init((KeyStore) null);
        for(TrustManager t : tmf.getTrustManagers())
            if(t instanceof X509TrustManager)
                return (X509TrustManager) t;
    } catch (KeyStoreException e) {
        Log.e(LOG, “key store exception: “ + e.toString());
    } catch (NoSuchAlgorithmException e) {
        Log.e(LOG, “no such algo exception: “ + e.toString());
    }
    return null;
}

private void loadKeyStore() {
    //TODO: this is where you load up your keystore and store the bytes into the keyStored field if neccessary.
    try {
        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    } catch(KeyStoreException e) {
        Log.e(LOG, “key store exception: “ + e.toString());
    }

try {
    keyStore.load(null, null);
    if(keyStored != null)
        keyStore.load(new ByteArrayInputStream(keyStored), pwd.toCharArray());

} catch(CertificateException e) {
    Log.e(LOG, "certificate exception: " + e.toString());
} catch (NoSuchAlgorithmException e) {
    Log.e(LOG, "no such algo exception: " + e.toString());
} catch (IOException e) {
    Log.e(LOG, "IOException: " + e.toString());
}

}

private void storeCertificate(X509Certificate[] chain) {
    try {
        for(X509Certificate cert : chain) {
            keyStore.setCertificateEntry(cert.getSubjectDN().toString(), cert);
        }
    } catch(KeyStoreException e) {
        Log.e(LOG, “keystore exception: “ + e.toString());
    }

appTrustManager = getTrustManager(true);
try {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    keyStore.store(baos, pwd.toCharArray());
    updateKeyStore(baos.toByteArray());
    Log.d(LOG, "new key encountered!  length: " + baos.size());
} catch(KeyStoreException e) {
    Log.e(LOG, "keystore exception: " + e.toString());  
} catch (NoSuchAlgorithmException e) {
    Log.e(LOG, "no such algo exception: " + e.toString());
} catch (IOException e) {
    Log.e(LOG, "IOException: " + e.toString());
} catch (CertificateException e) {
    Log.e(LOG, "Certificate Exception: " + e.toString());
}

}

private void updateKeyStore(byte[] newKey) {
    // TODO: this is where YOU update your own keystore if you need to (ie, if it’s in an SQLite database)
}

private boolean isCertKnown(X509Certificate cert) {
    try {
        return keyStore.getCertificateAlias(cert) != null;
    } catch(KeyStoreException e) {
        return false;
    }
}

private boolean isExpiredException(Throwable e) {
    do {
        if(e instanceof CertificateExpiredException)
            return true;
        e = e.getCause();
    } while(e != null);
    return false;
}

private void checkCertificateTrusted(X509Certificate[] chain, String authType, boolean isServer) throws CertificateException {
    try {
        if(isServer)
            appTrustManager.checkServerTrusted(chain, authType);
        else
            appTrustManager.checkClientTrusted(chain, authType);
    } catch(CertificateException e) {
        if(isExpiredException(e))
            return;
        if(isCertKnown(chain[0]))
            return;

    try {
        if(isServer)
            defaultTrustManager.checkServerTrusted(chain, authType);
        else
            defaultTrustManager.checkClientTrusted(chain, authType);
    } catch(CertificateException ce) {
        storeCertificate(chain);
    }
}

}

@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    checkCertificateTrusted(chain, authType, false);
}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    checkCertificateTrusted(chain, authType, true);
}

@Override
public X509Certificate[] getAcceptedIssuers() {
    return defaultTrustManager.getAcceptedIssuers();
}
Next, you want to initiate an Https request to use this custom Trust Manager. As most of you Android programmers know, you have to do any network stuff on another, non-UI thread. I like to use Future/Callables because it returns the contents of the web site you access into a variable that I can parse. Here’s how you do that for a standard POST request:

<pre style="font-size:0.8em;">public static String executeHttpsPost(final String host, final Map<String, Object> postData, final String contentType) {
    ExecutorService ex = Executors.newFixedThreadPool(100);
    Future<String> future = ex.submit(new Callable<String>() {
        String result = "FAIL";
        String HYPHENS = "--";
        STRING LINE_END = "\r\n";
        String BOUNDARY = "***7hisIsMyBoUND4rY***";
        String hostname;

