Jekyll2024-03-26T19:21:14+00:00https://openprivacy.ca/feed.xmlOpen Privacy Research SocietyThe Open Privacy Research Society (Open Privacy for short) is a non-profit Canadian group based in Vancouver, British Columbia.Call for Board Member Nominations2024-01-01T00:00:00+00:002024-01-01T00:00:00+00:00https://openprivacy.ca/blog/2024/01/01/call-for-board-member-nominations<p>We are open to nominations for new people to join the Open Privacy Research Society’s <a href="https://openprivacy.ca/organization/">Board of Directors</a>!</p>
<p>In particular, we are looking for individuals who have experience in <strong>fundraising</strong> and <strong>organizational capacity building</strong>. But if you think you have a skill you can bring to
the Open Privacy board then we really want to hear from you.</p>
<!--more-->
<p>If you want to help bring privacy preserving technology to everyone then please <a href="mailto:contact@openprivacy.ca">get in touch</a> with the subject line
<code class="highlighter-rouge">Board Member Nomination: <Name></code>.</p>
<p>Board Members can reside anywhere in the world, though are expected to be able to attend virtual board meetings scheduled during the daytime in the Pacific Time Zone. These typically occur a few times a year.</p>
<p>Becoming a board member is subject to approval by the society, and subject to the requirements and restrictions set out in <a href="https://openprivacy.ca/bylaws.html">our bylaws</a>, and the B.C. Societies Act.</p>We are open to nominations for new people to join the Open Privacy Research Society’s Board of Directors! In particular, we are looking for individuals who have experience in fundraising and organizational capacity building. But if you think you have a skill you can bring to the Open Privacy board then we really want to hear from you.3 Years of Open Privacy2021-02-11T00:00:00+00:002021-02-11T00:00:00+00:00https://openprivacy.ca/blog/2021/02/11/3-years-of-open-privacy<p>Three years ago, on February 11th 2018, we officially incorporated the Open Privacy Research Society. At that point
in time I don’t think any of us had any idea how the following years would go.</p>
<p>2020 was difficult and challenging. The work outlined here is a fraction of what we had hoped to achieve. 2020 impacted
our projects, our priorities, and our lives. That said, I think it represents some of the most important work we
have done so far, and I am excited to push it as far as we can in 2021.</p>
<p>This work couldn’t exist without an active and amazing base of supporters, like you, who enable our mission -
researching and developing privacy enhancing technologies focused on those people and communities that need them most.</p>
<p>To celebrate our 3rd year anniversary I would like to invite you to review some of the amazing work that you helped
support in 2020 - and once again ask for your help and support to help us continue our mission in 2021.</p>
<!--more-->
<h2 id="lockbox">LockBox</h2>
<p><img src="/images/lockbox-banner.png" alt="" /></p>
<p><a href="/work/lockbox/">LockBox</a> is a set of applications that arose out of Open Privacy’s work helping with mutual aid funds to deploy secure
infrastructure in the wake of the COVID-19 pandemic. During the March to April 2020 time frame many people, particularly
those from marginalized communities found themselves in need of support.</p>
<p>Some community groups reached out to Open Privacy seeking advice on the need to collect sensitive information from people
in these communities for the purposes of distributing donated funds. These groups were looking for better privacy
guarantees for applicants and their personal information than mainstream hosted alternatives provided.</p>
<p>As we head further into 2021 expect to see more of LockBox!</p>
<h2 id="cwtch">Cwtch</h2>
<p><img src="/images/cwtch-design.jpeg" alt="" /></p>
<p>Working with Marcia, our staff designer, we spent much of 2020 <a href="https://git.openprivacy.ca/cwtch.im/ui">refining the design of Cwtch</a>. During November, we
ran a very successful alpha testing event gathering feedback on the design and functionality of our desktop and android
applications.</p>
<p>While we had hoped to get an official Beta out by the end of 2020 we encountered problems with the arm64 version of the libraries
that we rely on for UI. We are currently working on a new solution for android (and other future mobile Cwtch apps) -
expect news on this soon!</p>
<h2 id="research--outreach">Research & Outreach</h2>
<p>In 2020, we continued to help journalists understand the privacy impacts of their investigations with Erinn Atwater, our research
director <a href="https://financialpost.com/technology/tim-hortons-app-tracking-customers-intimate-data">providing assistance and comments on this excellent piece about Tim Horton’s customer tracking</a></p>
<p>We had planned a major research project in 2020, developing research and ethics protocols over the early months of 2020.
