Umbrella is a web application developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email; securely access the internet; plan secure travel; protect their office/home; conduct counter-surveillance; or deal with kidnapping, arrest or evacuation. Once a situation is chosen, the app outlines what to do and what tools to use given your circumstances. This is followed by a simple checklist of recommended actions that can be customised, saved and shared securely. Umbrella’s dashboard also provides users with an up-to-the-minute account of potential risks in their chosen location.
F-Droid fingerprint: 39EB57052F8D684514176819D1645F6A0A7BD943DBC31AB101949006AC0BC228
Umbrella is designed for everyone (people looking to increase their security, folks living in high risk areas, regular travellers, business people, techies, journalists, NGO staff, aid workers, human rights defenders, social workers, environmental activists etc).
However, when we built Umbrella we tried to keep in mind the story of Glen Greenwald and Edward Snowden. Greenwald couldn't communicate with Snowden at the start because he found it cumbersome to setup encryption (he nearly missed one of the biggest stories of the decade because of this!). Also, when he (and Laura Poitras) travelled to Hong Kong - they didn't have much knowledge about how to meet securely with Snowden and detect surveillance. This is common problem for journalists and activists. Umbrella is designed to solve this problem (and others) by having nearly everything they would have needed to know in the one place - in their pocket.
Introduction: This is the part the user sees first. It explains briefly how the app works and the basic terms and conditions.
Menu: The menu is the main way for a user to navigate. It lists the dashboard, lessons and tool guides.
My Security: This where you access checklists you have favourited in "My Checklists" and real time updates in "The Dashboard"
Lessons: Lessons are where users can learn about topics and things that they can do to improve their security. Some of the lessons have different levels (Beginner, Advanced, Expert) depending on the your needs, ability and risk. Each lesson is broken down into sections. At the end of each lesson is a list for other resources and further reading.
Checklists: Checklists are quick and easy references to help users implement the advice in the lessons. You can tick them off as you complete each item. Items can be added, disabled deleted and edited. If you favourite them by clicking the star, you will then see them in "My Checklists." Checklists can also be shared in through other apps such as your email.
Forms: Forms allow a user to quickly fill out and share important information about issues such as their travel plan in a high risk location or report on a digital/physical security incident.
Dashboard: The dashboard contains security customFeeds from places like the UN Relief Web and the US Centers for Disease Control. You enter your location (and how often you want to be updated). Every a new update is released (e.g a disease outbreak in your location), the information comes up on the dashboard.
Tool Guides: These are detailed guides about how to use software and apps mentioned in the lessons.
The general flow of lessons are presented in order to replicate the typical way that a user works. Protecting their own information -> Communicating with other people -> Arranging and travelling to a location -> Doing their operations and work -> Dealing with personal issues that may arise-> Seeking support if something goes wrong.
These are the lessons currently in Umbrella.
Information: These lessons mostly cover the security of information that is stored on your computers.
- Managing information
- Malware
- Passwords
- Protecting Files
- Safely Deleting
- Backing Up
Communications: These lessons mostly cover the security of information when it is sent or received.
- Mobile Phones
- Making a call
- Sending a message
- The Internet
- Social Media
- Radios and Satellite Phones
Travel: These lessons cover security of travelling in high risk areas.
- Preparation
- Borders
- Vehicles
- Checkpoints
- Kidnapping
Operations: These lessons include topics that may affect you in your work.
- Meetings
- Counter-Surveillance
- Protests
- Arrests
- Evacuation
Personal: These lessons cover issues which may effect you personally.
- Stress
- Digital
Emergency Support: Explains places to get extra help if you have a problem.
- Physical
- Digital
These are the tools currently covered in the tool guide. (A number of them are due to be changed, removed or updated.)
- Adium
- Android
- Chatsecure
- Cobian Backup
- K9 Mail & APG
- KeePassX
- ObscuraCam
- Orbot & Orweb
- PGP for Linux
- PGP for Mac OS X
- PGP for Windows
- Pidgin
- Psiphon
- Rescuva
- Signal
- Tor for macOS
- Tor for Windows
- VeraCrypt
Contains explanations of the various terms used in the app.
Explains the licences that we use for and by Umbrella. Also says a big THANKYOU to everyone who's work we built on to make it happen.
These are the sources that we currently include for real-time updated security customFeeds. For privacy reasons, users never connect directly to these services. We are always looking for more useful sources that will help users keep updated on the move.
- Centers for Disease Control: updates on disease and health warnings
- Global Disaster Alert and Coordination System: updates on natural disaster issues such as floods, earthquakes and tsunamis
- UN / ReliefWeb: excellent physical security updates that amalgamate information from the UN and various NGOs - though not available in every country
- US State Department: updates mainly focused on the security situation for travellers and internationals - available for every country
The three vertical dots in the top of the app. Here you can:
- Set a password
- Change the refresh interval for the security customFeeds
- Change your location
- Change your feed sources
Any browser on any device!
Unfortunately stuff breaks sometimes. If you are in a hurry and have found a code or content problem then please email it to support@secfirst.org. If you have a little more time we generally try to manage any bugs using GitHub. Please search the existing issues for your bug and create a new one if the issue is not yet tracked.
https://github.com/securityfirst/Umbrella_web/issues
If the issue you have identified is a security risk to users, please read the documentation about our responsible disclosure policy here:
https://secfirst.org/legal.html
If you wish to contact us via PGP, please drop a mail to rory@secfirst.org (2C1D3B4D)
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xFFB9B5BE2C1D3B4D
Contributing Ideas
Idea’s are powerful things! If you have any about what we could do better or things which you think we should do in future, please email us at info@secfirst.org.
We have a really big development plan of functionality we want to include in the future and are currently in the process of building a way to manage contributions from the open source community. Until we have that up please drop us a mail to info@secfirst.org if you are interested in a contributing a specific part of future code. If there is something you want to help out with in the interim, then here is some basic advice.
- Fork it!
- Create your feature branch: git checkout -b my-new-feature
- Commit your changes: git commit -am 'Add some feature'
- Push to the branch: git push origin my-new-feature
- Submit a pull request :D
Build Instructions
Setup environment file based upon the README.env environment file and use the following commands to start your local server:
npm install
npm install forever -g
npm run dev // runs development server with nodemon listening for server changes
// export all environment variables here in command line before building, for production instances
npm run build // builds the next js app
npm run start // to run production on local
forever start -a -o out.log -e err.log server.js // for production instances
If you'd like to use a different branch for Umbrella content, in your terminal change directory to /static/assets/content (root dir for content git) and run git checkout YOUR_BRANCH. You will also need to change the branch in the repo fetch in /server/api/github.
Thanks to everyone who has contributed code to Umbrella. It wouldn’t have happened without you.
- Rok Biderman – Security First Lead Developer
- Vesna Planko – Security First Lead UI/UX Designer
- Alex Guerrieri – Security First Developer
- Adam Hani Schakaki – Security First Developer
Cryptography Notice
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
See http://www.wassenaar.org/ for more information.
License
Copyright 2013-2018 Global Security First Ltd. (trading as Security First)
Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html