        URL url;
        HttpsURLConnection connection;
        HostnameVerifier hnv;
        DataOutputStream dos;
        SSLContext ssl;

        MyTrustManager itm;

        private void buildQuery() {
            Iterator<Entry<String, Object>> it = postData.entrySet().iterator();

            connection.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + BOUNDARY);
            StringBuffer sb = new StringBuffer();
            try {
                dos = new DataOutputStream(connection.getOutputStream());
                sb = new StringBuffer();
                while(it.hasNext()) {
                    sb = new StringBuffer();
                    Entry<String, Object> e = it.next();

                    sb.append(HYPHENS + BOUNDARY + LINE_END);

                    sb.append("Content-Disposition: form-data; name=\"" + e.getKey() + "\"" + LINE_END);
                    sb.append("Content-Type: " + contentType + "; charset=UTF-8" + LINE_END );
                    sb.append("Cache-Control: no-cache" + LINE_END + LINE_END);
                    sb.append(String.valueOf(e.getValue()) + LINE_END);
                    dos.writeBytes(sb.toString());
                }

                dos.writeBytes(HYPHENS + BOUNDARY + HYPHENS + LINE_END);

                dos.flush();
                dos.close();

            } catch (IOException e) {
                Log.e(LOG, e.toString());
                e.printStackTrace();
            }
        }

        @Override
        public String call() throws Exception {
            hostname = host.split("/")[0];
            url = new URL("https://" + host);

            hnv = new HostnameVerifier() {
                @Override
                public boolean verify(String hn, SSLSession session) {
                    if(hn.equals(hostname))
                        return true;
                    else
                        return false;
                }
            };

            itm = new MyTrustManager();

            ssl = SSLContext.getInstance("TLS");
            ssl.init(null, new TrustManager[] {itm}, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(hnv);

            connection = (HttpsURLConnection) url.openConnection();

            connection.setRequestMethod("POST");
            connection.setRequestProperty("Connection", "Keep-Alive");
            connection.setUseCaches(false);
            connection.setDoInput(true);
            connection.setDoOutput(true);

            buildQuery();

            try {
                InputStream is = connection.getInputStream();
                BufferedReader br = new BufferedReader(new InputStreamReader(is));
                String line;
                StringBuffer sb = new StringBuffer();
                while((line = br.readLine()) != null)
                    sb.append(line);
                br.close();
                connection.disconnect();
                result = sb.toString();
            } catch(NullPointerException e) {
                Log.e(LOG, e.toString());
                e.printStackTrace();
            }
            return result;
        }

    });

    try {
        return future.get();
    } catch (InterruptedException e) {
        Log.e(LOG, e.toString());
        e.printStackTrace();
        return null;
    } catch (ExecutionException e) {
        Log.e(LOG, e.toString());
        e.printStackTrace();
        return null;
    }
}

Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 8118));

connection = (HttpsURLConnection) url.openConnection(proxy);

public X509KeyManager[] getKeyManagers(byte[] kBytes, String clientCertificatePassword, String keystorePassword) {
KeyManagerFactory kmf = null;
KeyManager[] km = null;
X509KeyManager[] xkm = null;
KeyStore xks = KeyStore.getInstance("PKCS12");

ByteArrayInputStream bais = new ByteArrayInputStream(kBytes);
xks.load(bais, keystorePassword.toCharArray());

kmf.init(xks, clientCertificatePassword.toCharArray());
km = kmf.getKeyManagers();
xkm = new X509KeyManager[km.length];

for(int x=0;x>km.length;x++) {
    X509KeyManager k = (X509KeyManager) km[x];
    xkm[x] = k;
}

Finally, when you instantiate your SSLContext for your POST request, include the returned value of the getKeyManager method as the KeyManager parameter. So, replace this line:

<pre style="font-size:0.8em;">ssl.init(null, new TrustManager[] {itm}, new SecureRandom());

with this:

<pre style="font-size:0.8em;">X509KeyManager[] x509KeyManager = getKeyManager(kBytes, clientCertificatePassword, keystorePassword);

  <p class="wp-caption-text">
    Lee of Guardian walks through the design of the Open Secure Telephony Network
  </p>
</div>

<p class="wp-caption-text">
  <a href="https://guardianproject.info/events/freebird2012rio/index.php?cmd=image&sfpg=KlAxMDMwNzMzLkpQRyphMDliZThiNDdlMjk0ZjA3ZDliNDI5MzY2MjdkMzQ2OA"><img class="" src="https://guardianproject.info/events/freebird2012rio/index.php?cmd=image&sfpg=KlAxMDMwNzMzLkpQRyphMDliZThiNDdlMjk0ZjA3ZDliNDI5MzY2MjdkMzQ2OA" alt="" width="432" height="289" /></a> The collaborative “mosh pit” brainstorm helped guide the discussions for the day
</p>

<p class="wp-caption-text">
  Harlo of Guardian walks through the InformaCam sensor capture code and metadata formats
</p>

java.io.*   --->   info.guardianproject.iocipher.*
<p>
  </span></span></a>
</p>

<p>
  <strong>SQLCipher</strong> – uma extensão para o banco de dados móvel de SQLite que fornece criptografia transparente AES de 256 bits dos arquivos de banco de dados criado por apps em telefones celulares- <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://www.zetetic.net/sqlcipher/sqlcipher-for-android/">https://www.zetetic.net/sqlcipher/sqlcipher-for-android/</a></span></span></span>
</p>

Ainda não tem certeza se o Freebird é para você? <a href="https://guardianproject.info/freebird/who">Veja "Quem” que nós pensamos que deve comparecer…</a>

<p>
  <!--:-->

  <!--:es-->
</p>

<h2 lang="es-ES">
  ACTIVIDADES DEL DÍA
</h2>

<h2 lang="es-ES">
  Programa: de 9 a. m. a 5 p. m. - 30 de mayo de 2012
</h2>

El taller permitirá que todos los participantes puedan reunirse y que se organicen grupos de debate entre usuarios y desarrolladores. Este evento es un <a href="https://en.wikipedia.org/wiki/BarCamp">BARCAMP</a>, entonces prepárese para relacionarse, compartir experiencias y participar.

La sección UTILIZACIÓN consistirá en capacitar a los usuarios de telefonía móvil sobre cómo funcionan sus dispositivos o si funcionan en su contra, y les permitirá remplazar el software de fábrica por versiones más seguras o libres.

La sección CREACIÓN se centrará en la creación de nuevos software de seguridad o la adaptación de los ya existentes a las plataformas móviles; se debatirá sobre los tipos de amenazas para la telefonía móvil y el uso de la tecnología móvil para asistir a los defensores de derechos, periodistas y activistas.

<p lang="es-ES">
  Como asistente del evento, tendrá la oportunidad de:
</p>

<ul>
  <li>
    <p lang="es-ES">
      aprender a instalar y utilizar los programas para mejorar la privacidad en la telefonía móvil
    </p>
  </li>

  <li>
    <p lang="es-ES">
      presentar, compartir, pensar y discutir sobre su proyecto
    </p>
  </li>

  <li>
    <p lang="es-ES">
      participar de una actividad de desarrollo rápido de prototipos en la que el USUARIO conoce al DESARROLLADOR
    </p>
  </li>

  <li>
    <p lang="es-ES">
      pasar un buen momento con gente inteligente interesada en la telefonía móvil abierta
    </p>
  </li>
</ul>

El equipo de The Guardian Project junto a su socio Zetetic, Inc. (creadores de SQLCipher) expondrán sus proyectos, entre los que se incluyen:

<p>
  <strong>ObscuraCam e InformaCam</strong> – proyectos de uso seguro de cámaras con encriptación de vídeo y fotografía y captura mejorada de metadatos : <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://guardianproject.info/apps/obscuracam/">https://guardianproject.info/apps/obscuracam/</a></span></span>
</p>