However, as we were set to convene focus groups the first wave of the pandemic started to become apparent. We
took the decision in early March to cancel plans and rework the project to focus on online interviews - unfortunately
by that time the pandemic had also had a major impact on Open Privacy staff and operations, and by May we were
forced to postpone the project entirely.</p>
<p>Funding from this work was diverted into LockBox outreach (more on this soon too!)</p>
<h2 id="organizational-transparency">Organizational Transparency</h2>
<p>We continued our commitment to organizational transparency by releasing our <a href="https://openprivacy.ca/reports/2019-eoy-report/">2019 end of year report</a> and
<a href="https://openprivacy.ca/assets/reports/2019/NttR-Open%20Privacy%20Research%20Society%20February%2010,%202020.pdf">financial statements</a>.</p>
<p>In addition, we <a href="https://openprivacy.ca/organization/">created a new dedicated section of this website</a> to allow easy access to reports, proposals,
meeting minutes and other information about Open Privacy.</p>
<h2 id="our-4th-year">Our 4th Year…</h2>
<p>Over the next year we plan to
take prototypes like <a href="https://crates.io/crates/tapir-cwtch">tapir on rust</a>,
<a href="https://git.openprivacy.ca/sarah/orbscura">orbscura</a> (a privacy preserving, decentralized microblogging platform) and
<a href="https://crates.io/crates/fuzzytags">fuzzytags</a> (an experimental probabilistic cryptographic tagging structure for metadata
resistant applications) from early ideas into concrete libraries and proposals for how metadata resistant applications
should work - and how we can enforce consent at the technical level.</p>
<p>To put it briefly, our goals for our 4th year are focused on concrete releases of applications and integrations. Getting the
research we have spent the last few years on into the hands of as many people as possible.</p>
<p>It’s a big goal, and we need your help to achieve it.</p>
<h2 id="in-closing">In Closing</h2>
<p>Despite the challenges that 2020 brought we accomplished so much, and have positioned ourselves to accomplish so
much more in 2021. To do that we need your help. Last year we raised less than 20% of our $300,000 goal
through new donations, and without significant support from people like you we will run out of funds before the
end of 2021.</p>
<p>Today we are launching <a href="/donate">our fundraising campaign for 2021</a>.</p>
<p>We believe the work that we do is important, necessary and critical to realizing the dream of a world free from oppression,
surveillance and censorship. <a href="/donate">Please help us continue our mission</a> by pledging today to support us
through <a href="https://patreon.com/openprivacy">Patreon</a> or <a href="/donate">donate to us directly via Paypal. Bitcoin, Monero or Zcash</a>.
You can also <a href="mailto:contact@openprivacy.ca">contact us</a> directly to arrange a bank transfer.</p>
<p>Thank you all for your continued support.
<br />
Sarah Jamie Lewis <br />
Executive Director, Open Privacy Research Society</p>Three years ago, on February 11th 2018, we officially incorporated the Open Privacy Research Society. At that point in time I don’t think any of us had any idea how the following years would go. 2020 was difficult and challenging. The work outlined here is a fraction of what we had hoped to achieve. 2020 impacted our projects, our priorities, and our lives. That said, I think it represents some of the most important work we have done so far, and I am excited to push it as far as we can in 2021. This work couldn’t exist without an active and amazing base of supporters, like you, who enable our mission - researching and developing privacy enhancing technologies focused on those people and communities that need them most. To celebrate our 3rd year anniversary I would like to invite you to review some of the amazing work that you helped support in 2020 - and once again ask for your help and support to help us continue our mission in 2021.Release&colon; Lockbox encrypted web forms2020-04-14T00:00:00+00:002020-04-14T00:00:00+00:00https://openprivacy.ca/blog/2020/04/14/lockbox<p>Today we are releasing the first cut of <a href="https://git.openprivacy.ca/openprivacy/lockbox">Lockbox</a>, an application for creating simple encrypted web forms! <!--more-->Lockbox arose out of our work helping with mutual aid funds, where community groups were looking for better privacy guarantees for applicants and their personal info than mainstream hosted alternatives.</p>
<p>Lockbox consists of <a href="https://git.openprivacy.ca/openprivacy/lockbox">a desktop app for managing encryption/decryption keys</a> and <a href="https://git.openprivacy.ca/openprivacy/lockbox-web">a web app for receiving and encrypting form submissions</a>. If an attacker gets read-only access to the server where the form is hosted (via vulnerable co-hosted apps or weaknesses in shared host configuration), they are unable to decrypt the submitted data. Only the private key holder can decrypt submissions, and the private key file can be kept offline and only shared with people who should have access to submissions.</p>
