Die Opensource-DVD und Download von ... - Die LibreOffice-DVD

TL;DR: Open source ad blocker sold to “Turkish developers” is almost immediately turned into malware and gains access to people’s Instagram accounts. Developer thinks this should be a “learning experience”, but doesn’t think they did too much wrong.
—-
I’m not sure if open source development counts as a hobby, but hey, people do it in their free time, so...

Introduction

Nano Adblock and Nano Defender are open source ad blockers. You may not be familiar with them (the Chrome extensions have 250k+ users combined), but you may have heard of the project it’s based on, uBlock Origin. While the Nano projects have Chrome, Firefox, and Edge extensions, we’ll be talking about the Chrome one today.
Open source projects, for the unaware, are projects that are made freely available for the public to modify and distribute. You can’t take Microsoft Word’s code and use it to make a new word processor, but you can make a new ad blocker from uBlock Origin or the Nano extensions. While big companies have open source libraries, a lot of work is done by small teams or individuals, which is the case for Nano.
Due to the open source nature of the project, pretty much everyone who maintains it is working on it in their spare time and for free. This is a lot of work, and can put a lot of strain on someone. Which leads me to...

Part One: The Creator Departs

On October 3rd, the creator of the Nano projects (referred to as JS) announces on Github that due to the amount of time it was taking to maintain the project, they would be transferring it to new owners. In the open source world, this is normal. Maintaining enterprise-level software for free is a struggle. People (want to) have real lives. It happens.
What was not normal was the vagueness of the statement. See, as an ad blocker, the Nano projects have vast access to what you see and do online. It’s important to know who is going to have access to that data (unless you’re a big tech company, apparently, but that’s a discussion for another day). Notably, some key information was missing:

• The announcement didn’t actually say who was acquiring the projects.
• Actually, the announcement didn’t seem to say how many people would be involved on the new team.
• The announcement made no mention if this was a sale, or if the interested parties were members of the current community.

So obviously, this was going to go over well.

Part 2: It Doesn’t Go Over Well

The community was not happy with this announcement. Not one bit.
JS makes things worse by solely referring to the new dev team as “a team of Turkish developers”, while being reluctant to divulge more information. Then they inform the community that they will “address [their] comments when they have more time”. Not great optics.
Someone finds the new developers’ names. This isn’t doxxing, these people literally do not exist. That doesn’t bode well.
At this point, the developer of uBlock Origin (Nano’s parent project), Raymond Hill, steps in with a rather prescient comment.
JS responds to Mr. Hill with what is essentially, “well, this is a learning experience”. Probably not the attitude to have when you hold 250k+ users’ data.
Also, it became abundantly clear that even higher profile community members had not been informed. The person who was in charge of the Nano project’s Firefox extension had no idea what was happening. You’d think you’d want to clue them in on that.

Part 3: Shit Hits the Fan

At best, JS’ communication decisions were poor. People are pissed. JS is trying to convince folks that this is “in their best interest”, though they admit this is a bad look. Another developer points out that JS was extremely critical when he stepped down from a similar project.
But if that was it, it would be just another GitHub kerfuffle. An open source community is like a more professional version of a discord server, so it’s expected.
That being said, this section is titled “Shit Hits the Fan”.
First, though JS tries to dodge it, it becomes clear they sold the Nano projects. They also admit to not knowing who they sold it to, but they do know that the new developers plan to monetize it. This is a bit shady, because they’d be monetizing the work of volunteers, including uBlock Origin’s volunteers, who aren’t privy to this deal.
Second, folks get angry about the fact that a group of unknowns are handling sensitive data. People refer to the Nano projects as “security and privacy” extensions. JS basically rage quits in response. Said rage quit doesn’t last long.
Third, it’s discovered that the new site for the projects is shoddily put together, and the new store pages on the Chrome App Store don’t have a privacy policy. The privacy policy is eventually added, but it’s just a random template.
Fourth, while JS said the new developers would join the conversation, they never did. I’ve checked all of the threads, and as of today, they still have not. Their supposed GitHub account doesn’t exist anymore, so there’s that.
At this point, folks are freaking out, because obviously, this is very shady. And this is an application that can, if placed in the wrong hands, read your passwords and control your browser, among other things.