<p>
  <strong>Open Source Telephony Network [Red de Telefonía de Código Abierto]</strong> – creación de un sistema de telefonía libre, seguro y basado en estándares: <a href="https://guardianproject.info/wiki/OSTN"><span style="color: #0000ff;"><span style="text-decoration: underline;">https://guardianproject.info/wiki/OSTN</span></span><br /> </a><br /> <strong>SQLCipher</strong> – una extensión de la base de datos móviles de SQLite que proporciona una encriptación AES de 256-bit de archivos de base de datos creados por las aplicaciones de teléfonos móviles - <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://www.zetetic.net/sqlcipher/sqlcipher-for-android/">https://www.zetetic.net/sqlcipher/sqlcipher-for-android/</a></span></span>
</p>

¿Aún no está seguro si Freebird es adecuado para usted? <a href="https://guardianproject.info/freebird/who">Consulte la sección "Quién debería asistir" para saber quienes creemos que deberían asistir</a>

<p>
  <!--:-->
</p>

<p>
  </span></span></a>
</p>

<p>
  <strong>SQLCipher</strong> – uma extensão para o banco de dados móvel de SQLite que fornece criptografia transparente AES de 256 bits dos arquivos de banco de dados criado por apps em telefones celulares- <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://www.zetetic.net/sqlcipher/sqlcipher-for-android/">https://www.zetetic.net/sqlcipher/sqlcipher-for-android/</a></span></span></span>
</p>

Ainda não tem certeza se o Freebird é para você? <a href="https://guardianproject.info/freebird/who">Veja "Quem” que nós pensamos que deve comparecer…</a>

<p>
  <!--:-->

  <!--:es-->
</p>

<h2 lang="es-ES">
  ACTIVIDADES DEL DÍA
</h2>

<h2 lang="es-ES">
  Programa: de 9 a. m. a 5 p. m. - 30 de mayo de 2012
</h2>

El taller permitirá que todos los participantes puedan reunirse y que se organicen grupos de debate entre usuarios y desarrolladores. Este evento es un <a href="https://en.wikipedia.org/wiki/BarCamp">BARCAMP</a>, entonces prepárese para relacionarse, compartir experiencias y participar.

La sección UTILIZACIÓN consistirá en capacitar a los usuarios de telefonía móvil sobre cómo funcionan sus dispositivos o si funcionan en su contra, y les permitirá remplazar el software de fábrica por versiones más seguras o libres.

La sección CREACIÓN se centrará en la creación de nuevos software de seguridad o la adaptación de los ya existentes a las plataformas móviles; se debatirá sobre los tipos de amenazas para la telefonía móvil y el uso de la tecnología móvil para asistir a los defensores de derechos, periodistas y activistas.

<p lang="es-ES">
  Como asistente del evento, tendrá la oportunidad de:
</p>

<ul>
  <li>
    <p lang="es-ES">
      aprender a instalar y utilizar los programas para mejorar la privacidad en la telefonía móvil
    </p>
  </li>

  <li>
    <p lang="es-ES">
      presentar, compartir, pensar y discutir sobre su proyecto
    </p>
  </li>

  <li>
    <p lang="es-ES">
      participar de una actividad de desarrollo rápido de prototipos en la que el USUARIO conoce al DESARROLLADOR
    </p>
  </li>

  <li>
    <p lang="es-ES">
      pasar un buen momento con gente inteligente interesada en la telefonía móvil abierta
    </p>
  </li>
</ul>

El equipo de The Guardian Project junto a su socio Zetetic, Inc. (creadores de SQLCipher) expondrán sus proyectos, entre los que se incluyen:

<p>
  <strong>ObscuraCam e InformaCam</strong> – proyectos de uso seguro de cámaras con encriptación de vídeo y fotografía y captura mejorada de metadatos : <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://guardianproject.info/apps/obscuracam/">https://guardianproject.info/apps/obscuracam/</a></span></span>
</p>