<p>Lockbox is a barebones app right now, making it easy for us to audit for security while being flexible for customization. We’ll be adding features over time, prioritized according to feedback. We are also investigating creating a hosted version. If you would be interested in a hosted version or have any other feedback, please <a href="mailto:contact@openprivacy.ca">get in touch!</a>.</p>
<p>As with everything we make, Lockbox is free and open source. If you’d like to support our work, please <a href="/donate">consider donating!</a></p>Today we are releasing the first cut of Lockbox, an application for creating simple encrypted web forms!2 Years of Open Privacy2020-02-11T00:00:00+00:002020-02-11T00:00:00+00:00https://openprivacy.ca/blog/2020/02/11/2-years-of-open-privacy<p>Two years ago, on February 11th 2018, we officially incorporated the Open Privacy Research Society. Since then we’ve grown so much as an organization. We now have 8 board members, and 4 staff members, multiple open source projects, an office and, most importantly, an active and amazing base of supporters who enable us to do our important work - researching and developing privacy enhancing technologies focused on those people and communities that need them most.</p>
<p>To celebrate our 2nd year anniversary I would like to invite you to review some of the amazing work that you helped support in 2019 - and once again ask for <a href="/donate">your help and support to help us continue our mission in 2020</a>.</p>
<!--more-->
<h2 id="disclosing-critical-cryptographic-flaws-in-e-voting-in-switzerland-and-australia">Disclosing Critical Cryptographic Flaws in E-voting in Switzerland and Australia</h2>
<p>In March, our Executive Director, <a href="https://openprivacy.ca/people/sarah-jamie-lewis/">Sarah Jamie Lewis</a> along with <a href="https://people.eng.unimelb.edu.au/vjteague/">Vanessa Teague</a> (University of Melbourne), and <a href="https://uclouvain.be/crypto/people/show/10">Olivier Pereira</a> (UCLouvain) published details of <a href="https://people.eng.unimelb.edu.au/vjteague/SwissVote">critical</a> <a href="https://pursuit.unimelb.edu.au/articles/what-a-second-flaw-in-switzerland-s-svote-means-for-nsw-s-ivote">vulnerabilities</a> <a href="/work/swisspost-scytl-evoting/">impacting evoting systems in Switzerland and Australia</a>. These vulnerabilities were soon confirmed by the vendor Scytl, resulting in an <a href="https://www.sbs.com.au/news/serious-flaw-hits-nsw-voting-system">emergency patch being installed during an election in New South Wales</a>, and a <a href="https://www.post.ch/en/about-us/media/press-releases/2019/swiss-post-temporarily-suspends-its-e-voting-system">“temporary” suspension of evoting offerings by Swiss Post</a>.</p>
<p>In June the Swiss Federal Council, citing these disclosures, <a href="https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-75615.html">delayed the introduction and evoting as an official option</a>, and shortly after SwissPost <a href="https://www.post.ch/en/about-us/media/press-releases/2019/swiss-post-to-focus-solely-on-new-system-with-universal-verifiability">announced</a> that it would not be offering its system for use in the October federal elections (despite having offered it in previous elections).</p>
<p>Just as math can protect the speech of the marginalized from the powerful, it can also be used to prove to everyone that power is not working as it claims.</p>
<p>Speaking math to power works.</p>
<h2 id="building-on-cwtch">Building on Cwtch</h2>
<p>At the end of our 2018 year we delivered the first alpha version of Cwtch. This was met with great excitement and enthusiasm from the wider community, attracting a number of volunteers who have contributed code, bug reports, testing, translations and documentation.</p>
<p>Throughout 2019 we have been pushing this alpha version forward, <a href="/blog/2019/08/19/cwtch-0.2.0/">improving the experience on Android</a>, and <a href="/blog/2019/09/23/cwtch-alpha-0.3.0/">introducing a first cut of managing multiple anonymous identities</a>.</p>
<p>This push will continue in 2020. We recently <a href="/blog/2020/01/13/welcoming-marcia-staff-designer/">hired a staff designer</a> to develop a cohesive user experience for Cwtch (more on that coming soon). <a href="/blog/2019/12/03/Incentivizing-Trustlessness-ZcashFoundation-Donation/">Research and development</a> remains a top priority as this is a space where many unsolved problems remain - however - we expect 2020 will be the year where the technologies developed for Cwtch will start making their way out of the research cycle, and into applications that people can download and use.</p>
<h2 id="exposing-breaches-of-patient-healthcare-records-across-vancouver-and-beyond">Exposing Breaches of Patient Healthcare Records Across Vancouver (and beyond)</h2>
<p>In September we <a href="/blog/2019/09/09/open-privacy-discovers-vancouver-patient-medical-data-breach/">publicly disclosed</a> the existence of a breach that exposed the sensitive medical information of patients being admitted to hospitals across the Greater Vancouver Area. Patient medical records were being broadcast, unencrypted, by hospital paging systems, and these broadcasts were trivially interceptable by anyone in the Greater Vancouver Area.</p>
