“Click here to break the firewall” is a concept whose time has passed

To defend against China online and break their censorship, you need to face them everywhere, in many ways, and secure the broader internet.

This post was written in support of the value that the Open Technology Fund has provided to oppressed people in China, exile communities and the entire world over the last 8 years. Please consider signing this letter to support their essential work.

Six years ago, I gave a talk at Harvard, entitled “The Great Firewall Inverts” (vpresentation slides here). The summary of this talk was that the moment for “breaking down that firewall” had largely passed, with the maturation of domestic services in China, and the growing dominance of WeChat. The next generation of Chinese users is mobile messaging and apps first, and not interested in surfing the information superhighway. Even further, the interest and adoption of Chinese tools at the time was growing not only at home, but abroad, and not only with overseas Chinese, but also non-Chinese. The Great Firewall had morphed into a many-tentacled creature, growing from Beijing out to the entire planet.

Today, in 2020, that image of the Chinese internet is more true than ever. WeChat runs all facets of Chinese life, and continues its growth abroad as both messaging and payment service. It is not unusual to see “Pay with WeChat or AliPay” in major American cities. TikTok dominates the life of tweens and teens worldwide, censoring even the most subtle protest dances. Even the backbone of all global remote work, learning and education during the pandemic, Zoom, has Chinese ties, and recently disabled a user’s account after they organized an online Tienanmen Square vigil. It isn’t just the good people of China who are in peril from Chinese technology, it is everyone, everywhere that is opting-in to be behind the Great Firewall, whether they realize it or not, by choosing to use its software, services and hardware. As we have seen with the adoption of Huawei infrastructure, China is moving fast, into many places, across Asia, to Africa and Latin America, often offering better products for lower prices. Focusing on one “wall” is missing the point and growing dominance of China-originated, privacy-eroding services worldwide.

While it is always a useful and noble effort to research, design and implement proxy technology that can evade network censorship and filtering, that one trick hammer will no longer help Chinese people protect themselves from censorship and surveillance. Solely focusing on funding technology to break through firewalls is a mentality that is over ten years old. It ignores all we have learned since then about all of the possible threats users face in a mobile-first world. Users are more likely to seek and share news and knowledge through messages and groups than by searching the web. The inability to protect these communications is more pressing of an issue, then whether one search engine can be reached or not. From malware-infected apps they might download that track all taps and take pictures without permission, to imposter text messages used to completely take over their phone’s low-level radio — the threats are direct and persistent, not at some invisible line on the internet.

Having a proxy tool provides no knowledge to Chinese advocates and lawyers on how to capture, secure and share photos and videos that could be used to gather evidence and fight corruption in towns, cities, or even the Chinese Communist Party. It does nothing to help understand what millions of Muslim Uighurs are at risk for by being forced to use police-state apps that track their every move, every app they use on their device, every person they call, both in the country and outside. It does nothing to stop the next-generation cyber attacks that exile groups, like the Tibetans, have been facing for twenty years (Thanks, in part to OTF, TibCERT now exists as a critical “firefighting” group to combat these). Simple proxies do nothing to support independent researchers around the world, working to understand and measure how these attacks, censorship and surveillance is happening, so they and others can build countermeasures.

This broader view and set of essential research, development, teaching and training, is precisely what the Open Technology Fund has been supporting for the last eight years. It is exactly what not only the people of China need, including Uighurs, Tibetans, Christians, Falun Gong practitioners, environmental activists, lawyers, and yes, even journalists, but what we all need globally to defend from attacks on many fronts. In fact, it is these attacks that China has taken on exile groups abroad, as documented by Citizen Lab’s impeccable research, that has provided deeper understanding to the true threat potential of China-backed cyber warfare worldwide. This includes on governments and military targets, as well.

This post is also available in full technicolor on Medium.

Nathan Freitas leads the Guardian Project, an open-source mobile security software project. Guardian Project has been a proud recipient of funding from OTF since 2012, with funding applied to the development of mobile privacy, security and circumvention tools that have benefited users in China. He also co-founded and directs technology strategy at the Tibet Action Institute. His work as an affiliate fellow at the Berkman-Klein Center at Harvard focuses on tracking the legality and prosecution risks for mobile security apps users worldwide.