Part 4: Oops! All Malware

Three days after the original post, the Nano Chrome extensions update for the first time since the transfer. Like most software updates, some new code is added.
Unfortunately, that new code is sending user data to a third-party source. That’s enough to be considered malware.
Here’s the technical details on that.
People accuse JS of “putting users in harm’s way to make a quick buck”. JS refutes this because they “didn’t find anything bad”.
Because having absolutely no online presence wasn’t a red flag, apparently.

Part 5: Aftermath

Given the number of folks affected, some news articles come out. JS is adamant this is all “something we should learn from”.
Ars Technica confirms that the extension now has the ability to access affected users’ Instagram accounts and automatically like Instagram posts. More accounts may have been affected, but this isn’t confirmed yet.
People try to explain why the way JS handled this wasn’t great. JS disagrees, though they do admit that maybe they should have consulted a professional. That being said, their official opinion seems to be since it’s a personal project, who cares how they handled things (they also appear to believe a majority of the dissenters are trolls, which isn’t great).

Part 6: Should I Be Checking My Extensions?

Yeah.
This isn’t the first time something like this has happened, and it won’t be the last. The Great Suspender, which has two million users, may be setting up for a similar scenario. (Edit: It’s, uh, a bit more complicated.)
The nature of open source projects is that they may break, or be acquired, or god knows what. So if you rely on them, make sure you’re aware of what you’re downloading.
That’s all of the drama, for now. The Nano brand is irreparably damaged, and the extensions have been removed from Chrome and Edge. The future of the innocent Firefox extension is unclear.
Check your extensions, folks.

Part 7: A Late Update

Turns out Nano ain’t the only malware ad blocker on the Chrome App Store. These apps have 80 million+ users combined.
So, as I said, check your extensions.

I made a list...no wait...A LONG LIST of some Open source apps which MAY serve as an alternative. I wont be listing down any features or what this app does for those apps which are well known by most of the users. BTW, its gets easy to figure out what an app does by giving a quick read to the app’s description😺. The links that I’ll provide here will take you either to github, gitlab or F-droid. There are a few google playstore links though. Let me know if I have missed any good open source app.
Here goes:
BROWSERS🌏🌐🌎

1. BRAVE
   
2. BROMITE
   
3. IceRaven, this is a fork of the firefox browser with extra ad-ons
   
4. FENIX, this too is a Firefox fork Fenix is the all-new Firefox for Android browser, based on GeckoView and Mozilla Android Components. (Thanks to u/anonymous-bot for pointing this out)
   
5. FOSS BROWSER, A simple web browser will all those basic features, the only con is that this browser gets its updates at a slow pace
   
6. SMART COOKIE WEB
   
7. DUCKDUCKGO
   
8. UnGoogledChromium
   

APP STORES🔖🎁

1. F-DROID, and its clients. Like Foxy droid
   
2. AURORA STORE and AURORA DROID, this link will take you to auroraoss download section from where you can download both Aurora store(Playstore client without google tracking) and aurora droid(F-droid client).
   

