FAQ
Things you might want to know



See Security First CEO, Rory’s Reddit AMA here

Why an app?

We want to make sure that the growing numbers of human rights defenders accessing the web via mobile only (70% of the internet users in Egypt, almost 60% in India and South Africa) have access to the same the same tools that desktop users have, and that they have access to security tools at their fingertips when out of the office.

How is Umbrella built?

Umbrella is developed in house by Security First, working hand in hand with the NGO and open-tech communities, augmenting existing open source tools, encouraging contribution to content through wikis, and being hosted by, and welcoming submissions through, Github. The end product is a live, open-source tool. Our internal server is in Ireland.

How does Umbrella source its content?

Security First develops our content based upon existing human rights, humanitarian and open tech security content, as well as the industry leading security programme previously developed by Rory Byrne. We warmly welcome wider community contributions through our open content methodology. Users can examine, run, modify and suggest updates. This utilises the expertise of a wide range of partners and reduces unnecessary overlap by allowing them to contribute through our Wiki/CMS. New security methods and user feedback will thus be collected, tested and released through new iterations of our app.

What are the risks of building Umbrella?

As an organisation concerned with the security of HRDs, Security First is well aware of the challenges that we face ourselves. The most significant of these is the risk of hostile penetration of the organisation. However, we have experience in dealing with threats from hostile entities and as such have mitigation measures in place. We have carried out a risk assessment and we believe that by openly publishing our source code, content and strategic plans – we will reduce the incentive for hostile penetration of our organisation. Umbrella’s code has also been positively audited by independent security code audit company, iSec Partners. The full code review and accompanying comments and fixes will be posted in our blog shortly. Security First uses advanced, open-source encryption methodologies to communicate and store information about our project. In future, for those users who wish to share data and use our servers for security monitoring purposes, we will use the most advanced security configuration and redundancy measures available.

Will Umbrella ever include back doors?

Another clear risk for Security First is that of being asked by state intelligence to put a back door into the app for the purpose of intercepting and monitoring user activities. Security First will never, ever, put a backdoor in any product, ever. For this we are prepared to go to jail. We would rather halt development of our project than knowingly expose our users. We have already agreed that should we receive a request for a backdoor in our code, we will move the project to a country with fewer restrictions.

When will Umbrella be launched?

Umbrella is currently in Alpha stage testing and will be launched into public Beta in the end of September 2015. During this cycle we will primarily be looking for a lower number of users/downloads, but from a wide range of communities – in order to thoroughly test our tool before full launch - when we will seek to maximise the number of people using it.

Where will Umbrella be available to download?

We acknowledge the potential risks that app stores may have for the security of downloads, however similar to other projects we believe that this is outweighed by the benefits of wider access – and as such our app will be available in a wide variety of stores, such as Google Play and F-Droid store.

What does Umbrella run on?

In order to reach the widest number of users, we are be developing it to be capable for Android 2.3 and upwards – which will reach an estimated 98.7% of the 68% of smartphones running on the system. We have chosen Android as it reaches 1.9 billion people and it dominates the low-end smartphone devices in the areas we will work in. The full Android version of Umbrella will be launched in September 2015. We are currently seeking funding to develop and iOS and Feature Phone version.

What licencing does Umbrella use?

The philosophy and purpose of Security First is to provide the best security possible to the widest number and range of people we can. As such Umbrella is being released as a free open source tool under a non-permissive GNU GPLv3 licence. It also incorporates other open source tools that have been released under GPLv3 and Apache 2 licences.

What languages will Umbrella be available in?

The app has been built in English. We are seeking funding to translate it into Arabic and Spanish, with other languages such as Russian, Turkish, Mandarin and Farsi being considered at a later stage. For each language version the risks and responses will be adapted to reflect local realities.

Who will use Umbrella?

Umbrella will be for use by all human rights defenders – whether activist, journalist or aid worker.

How is Security First funded?

Umbrella has been developed with the generous support of the Open Technology Fund, along with revenue from Security First’s training program. We are currently seeking funding for Umbrella’s translation, iOS version and updates. Our long term goal is to develop, release and continually update the free open source app and backend – while reducing our reliance on project funding by creating sustainable revenue through core funding and offering paid-for services such as security training, licensing, customised versions and integrations.

What is Security First’s goal?

Ultimately the goal of Security First is for Umbrella to be so widely used that it leads to a significant reduction in the number of HRDs harassed, injured and killed each year – allowing them the freedom to fight for human rights. With the creative channeling of technology for our cause we cannot only stay beyond the reach of oppressors – we can be smarter, faster, bolder and safer, and ultimately more successful in our fight to eradicate injustice.

Do you have a press pack?

Yes! Please contact info@secfirst.org for more information.



Security made easy

Because security must come first.