Saturday, August 17, 2013

Only the Paranoid Survive ( A guide to safeguard your online activity by anonymizers and cryptography using open source fully tested alternatives)

Its official, Everybody is spying on everyone else. (PRISM, Xkeyscore and Tempora).

But, you can fight back. With all of the major services being compromised many activists have created tools for your safety and preventing your conversations from being eaves dropped or your personal files from being intercepted.

Note, you have direct access to download the softwares, just click on the blue colored lines for home pages of the said services/ softwares.

Operating system

Proprietary

  • Apple OS X
  • Google Chrome OS
  • Microsoft Windows

Notes

Apple, Google, and Microsoft are allegedly a part of PRISM. Their proprietary operating systems cannot be trusted to safeguard your personal information from the NSA. We have two free alternatives: GNU/Linux and BSD.
GNU/Linux has a much larger community to help you with the transition. It’s recommended that you begin your explorations by looking for a GNU/Linux distribution that suits your needs.
Debian has a long tradition of software freedom. Contributers have to sign a social contract and adhere to the ethical manifesto. Strict inclusion guidelines make sure that only certified open source software gets packaged in the main repositories.
Gentoo describes itself as a meta-distribution. The source code is compiled to binary applications on the user's machine allowing near-unlimited adaptability and complete retraceability of the program logic.
Linux Mint Debian Edition (LMDE) is probably the easiest-to-use distribution for people migrating from Microsoft Windows.
Both Fedora and openSUSE are community editions that serve as the stable basis for enterprise ready GNU/Linux distributions with commercial support. Companies all over the world trust Red Hat Inc. and SUSE Linux GmbH because of their transparency throughout the whole development process.
Parabola GNU/Linux is effectively 99% Arch Linux with a de-blobbed kernel and a meta-package that blocks unfree licenses. Both of these features can be installed under Arch.
Canonical’s Ubuntu is not recommended by PRISM Break because it contains Amazon ads and data leaks by default. GNU/Linux distributions based on Ubuntu are also currently not recommended due to several other reasons.

Live CDs & VM images

Notes

A live distribution like Tails or Liberté Linux is the fastest and easiest way to a secure operating system. All you have to do is create a bootable CD or USB drive with the files provided and you’re set. Everything else will be preconfigured for you.
A virtual machine (VM) image like Whonix is designed to be run inside of a virtualization package like VirtualBox. VirtualBox can be installed on Windows, Linux, OS X, and Solaris. This means that if you're stuck using Windows or OS X for whatever reason, you can install VirtualBox and use Whonix to increase your privacy and security.

Android

Proprietary

  • Google Android
  • Google Play

Notes

CyanogenMod licensing:
“CyanogenMod does still include various hardware-specific code, which is also slowly being open-sourced anyway.”

If Replicant supports your Android device, you should definitely use it instead of Cyanogenmod, as Replicant is fully free and runs without relying on proprietary system code.
Google Apps for Android (Gapps) are the proprietary applications by Google that come pre-installed with most Android devices. After flashing your firmware with either Cyanogenmod or Replicant, safeguard your data by not re-installing Google Apps on your phone.

iOS & WP

Proprietary

  • Apple iOS
  • Microsoft Windows Phone

Notes

iOS and WP are proprietary operating systems whose source code are not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device.

Web browser

Proprietary

  • Apple Safari
  • Google Chrome
  • Microsoft Internet Explorer
  • Opera

Notes

Try to use Tor Browser Bundle (TBB) for all of your web surfing. It will offer you far better anonymity than any other browser. Make sure to learn the basics of Tor before using it. If the site you want to visit will not work in the TBB, try Firefox instead, but realize these browsers do not anonymize your IP by default.
TBB notes: Using the TBB to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node.
Firefox notes: This browser uses Google search by default: replace it with a more private alternative. Another debranded alternative to Firefox is Iceweasel, a browser for Debian-based distributions.