<p>
  <strong>Open Source Telephony Network [Red de Telefonía de Código Abierto]</strong> – creación de un sistema de telefonía libre, seguro y basado en estándares: <a href="https://guardianproject.info/wiki/OSTN"><span style="color: #0000ff;"><span style="text-decoration: underline;">https://guardianproject.info/wiki/OSTN</span></span><br /> </a><br /> <strong>SQLCipher</strong> – una extensión de la base de datos móviles de SQLite que proporciona una encriptación AES de 256-bit de archivos de base de datos creados por las aplicaciones de teléfonos móviles - <span style="color: #0000ff;"><span style="text-decoration: underline;"><a href="https://www.zetetic.net/sqlcipher/sqlcipher-for-android/">https://www.zetetic.net/sqlcipher/sqlcipher-for-android/</a></span></span>
</p>

¿Aún no está seguro si Freebird es adecuado para usted? <a href="https://guardianproject.info/freebird/who">Consulte la sección "Quién debería asistir" para saber quienes creemos que deberían asistir</a>

<p>
  <!--:-->
</p>

<!--:es-->

<span style="font-family: Times;">¿Alguna vez se preguntó todo lo que su teléfono móvil podría saber sobre su vida<br /> si pudiera hablar?<br /> <em><strong>Entonces Freebird es para usted.</strong></em></span>

<!--:es-->

<span style="font-family: Times;">¿Alguna vez se preguntó todo lo que su teléfono móvil podría saber sobre su vida<br /> si pudiera hablar?<br /> <em><strong>Entonces Freebird es para usted.</strong></em></span>

<p style="padding-left: 30px; text-align: center;">
  <span style="line-height: 8px;"><a href="https://guardianproject.info/wp-content/uploads/2010/06/apg_import_keys_blur.png"><img class="size-medium wp-image-392 aligncenter" title="apg_import_keys_blur" src="https://guardianproject.info/wp-content/uploads/2010/06/apg_import_keys_blur-180x300.png" alt="" width="180" height="300" srcset="https://guardianproject.info/wp-content/uploads/2010/06/apg_import_keys_blur-180x300.png 180w, https://guardianproject.info/wp-content/uploads/2010/06/apg_import_keys_blur.png 480w" sizes="(max-width: 180px) 100vw, 180px" /></a></span>
</p>

<p style="padding-left: 30px;">
  <p style="padding-left: 30px;">
    Once your public key(s) are successfully imported, return to the main APG menu, select ‘Manage Secret Keys’ and repeat the steps above for your Private Key.
  </p>

  <p style="padding-left: 30px;">
    <strong>4. Download and Configure K-9 Mail</strong>
  </p>

  <p style="padding-left: 30px;">
    Download the latest version of K-9 mail featuring APG integration. You can find it on the Downloads page <a href="https://code.google.com/p/k9mail/downloads/list">here</a> or, again, point your barcode scanner to the QR Code below. Whatever floats your boat.
  </p>

  <p style="padding-left: 30px; text-align: center;">
    <img class="aligncenter" src="https://chart.apis.google.com/chart?chs=150x150&cht=qr&chl=http://k9mail.googlecode.com/files/k9-apg-2900-beta.apk&chld=L|1&choe=UTF-8" alt="" width="125" height="125" />
  </p>

  <p style="padding-left: 30px;">
    Set up your email account by entering your email address and password, then give it a name.
  </p>

  <p style="padding-left: 30px;">
    <a href="https://guardianproject.info/wp-content/uploads/2010/07/k9_setup1.png"><img class="aligncenter size-medium wp-image-451" title="k9_setup" src="https://guardianproject.info/wp-content/uploads/2010/07/k9_setup1-168x300.png" alt="" width="168" height="300" srcset="https://guardianproject.info/wp-content/uploads/2010/07/k9_setup1-168x300.png 168w, https://guardianproject.info/wp-content/uploads/2010/07/k9_setup1-84x150.png 84w, https://guardianproject.info/wp-content/uploads/2010/07/k9_setup1.png 480w" sizes="(max-width: 168px) 100vw, 168px" /></a>
  </p>