Categorized as General

A Berkman-Klein Center Tale: From Fellows Hour to Funding!

This week, Mozilla and NSF announced the winners of their Wireless Innovation for a Network Society (WINS) challenge. After designing and prototyping for many months, my team at Guardian Project won the fourth grand prize for our work on “Wind” off-grid communication networks. This being a challenge mostly focused on deployment of post-disaster communications infrastructure, we are very satisfied that our privacy-centric, human rights-oriented infrastructure-less approach was positively recognized and rewarded.
What I want to share, for the benefit of new Fellows, and the larger community, was a brief timeline of how “Wind” began as an idea at 23 Everett Street (BKC’s HQ!) in 2014, and ended up where it is today. Beginning with the formation of a new idea, moving to introspection and tinkering, and then opening to collaboration and feedback, felt like one ideal story arc for the first year at the Berkman-Klein Center.
Fall 2014: Occupy!
Hong Kong’s Occupy Central movement was heating up in the streets, and along with it fears of mobile network shutdowns. Fellow Ellery Biddle from Global Voices hoped to respond to use of the insecure FireChat app by protestors, and so we collaborated on an article. We then presented some of our thoughts on the situation at a Fellows hour, our weekly community gathering. Later that week, as I sat around drinking too much delicious free coffee in the Fellows room, I thought to myself, “hey, there really isn’t a good, free, open-source private-by-design off grid communications system! I SHOULD BUILD ONE!”. Sometime in the next 24 hours, I had a 28kb app called Gilgamesh that did some interesting things.
I posted my progress to the “Berkmaniacs” community mailing list. Charlie Nesson came by to see if I was for real. Jonathan Zittrain pulled me into some meetings related to emergency mesh networks he had been envisioning with a former FCC chairman in the aftermath of the Marathon bombing. Four days later, I was claiming to have created Twitter over Bluetooth, but I think again, I was in a free espresso-fueled state.
The outcome of this flurry of activity was a new idea called StatusCasting that I hoped would be the RSS of off-grid, nearby communication, and the app Gilgamesh that continued to evolve. I know we all aspire to come to BKC to make impact through research, publishing, or participation in the creation of something like RSS, Creative Commons, or Chilling Effects (Lumin!). This was my shot. I am not ashamed to admit that. Fortunately, I moved from wide eyed excitement to quiet tinkering, as I fully grasped the scale and scope of the problem I was attempting to tackle. I laid off the coffee for awhile, in lieu of slowly brewed tea.
Winter 2015: A Mighty Wind!
As things happen at BKC, I became busy and fascinated by all the brilliant people around me, the books to read, and the talks to attend. I also realized that for my work on these new kind of networks to go forward, that I needed to have a much more fully formed concept. My goal was not to build yet another app, but to advanced thinking about the possibilities of digital communication without the internet. Fortunately, I had committed time during my fellowship for introspection, research, writing and hacking, on this very subject. I came up with a new grand name for this work, Wind, as a counterpart to the Web. Instead of hyperlinks and web servers, Wind has Chime beacons and humans with smartphones moving through time and space. I wanted to move the discussion beyond “mesh networks” to something bigger… It may have been the free coffee, plus now, the peanut butter filled pretzels (new snack!), that fueled my ambition, but hey, that’s what they are for, right?
I ended up producing a set of rough work on specifications, more prototypes, and the beginnings of a lightning talk style presentation, Beyond Static Networks to Consider Space and Time. Not a bad place to be six months into my fellowship.
Spring 2015: Spinning up the Wind Farm!
As my first year as Fellow begin coming to an end (oh boy does it happen fast!), I started to think about ways I could share my progress, and decided to hold a two day workshop. After all, hosting and inviting people to come to Berkman has a great deal of gravitas. You are likely to get people generally above your pay grade to show up. With the great help of Carrie, Becca and the BKC staff, I planned and organized a two day event called WindFarm0.
The first day was an invite only workshop of advocates, designers and developers, already invested in implementation Wind-like systems. I got a small amount of grant funding to cover travel, breakfast, burritos and beer. We had a great turnout, including other BKC folk, security and privacy experts, researchers from Microsoft working on industrial IoT and a team building small, portable medical devices for monitoring ebola patients. We took over the conference room, beamed in remote experts, and had a very productive day, working to connect my catalytic ideas on Wind, with the rest of the body of work out there. There were many pictures of whiteboards taken and future plans laid.
The second day was a public hands on day, to play, learn and break, all of our prototypes and apps. We had over 100 people register, and about 50 showed up. It ended with an off-grid digital relay release from BKC to Harvard Square, utilizing competing technology stacks. It was great fun, and thanks to the Berkmanfriends list, even got covered by CBC Radio.
Since then….
As I continued my fellowship and affiliation with Berkman in 2015 and beyond, the work on Wind continued. I presented my one year in with Wind update at another fall Fellows Hour in 2015, and had some amazing collaboration with Jack and SJ, who built a “Wind network simulator” javascript tool. This work is still featured as part of our project site today. Based on experiences from Hurricane Sandy and elsewhere, Willow Brugh invited me to talk about Wind at an amazing workshop of her own at Berkman (also check out Willow’s recently published Guide for Journalists in Post-Disaster Zones for Getting Online). I also met Jason Griffey of LibraryBox, when he began his Fellowship in 2015. We spent many hours talking and dreaming of the broad benefits of non-internet communication. Since then, we have found a number of ways to include the use of LibraryBoxes and pirateboxes, as part of our Wind network suite. We even had one running in our final presentation at the Mozilla NSF event!
Since 2015, code and concepts related to Wind have been built into a number of apps, and used by real people around the world, to share and communicate, when the internet isn’t the best option. We don’t have one Wind “app”, but many variations of the work in projects like F-Droid.org, a decentralized app store that is used in Cuba. We spent this last year working on Viento, a Wind-inspired effort to improve the use of human rights and humanitarian apps for limited connectivity areas in Latin America. When Mozilla and NSF announced the WINS challenge, we decided to start exploring how this work could benefit people better in post-disaster and humanitarian situations. I think this YouTube video does the best job of communicating where we are today, and of course, our announcement blog post as well.