FIREWALL AND AD BLOCKERS 🛡🔥🛡

1. NETGUARD
   
2. ADAWAY
   
3. BLOKADA
   
4. AFWall +
   

AUTOMATION 💣🔫 EASER
CALCULATORS📓∞¼

1. NCalc+, this calculator has everything, from a scientific calculator to converters. Also a simple dark and light mode
   
2. Calculator ++
   

CALENDARS and CAMERA📷📆

1. ETAR
   
2. SIMPLE CALENDAR
   
3. OPEN CAMERA
   
4. SIMPLE CAMERA
   

SOCIAL MEDIA CLIENTS🌸🌷🍀🍄

1. SLIDE FOR REDDIT
   
2. INFINITY FOR REDDIT
   
3. TWIDERE FOR TWITTER
   
4. BARINSTA FOR INSTAGRAM, previously known as Instagrabber
   
5. FROST FOR FACEBOOK
   
6. REDDITORIA FOR REDDIT playstore link
   

PDF AND DOCUMENT STUFF📑📃

1. LIBRERA READER
   
2. MuPDF Viewer
   
3. Collabora office playstore link
   
4. BOOK READER
   

FILE MANAGERS📁📂

1. AMAZE
   
2. DIR
   
3. MATERIAL FILES
   
4. GHOST COMMANDER, playstore link.
   

OFFLINE FILE SHARING
TREBLE SHOT
FLASHLIGHTS🔦💡
SIMPLE FLASHLIGHT
FLASHY
Dont worry, these flashlights dont ask or seek for funny permissions
GALLERY🌈🌌🌠

1. LEAFPIC
   
2. SIMPLE GALLERY
   
3. CAMERA ROLL, its abandoned but works well and free of bugs
   

KEYBOARDS🔲🔳🔟❔

1. HACKER’S KEYBOARD
   
2. BEHE KEYBOARD, this one is good for programmers
   
3. SIMPLE KEYBOARD
   
4. OPEN BOARD
   
5. ANYSOFT KEYBOARD playstore link
   

LAUNCHERS🚀🔥💫

1. LAUNCHAIR
   
2. KISS LAUNCHER
   
3. PAPER LAUNCHER
   
4. OPEN LAUNCHER
   
5. ROOTLESS PIXEL LAUNCHER
   
6. POSIDON LAUNCHER
   
7. BLISS LAUNCHER
   
8. EMERALD LAUNCHER
   
9. ESSENTIAL LAUNCHER
   

MAILS📧📬

1. K-9 MAIL
   
2. FAIR EMAIL
   
3. PROTON MAIL playstore link
   

MAPS AND NAVIGATION🌎🚥✈

1. OSM
   
2. TRANSPORTR
   
3. PRIVATE LOCATION
   

MEDIA FRONTENDS🎥📹

1. NEWPIPE
   
2. SKY TUBE
   

MESSAGING📬📩

1. CONVERSATIONS
   
2. SILENCE
   
3. PIX ART MESSENGER
   
4. TELEGRAM playstore link
   
5. WIRE
   
6. SIGNAL
   

SMS📨📩

1. PULSE SMS- Can’t tell how long this will last. It has been taken over by Maple Media. F-droid repo for public view is now not available
   
