n8fr8

Signal has become a critical communications service for governments, businesses and other organizations worldwide, including yes, many in the U.S. Congress. We hope some of them are proud to use a service they helped fund (https://www.opentech.fund/results/supported-projects/open-whisper-systems/)) through their support of OTF.

As for Signal, you can ask them on Twitter at signalapp or email: [email protected]. While they have moved on to launch their own privately funded foundation (https://signal.org/blog/signal-foundation/)), we know their values are still fully aligned with the mission of OTF for public code, internet freedom, and privacy and security for all.

As another example of this, our work on bringing SQLCipher (an encryption layer for SQLite) to mobile devices, has not only helped improve specific human rights-focused applications, but also made securing data on mobile devices easier for developers worldwide. Both Signal AND WeChat use SQLCipher to secure data at rest, for instance, along with over 6000 apps worldwide in healthcare, education, and more. The German government's recently released open-source COVID contact tracing app also uses SQLCipher. This is how OTF has had both specific focused impact on urgent needs related to human rights and internet freedom, while also enhancing security for internet users more broadly.

The community aspects of OTF along with partner events like the Internet Freedom Festival have ensured that techies and security people can connect with local trainers and organizations. Through this, developers learn they cannot just drop tools down onto activists "over there" without consideration of the full threat model and impact of local laws. This is a big evolution in thinking and strategy since I began this work almost 20 years ago, in the well pre-OTF era. Ensuring any potential user of a VPN or proxy tool understands the risks so they can make the decision of how to proceed is now a critical step of "onboarding" and launching any new app. The decision whether to adopt a tool is no different for an activist who decides to join a protest, or a journalist who decides to write a critical article of their government.

Beyond this, OTF has also supported work in "Collateral Freedom"strategies, which don't rely specifically on VPN technology to provide anti-censorship capabilities, instead relying on CDNs, cloud services, and other internet "features" to make blocking access to content difficult and costly.

Calling an app "secure" as a binary yes/no evaluation is not the best way to approach your choice of technology. While all of those implement security features using code and protocols funded by OTF (which is great!), the only open-source, publicly audited app is Signal. Beyond that Signal has the best track record in minimizing what metadata they store on their servers, which is another key value for "security" in any centralized service.

One of the most valuable services OTF provides is the "Red Team Lab", which offers completely free security audits to open-source projects that in some way empower internet freedom: https://www.opentech.fund/labs/red-team-lab/

I'll refer your first question to an existing response from another comment... essentially OTF has always had bi-partisan support, and this isn't about right or left. It is about the funding for the program itself being threatened, redirected and no longer available to product the impactful results you can see here: https://www.opentech.fund/results/impacts-and-outcomes/