  <p style="padding-left: 30px;">
    <p style="padding-left: 30px; text-align: center;">
      <img class="aligncenter" title="k9_almost_done" src="https://guardianproject.info/wp-content/uploads/2010/07/k9_almost_done-168x300.png" alt="" width="168" height="300" />
    </p>

    <p style="padding-left: 30px;">
      For more popular accounts such as gmail, Yahoo!, etc., K-9 will automatically detect the correct configuration. For more complex accounts such as Exchange, please check out the K-9 wiki page <a href="https://code.google.com/p/k9mail/w/list">here</a>.
    </p>

    <p style="padding-left: 30px;">
      <strong>5. Send and Receive Encrypted Email!</strong>
    </p>

    <p style="padding-left: 30px;">
      Thanks to the integration effort by the teams at APG and K-9, actually using secure mobile email becomes easy. The compose screen features a prominent checkbox and button that allow you to sign and encrypt your outbound messages, respectively.
    </p>

    <p style="padding-left: 30px;">
      <a href="https://guardianproject.info/wp-content/uploads/2010/07/k9_compose.png"><img class="aligncenter size-medium wp-image-453" title="k9_compose" src="https://guardianproject.info/wp-content/uploads/2010/07/k9_compose-168x300.png" alt="" width="168" height="300" srcset="https://guardianproject.info/wp-content/uploads/2010/07/k9_compose-168x300.png 168w, https://guardianproject.info/wp-content/uploads/2010/07/k9_compose-84x150.png 84w, https://guardianproject.info/wp-content/uploads/2010/07/k9_compose.png 480w" sizes="(max-width: 168px) 100vw, 168px" /></a>
    </p>

    <p style="padding-left: 30px;">
      Decrypting messages with your private key is even easier and is literally a 1-touch experience:
    </p>

    <p style="padding-left: 30px;">
      <a href="https://guardianproject.info/wp-content/uploads/2010/07/k9_almost_done.png"></a><a href="https://guardianproject.info/wp-content/uploads/2010/07/k9_view_decrypt.png"><img class="aligncenter size-medium wp-image-455" title="k9_view_decrypt" src="https://guardianproject.info/wp-content/uploads/2010/07/k9_view_decrypt-180x300.png" alt="" width="180" height="300" srcset="https://guardianproject.info/wp-content/uploads/2010/07/k9_view_decrypt-180x300.png 180w, https://guardianproject.info/wp-content/uploads/2010/07/k9_view_decrypt-90x150.png 90w, https://guardianproject.info/wp-content/uploads/2010/07/k9_view_decrypt.png 480w" sizes="(max-width: 180px) 100vw, 180px" /></a>
    </p>

    <p style="padding-left: 30px;">
      <strong>Enjoy! </strong>As always, please post all questions, concerns, and jokes (only good ones please) in the Comments section. We’re very excited about the powerful combination that these two apps bring and we’d love to hear from you!
    </p>

    <p style="padding-left: 30px;">
      If you find any issues with APG, please report them <a href="https://code.google.com/p/android-privacy-guard/issues/list">here</a>:
    </p>

    <p style="padding-left: 30px;">
      <span style="line-height: 13px;"><span style="line-height: 16px;">Likewise, report issues with K-9 <a href="https://code.google.com/p/k9mail/issues/list">here</a>. </span></span>
    </p>

Test Scenario	Data Usage	Overhead
Web Traffic
Without Orbot	2.35 MiB	—
With Orbot	3.44 MiB	46%
Orweb	3.26 MiB	38%
Bulk Download
With Orbot	17.82 MiB	15%
Without Orbot	15.49 MiB	—
Idle	65 Bytes/s	—
228 KiB/hour
160 MiB/month
Client Start/Stop	37.8 KiB	—