Web browser add-ons

Notes

Installing your own add-ons into the Tor Browser is not recommended, as they may bypass Tor or otherwise harm your anonymity and privacy. Check the EFF's Panopticlick to see how trackable your browser configuration is by third parties.
If you're using a Firefox-based browser, you can safeguard your browsing habits and stop advertising companies from tracking you by installing Adblock Edge, Disconnect, and HTTPS Everywhere.
Install NoScript and enable ‘Forbid scripts globally’ to improve the security of your browser by preventing 0day JavaScript attacks. This is a drastic option as it will render many websites unusable as they rely heavily on JavaScript. NoScript offers a whitelist you can use to selectively enable JavaScript for sites you trust, but this is considered especially bad for your anonymity if you're using NoScript with Tor.
Why is Adblock Plus not recommended? Adblock Plus shows “acceptable ads” by default, which works against the purpose of the add-on. Either disable acceptable ads or use the Adblock Edge fork instead.
Ghostery is an alternative anti-tracker add-on to Disconnect. While the code is available, the license is currently proprietary.

Maps

Proprietary

  • Apple Maps
  • Google Maps
  • Google Earth
  • Microsoft Bing Maps
  • Yahoo! Maps

Notes

“If you spend time contributing to OpenStreetMap you are helping a good cause, and building a geographic database of the world which is free and open for all and forever.”

Email service

Proprietary

  • Google Gmail
  • Microsoft Exchange
  • Microsoft Outlook.com
  • Yahoo! Mail

Notes

Here are some email providers that try do things right and run email for you. Please decide for yourself whether you trust them with your data.
MyKolab is hosted in Switzerland and benefits from the strong Swiss privacy laws. It is run exclusively with free software and using the service supports the development of Kolab. Also, it lets you export all your data at any time.
Bitmessage is a promising alternative to email, but it has not yet been audited by security professionals. Use at your own risk. If you decide to try out Bitmessage, make sure to generate a completely random ID to greatly reduce the probability of ID collisions.
Why not Hushmail? See 'compromises to email privacy'.
If you decide to run your own server, Kolab is a worth looking into for mail management. It integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.

Email client

Proprietary

  • Apple OS X Mail
  • IBM Notes
  • Microsoft Office Outlook
  • Novell Groupwise

Notes

Switching from a proprietary service like Gmail to one of the more transparently-run email services  is the first step to a secure email account.
The second step is getting you and your contacts to encrypt your plain text messages with PGP encryption. This section contains free email clients that support PGP.
Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail.
Find out more about the differences between Mozilla Thunderbird and Icedove.

Email encryption

Notes

“Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications.”

PRISM Break does not recommended S/MIME email encryption because of its reliance on third-party certificates from central authorities. Read more here.

Instant messaging

Proprietary

  • AOL Instant Messenger
  • Apple OS X Messages
  • Google Talk
  • Trillian
  • Viber Messenger
  • WhatsApp Messenger
  • Yahoo! Messenger

Notes

“Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.
The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing.”

Note that Pidgin stores your IM account passwords in plain text. You can avoid this by (1) not saving your password in Pidgin, (2) encrypting your file system with software like TrueCrypt, or (3) storing your Pidgin password securely with the Debian package pidgin-gnome-keyring.
Pidgin with OTR and dbus enabled has a security bug that can be exploited by malicious programs on your PC. See the upstream bug report for more information and possible workarounds.
TorChat is not related to nor sponsored by the official Tor Project.
Threema is not recommend by PRISM Break as it is closed source software. Freely available source code is a necessary condition for privacy and security.

Video conferencing & VoIP

Proprietary

  • FaceTime
  • Google+ Hangouts
  • Google Talk
  • Skype

Notes

Get a free SIP account for Jitsi and/or CSipSimple with The Guardian Project’s Ostel service.
Jitsi warnings: Jitsi may request non-secure information during encrypted chat if you paste a link into it. Also, if Jitsi is set up to use Tor, it may leak DNS information by not using Tor for DNS resolution. Lastly, Jitsi records chat history in unencrypted form.
Linphone, an alternative video conferencing and VoIP option, currently has unresolved security weaknesses.