2. QK SMS
   
3. SIMPLE SMS
   

MUSIC PLAYER🎷🎧🎶

1. ODYSSEY
   
2. VANILLA MUSIC
   
3. PHONOGRAPH
   
4. VINYL MUSIC PLAYER
   
5. MUSIC PLAYER GO Dev-- u/enricodortenzio
   

PODCAST📢📣

1. ANTENNA POD
   
2. AUDIO ANCHOR
   
3. ESCAPE POD
   

NOTE TAKING APPS📗📘✏

1. OMNI NOTES
   
2. SCARLET NOTES
   
3. CARNET
   
4. SIMPLE NOTES
   
5. NOTEBUDDY
   
6. MARKOR
   
7. UNOTE
   

TO-DO LISTS📝✏📋

1. MINIMAL TODO
   
2. TO DO LIST
   
3. OPEN TASKS
   
4. TASK. ORG
   
5. 1LIST
   

PASSWORD AND AUTHENTICATION🔑🔒

1. FREE OTP
   
2. KEEPASS DX
   
3. AEGIS
   
4. BIT WARDEN playstore link
   

MISCELLANEOUS✏✃🔨🔑

1. FORCASTIE, This is a weather app
   
2. NEXT CLOUD, its an android client to access the next cloud server
   
3. RUN IN BACKGROUND PERMISSION SETTER, to stop background apps from running. REQUIRES ROOT
   
4. SUPERFREEZZ, to freeze apps from running in background. NO NEED ROOT
   
5. APP MANAGER, this app is like ‘SKIT’ for managing apps.
   
6. SHELTER, This helps in isolating big brother apps, using multiple accounts.
   
7. DOWNLOAD NAVI, this is a download manager
   
8. MPV , a video player
   
9. VLC, its a media player
   
10. ARIA2 APP playstore link, this too is an open source download manager
    
11. LIBRETORRENT playstore link, for torrenting
    
12. PROTON VPN playstore link
    
13. BINARY EYE, its an open source barcode scanner
    
14. QR and BARCODE SCANNER
    
15. SNIPPET playstore link, its like an auto-text app
    
16. APP LOCK
    
17. WARDEN, this is for scanning app trackers.
    

?? There’s no link to warden here!! lol, I know....
Go back to the section ‘APP STORES’, tap on the aurora store and aurora droid link, warden will be there in the download section of aurora oss
EDIT: (SUGGESTED APPS TAKEN FROM THE COMMENTS) 🌟🌟🌟🌟🌟
MAILS📧@:

1. TUTANOTA--- u/Kosty4
   
2. CRIPTEXT playstore link---u/prvnpete
   
3. CTEMPLAR playstore link---u/prvnpete
   
4. SIMPLE LOGIN, This is an anti-spam Email Hero. ---u/MAXIMUS-1
   

SOCIALMEDIA CLIENT🌺🌹🌻:

1. RED READER for reddit---u/Kangburra
   
2. DAWN FOR REDDIT---u/felixalguzman
   

MISCELLANEOUS✂📌✒✏:

1. WARDEN, thanks to u/rak-rak for providing the gitlab link for Warden.
   
2. GEOMETRIC WEATHER, playstore link ---u/xenyz
   
3. KDE CONNECT, to connect and share files, clipboard, etc between pc and android---u/thebottle
   
4. WALLABAG, save web pages and read them later offline---u/thebottle
   
5. TRANSDROID, a torrent client---u/thebottle
   
6. TERMUX, android terminal---u/thebottle
   
7. VOICE, a minimal audio book player ---u/celiomsj
   
8. KODI, media player ---u/MuntasimF
   
9. QR SCANNER---u/Boob_Preski
   
10. DEC SYNC, It lets you create local CalDAV and CardDav accounts (for Calendar and Contacts) and sync them to a local directory.---u/rat_tat_2_e
    
11. RADICALE, storage plug-in for DecSync---u/rat_tat_2_e
    
12. EVOLUTION plugin for DecSync---u/rat_tat_2_e
    
13. SPARSS, to sync RSS without a server using DecSync---u/rat_tat_2_e
    
14. FEED READER, Modern desktop application designed to complement existing web-based RSS accounts---u/rat_tat_2_e
    
15. STREMIO, media player ---u/prvnpete
    
16. DSUB---u/ladfrombrad
    
17. AOSP DIALER site: cs android---u/LuckyLeague
    
18. AOSP CONTACTS site: cs android---u/LuckyLeague
    
19. JITSI MEET, a zoom alternative---u/krypt8x
    
20. SYNCTHING, p2p encrypted cross-device file sync service ---u/krypt8x
    
21. CRYPTEE, encrypted storage for photos, files etc---u/krypt8x
    
22. JELLYFIN, a media player alternative---u/krypt8x
    
23. WIREGUARD, an open source vpn ---u/thebottle
    
24. VECTORIFY DA HOME, a very minimal wallpaper app to customize your homescreen. Doesnt need an internet connection because wallpapers are not downloaded instead we can create our own with a mixture of colors and simple icons. And If Im not wrong u/enricodortenzio is the developer of this cool stuff. Give it a go
    

PASSWORD AND AUTHENTICATION🔒🔑🔓:

1. KEEPASS2 ANDROID---u/_Samii_
   
2. andOTP---u/superpippo17
   
3. AUTHY---u/prvnpete
   
4. MASTER PASSWORD --- u/masterblaster0
   

FIREWALL AND AD BLOCKER🛡🔥:

1. DNS66 ---u/Jac0b_0
   
2. PERSONAL DNS FILTER---u/Infinityseeker
   
3. ORBOT playstore link---u/zmoliu
   

BROWSERS🌏🌐🌍:

1. FIREFOX (playstore link)---u/_Samii_
   
2. KIWI BROWSER ---u/thebottle
   
3. PRIVACY BROWSER, (slow updates, last updated in the month of august)---u/Sirbesto
   
4. TOR BROWSER playstore link--- u/yaboyjb311
   

GAMES🎮🎲⚽:

1. SOLITAIRE---u/urcosmo
   
2. OPEN GEMMY playstore link---u/urcosmo
   

LAUNCHERS🚀🌚⭐:

1. OLAUNCHER---u/AimHrimKleem
   
2. SHADE LAUNCHER playstore link---u/AimHrimKleem
   
3. SLIM LAUNCHER ---u/cameos
   
4. BALD PHONE, this launcher is for elderly people ---u/cameos
   
5. AOSP LAUNCHER 3 site: cs android---u/LuckyLeague
   
6. LIBRECHAIR, launchair fork with non-foss part removed (alpha)---u/krypt8x
   
7. TINY BIT LAUNCHER---u/Sirbesto
   

MESSAGING✉📄✏:

1. TELEGRAM FOSS, an unoffical FOSS version of telegram with those proprietary garbage removed---u/samyak039
   
2. AOSP MESSAGING site: cs android---u/LuckyLeague
   
3. FORKGRAM, a telegram client with some extra features and google stuffs removed
   

KEYBOARDS🎹:

1. IRREGULAR EXPRESSIONS ---u/mfllc
   
2. FLORIS KEYBOARD, Its in its alpha stage and has a lot of customizations--- u/sawgrim
   

PODCAST📣🔊:

1. TSACDOP playstore link---u/MarblesinthePan

NOTE TAKING APPS📕✏:

1. JOPLIN---u/thebottle and u/IAMAHobbitAMA
   
2. STANDARD NOTES---u/krypt8x
   

MUSIC PLAYERS🎧🎻🎵:

1. METRO, this is the fork of Retro music player with the pro versions unlocked ---u/MuntasimF
   
2. TIMBER ---u/Confident_Love
   
3. TIMBER X---u/Confident_Love
   
4. CANAREE---u/Confident_Love
   
5. SHUTTLE---u/Confident_Love
   

GALLERY: 💐🌸

1. AOSP GALLERY site: cs android---u/LuckyLeague
   
2. PHIMP ME, a gallery with some advanced photo editing features--- u/Petomeansfart
   

F-DROID REPO:
IzzyOnDroid- u/nlygamz
DOCUMENTS AND STUFFS:

1. ONLY OFFICE, a free and open source office and productiviy suite- u/uaos

A friend of mine made a list as well that contains open source applications, there are some apps here in his list which isn’t available in my post. And instead of listing them one by one here’s the link to his list, it will lead you to github. This is him: u/Petomeansfart

Pulse SMS, developed by Klinker Apps, Inc. with more than 1M+ downloads seems silently been acquired by Maple Media, a private firm that purchases apps.
More about Maple Media:

Maple Media, has bought several undisclosed mobile apps already. They are generally looking at apps with thousands of users and some small amount of revenue. But the hope is that with their experience, along with cost efficiencies gained through sharing services across apps, can boost the value of each app.

