Sean McGregor edited this page Feb 24, 2016 · 45 revisions


The Privly Foundation builds a first-of-its-kind privacy application stack for the web. If you are new to the Privly Project, you should first watch the non-technical overview video and the technical overview video.

For a first-person demonstration of the stack's capabilities, try out the Google Chrome Extension or Firefox Extension. You will need an account on either or

Prospective students should note that successful GSoC applications are built on understanding the architecture and context of the system-- the best projects can be ones that the current community hasn't yet thought about. So don't be afraid to propose your own!

Privly's core development areas can be broken into the following broad categories, but many ideas will be at the intersection of two or more of these development areas.

Injectable Application Developers: This is the biggest area where you can express your creativity as a developer. An injectable application is a Javascript application that is displayed inside an iframe on a potentially unsafe webpage. Injectable application developers work primarily in Javascript and HTML. Example ideas include: Implement an Encrypted Rich Media Privly Application, Implement a Chat Injectable Application, Develop Injectable App API for Host Pages (formatting, content length, etc). Read about injectable applications on O'Reilly's Programming Blog.

Extension Developers: Extension developers build Privly's User Interface on top of web browsers. Extension developers work primarily in Javascript. Example ideas include UX Development, Developing Mobile, and building a User Content Extensible Web Annotation System.

Content Server Developers: People who work on server side development primarily work on making it easier for any server technology to host for Injectable Applications. The applications viewable on web pages are Javascript applications making JSON requests to content servers for their referenced content. Content server developers can work with any server backend, but the most advanced content server is the reference implementation content server. Server-side developers should note that the Privly Project does not build much dynamic functionality on the server side since an important element of the system is pushing content cryptography into the client. Keep this in mind if you want to develop on the server side.

Mentors and Resources

We prefer you contact mentors on the development mailing list or on IRC. Please only contact people's personal email if there is a good reason why it can't be discussed openly. Non-mentor contributors to the project will want to know what you are working on so they can contribute from time to time.

Sean McGregor is the lead developer of the Privly project. He is the person to go to for questions on the overall architecture, as well as the Chrome and Firefox extensions. smcgregor on and by email.
Shivam Verma maintains the Android application and was one of Privly's 2013 GSoC students before becoming a mentor in the 2014 GSoC.
Daniel Reichert develops for the project outside his work at LinkedIn. He formerly worked at the Oregon State University Open Source Lab, which is another great organization that mentors students.

Two of the Privly Foundation's board members will also be available for consultation during the summer.
Leslie Hawthorn
Carlos Jensen
Jen Davidson (community manager, emeritus)

User Experience Engineering

Platform Chrome or Firefox
Mentors Sean, Daniel
Preferred communication Email the development mailing list discuss.
Brief description The user experience of the Privly project is intended to be as seamless as possible, meaning you don't need to know when you are interacting with the Privly extension. This project aims to translate these ideals into reality. Only approach this project if you have an imagination for different ways of interacting with users on the extensible web. Challenging but fun!
Skills needed Javascript experience is a requirement, but we can work with you to develop the UX skills for Cognitive Walkthroughs, Think-Alouds, and more. Proposals to this idea would benefit from including a link to a blog post of a think-aloud of the applicants first-use of a Privly system.
Blueprints The seamless posting issue is an excellent issue to begin building a proposal around. You can consider it your task to make the UI of the browser extension optional for performing any posting or reading tasks.
Other resources Here is an example UX issue. Compare Privly's current operation to Mail Envelope and others and propose changes to the posting process.

Implement an Encrypted Rich Media Privly Application

Platform Chrome or Firefox
Mentors Daniel, Sean
Preferred communication You can either comment on the GitHub issue or Email the development mailing list discuss.
Brief description Have you ever shared encrypted rich media? It is so difficult to do that very few people have. We have a proof of concept encrypted image sharing application built on Privly that drastically improves the UX of encrypted media sharing, but we need someone to develop the proof of concept into something ready for production. This project puts you into the center of developing a full application from design to production.
Skills needed JavaScript experience.
Blueprints see the blog post
Other resources You should read about Data URIs since these are how we render images that are decrypted client-side.