Bringing it Back to Berkman
Beginning with the formation of a new idea, moving to introspection and tinkering, and then opening to collaboration and feedback, felt like my ideal story arc for the first year at BKC. Everyone will have their own path, to be sure, but don’t be afraid to embrace a new one, and consider where you might end up on it after 9 months, or even 3 years and beyond.
That’s my story now. I hope it was helpful. Now go check out the application and apply for the 2019-2020 Berkman-Klein Center Fellowship today!

Categorized as General

#Print4Bassel A Participatory Memorial

Update below on August 11: Printing has begun!

Tragic news, shared a few days ago by the #NEWPALMYRA project:

Yesterday we received the devastating information that #NEWPALMYRA founder Bassel Khartabil was unlawfully executed by the Syrian regime. Needless to say, along with all of the international community whose lives he touched, we were shocked and saddened to learn of the outrageous, unwarranted, extrajudicial killing of our dear friend and collaborator.

To continue supporting Bassel’s memory and work, Creative Commons has set up the Bassel Khartabil Memorial Fund, at the request of his family. Please donate today.

Bassel KhartabilIf you don’t know about Bassel or the #NEWPALMYRA project he founded, well, there is a lot to learn. He was a person committed to free software and open culture, not to mention real change in the world, with technology playing a critical role in that. The project is focused on  using digital tools to preserve heritage sites, including modeling a number of sites in Syria that have been recently destroyed by the war.


This section of the epic Tetrapylon of Palmyra — part of a set of four, four-column pylons that would have marked an intersection or central place, was destroyed in 2016. #NEWPALMYRA released this version at the Creative Commons Summit in April 2017.