Monthly Plan	Usable Data	Orbot Data Tax
At 15%	At 46%	At 15%	At 46%
5 GiB	4.21 GiB	3.31 GiB	16%	34%
1 GiB	751 MiB	588 MiB	27%	43%
500 MiB	295 MiB	233 MiB	41%	53%

Orbot
Product Name	Versions	ECCN	Controlled Source
Orbot	development	5D002	The Tor Project https://gitweb.torproject.org/orbot.git
1.5 and later	5D002	The Tor Project https://www.torproject.org/docs/android.html.en
Gibberbot	development	5D002	GP https://github.com/guardianproject
1.x and later	5D002	GP https://guardianproject.info/apps/gibber/
SQLCipher for Android	development	5D002	GP https://github.com/guardianproject/android-database-sqlcipher/
		SQLCipher: https://www.zetetic.net/sqlcipher/

Orbot
Product Name	Versions	ECCN	Controlled Source
Orbot	development	5D002	The Tor Project https://gitweb.torproject.org/orbot.git
1.5 and later	5D002	The Tor Project https://www.torproject.org/docs/android.html.en
Gibberbot	development	5D002	GP https://github.com/guardianproject
1.x and later	5D002	GP https://guardianproject.info/apps/gibber/
SQLCipher for Android	development	5D002	GP https://github.com/guardianproject/android-database-sqlcipher/
		SQLCipher: https://www.zetetic.net/sqlcipher/


Using the InformaCam “Identify” filter.	Select a Trusted Destination for your encrypted media.

About Guardian Project on Guardian Project

Ripple: respond when panicking

Seeking Ruby/Jekyll contractors to start ASAP

About you

Bonus points for

About us

Tor Browser for Android (Alpha)

Tor Browser for Android

Seeking part-time Grant Administrator

About us

What you’ll do

Support our Contractors

Grant Management

Networking and Relationship Management

Enhance our Outreach and Engagement

Who You Are

It’s a bonus if you

What We Offer

Ready to Apply?

First Time Using CalyxOS Review

IETF119 Conference Report: Monday March 18, 2024

Dispatch

CFRG

OHTTP

Hackathon Demo

IETF119 Conference Report: Hackathon March 17, 2024

The future of our fdroid-compatible app repository

TorServices (alpha)

ProofMode: Verified Witnessing

Orbot: Proxy with Tor

Orbot: Proxy with Tor

Orbot: Proxy with Tor

Orbot: Proxy with Tor

Orbot: Proxy with Tor

Orbot: Proxy with Tor

Quick set up guide for Encrypted Client Hello (ECH)

Install packages

Pick some DNS names to use

Generate an ECH key pair

Set up DNS

Standalone/New setup : dnsmasq as a authoritative DNS server to serve the ECH key (on the same VM)

Existing DNS name setup: using bind to publish new ECH related resource records

Checking your DNS set up

Set up nginx to serve an outer and an inner (hidden) website

Run certbot to get a TLS server certificate

Use curl to test the set up

Check with browsers

Feedback

DEfO - Developing ECH for OpenSSL (round two)

Timeliness

Our development projects

Libraries

Clients

Servers

Test tools

Issues Arising

Conclusions

PixelKnot: Hidden Messages

PixelKnot: Hidden Messages

FIFA2023 Report

Achieve Onion Layers of Security with the Triad of Apple-tizing Apps!

Improving website resilience with LibResilient and IPFS

Publishing LibResilient to IPFS

requirements

Install IPFS

Publish site to IPFS

Update LibResilient config to include IPNS link

Publish updated site to IPFS

EU should not require sharing unpatched vulnerabilities

Improving Usability of Tor on Smartphones in Latin America

IETF116 Conference Report: Friday March 31, 2023

IETF116 Conference Report: Thursday March 30, 2023

IETF116 Conference Report: Wednesday March 29, 2023

IETF116 Conference Report: Tuesday March 28, 2023

IETF116 Conference Report: Monday March 27, 2023

Arti, next-gen Tor on mobile

Steps towards trusted VPNs

How to build a privacy-respecting VPN service

Know as little as possible about your users

Keep as little information as possible