Clues of the acquisition:
The Pulse SMS GitHub page is now under Maple Media GitHub organization
https://github.com/maplemedia/pulse-sms-web
Klinker's Twitter is no longer existing
https://twitter.com/klinkerapps
Other apps developed by Klinker that was published before on Google Play Store is now missing except for Pulse SMS
https://play.google.com/store/apps/dev?id=6337185423976596164
Links
Original Developer Site: https://klinkerapps.com/
Maple Media: https://maplemedia.io/
credit 7280947108

TL;DR: The developer of a Chrome extension with 2 million+ users sells the project to an unknown third party who proceeds to secretly add user tracking capabilities to the application. Mass deletions ensue, though most users are unaware they are being tracked.
Recently, I made a post about how the developer of a relatively popular ad blocker sold their project to a group of unknowns who turned it into malware. 250k+ people being exposed to malware is bad.
But it gets worse.
First, it turns out the Nano projects weren’t the only malicious ad blockers out there. While a fair amount of these apps were obviously scams, it’s absolutely crazy that at least 80 million people have been exposed to malware.
Second, I offhandedly mentioned that another extension, The Great Suspender (which has 2 million users on its own), looked like it was setting itself up to potentially be malware.
Well, you’ve seen the title, so I think you know how this is going to go.

Introduction

The Great Suspender is a popular Chrome extension that automatically suspends inactive tabs after a certain period of time. Why is this important? Well, as many a meme has mentioned, Chrome uses a lot of RAM. Putting tabs on ice when you aren’t using them helps ease that burden.
The Great Suspender is an open source project. Copying from my last post, open source projects, for the unaware, are projects that are made freely available for the public to modify and distribute. You can’t take Microsoft Word’s code and use it to make a new word processor, but you can make a new extension based on The Great Suspender. While big companies have open source libraries, a lot of work is done by small teams or individuals, which is the case with TGS.
Due to the open source nature of the project, pretty much everyone who maintains it is working on it in their spare time and for free. This is a lot of work, and can put a lot of strain on someone. Which leads me to...

Part 1: The Creator Departs

On June 19, the creator of TGS, after a long period of silence, announces that they will be transferring the maintainer role to a third party and have sold them the ownership rights. The reception is actually fairly neutral. Some folks ask questions, some are worried about the project being sold to a third party, but on the surface, things seem above board. The new maintainer is named, they have a GitHub account, they don’t immediately turn the extension into malware.
Note I said “on the surface”, though. There’s a lot that’s...off: - The new account has no activity at all. - It’s a PRO account, which is unusual to say the least. You don’t need a PRO account to maintain a project (none of the maintainers had one). Not a red flag on its own, but it’s weird. - The original creator doesn’t want to reveal any information about this 3rd party. - The new creator doesn’t do anything for months. No community announcements, no changes, nothing. A bit odd, considering this is something they paid for.
Community members are worried (there’s also a meager attempt to regain community control of the extension), but stuff doesn’t escalate until October.

Part 2: Wait, This Sounds Familiar

If you’ve read the previous post, I’m sure you’re noticing some...similarities...between the Nano disaster and the happenings here. A popular Chrome extension being sold with little warning or communication to an unknown, untraceable 3rd party? It seems awfully suspicious. The Great Suspender community thought so, too.
So people do some digging, and it seems some hijinks are afoot.
Turns out that the app had been stealth updated. The application was version 7.1.6 in the community GitHub repository, but was 7.1.8 on the Chrome App Store. For non-technical folks, imagine your were working on a group project on Google Docs, but one of your group members made their own copy of the file, drew a bunch of dickbutts on it, then turned it in to the professor as the group’s completed project.
People, understandably, are not happy.

Part 3: Malware or Bad Vibes?

People start digging into the extension’s code, trying to figure out what this new update does. There are no changelogs, and the new developer(s?) do not respond to any questions. One commenter finds evidence that the added code calls outside JavaScript. More sleuthing uncovers that the added code is related to an analytics library. This is relatively common in extensions-turned-malware, apparently.
So it’s malicious code, right?
Maybe.
Despite the new developer’s shady actions, the sum of their contributions was to add user analytics. They also added a functioning opt-out mechanism, which is not something malicious entities tend to do. So some people assume the extension is safe.
Some people.