The original, now destroyed tetrapylons on the left, and the latest printed model from the Creative Commons summit on the right.

Since its inception, this was a project that I have been personally fascinated with, both as an activist fighting against the destruction of cultures, and as a geek wanting to put cutting edge technology to the maximum possible beneficial use. In my own life, I began documenting buildings from my home town that had cultural significance, and have started the long process of turning them into 3D models, that can be printed again, or experienced through virtually or mixed reality experiences in the future.

All of this work has been done within the guiding light of free software, and free, open, pro-remix, reuse culture that Bassel worked on and contributed to as a technologist and advocate. I hoped that Bassel would one day be freed, to see what has become of the roots he laid, and understand how prescient and important it was. Sadly, instead, we must find ways to memorialize him, support his family, and ensure his causes and efforts continue.

I have decided to start the  #PRINT4BASSEL Participatory Memorial, calling on everyone who has access to a 3D printer, to spread awareness about Bassel’s vision and life, promote the work of #NEWPALMYRA, and raise donations for the memorial fund.

  1. Go to the NewPalmyra.org website, find a model, download and print it using your friendly, local neighborhood 3D printer. Many libraries, schools and offices now offer free 3D printing, so even if you don’t know how, there will be someone around who will gladly help you. The Tetrapylon is good model to start with, but there are many more options.
  2. Print out this photo of Bassel, provided under the CC-BY license by the Joi Ito, friend of Bassel and MIT Media Lab director. Read his thoughts on the news of Bassel’s passing here.
  3. Create a small memorial for him in a public place, ideally near the 3D printer, with the model and the photo, and include a message like the following:Bassel believed culture could be preserved through 3D modeling and printing. For his beliefs and tireless work as an outspoken activist and technologist, he was imprisoned and executed in Syria. Keep his vision alive by learning how to print your own replica of a destroyed or endangered heritage site in Syria and spread  #PRINT4BASSEL. http://www.newpalmyra.org/ #FREEBASSEL #PRINT4BASSEL

I am working hard to complete my own first set of memorial prints, which I plan to put on display at multiple locations throughout Boston, Cambridge and Brookline, where I work and live. Please join me in this effort, and tweet or comment here to let me know where you plan to #PRINT4BASSEL.

To continue supporting Bassel’s memory and work, Creative Commons has set up the Bassel Khartabil Memorial Fund, at the request of his family. Contributions to the fund will go towards projects, programs, and grants to individuals advancing collaboration, community building, and leadership development in the open communities of the Arab world. Please consider making a donation if you are able so that New Palmyra and others can continue their important work.

Update August 11: I’ve printed my first Tetrapylon, thanks to the printer at Cambridge Innovation Center. For this setup, there was no connected computer, so I had to find a way to convert the STL file provided on the NewPalmyra.org website into a “.Makerbot” file, that could then be loaded on a USB drive. After wrestling with a number of open-source solutions for Linux, I eventually downloaded Makerbot Print, and ran it on my Windows partition. I printed the model at the import size, which ends up being about a few centimeters tall, and taking about an hour to print. I enabled “supports”, to ensure the columns and top would not collapse. All in all, once I figured out the Makerbot software, it worked out well. From here, I plan to complete my small memorial prototype, as proposed above.

… and lastly, my first complete prototype for a small memorial. The QR code links to http://newpalmyra.org

[fvplayer src=”https://www.youtube.com/watch?v=qQlW1wFwbP4″]

Categorized as General

Combating “Fake News” With a Smartphone “Proof Mode”

Reposted from the Guardian Project blog

We have been working for many years with our partners at WITNESS, a leading human rights media training and advocacy organization, to figure out how best to turn smartphone cameras into tools of empowerment for activists. While it is often enough to use the visual pixels you capture to create awareness or pressure on an issue, sometimes you want those pixels to actually be treated as evidence. This means, you want people to trust what they see, to know it hasn’t been tampered with, and to believe that it came from the time, place and person you say it came from.