Social networking

Proprietary

  • Google+
  • Facebook
  • LinkedIn
  • Twitter

Notes

If you have system administration knowledge, please strongly consider running an instance of pump.io (or something else) for your friends, family, or favorite community. Many of them would be willing and grateful to escape Facebook if you provide them a way out.
For those of you without your own server, RetroShare is the easiest way to start your own encrypted social network.
identi.ca is a popular Twitter-like social networking hub for the free and open source software community built on pump.io.

Cloud storage

Proprietary

  • Apple iCloud
  • Dropbox
  • Google Drive
  • Microsoft SkyDrive

Notes

BitTorrent Sync, MEGA, SpiderOak, and Tarsnap are services that are built on either partially or fully proprietary software. They will not be recommended on PRISM Break until they open source the entirety of their codebase.
With closed source software, you need to have 100% trust in the vendor because there's nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.

Document collaboration

Proprietary

  • Google Docs
  • Microsoft Office Web Apps
  • Zoho Office Suite

Notes

The etherpad project maintains a list of sites that run etherpad services. Please only choose from the services that use SSL, and research the site's background before trusting them with your data.
Riseup also offers email, VPN, and chat services.

Media publishing

Proprietary

  • Flickr
  • Instagram
  • Picasa
  • Tumblr
  • YouTube
  • Vimeo

Notes

Self-hosting your media is important for privacy and security. Hosting your blog on WordPress.com is no better for your data security than Blogger or Tumblr.
Warning: Using avatars in WordPress will activate Gravatar, which which will send your email address to gravatar.com. Avatars are activated by default and can be turned off under “Settings > Discussion > Avatars”.
Warning: MediaCrush includes Google Analytics and Google Adsense if you do not have Do Not Track enabled.

Online transactions

Proprietary

  • PayPal
  • Google Wallet

Notes

Learn more about Bitcoin and get started with your first free wallet at We Use Coins.

Digital distribution

Proprietary

  • Steam

Notes

Desurium is only the client. You will still have to trust/depend on the proprietary desura service.

Virtual Private Network (VPN)

Proprietary

  • Cisco Systems VPN Client
  • Viscosity

Notes

Encrypted virtual private network (VPN) technology can be used by ordinary Internet users to connect to proxy servers for the purpose of protecting one’s identity and online footprint.
More on Wikipedia.

Web analytics

Proprietary

  • Google Analytics

Notes

Piwik analytics powers this site. It‘s set up to anonymize the last three bits (255.xxx.xxx.xxx) of visitor IPs. Check out the live data here: prism-break.org/analytics and view our privacy policy.

DNS provider

Proprietary

  • Google Public DNS

Notes

Google Public DNS permanently logs your ISP and location information for analysis. Your IP address is also stored for 24 hours.
OpenNIC has not adopted an official policy concerning log query privacy/anonymization. You may choose anonymous DNS servers on this page.

Meshnet

Notes

A meshnet is a decentralized peer-to-peer network, with user-controlled physical links that are usually wireless.
“Mesh networking (topology) is a type of networking where each node must not only capture and disseminate its own data, but also serve as a relay for other nodes, that is, it must collaborate to propagate the data in the network.”

XMPP server software

Notes

“Extensible Messaging and Presence Protocol (XMPP) is a communications protocol for message-oriented middleware based on XML (Extensible Markup Language). The protocol was originally named Jabber, and was developed by the Jabber open-source community in 1999 for near real-time, instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has also been used for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, Internet of Things applications such as the smart grid, and social networking services.”

SIP server

Notes

“The Session Initiation Protocol (SIP) is a signaling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks.”

Here’s a guide by Asipto to setting up and running your own Skype-like SIP service with Kamailio in under an hour.

--

Source for the above and for latest updates do check: 

https://prism-break.org/