<p>Shortly after the disclosure we received an <a href="/blog//2019/09/26/pager-breach-update/">update from Vancouver Coastal Health</a> acknowledging the breach and taking steps to minimize the impact of the breach.</p>
<p>In December we received a <a href="/assets/2019-F-116-VCH-Response-Redacted.pdf">response to our Freedom of Information request</a> demonstrating that Vancouver Coastal Health did not act decisively on our original disclosure (in November 2018), and instead only took the breach seriously when we contacted a journalist 9 months later. We also learned that <a href="https://www.ctvnews.ca/health/pager-systems-used-in-healthcare-could-be-exposing-patient-data-across-canada-1.4727129">several other health authorities may be breaching patient data in similar ways</a>. We are still awaiting the results of an OIPC investigation into this data breach. For more information please consult our <a href="/work/pager-breach/">full disclosure timeline</a>.</p>
<h2 id="opsec">OP:Sec</h2>
<p>Since our inception, the <a href="/work/opsec/">OP:Sec program</a> has allowed Open Privacy staff to contribute their technical security knowledge and experience directly back to the communities we serve. In addition to our regular 1:1 free consultations, in 2019 we assisted a sex worker support & advocacy organization in responding to an incident of white supremacist harassment, helped improve their organizational security, and worked with individual staff to help secure their online presences.</p>
<p>The nature of our OP:Sec work makes it simultaneously one of our most-rewarding and least-public activities. In 2020 we will seek to expand the program to make it more accessible and better able to create pillars of digital safety knowledge within our community. To accomplish this, we’ll be creating an OP:Sec Council to direct our research and oversee the creation and dissemination of evidence-based materials informed directly by the unique challenges faced by sex worker and queer communities interacting with technology. This will be a major undertaking and interested potential funders are urged to <a href="mailto:erinn@openprivacy.ca">contact Erinn directly</a> to find out more about our plans.</p>
<h2 id="in-closing">In Closing</h2>
<p>With those in mind, today we are launching <a href="/donate">our fundraising campaign for 2020</a>. Last year we raised 60% of our $300,000 goal. This year we are aiming to get over that line.</p>
<p>We believe the work that we do is important, necessary and critical to realizing the dream of a world free from oppression, surveillance and censorship. <a href="/donate">Please help us continue our mission</a> by pledging today to support us through <a href="https://patreon.com/openprivacy">Patreon</a> or <a href="/donate">donate to us directly via Bitcoin, Monero or Zcash</a>.</p>Two years ago, on February 11th 2018, we officially incorporated the Open Privacy Research Society. Since then we’ve grown so much as an organization. We now have 8 board members, and 4 staff members, multiple open source projects, an office and, most importantly, an active and amazing base of supporters who enable us to do our important work - researching and developing privacy enhancing technologies focused on those people and communities that need them most. To celebrate our 2nd year anniversary I would like to invite you to review some of the amazing work that you helped support in 2019 - and once again ask for your help and support to help us continue our mission in 2020.Welcoming Marcia as our new Staff Designer2020-01-13T00:00:00+00:002020-01-13T00:00:00+00:00https://openprivacy.ca/blog/2020/01/13/welcoming-marcia-staff-designer<p>Late last year we set out to find a new <a href="/jobs/staff-designer/">Staff Designer</a> to work with us to set the direction of the look and feel of our software projects and websites.</p>
<p>We received many fantastic applications, and we are very excited to announce that we have now hired a Staff Designer!</p>
<!--more-->
<p>Marcia is a Designer and Illustrator from Colombia who lives and works in
Canada. She has an interest in anthropology, technology and history. Through her
work she tries to transform complex topics into thoughtful and meaningful
graphic narratives.</p>
<p>Marcia will be working on Cwtch and related projects to help us transform them from prototypes into truly useful and accessible tools.</p>
<p>Please join us in welcoming Marcia to the team, and to our mission of building more consentful technology.</p>Late last year we set out to find a new Staff Designer to work with us to set the direction of the look and feel of our software projects and websites. We received many fantastic applications, and we are very excited to announce that we have now hired a Staff Designer!Cwtch Alpha 0.3.12019-12-17T21:00:00+00:002019-12-17T21:00:00+00:00https://openprivacy.ca/blog/2019/12/17/cwtch-alpha-0.3.1<p>Today we are proud to announce and release <a href="https://git.openprivacy.ca/cwtch.im/ui/releases">Cwtch Alpha 0.3.1</a>! Featuring a first cut of profile management.</p>
