OpenSSL 1.1.1 Audit Fundraising

 

Updated Apr 26, 2018

Around this time last year, I helped the OSTIF spread the word about a fundraiser for an audit of OpenVPN, a critical tool for our privacy.  This year, they are going above and beyond the scope of last year’s successful drive, and are now beginning to fundraise to audit an even MORE fundamental software toolkit – affecting not just our VPNs – but almost everything that uses encryption online – OpenSSL.

 

I’ve stated previously that Free (as in Freedom) and open source software projects are a critical resource for us to maintain our privacy in our modern world.  Many if not most times, these projects are driven by passionate individuals or teams who have rejected the notion of sitting idly by while a few soulless corporations release their self-serving, proprietary implementation of a software solution.  These people are volunteering their own time and skills to prop up a section of the precarious structure that is the free and open internet.

 

Because these projects are open and verifiable, we, the people who use them either directly, or indirectly, have the opportunity (some might say responsibility) to inspect them to make sure they continue to be safe and suitable for our need for a robust, free solution.  This is one such opportunity.

 

Many people are not aware of how OpenSSL affects them.  So allow me to briefly illustrate how important OpenSSL is:

  • The operating system you’re using, regardless of which?  OpenSSL.
  • Email?  OpenSSL.
  • VPNs?  OpenSSL.
  • Most webservers?  OpenSSL.

 

It is pervasive and critical to the way we use the Internet.  OpenSSL’s 1.1.1 release introduces support for TLS 1.3 – the first major revamp of the standard in almost 10 years.  This is one of many reasons why an audit is critical – more can be found on OSTIF’s announcement.

 

I personally believe this is an important cause, so I’d like to mention it to you here.

 

Right off the bat, let me say that I would never ask you, or anyone else to do something that I wasn’t willing to do myself, so I will be contributing $100 to this cause.  If you want to help the BILLIONS of people who use the Internet, including yourself, enjoy the ongoing integrity of encryption on the Internet, please consider donating!  Lastly – as I did last time – I will match dollar for dollar (or bitcoin for bitcoin), my readers donations – up to a further $100.

 

I would especially like to get the attention of anyone representing an Email or VPN company who may be reading this post.  Whether you care to admit it, the data security of your company and customers relies on OpenSSL.  You have been benefitting from this team’s work and gratis use of the product of their time and talents.  I humbly request that you take a moment to give back in order to audit their work so that it is the best it can be!  This makes the Internet landscape better for everyone – and in return, if you’re an Email or VPN company you may also receive some recognition on the Comparison Charts under “Gives back to privacy causes” – and below on this page!

 

DONATE TO THE OPENSSL AUDIT HERE

 

Thank you for helping to keep the Internet secure for us all!

  • That One Privacy Guy – $100
  • Private Internet Access – $25,000
  • Mullvad – $1,200
  • Tutanota – €100
  • VPN.com – $100
  • FlashRouters – $1,000
  • Hardened Linux Project – $1,337
  • OpenVPN – $5,000
  • BolehVPN – $200
  • Mullvad – €1,000

 

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.