Part 4: The Great Suspender is Watching You

A skeptical team of users decide to look a bit deeper into the code. Some try to argue not to jump to conclusions, but others are bitter about the whole Nano thing .
Turns out that while the changes are minimal, the extension now request permission to edit web requests. To quote Chrome itself, that’s the ability to “observe and analyze traffic and to intercept, block, or modify requests in-flight”.
The Great Suspender does not need permissions to do this to function. Not in the slightest. Also, it’s super weird that the only change the new dev made from June to October was to add user tracking.
This technically isn’t malware, as the former developer points out. However, an application not being malware isn’t the same as an application being safe. Users were not notified of this change, and if you’re using TGS, you’ve automatically been opted in to this tracking.
People come to the conclusion that while the extension isn’t malware, the new maintainer seems malicious. One particularly baffling comment suggests that the new maintainer has autism. Some people do believe the extension is malware.
Most folks involved in the conversation delete the extension anyway. People generally don’t like being tracked, and they really don’t like being stealth tracked.

Part 5: Should I Be Doing Something?

Probably.
If you are addicted to The Great Suspender, I suppose you could just opt-out of tracking. In my own opinion, I don’t download extensions from shady developers, and I definitely don’t download extensions that stealth add permissions willy-nilly. There are several alternatives to TGS, it’s not as if it’s the only tab suspender in the world.
The bigger picture thing though, is to be aware of what you’re downloading to your browser. A fair amount of Chrome extensions are made by individuals or small teams of people who can really screw you over if you aren’t paying attention. So if you do download an extension, check the reviews, check the change logs, see if they have a website or GitHub repository, and make sure you know what you’re downloading.
Hopefully this is the last post I make on this subject. I love open source projects, so it makes me sad that so many people are impacted by this.

I'm Micah Lee, director of infosec for The Intercept, security and privacy enthusiast, open source coder, journalist, techie for the Snowden leak. AMA!
Hello, internet friends! I'm Micah Lee (micahflee). I'm in charge of information security for First Look Media (the parent company of the Intercept, where I also do investigative journalism and write privacy/security guides). I've been working in journalist security since 2013 when I helped facilitate the Snowden leak. I'm involved in organizations like Freedom of the Press Foundation and Distributed Denial of Secrets, and I also write a lot of open source code. Here are some of my recent projects that I'm happy to talk about:

• I've been digging into BlueLeaks, a breach of hundreds of gigs of data from terribly secured US fusion centers and other US law enforcement websites.
• I've been hard at work on a new version of OnionShare, a tool that lets you do cool things with Tor onion services like share files, turn your computer into an anonymous dropbox, quickly and easily host static darkweb sites, and soon host temporary, ephemeral chat rooms where nothing gets logged
• I've been running an antifascist Twitter privacy service called Semiphemeral that automates deleting old tweets, likes, and DMs, but with the flexibility to choose what not to delete. There's also a slightly-harder-to-use open source version
• I recently made an open source tool called Dangerzone that uses docker containers to convert sketchy Office documents or PDFs into PDFs that you can be sure are safe, basically a digital version of printing a document and then rescanning it

Also, this is probably more on my mind than anything else: Our civilization is crumbling, a plague is raging, climate disasters are getting more frequent and worse and science deniers have all the political power, police are murdering innocent black people and then beating activists in the streets for protesting them (not to mention surveilling their phones and social media), and in the US white supremacists are intimidating voters and threatening civil war. I don't have solutions, but I'd love to use my technical expertise in any way it can be most helpful.
Finally, sorry this AMA is having a bumpy start... It turns out that Reddit is censoring posts that contain links to the DDoSecrets website because a website that published leaked police documents is clearly the worst offense thing that happens on Reddit. >:(
AMA!
Proof: https://twitter.com/micahflee/status/1314706583901949953
Update: I'm logging off for the night (Friday night) but I'll be back tomorrow. Keep the good questions coming! I'm back.
Update: Alright, I’m logging off of the second day of the AMA. Thanks for all the questions everyone, this was fun!