<!--more-->
<h2 id="profile-management-and-ui-improvements">Profile Management and UI improvements</h2>
<p>When you start Cwtch, you will be greeted with the new profile management screen</p>
<p><img src="/images/cwtch-031-profile-management.png" alt="Profile management screen" class="not-stretched" /></p>
<p>Any profiles with no password (like the default auto created one of previous versions) will be automatically loaded. You can enter passwords to load further profiles stored with those profiles. Cwtch will not show unloaded profiles.</p>
<p>You can create new profiles, setting your name, and choosing a password.</p>
<p><img src="/images/cwtch-031-add.png" alt="Profile add screen" class="not-stretched" /></p>
<p>We also now support deleting profiles.</p>
<p><img src="/images/cwtch-031-delete.png" alt="Profile delete" class="not-stretched" /></p>
<h2 id="additional-improvements">Additional Improvements</h2>
<p>On top of all these nice UI additions, further changes included in this release are:</p>
<ul>
<li>contact lists are now sorted by most recent activity!</li>
<li>a network connection monitor which will inform of underlying network issues</li>
<li>improved state management for Android builds.</li>
</ul>
<p><img src="/images/cwtch-031-contact-list-sort.png" alt="Contact list, with active groups and chats at the top" class="not-stretched" /></p>
<h2 id="on-to-2020">On to 2020</h2>
<p>Cwtch is still in active development. Some existing Android issues around state will be more obvious with this release and one of our main priorities in the new year will improving this flow.</p>
<p>Beyond that, we have a laundry list of small tasks and ideas for Cwtch. In the new year we’ll be revisiting groups and server performance with <a href="https://openprivacy.ca/blog/2019/12/03/Incentivizing-Trustlessness-ZcashFoundation-Donation/">Tapir</a>.</p>
<p>As always, this ongoing work is only possible thanks to our amazing supporters. Please consider <a href="/donate">donating</a> to ensure a future where technology is rooted in consent.</p>
<h2 id="join-us-on-cwtch">Join Us on Cwtch</h2>
<p>We encourage those interested to join our Cwtch Alpha discussion group using the following invite:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>torv3CiA2NmI0NmM4OGMxNDc1ZGUxODE5YWYyYTk1ZDM5NTQ4ZBIgDSFY2mxYJiSJs0b442hFChzaHB5B8EERcFqLAkpb5kAaODJjM2ttb29ibnlnaGoyenc2cHd2N2Q1N3l6bGQ3NTNhdW8zdWdhdWV6enB2ZmFrM2FoYzRiZHlkIkBgg+E0T4YKtxnw57sHQbuG3C6myjU2aS496O4n3jpzQu8iT25NReJnuwqv9ER93wE1N9g1f7WY8JCtx0bnvyQK
</code></pre></div></div>
<p>For those who are more adventurous, please check out our continuous Windows, Android and Linux builds. These get updated after every approved pull request, and are likely to be much less stable than versioned builds. <a href="https://build.openprivacy.ca/files/">https://build.openprivacy.ca/files/</a>.</p>
<p>The Open Privacy Staff</p>Today we are proud to announce and release Cwtch Alpha 0.3.1! Featuring a first cut of profile management.Incentivizing Trustlessness2019-12-03T00:00:00+00:002019-12-03T00:00:00+00:00https://openprivacy.ca/blog/2019/12/03/Incentivizing-Trustlessness-ZcashFoundation-Donation<p>We are delighted to announce that the <a href="https://www.zfnd.org/">Zcash Foundation</a> donated 1044.41369 ZEC (or $40,000 USD at time of donation) to the Open Privacy Research Society. We would like to send a big Thank You to the Zcash Foundation for their support!</p>
<p>While the donation was unrestricted, we would also like to take this opportunity to announce a number of new initiatives (some involving zcash!) that this funding will contribute to!</p>
<p><!--more--></p>
<h2 id="token-based-services">Token Based Services</h2>
<p>Open Privacy is <a href="https://git.openprivacy.ca/cwtch.im/tapir">starting to explore</a> additions to the Cwtch ecosystem that both strengthen the incentives to run untrusted infrastructure, while maintaining anonymity for peers and servers. The initial stage of this involved moving Cwtch away from Ricochet as the underlying protocol for Peer <-> Server communications to a homegrown framework called <a href="https://git.openprivacy.ca/cwtch.im/tapir/">Tapir</a>.</p>
<p>Tapir already features a more robust authentication protocol than the original Ricochet, and will soon feature <a href="https://git.openprivacy.ca/cwtch.im/tapir/src/branch/master/applications/tokenboard">a new cryptographic protocol</a> for separating the current proof-of-work (PoW) based spam prevention into a new exchange based on <a href="https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf">PrivacyPass</a>. In exchange for completing a proof-of-work challenge the peer will be allowed to engage in a protocol to obtain signed (and blinded) tokens that they can then exchange with the service at a later date to post new messages.</p>
<h2 id="towards-anonymous-prepaid-services">Towards Anonymous Prepaid Services</h2>
<p>However, peer PoW does little to incentivize the hosting of new Cwtch Servers . That is why we are now exploring options that would <a href="/assets/towards-anonymous-prepaid-services.pdf">allow Cwtch servers to accept payment in exchange for tokens instead</a>.</p>
