User Safety Contest 2008
If privacy is not made easy, the common internet user will remain fail to adequately protect him or herself. Most people do not have a clue which digital threats and privacy infringements related to the (use of the) Internet exist, and which tools can help to reduce these. The open contest "User Safety on the Internet Highway" has the goal to identify a comprehensive collection of user-friendly software (if possible fitting on one CD/DVD or USB stick) allowing normal Internet users to protect themselves from various threats and privacy infringements in a simple and pragmatic way whereever they go.
Primary targets are users of Windows on the one hand and users of free operating systems (Linux/*BSD) on the other. Of course the inherent security issues with e.g. Microsoft Windows cannot be solved, but a number of other issues can be covered.
What do we have in mind? A collection of software that makes it easy to contain risks and to use and/or (un)install software whereever you go in untrusted or even semi-hostile environments. This might take the form of a well-tuned and feature-rich distro and/or a collection of portable and/or installable applications. Preferably that would mean choosing the security level you want once and getting it by pressing the button). This means assisting to reach the current state of the art in protecting user's privacy, personal information and communication.
We think (although we leave space for certain creativity), that the distro should include, but not be limited to:
- Crypto-tools (not too strong) and steganography tools;
- Anonimizer (search engine scrapers, traffic obfuscation and such);
- Anti-botnet, anti-spyware, anti-rootkit, antivirus, other of that kind;
- Strong password generation;
- Secure password / certificate management;
- Secure disk / folder / file encryption tools;
- Standalone secure backup and disk wiping software;
- Secure chat;
- Secure password management;
- Intrusion detection and network segmentation;
In addition, a number of more common useful security tools and/or information on how to use them may be identified:
- Mail and browser extensions for GPG, S/MIME, cache monitoring and protection, IDN domain names, scripting execution prevention/white listing, one time mail aliases, iframe blocking, cookie management, user agent renaming;
- Black holing lists (/etc/hosts, Windows HOSTS file) for OS level blocking of malware;
- Sand box environments for browsers and other risk factors;
- Secure serverless file sharing (direct as well as anonymous P2P/F2F);
- Secure port knocking;
- Scanning software for known (wireless) network exploits e.g. default passwords on routers;
- SSH/SCP/SFTP clients and servers;
- Secure VoIP;
- A list of public DNS-es to be able to avoid ISP DNS;
- Privacy testing suite;
- Network traffic analysis and forensics;
- Packet spoofing;
- Possibilities for free digital certificates and other identity management tools.
In order to keep a balance between defence possibilities and managing complexity for the layman, so at present we do not think it is necessary to go into a too comprehensive threat model (say, protection against electromagnetic eavesdropping may be a step too far, for instance). Then again, that is up to you.
One of the main goals is not only to provide tools protecting normal user, but also create awareness and let him or her be acquainted with these tools and with the necessity to protect from digital threats. It is therefore necesary that the compilation shall contain:
- Short and easy explanation of vulnerabilities, threats and privacy infringements related to utilisation of computer and the Internet.
- Explanation of the fact that the digital defence is more the matter of mind-set than that of technology.
- Maybe a couple of understandable articles from respectable journals / papers for a user willing to dig into the matter.
How the Results are going to be used?
Because being able to identify good useful free software tools involves different skills than being able to package the distro and to document what these tools are to be used for and how to use them safely, we ask contestants only to work out the content of the distro (and we will give out prizes for this). Afterwards, we will hire a professional to package the distro with the chosen content --we want to separate the ideas from the implementation. For distribution of the compiled package we are currently investiging in a number of partnerships with some respectable organisations, such as consumer/user organisation(s) with large database of users.
For exceptional work, additional prizes may be considered at judging. The prizes will be paid in cash to the winners. Any taxes due are the sole responsibility of the winners.
The deadline for Contest entries is August 15, 2008 at 12:00 CET. Contest results and winners announcement will be made not later than 12:00 CET, September 15, 2008.
Submission of entries shall be made by sending the description of your compilation and attachments to email address firstname.lastname@example.org with the subject "Open Contest User Safety on the Internet Highway". Additionally your email must contain the (nick)name of the contestant or the name of the group.
Each entry will be judged by a qualified panel of experts.
Simple Rules of the Open Contest
- Anyone can participate --the Contest is open to any individual or groups from any country.
- Contestants have read and agreed on these Contest Rules.
- All materials used shall be from or shall be put in the Open Source domain.
- All results of the Contest will remain in the Open Source domain.
- With your submission mention therefore the open source licence of your choice. There are many licenses dedicated to the open source domain. (description of various licenses) For this Contest we recommend the GNU Free Documentation License.
- Put yourself in the position of the layman user when choosing tools (ask your grandmother).
- Chosen software should be self-contained, where possible --external dependencies create risk of failure and pose other risks.
- Identify the latest version of each tool you propose.
- Shortly describe its functionalities in a plain language understandable to the layman user.
- In short compare the proposed tool with the others having similar functionalities. Why is this particular tool better for a normal layman user? (easiness, user control, etc.)
- Provide links to the relevant sites.
- Provide easy to understand awareness texts.
- Send your entry in time, late submissions will not be considered.