We engage with and contribute to various communities to promote the use of secure systems and privacy-protecting technology.
Secure file storage system for human rights organizations, journalists, and activists
Human rights defenders face unique challenges. Their data is particularly vulnerable to attack; failure to secure this data could result in serious consequences for their sources and networks. Least Authority has designed the HRO (Human Rights Organizations) Cloud to offer a secure file storage option to human rights defenders. The HRO Cloud is built on Tahoe-LAFS, an open-source, decentralized cloud storage system which distributes data across multiple servers. Using Tahoe-LAFS for this service means that even if some of the servers fail or are taken over by an attack, the entire file store continues to function correctly, preserving users’ privacy and security. Users’ data is encrypted before it leaves the device, meaning they are in control of the keys to their files and only they can access their own data.
Private Periodic Payment Protocol
Least Authority has designed a protocol called the Private Periodic Payment Protocol, or P4, which is a privacy by design mechanism that enables customers to process payments without requiring them to share personal information. P4 aims to define the way in which subscription services can be funded using end-to-end private cryptocurrency payments, by incorporating the use of Zcash shielded transactions and leveraging the Tor anonymity network’s onion services.
Pro Bono Security Consulting
In an effort to support privacy enhancing technologies (PETs) that face significant resource constraints, Least Authority is offering pro bono security consulting services to a selected qualifying project. The initiative is open to open source and non-profit PETs that are aligned with Least Authority’s mission to “advance digital security and preserve privacy as a fundamental human right”.
The deadline for the initial application round is September 30, 2021.
Open Source Development
Open source tools are at the core of our products and services.
With outside funding and support, more of our work is possible.
MW4ALL and MW4ALL 2.0 (Magic Wormhole for All)
The goal of these projects is to bring the security and privacy benefits of Magic Wormhole to more people through a sustainable product.
In the first project we identified the technical needs required to scale Magic Wormhole to a commercial product, carried out a survey to determine people’s file transfer needs, and mapped out the current file transfer market. In the second project we are doing user testing, developing a web-based file transfer tool, and building a sustainable business model.
Organizational Deployment of Secure Distributed Storage with Tahoe-LAFS
The goal of this project was to adapt Least Authority’s open-source tools (Tahoe-LAFS, Gridsync, and Magic Folder) to make them more usable for human rights organizations in repressive contexts. A key component to this project was partnering with human rights organizations, to ensure that we met their needs and wants in further development of the tools. We did this by partnering with four human rights organizations from around the world and interacting with them throughout the project.
This project aimed to make SPAKE2 primitives available to mobile app developers and to support standardization of SPAKE2 inside the IETF. Magic Wormhole makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. We wanted to port Magic Wormhole and the SPAKE2 library it relies on over to Rust and Haskell to be able to run it on more modest platforms like smartphones.
How Magic Wormhole Can Bring About Internet Freedom
In multiple countries of the world, sharing certain photos, videos and documents can be risky. The goal of the research for Magic Wormhole was to match the secure file transfer technology with potential user communities living in highly censored and surveilled parts of the world. Our research partners OKthanks and the Guardian Project spoke with 12 individuals from 6 countries in an effort to understand how the technology is relevant and could be used in various contexts. Their report provided us with insights, personas that represent use cases, and recommendations to inform the development roadmap for Magic Wormhole.
S4 & GridSync Usability Study
The goal of this project was to connect with end-users to identify their needs, certain pain points and potential solutions when it comes to (secure) file storage. We partnered with SimplySecure for conducting user feedback sessions in Berlin and at the Internet Freedom Festival in Valencia and developing insights from them. We did further user testing on our secure file storage service S4 and its desktop software GridSync at the digital human rights event RightsCon, in Brussels.