en:asso:projets:isc

This is an old revision of the document!


ISC Project

Technology Partner Grant Application (RFA18-4)

Nothing2Hide is a French NGO whose purpose is to help citizens and professionals around the world to protect their data and communications.

Nothing2Hide is an initiative of a group of journalists and former NGO workers that noticed that many technical solutions existed to protect data but that, the more often, they were inaccessible to neophytes users, and that there was no structure to act as intermediary between these tools and the final users. Nothing 2 Hide, by providing documentation, tools and training, is a response to this issue.

The two co-founders, Grégoire Pouget and Jean-Marc Bourguignon, have worked for NGOs and French media houses (FIDH, Reporters Without Borders, Library Without Borders, etc.) and have provided training for many journalists to digital security all over the world (Pakistan, Egypt, Tunisia, Afghanistan, Ukraine, Macedonia, Turkey, Lebanon, Senegal, Ivory Coast, France). In February 2017 they created Nothing2Hide an organization that focusses especially on technology and information and how the first can empower the latter.

Nothing2Hide provides tools, advice and trainings for journalism schools in France, the national media (Libération, Médiacites) - to which we also provide whistle blowing platforms, and TV production companies. One of the specificities of our association is that every software, every tool and every document is released under an open license.

As former Head of the New Media desk at Reporters Without Borders (RSF), Gregoire Pouget was involved in projects aiming at fighting online surveillance and censorship. Alongside with Jean-Marc Bourguignon, who acted as an independent consultant, they created digital safety program trainings as well as “VPN programs”, which consisted in distributing out of the box VPN amongst several medias, for RSF.

FIXME JE PENSE QUIL FAUT UN PEU PLUS DEVELOPPER cette partie et mieux vendre votre expérience nak

Yes

Project Description

  • “A better documentation for a better VPN service”
  • “What is a VPN, how to use it, how to install it”

The project will be implemented in France but it has worldwide reach.

This project aimed at elaborating and translating online documentation to be used for future trainings and to spread circumvention tools amongst activists, human rights defenders and journalists, targets project beneficiaries in several countries (Russia, Turkey, Togo, Senegal, Vietnam…)

  • The UX workshops (see below) and the rewriting of the documentation, will take place in France
  • The final product : the VPN service and the documentation will be used in several countries ;
  • Journalists, lawyers, NGO workers, activists we already work with,
  • everyone in need of a circumvention tool to access information and who will make a documented request for a VPN account
  • since our “What is a VPN, how to use it, how to install it” documentation will be released under creative commons license, other organizations involved in digital security training will be able to use it as well.

Journalists, activists, lawyers, NGO workers, bloggers in repressive countries, need to secure their online activities. FIXME dé&velopper le proble,e de sécurisation des communications et EXPLIQUE UTILITE VPN

Nothing2Hide organizes trainings for these beneficiaries to help them deal with surveillance and censorship. It distributes VPN account during the trainings.

Issue#1: Post training documentation

Once the training is over, the trainee may need to reinstall our VPN service for some reason (he or she bought a new device for instance). Several months after the training, we often get a request for help. A clear documentation would allow the trainee to refer to it in case of problem or in need for a re-installation. This will also allow us to scale our project up and to distribute VPN accounts without fearing to be overwhelmed by assistance requests.

Issue2: VPN distribution without the need for a training

A clear documentation explaining why you should use a VPN, which threats this tool addresses alongside a clear credentials distribution process would allow Nothing2Hide to distribute its VPN service to journalists, lawyers and bloggers without the need for a training.

Issue 3: Translation and internationalization

This documentation and distribution process must be available in several languages :

  • French,
  • English,
  • Spanish,
  • Russian,
  • Vietnamese,

We don’t think Chinese is relevant here since we do not still have partners on the ground over there and since we know that we’ll loose at the game and mouse game against the Chinese authorities with the OpenVPN technology. We do have another project for these however, based on wireguard, but it is another project.

The languages selected for priority translations are those of the countries where Nothing2Hide has potential contacts and partners.

Disclaimer: we do know that when it comes to online anonymity, VPN is not as robust as a tool such as Tor. And there are many tools out there. But still, a VPN is very efficient when used to protect a connection (public wifi, rogue network for instance) or to circumvent censorship. Our aim here is not anonymity but security.

During our workshops flaws in our current documentation will be identified as well as the solutions on how we could set up an efficient credential distribution process.

The documentation on VPN will be updated according to the user’s feedback.

A website to give a clear visibility to our service will be created. This website will be the focal point to get or retrieve credentials for the VPN account.

The documentation and the website will be published in multiple languages.

FIXME en quoi la trad de la doc et la distribution de VPN va répondre au pb énnoncé au-dessus.

FIXME documentation et cf

This projet anszers to this problem blablabla

  1. Technical testing of existing

tools ) Linguistic translation of existing software interface , documentation , or training materials 3. Creation of product documentation or training materials 4. Customization or improvement of existing tools

This project will last one year.

Step #1 : Workshop 1 to identify the needs with users

FIXME ajouter un calendrier de déploiement. Exemple step 1 will last two months FIXME explain UX workshop

The documentation explaining what is a VPN has already been developed. However this documentation is not up to date and it doesn’t yet explain how to install our VPN. The first step will be the organization of a UX workshop with users, journalists, NGO workers, human rights defenders, in order to identify what can be improved on this documentation.

Workshop methodology : during this workshop, the participants will install and setup Nothing2Hide VPN on their own, using only the current documentation. A Nothing2Hide trainer will witness the installation and observe where the users are blocked without giving any advices. Once this is done, an open discussion will start between users and trainer to debrief the installation.

