April 28 2022 GM
Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EST / 1pm UTC. Do you need an invite? Learn how to get one here.
Date: Thursday, April 28st
Time: 9am EDT / 1pm UTC
Who: Raphael Mimoun
Where: On IFF Mattermost Square Channel.
- Don't have an account to the IFF Mattermost? you can request one following the directions here.
What's new in Tella 2.0?
We'll discuss the release of Tella 2.0 and the security, feature, and usability improvements the release brings to users.
- Raphael Mimoun is Programs Lead at Horizontal, where he oversees the development and deployment of security and privacy tools like Tella.
Raph (@raph on Mattermost), Programs Lead at Horizontal, where he oversees the development and deployment of security and privacy tools including Tella to tell us about Tella 2.0
For those who are not familiar with the app, can you introduce Tella and Horizontal?
- For sure! Horizontal is a small organization where we do digital security training and develop tools for activists, journalists, and human rights defenders.
- And Tella is the main tool we've been working on. It's an app (for now just on Android) to encrypt and hide files on your phone, and also to help organizations with human rights documentation (collect data, photos, videos, etc). It's a response to the rise in device searches and confiscation happening everywhere around the world, and to the need to protect human rights data and evidence folks collect from their phones.
What's new in Tella 2.0?
- The main things that are new compared to v1 of Tella are:
- Previously, the only lock supported was "pattern". Now users can use PIN or Password too!
- Users can now hide Tella behind an actual, functioning calculator. So on your Android device, the app is called "Calculator" and has a calculator icon; and when you open it, it's just a normal looking calculator; and only if you enter your PIN followed = will the app open to reveal your files.
- You can now import all file types into Tella (previously it was only photos, videos, and audio) and you can organize them into folders.
- And for organizations and groups engaging in human rights documentation, we integrated with Uwazi (from our friends at HURIDOCS), which is a platform to collect and organize data.
- And we gave the app a full UI refresh, hopefully it looks nice
- I think that's it! This is good by the way, I need to be documenting all new changes and features so this is forcing me to get to it!
What are the minimum device requirements for an optimal use of Tella?
- Android 5.1 and about 20MB to install the app. That's pretty much it.
- Though if you're going to use Tella to store and hide files, it will be important to have more space available on your device!
- We would love to work with CalyxOs
- Here is the folder with the latest APK.
Can you walk us through the security features of Tella?
- The first thing is that all files and data is encrypted in Tella by default. Users don't have to do anything, it's all automatic. When you take a photo or video using the camera inside Tella, or recording audio using the recorder inside the app, the files are automatically encrypted. You can also import files from you regular gallery (but you need to make sure to delete the original if you don't want anyone to find it)
- There is also a Camouflage feature. You can either change the name and icon of the app (it can be called "Weather" or "Snap Camera"), or make it into a full fledged calculator
- There is a "quick shutdown" button which locks the app. So if someone is just about to grab your phone, when you exit the app should be automatically locked but if you want to be extra safe, this button exits and locks the app on the spot.
- There is also a "quick delete" button. It's a button that you slide on your homescreen and a countdown shows up, and after 5 seconds, it deletes all the files in the app.
- We also have a "screen security" feature to prevent screenshots and also to hide the app in the list of recent apps
Can you explain the "connect to server" feature and how it works?
- This is primarily for groups and organizations who want to collect data. In the past, this feature has been used by election monitoring groups asking election observers to send data on events around polling station; human rights groups trying to collect evidence of abuse to publish and show the world, or even to bring to court; or any other kind of data (we've had partner collect data on gender-based violence or attacks on land rights defenders).
- And basically Tella users connect to their organization's server. They enter the server URL and if needed username/password. And from there they can send data. Most of the times it's just a handful of users sending data, but we've had cases where 2,000 users sent data to their organization during an election.
- Organizations can decide what kind of server makes the most sense based on their needs. For now we support two server types:
- Uwazi, which is a great way of creating large collections of data. You can create custom forms for users to fill, and then admins can establish relationships between the forms (so for example, link a perpetrator to several events), which helps see the bigger picture. You can also pretty easily publish all or part of the data.