<p>This would provide a way for servers to recover hosting costs through accepting pre-payment for the services it provides in a way that is privacy preserving.</p>
<h3 id="zcash-prototype">Zcash Prototype</h3>
<p>Zcash is among a small number of cryptocurrencies that directly provide a way to transmit significant data along with a payment - <a href="https://electriccoin.co/blog/encrypted-memo-field/">encrypted memos</a>. This would allow us to perform the blind signing protocol described above over Zcash itself (substituting the PoW requirement with the act of paying in Zcash). And because of the privacy preserving properties of Zcash, this can be done in a way that doesn’t compromise the metadata resistance goals of Cwtch.</p>
<p>We’ve implemented a <a href="https://git.openprivacy.ca/openprivacy/zcashtokenservice">prototype</a> of the above system using <a href="https://www.zecwallet.co/">zecwallet</a>. First the peer gets a zcash payment uri which they can paste into their zcash wallet:</p>
<p><img src="/images/zcash-tapir/step1.png" alt="" /></p>
<p>Then, once confirmed they the server sends back a response:</p>
<p><img src="/images/zcash-tapir/step3.png" alt="" /></p>
<p>This response can be pasted back into the prototype, the tokens are then unblinded and available for spending.</p>
<p><img src="/images/zcash-tapir/step4.png" alt="" /></p>
<p>The prototype doesn’t provide a way to spend those tokens, and has been written to flesh out the zcash integration portion of the work.</p>
<h2 id="scalability-mobile-and-user-payments">Scalability, Mobile and User Payments</h2>
<p>Separating token payment from spending will also allow us to better support mobile clients (by, for example, allowing users to share tokens between synced devices instead of requiring the mobile peer to complete battery intensive proof-of-work).</p>
<p>Through these efforts, we hope to mitigate one of the major limitations of Cwtch-like systems (or indeed any anonymity service provider) their inherent scale limitations. By providing multiple avenues for people to be compensated to host anonymous services, we hope to spread the scale burden and increase the robustness & reliability while maintaining, and even reinforcing the distributed & decentralized nature of the system.</p>
<h2 id="combating-financial-censorship">Combating Financial Censorship</h2>
<p>Server side support is only half the battle, and the most critical aspect of this whole endeavour will be getting people who use Cwtch to a position where they can easily use zcash (and possibly other cryptocurrencies with similar properties) to pay for anonymous services, or even accept it themselves.</p>
<p>To that end we are <a href="/jobs/staff-designer/">investing in design & usability</a> and investigating integration options that will work for the communities that use Cwtch. Expect more news on this in the New Year.</p>
<h2 id="to-the-future">To the Future</h2>
<p>There are many challenges involved in realizing this vision, but we are excited to have the opportunity to tackle these challenges.</p>
<p>We would like to extend another big thank you to the Zcash Foundation for their support, and to all of our supporters who continue to help us in our mission to build technology based on consent by, with, and for the communities that need it the most.</p>We are delighted to announce that the Zcash Foundation donated 1044.41369 ZEC (or $40,000 USD at time of donation) to the Open Privacy Research Society. We would like to send a big Thank You to the Zcash Foundation for their support! While the donation was unrestricted, we would also like to take this opportunity to announce a number of new initiatives (some involving zcash!) that this funding will contribute to!Press Release&colon; Vancouver Coastal Health Stops Broadcasting Patient Diagnosis2019-09-26T00:00:00+00:002019-09-26T00:00:00+00:00https://openprivacy.ca/blog/2019/09/26/pager-breach-update<p>Vancouver, BC - The Open Privacy Research Society has received an update from Vancouver Coastal Health (VCH) after <a href="/blog/2019/09/26/pager-breach-update/">last weeks Press Release</a> publicly disclosing that we had discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are trivially interceptable by anyone in the Greater Vancouver Area.</p>
<!--more-->
<p>Vancouver Coastal Health have informed Open Privacy that they have removed <strong>diagnosis</strong> information from pager broadcasts:</p>
<blockquote>
<p>In the meantime, just last week, we have implemented a process and system change that removes diagnosis information from the paging broadcasts, which we believe removes the most sensitive of the information that was previously contained in the messages.</p>
</blockquote>
<p>While this is a great improvement for protecting patient privacy, we caution that patient name, age, gender marker, their attending doctor and room number are still being broadcast, unencrypted across Vancouver.</p>
<p>Vancouver Coastal Health also informed us that they do not plan on notifying patients about this breach of their medical records:</p>