Attended results : user’s feedback based on hands-on workshop to complete existing documentation

Step #2 Documentation rewriting

The available documentation will be updated thanks to the users feedback

Attended results : clear documentation explaining to non technical users: * What is a VPN * What it can do, which threats this tool protects against * What it can’t do, which threats it is useless against * How to install it on Windows, Linux, Mac, Android and Ios * How to solve main issues, will be made available.

Step #3 Workshop 2 and calls for the elaboration of a credential distribution process

Setting up a process for the user to distribute securely:

  • configuration file
  • login and password

This process will be elaborated during a workshop with some potential users of the service : independent journalists, human rights defenders, bloggers, citizen journalists. The workshop will take place in France, possibly in Paris. However, as feedback from different users in different countries is also required, Mumble or Jitsi (secure communication tools) will also be used to reach potential users living abroad : Syria, Tunisian, Egyptian journalists and human rights defenders.

Workshop methodology : We do have some requirements for this process : any request for a VPN must be documented. The content of the request must be secured as well as the identity of the requester. If accepted, the credentials must be sent to the requester using an encrypted tool (whether it is a page online, a signal message, an encrypted email, etc.). In order to find a common ground between these requirements and the users abilities to use encrypted tools, this workshop as well are multiple conversations with users abroad is needed to find an accessible process for every user.

Attended results : a clear process to obtain credentials is defined in collaboration with users and potential users.

Step #4 Website creation

Once the documentation is ready and the distribution process validated by the users, the project will allow the creation of a website hosting the description of the service, the documentation and the online process to request credentials for the VPN service. It will be designed as multi language website for international outreach.

Attended results : A fully functional website with * a clear process to get credentials * a clear documentation to install the VPN and solve the main issues * a process to request for assistance

Step #5 translation

The whole website will be translated and published in 4 more languages : * English, *Spanish, * Russian, * Vietnamese

Attended results : A multilingual website is available

Our project relies on OpenVPN, a free and open source software to set up a virtual private network. Open Vpn client is available for Windows, Mac OS, Linux, Android and Ios. Open VPN has proven to be a very reliable VPN tool for many years.

Open Vpn server is quite easy to install and to maintain, this is why we chose this tool over L2tp or IPSEC

The project will be supervised on the technical level by Jean-Marc Bourguignon and on on the editorial level by Grégoire Pouget. Reporting and money handling will be assumed by Grégoire Pouget. Gregoire Pouget and Jean-Marc will be responsible for the creation of the website and any development (Wordpress plug in) if needed. See CV attached.

Periodic grant payments will be made with the grantee reaches identified milestones. Milestones should be concrete, measurable, and sequential. Please propose between 3 and 5 milestones for your requested grant. (up to 2 pages)

Once the first English version of the website is up and running, we’ll publish the translations. Website must be multilingual by design. And publish on the website.

Critères d’éval :

  • number of assistance requests
  • number of account distributed
  • Brandwith ussed

FIXME

Attach a detailed line-item budget to this application. Click here to download the required template. The budget should be accompanied by budget notes explaining all costs. An acceptable budget will have all costs broken out by unit costs and should clearly show the number of units used for each line item. Each line item should identify the type of cost, e.g., labor units, units of materials and/or equipment, travel, transportation, communications, etc. The budget notes will describe how the applicant arrived at each unit cost and the number of units for each line item.

The VPN server and the bandwidth, the maintenance and the assistance provided to the users is supported by our own funds. Our funds at the moment come from paid training amongst journalists and medias.

  • The server cost is at the moment 400 $ a year (includes brand with and 5 public IP)
  • The cost of the monitoring and maintenance of the servers is around 4 hours a month ~ 2400 $ a year
  • The cost of the assistance to the users is hard to evaluate since it depends on the number of users asking for assistance. This is why we’d like to minimize the need of live assistance, hence this project

This ISC grant will : * allow us to create a clear documentation and thus to diminish the time spent for user assistance. * The credential distribution process will allow us to distribute largely our VPN service. By doing this we expect additional users hence more brand with to pay. The ISC Grant will help us to face this upcoming cost. * The ISC Grant will also allow us to pay someone for the server maintenance.

Writing and translating our service documentation is a one shot action. One it will be done we won’t have to update it, or very rarely. The sustainability f the service will then depends on VPN server maintenance and location and on the brand with we’ll be able to afford.

The VPN service is already funded for one year. Since this service is an important part of Nothing2Hide activity and is a real added value to our trainings, we intend to keep it up and running for as long as our organization will exist. This is one of our core activity.

We have three options :

  • Create a paid service for big medias who can afford to pay and distribute freely the service to those who can’t afford, independent journalists and human rights defenders
  • Finance by our own means (through paid trainings)
  • Find donors and apply for grants

Once the documentation will be rewritten and translated and once we’ll have set up a website to make documented request to access our service, we expect more users on the short term, and from different countries. The automated process to request credentials and the clear documentation will also allow us to spend less time to assist users in case of problems. We are aware that nothing replace a face to face conversation or emails with real humans, but some users will be able to solve their problems with a clear redacted documentation and useful Faqs.

On the long term we expect more visibility for our organization through this service. This will allow us to find in an easier way grants and funders to keep the service up and running and to set up and organize digital security trainings.

The most attended result for us, is that more users will have access to a trusted VPN provider.

Short terms impact: more visibility for our free VPN service * Less user assistance

Long term impact: more circumvention tools distributed * More reach: non French spoken people.

The paid trainings will also help us

  • The VPN documentation is only one part of our survival kit.
  • will be used in our trainings
  • are right now applying to different grants to fund those trainings in France and elsewhere
  • We have a mixed model : grants and service (provided by the organization) so we don’t rely only on grants. This is BTW how we managed to get funds for the first year of service of the VPN
  • We intend and have already planned to run more trainings. As a service or in the scope of projects we have applied / are applying to
You could leave a comment if you were logged in.