Enter, ProofMode, a light, minimal “reboot” of our more heavyweight, verified media app, CameraV. Our aim was to create a lightweight (< 3MB!), almost invisible utility (minimal battery impact!), that you can run all of the time on your phone (no annoying notifications or popups), that automatically adds extra digital proof data to all photos and videos you take. This data can then be easily shared, when you really need it, through a “Share Proof” share action, to anyone you choose over email or a messaging app, or uploaded to a cloud service or reporting platform.



On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itself, and using that to automatically sign all photos and videos at time of capture. A sha256 hash is also generated, and combined with a snapshot of all available device sensor data, such as GPS location, wifi and mobile networks, altitude,  device language, hardware type, and more. This is also signed, and stored with the media. All of this happens with no noticeable impact on battery life or performance, every time the user takes a photo or video. We have been running it for months on fairly old, low end phones, and you just forget it is happening.



While we are very proud of the work we did with the CameraV and InformaCam projects, the end results was a complex application and proprietary data format that required a great deal of investment by any user or community that wished to adopt it. Furthermore, it was an app that you had to decide and remember to use, in a moment of crisis. With ProofMode, we both wanted to simplify the adoption of the tool, and make it nearly invisible to the end-user, while making it the adoption of the tool by organizations painless through simple formats like CSV and known formats like PGP signatures.

The source and direct APK downloads are available on Github: https://github.com/guardianproject/proofmode

The beta release is also available today for Android phones on Google Play. We hope to have an iPhone version in beta in the next few months.

We have also published a sample batch proof data set on Github here: https://github.com/guardianproject/proofmode/tree/master/samples/sample-proof-1

Our design goals included the following:

  • Run all of the time in the background without noticeable battery, storage or network impact
  • Provide a no-setup-required, automatic new user experience that works without requiring training
  • Use strong cryptography for strong identity and verification features, but not encryption
  • Produce “proof” sensor data formats that can be easily parse, imported by existing tools (CSV)
  • Do not modify the original media files; all proof metadata storied in separate file
  • Support chain of custody needs through automatic creation of sha256 hashes and PGP signatures
  • Do not require a persistent identity or account generation

We also were able to take advantage of the new Android “Quick Settings” developer API, to add a ProofMode toggle button right along side other system functions like Wifi, Location, Bluetooth and more. This fulfills a vision that WITNESS has had for a while in mainstreaming the concept of our prototype into mainstream adoption, giving every citizen journalist a quick mode to activate when their moment arrives.


You can read a bit more in the project README on the workflow we imagine being used for all of this. What we hope is that the ProofMode app is simple and low impact enough that potential users will install and forget that it is there. It will go along doing its business quietly without fuss, until the users realizes they have taken a photo or video that might have some value as digital evidence. Then, using the SHARE PROOF action, send their proof data set off to an organization, journalist, lawyer, or other advocate that would be able to verify the chain of custody and integrity of the files and proof using off the shelf OpenPGP and CSV visualization tools. While we have a bit more work to do on the last part, we already have many partners in the human rights world who are skilled and capable of doing just that.

If you’d like to learn more about the CameraV app and our collaboration with WITNESS and Coletivo Papo Reto video activist group in Brazil, please watch this video below from the Al Jazeera “Rebel Geeks” documentary.

Message me on Keybase

I’ve started using Keybase Chat, and I am really enjoying it. It combines Slack and Dropbox, with end-to-end encryption, all without needing a phone number or “real name”. Send me a message and say hello!

At Keybase we collectively use and love WhatsApp, Signal, Slack, and iMessage, to name a few. However, in all those apps: recipients are looked up by phone number or email.That works ok with friends and coworkers.But it sucks with people you know on the Internet. First off, they have to give you their phone number in a preliminary back and forth. That takes time and prevents you from sending your message until you hear back.Then, to make sure you’re really secure, you’re supposed to compare special codes by meeting in person. That’s impossible in most cases.Keybase is different. For example, in Keybase chat, I can simply use my Hacker News name, malgorithms, as my secure address; no phone number or email needed. My Twitter username would work, too. Or even my Reddit username.

Source: Introducing Keybase Chat