<blockquote>
<p>Although we are treating this as a serious vulnerability; at this point, we have no plans to notify patients whose information may have been sent to pagers in order that proper care instructions were communicated to health care professionals whose job it was to ensure appropriate and safe care to them.</p>
</blockquote>
<p>We believe that all patients have a right to know if their medical records may have been compromised.</p>
<p>Finally, we have pushed back on statements by Vancouver Coastal Health regarding the impact of this breach:</p>
<blockquote>
<p>While the questions you have raised below may be relevant to an investigation, if there has been a confirmed privacy breach; as yet, the only actual unauthorized interception of the paging broadcasts that we are aware of is when your organization received and decoded the messages as part of your research/investigation.</p>
</blockquote>
<p>Since our press release last week we have received reports of other people intercepting this medical data prior to our discovery and reporting to Vancouver Coastal Health in November 2018. We have made Vancouver Coastal Health aware of these reports. These reports reassert our previous statement that <em>it is simply impossible for anyone to state that no compromise has occurred</em>. In a hypothetical scenario wherein multiple malicious actors accessed <em>every</em> patient record ever broadcast, it would thus remain the case that VCH has “no information to suggest that patient information has been compromised or used for a malicious purpose.”</p>
<p>We have again asked that VCH answer the following questions related to this breach:</p>
<ul>
<li>How many patients’ information has been broadcast to date in this breach?</li>
<li>When were the legacy pager systems installed?</li>
<li>Can a patient determine if their individual information was broadcast in
the breach? If so, how?</li>
<li>As some of the pager messages appeared to contain unstructured text data,
is there any mechanism for patients to inquire what non-standard information
in particular of theirs was broadcast unencrypted? If so, how?</li>
<li>How many VCH patients continue to have their personal information broadcast
unencrypted on a daily basis?</li>
<li>Have any mitigations, such as shutting down these systems or limiting what
information is entered into the insecure paging system, been put in place?</li>
<li>How and when does VCH plan on notifying patients whose information was
broadcast?</li>
<li>As you have indicated that this breach will not be remedied in the
immediate future, will VCH be informing current & new/incoming patients that
their personal information will be broadcast unencrypted by the legacy paging
system(s)? If so, how, and will patients be given an option to opt out of
having their information breached?</li>
</ul>
<h3 id="further-information">Further Information</h3>
<p>Media requests should be directed to <a href="mailto:sarah@openprivacy.ca">sarah@openprivacy.ca</a>.</p>
<p>Sarah Jamie Lewis<br />
Executive Director, Open Privacy Research Society</p>Vancouver, BC - The Open Privacy Research Society has received an update from Vancouver Coastal Health (VCH) after last weeks Press Release publicly disclosing that we had discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are trivially interceptable by anyone in the Greater Vancouver Area.Releasing Our 2018 Financial Statements & End of Year Report2019-09-24T00:00:00+00:002019-09-24T00:00:00+00:00https://openprivacy.ca/blog/2019/09/24/EoY-Report-Financial-Statements<p>Open Privacy was founded on the belief that the world can be better. We started as a group of researchers and technologists who were frustrated by the ever growing stranglehold of surveillance capitalism and the harm it was causing marginalized and at-risk communities. We wanted to build an organization that served those that mainstream groups ignore: sex workers, queer people, those impacted by intimate parter or family abuse, and human rights activists, to name just a few.</p>
<p><!--more--></p>
<p>On the 11th February 2018 we officially incorporated the Open Privacy Research Society as a non profit society in B.C. The response we received from the community was overwhelming, within hours our inbox was filled with emails ranging from congratulations to offers of donations, volunteer support and interest in joining our board.</p>
<p>Over our first year we put in place the infrastructure necessary to sustain our unique research society. We have built relationships within and across communities. We conducted innovative research in the field of metadata resistant communications and made significant headway in understanding how to deploy such technology in the real world.</p>
<p>As we move through our second year as a society I want to thank all of our supporters, institutional donors, volunteers and staff. Without you Open Privacy and the vital work we do, could not (and would not) exist.</p>
<p>Our mission has only just begun, and I invite you to join us again as we continue to gain momentum and help build a better world.</p>
