Umbrella Web is a web application developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email; securely access the internet; plan secure travel; protect their office/home; conduct counter-surveillance; or deal with kidnapping, arrest or evacuation. Once a situation is chosen, the app outlines what to do and what tools to use given your circumstances. This is followed by a simple checklist of recommended actions that can be customised, saved and shared securely. Umbrella’s Feed also provides users with an up-to-the-minute account of potential risks in their chosen location.
If you don't want to access the Umbrella Web application from a browser, you may download the native iOS or Android application:
F-Droid fingerprint: 39EB57052F8D684514176819D1645F6A0A7BD943DBC31AB101949006AC0BC228
Umbrella is designed for everyone (people looking to increase their security, folks living in high-risk areas, regular travellers, business people, techies, journalists, NGO staff, aid workers, human rights defenders, social workers, environmental activists, etc).
However, when we built Umbrella we tried to keep in mind the story of Glen Greenwald and Edward Snowden. Greenwald couldn't communicate with Snowden at the start because he found it cumbersome to set up encryption (he nearly missed one of the biggest stories of the decade because of this!). Also, when he (and Laura Poitras) travelled to Hong Kong - they didn't have much knowledge about how to meet securely with Snowden and detect surveillance. This is a common problem for journalists and activists. Umbrella is designed to solve this problem (and others) by having nearly everything they would have needed to know in one place - in their pocket.
Introduction: This is the part the user sees first. It explains briefly how the app works and the basic terms and conditions.
Menu: The bottom navigation menu is the main way for a user to navigate. It lists the feed, forms, lessons (with tool guides), checklists and account.
Feed:
The feed contains security feeds from places like the UN Relief Web and the US Centers for Disease Control. You enter your location (and how often you want to be updated). Every a new update is released (e.g a disease outbreak in your location), the information comes up on the dashboard.
Lessons:
Lessons are where users can learn about topics and things that they can do to improve their security. Some of the lessons have different levels (Beginner, Advanced, Expert) depending on your needs, ability, and risk. Each module is broken down into sections. At the end of each module is a list of other resources and further reading.
Tool Guides: These are detailed guides about how to use software and apps mentioned in the lessons.
Checklists:
Checklists are quick and easy references to help users implement the advice in the lessons. You can tick them off as you complete each item. Items can be edited. You may also create custom checklists. If you start ticking a checklist, you will then see them on the Checklists page. Checklists can also be shared through other apps such as your email.
Forms:
Forms allow a user to quickly fill out and share important information about issues such as their travel plan in a high-risk location or report on a digital/physical security incident.
The general flow of lessons is presented in order to replicate the typical way that a user works. Protecting their information -> Communicating with other people -> Arranging and travelling to a location -> Doing their operations and work -> Dealing with personal issues that may arise-> Seeking support if something goes wrong.
These are the lessons currently in Umbrella.
- Security Planning
These lessons mostly cover the security of information that is stored on your computers.
- Managing information
- Malware
- Passwords
- Protecting Files
- Safely Deleting
- Backing Up
- Protect your workplace
- Workplace raids
These lessons mostly cover the security of information when it is sent or received.
- Mobile Phones
- Making a call
- Sending a message
These lessons cover the security of travelling in high-risk areas.
- Preparation
- Borders
- Vehicles
- Checkpoints
- Protective Equipment
These lessons include topics that may affect you in your work.
- Meetings
- Being followed
- Protests
- Dangerous Assignments
- Public Assignments
- Public Communications
- Whistleblowers
These lessons cover how to respond to events.
- Arrests
- Evacuation
- Kidnapping
- Sexual Assault
- Terrorism
- Stress
Explains places to get extra help if you have a problem.
- Physical
- Digital
These are detailed guides about how to use software and apps mentioned in the lessons. These are the tools currently covered in the tool guide.
- Messaging
- Mailvelope
- ObscuraCam
- Pidgin
- Psiphon
- Signal for Android
- Signal for iOS
- Encryption
- Encrypt your iPhone
- k9 & Open Keychain
- KeePasXC
- PGP
- PGP for Linux
- PGP for MacOS
- PGP for Windows
- Tor
- Orbot & Orfox
- Tor for MacOS
- Tor for Linux
- Tor for Windows
- Files
- Cobian Backup
- Recuva
- VeraCrypt
- Other
- Android
Contains explanations of the various terms used in the app.
Explains the licences that we use for and by Umbrella. Also says a big THANKYOU to everyone who's work we built on to make it happen.
These are the sources that we currently include for real-time updated security Feeds. For privacy reasons, users never connect directly to these services. We are always looking for more useful sources that will help users keep updated on the move.
- ReliefWeb / UN: excellent physical security updates that amalgamate information from the UN and various NGOs - though not available in every country
- Foreign and Commonwealth Office: foreign travel advice, consular help and services abroad and document legislation
- Centers for Disease Control: updates on disease and health warnings
- Global Disaster Alert and Coordination System: updates on natural disaster issues such as floods, earthquakes and tsunamis
- US State Department Country Warnings: updates mainly focused on the security situation for travellers and internationals - available for every country
Navigate to the "Account" from the menu on th left of the screen. Here you can:
- Modify settings (feed interval, feed location, feed sources, notifications, connections, import data, export data)
- Enable Mask
- Set a password
- Log out
Any browser on any device!
Thank you for your interest in contributing to Umbrella. See our contributing guide.
Build Instructions
Setup environment file based upon the README.env environment file and use the following commands to start your local server:
npm install
npm install forever -g
npm run dev // runs development server with nodemon listening for server changes
// export all environment variables here in command line before building, for production instances
npm run build // builds the next js app
npm run start // to run production on local
forever start -a -o out.log -e err.log server.js // for production instances
If you'd like to use a different branch for Umbrella content, in your terminal change directory to /static/assets/content
(root dir for content git) and run git checkout YOUR_BRANCH
. You will also need to change the branch in the repo fetch in /server/api/github
.
Thanks to everyone who has contributed code to Umbrella. It wouldn’t have happened without you.
- Rok Biderman – Security First Lead Developer
- Vesna Planko – Security First Lead UI/UX Designer
- Alex Guerrieri – Security First Developer
- Adam Hani Schakaki – Security First Developer
Cryptography Notice
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
See http://www.wassenaar.org/ for more information.
License
Copyright 2013-2021 Global Security First Ltd. (trading as Security First)
Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html