- Open Data Kit, which is an open data standard but the most famous application is Kobotoolbox. So organizations can set up forms and surveys, and users can fill those directly from their device.
- And we're adding a third one next month! The third integration will make it easier to develop the NextCloud integration next!
Are you planning on making Tella 2.0 available for iOS?
- We are actually working on a first version of Tella for iOS. It should be out next month.
- Initially it will support encrypting and hiding files, but not the data collection features. That will be later!
While using the browser of the phone, is it possible for the user to upload a file on a web app and get Tella to provide the file to the browser?
- Good question--never got it before!
- Unfortunately that's not possible, because of the encryption of the files. What you'd need to do is export the file from Tella to the phone's gallery or file system, and from there upload it. It's less than ideal because it may expose the file in the phone, but that's the only way of doing it.
- Perhaps something we can work on at some point
- With Save, the main differences are:
- The ability to fill forms and send data to servers like Kobo and Uwazi
- The encryption and camouflage features
- With eyeWitness to Atrocities, the main differences are:
- the ability to encrypt files
- data ownership: Tella users can send data to their organization's server (such as Uwazi), while on eyeWitness the data goes to eyeWitness' servers, so that have control of the data
- and the code for Tella is open source
You're still working on the Tella website, when it is back online and can you point us to resources where folks can learn about Tella?
- We have this documentation
- But to be honest it's not up to date with Tella 2.0, I will be working on it in the next few weeks
Regarding the encrypted files, after the phone got confiscated is it possible to dump the contents and try to get the original one. Or is there a mechanism which does not allow the files to be moved?
- So in theory, even if the phone is cloned, because the data is encrypted, it's safe and cannot be accessed.
- We haven't been able to test this ourselves, but the app is going through a security audit at this very moment, so we'll know soon. And we'll publish the results of the audit of course
For no "screenshot feature" is it mentioned for the user when installed or need to find it themselves?
- The no screenshot feature is enabled by default so users don't need to do anything.
- But they can disable it if needed (for example if a trainer is doing a training or a presentation)
In which languages is the Tella app available? And what other languages do you plan to make available soon?
- Thanks to Localisation Lab, in quite a few languages actually! We have:
- Karen Sgaw
- And we'll be hopefully completing and updating Russian, Belarussian, Tamil, Malayalam, and Indonesian soon
How does tella work in limited or no connectivity area with "connect server" feature?
- You need an internet connection to connect to the server in the first place.
- Then you can work fully offline for as long as you want--hours, days, weeks, or more. You can fill as many forms as you want and save them.
- And when you reach the internet, you can upload it all!
What metadata does Tella collect?
- So if we're talking about traditional metadata, we don't collect much. We do have crashlytics installed to track bugs, but we're hoping to move away from that some time soon. We're also in the final stages of implementing CleanInsights, which is a method of getting analytics data (to know for example what features use the most) that protects user privacy.
- We also have a way for users to collect metadata about the photos/videos/audio they record on the app, to make it verifiable. You can read about it here.
Is the team planning to move to kotlin codebase? You mentioned working on iOS it is based on kotlin?
- Yes! new code is in Kotlin, though we're sticking to Java for older parts
- We're developing in Swift. We didn't look at Kotlin specifically, but crossplatform frameworks are usually really heavy. At least Flutter and ReactNative take way too much space on user devices, which is a problem for the people using Tella (often on old or low end devices)
Where can folks share their user feedback? & How can our community support you?
- Many ways! We love to hear feedback, especially if there is something that isn't working well or could be improved, so that's a great way of contributing. Also sending in feature requests is very useful to help us decide and prioritize what should come next.
- For now, we don't have a systematic way of collecting user feedback. We're in touch with many individuals and groups using Tella, so they send us their feedback directly on Signal or by email. So email is a good start (firstname.lastname@example.org) and our Github repo is of course good too for folks who feel comfortable with it!
- You can also help with localisation too