<p>In-keeping with our mission and tenets, in particular our commitment to transparency as an organization I am delighted to release our full End of Year Report and our Notice to the Reader financial statements for our 2018 financial year (11th February 2018 - 10th February 2019).</p>
<ul>
<li><a href="/assets/reports/2018/OpenPrivacyEoYReport-2018.pdf">End of Year Report</a></li>
<li><a href="/assets/reports/2018/OpenPrivacy-NttR-Financial-Statement.pdf">2018 Financial Statements - Notice to the Reader</a></li>
</ul>
<p>Thank you for your continued support.</p>
<p>Sarah Jamie Lewis<br />
Executive Director, Open Privacy Research Society</p>Open Privacy was founded on the belief that the world can be better. We started as a group of researchers and technologists who were frustrated by the ever growing stranglehold of surveillance capitalism and the harm it was causing marginalized and at-risk communities. We wanted to build an organization that served those that mainstream groups ignore: sex workers, queer people, those impacted by intimate parter or family abuse, and human rights activists, to name just a few.Cwtch Alpha 0.3.02019-09-23T14:30:00+00:002019-09-23T14:30:00+00:00https://openprivacy.ca/blog/2019/09/23/cwtch-alpha-0.3.0<p>Today we are proud to announce and release <a href="https://git.openprivacy.ca/cwtch.im/ui/releases">Cwtch Alpha 0.3.0</a> and kick off the 0.3 alpha release cycle! This release line is the first where the Android experience is now expected to work reliably alongside the desktop versions (Windows and Linux). This is the culmination of a lot of work over the past 5 months.</p>
<!--more-->
<p>The latest updates in this release are:</p>
<ul>
<li>Android back button changes: now back button in the app moves the UI “back” through our stack view, and on the home, it no longer exits the app, but takes the user to their Android home screen</li>
<li>Fixing a bug that resulted in miscommunication between Client and Service resulting in new profiles getting created on new starts of the application</li>
<li>Improvements to the Client/Service IPC connection establishment code to make it more robust to terminations and restarts</li>
<li>Group Invite fix so that invites are now properly displayed in the UI</li>
<li>Editbox edit improvements</li>
<li>New edit and update buttons for android</li>
<li>Resolution fixes to make edit boxes render correctly on larger low pixel density displays</li>
<li>Minor changes in Tapir to the p2p connection code causing this release to be backwards incompatible with previous releases. This is also why the minor version bump from 0.2 to 0.3</li>
</ul>
<p>With a usable Android experience this will allow increased testing and likely the discovery of more bugs, which is great and expected! Please test and report any issues at <a href="https://git.openprivacy.ca/cwtch.im/ui/issues">https://git.openprivacy.ca/cwtch.im/ui/issues</a>.</p>
<h2 id="03x-future-plans">0.3.x Future Plans</h2>
<p>We still have a lot of ideas about short and long term improvements and goals for Cwtch. On the shorter term side we are currently in the middle of big additions to Tapir that will radically change and improve the efficiency of Cwtch.</p>
<p>With Android now working as expected, focus will shift back to extending the UI. One of the first areas of focus will be profile management (including creating new profiles, deleting profiles, unlocking and editing profiles and their passwords). This is one of the next biggest features for the Alpha we are excited about and will really help bring the Cwtch experience and goals closer to reality and into the hands of users.</p>
<p>All of this comprises a lot of work for our small team, and we also have other work going on, some of which you’ll get to hear about soon. We hope you’re as excited as we are for how far we’ve come and where we’re going next!</p>
<p>And as always, if you like our work and are able to, please <a href="/donate">donate</a>, we are a small team with a shoestring budget but big goals and plans so every little bit is highly appreciated!</p>
<h2 id="join-us-on-cwtch">Join Us on Cwtch</h2>
<p>We encourage those interested to join our Cwtch Alpha discussion group using the following invite:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>torv3CiA2NmI0NmM4OGMxNDc1ZGUxODE5YWYyYTk1ZDM5NTQ4ZBIgDSFY2mxYJiSJs0b442hFChzaHB5B8EERcFqLAkpb5kAaODJjM2ttb29ibnlnaGoyenc2cHd2N2Q1N3l6bGQ3NTNhdW8zdWdhdWV6enB2ZmFrM2FoYzRiZHlkIkBgg+E0T4YKtxnw57sHQbuG3C6myjU2aS496O4n3jpzQu8iT25NReJnuwqv9ER93wE1N9g1f7WY8JCtx0bnvyQK
</code></pre></div></div>
<p>For those who are more adventurous, please check out our continuous Windows, Android and Linux builds. These get updated after every approved pull request, and are likely to be much less stable than versioned builds. <a href="https://build.openprivacy.ca/files/">https://build.openprivacy.ca/files/</a>.</p>
<p>The Open Privacy Staff</p>Today we are proud to announce and release Cwtch Alpha 0.3.0 and kick off the 0.3 alpha release cycle! This release line is the first where the Android experience is now expected to work reliably alongside the desktop versions (Windows and Linux). This is the culmination of a lot of work over the past 5 months.