Paul Boddie wrote: > [...] the Open Technology Fund [2]. [...] > [2] https://www.opentechfund.org/
This looks interesting indeed. During the last days, Dave and I have prepared a proposal and I've submitted it just now. I hope the submission went through - the deadline said tonight just before midnight, but the status changed to "Closed" before that. The system accepted the submission anyway, so there's hope that I made it in time. Below is the submitted material. Thanks a lot ! - Werner ---------------------------------- Cut here ----------------------------------- Project name: Anelok Duration: 7 months Contact name: Werner Almesberger Contact email: [email protected] [1] Descriptors: Status: It Exists! (Alpha/Beta) Focus: Awareness of privacy and security threats, Security from danger or threat online Objective(s): Technology development, Deploying technology, Software or hardware development, Training Beneficiaries: General public Addressed problems: Other Technology attributes: Browser plugin, Cryptography, Sensitive data, Wireless Communication, Hardware/Embedded device(s) Region: Global Project description: Passwords are a daily necessity in modern life. We use them to protect our own secrets and these of those who confide in us. We use them to ensure no unwanted actions are performed on our behalf, and that the powers entrusted to us are not abused. Passwords are so successful and essential as a concept that we meet them everywhere and are constantly required to generate and remember new ones as we go through our digital lives. This ultimately causes users to experience frustration (cheerfully called “password fatigue”, “password chaos”, etc.) and to adopt unsafe practices when choosing and handling passwords potentially resulting in risks to their privacy and freedoms. The Anelok project aims to build a small device, the size of a cigarette lighter, that acts as a portable password safe. Anelok stores accounts and passwords, and protects this information from unauthorized access. Anelok is designed to work in many different scenarios, ranging from displaying account information with the user entering it manually (this does not only work with the logins usually required on a PC or smartphone, but also with ATMs, door locks, etc.), to automatic account selection and communication over an encrypted channel. Anelok displays information on its display, it can act as USB device when connected to a PC, and it has a radio (BTLE) interface to communicate with smartphones. Encrypted account information is stored on a removable memory card, and corresponding secret keys are secured inside the microcontroller - never leaving the Anelok device. Anelok’s encrypted password database can be backed-up and additional devices, Anelok or other, can be granted access to the database. This way, the loss of an Anelok device doesn’t imply (catastrophic) loss of the passwords stored on it. We also envision the addition of authentication schemes that complement or go beyond passwords, such as 2nd-factor key generation or challenge-response protocols. The project follows an “open everything” approach, with source code, hardware design, artwork, development process, and the tools we use being openly available. This ensures that every part of the project and every step of its evolution can be reviewed, it offers a low barrier of entry for developers who wish to contribute improvements, and it ensures that nobody, not even its creators, can force the project in a direction the community strongly disagrees with. We also encourage use of Anelok as a platform for enhancements or product variants, to better meet the needs and preferences of specific groups of users. Anelok is intended for the general public, but we also recognize that proper security is not achieved with technology alone. We therefore expect to maintain close contact with the Anelok user community, and to produce educational material providing guidance on and motivation for proper operational security when using Anelok. Project how: The project has already produced a number of prototypes and verified several of the key components. This has been largely a one man effort so far. The next steps will be a final major design revision and the production of a number of developer kits. With the latter, we expect to be able to attract wider interest and evolve the current group of excited spectators into a community of developers and knowledgeable supporters. This will be followed by a phase with a stronger focus on software development, with the goal of implementing sufficient functionality that the product will be useful for end users. We also expect some remaining hardware issues to surface in this phase, especially where outside-the-lab usability is concerned. Finally, the design will be readied for manufacturing, and we then anticipate an initial production run from a crowdfunding campaign. That campaign will have two main deliverables: somewhat rough devices for early adopters who will also act as beta testers, and finally “polished” devices for the general public. The funds we apply for are required to complete our R&D, and progress the project as far as that crowdfunding. Our “open everything” approach positions us well to benefit from community involvement, and we intend to capitalize on this. Certain core activities are unlikely to be met purely by community contributions, and we expect that we will need to cover these with remunerated roles - enabling them to commit the effort required for delivery of the project. Project who: Anelok will benefit end users of all kinds by allowing them to better manage their passwords, and achieve effective protection of their digital lives. We aim to supplement Anelok with educational material to assist them in effectively incorporating this tool in their daily practices such that their security needs are indeed met. Project why: Passwords and related authentication methods are a key element in establishing privacy and security in the digital world. Privacy and security in turn enable us to function meaningfully as individuals in modern society. Technology is getting more pervasive all the time but password management has not kept up with user needs and things are likely to get worse. The project aims to help users to find a pragmatic solution for their present password management needs, and its open nature ensures that this solution can also adapt to future challenges. Availability of a trustworthy password safe touches on most of the high-level problems listed below in the questionnaire (and several others), although in many cases its benefit is indirect - by assisting users in proper password security, we support their effective use of other security and privacy tools. Many of those tools are only as strong as the (often weak) passwords users choose. Other information: This project is the brainchild of Werner Almesberger, who has been responsible for driving progress to date. Werner is being joined by Dave Ball in setting up a UK Ltd to support Anelok’s development and fostering a global community. Werner and Dave have long been members of the Qi-Hardware hackers community and have collectively previously worked on open-hardware projects such as the Openmoko phone, it’s successors, Ben NanoNote and the Ben-WPAN fully-open wireless network devices. Further details, including links to technical information can be found at the project’s main Web site at https://www.anelok.com/ _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