Advance Android Application

Platform Android
Mentors Shivam, Sean
Preferred communication Comment on the GitHub issue, or Email the development mailing list to discuss.
Brief description The Android version of Privly has been developed considerable functionality since it was first introduced in the 2013 Google Summer of Code, but these developments have been largely targeted at mirroring the functionality found on the Privly desktop clients. For this GSoC, we would like to encourage applicants to think beyond mirroring functionality to begin leveraging the mobile nature of the platform.
Skills needed Android Development and Some Javascript.
Blueprints Coming Soon. In particular, we are interested in seeing proposals that facilitate secure exchange and verification of key sets among mobile users. While people are generally unskilled in exchanging and signing keys, people understand the implications of sharing contacts via phones. Your task here is to build the sharing facility via NFC and/or QR codes and to make this trusted database shareable with other platforms.
Other resources GitHub issue, Why Johnny Can't Encrypt

Implement a Chat Privly Application

Platform Chrome or Firefox
Mentors Daniel, Sean
Preferred communication Email the development mailing list discuss.
Brief description Privly's current injectable applications are oriented towards asynchronous communication, but the extensions work inside chat services like gchat and Facebook chat. Two approaches to adding synchronous communication to Privly are to implement an encrypted chat application using OTR or to build on top of old standards like IRC. If you build on IRC or WebRTC, then we expect most of the summer will focus on developing the user experience until it is as smooth as possible. If you build an OTR application, then we expect you to spend most of the time evaluating and documenting the security of the application.
Skills needed JavaScript experience.
Hard Requirements This GSoC idea has additional requirements that must be satisfied before proposals will be reviewed: Complete all non-project "levels" in the development guide. If you are planning on working on the OTR app, you will need to fully specify the threat model before the application closes. Project mentors will be able to help you complete these requirements before the proposal period closes.
Blueprints A related UX issue can be found on GitHub, see discussion from last year
Other resources If you base the proposal on IRC, you should plan on porting something like qwebirc. If you base the plan on OTR, you should plan on porting something like CryptoCat.

Develop Injectable App API for Host Pages (formatting, content length, etc)

Platform Chrome or Firefox
Mentors Sean, Daniel
Preferred communication Email the development mailing list discuss.
Brief description An injectable application may expose a message-based API to the host page it is embedded into. This idea focuses on enabling the host page to appropriately influence the operation of the application.
Skills needed JavaScript
Blueprints Coming Soon
Other resources See the issue on GitHub

Extensible Web Annotation System

Platform Firefox, Chrome
Mentors Sean, Daniel
Preferred communication Email the development mailing list to discuss.
Brief description Browser extensions that modify web pages either look for a fixed string to modify (Privly) or they pre-store an xpath to the modified contents of their application (Mailvelope, ShadowCrypt, etc). Your task in this project is to build a shared database for all extensions that accepts xpath expressions for including and excluding regions for extension operations. A stronger proposal will include tactics on combating sybil attacks and preventing the storage of private information in extension-contributed xpath expressions.
Skills needed Strong in JavaScript
Blueprints Coming soon.
Other resources A short video showing how you can get an xPath on Chrome.



Platform Which Privly project this applies to – Chrome, Firefox, Safari, Opera, Mobile, Web, Cross-platform
Mentors Names of people willing to mentor this project
Preferred communication IRC/Nick; e-mail to privly; private e-mail to; skype to
Brief description One paragraph narrative description of project
Skills needed Any specific useful skills or knowledge (other than basics).
Blueprints Links to blueprints or detailed descriptions
Other resources Links to references, supporting material, relevant standards, partner organizations, examples of use cases...