Its official, Everybody is spying on everyone else. (PRISM, Xkeyscore and Tempora).
But, you can fight back. With all of the major services being compromised many activists have created tools for your safety and preventing your conversations from being eaves dropped or your personal files from being intercepted.
Note, you have direct access to download the softwares, just click on the blue colored lines for home pages of the said services/ softwares.
Pidgin with OTR and dbus enabled has a security bug that can be exploited by malicious programs on your PC. See the upstream bug report for more information and possible workarounds.
TorChat is not related to nor sponsored by the official Tor Project.
Threema is not recommend by PRISM Break as it is closed source software. Freely available source code is a necessary condition for privacy and security.
But, you can fight back. With all of the major services being compromised many activists have created tools for your safety and preventing your conversations from being eaves dropped or your personal files from being intercepted.
Note, you have direct access to download the softwares, just click on the blue colored lines for home pages of the said services/ softwares.
Live CDs & VM images
Free alternatives
Notes
A live distribution like Tails or Liberté Linux
is the fastest and easiest way to a secure operating system. All you
have to do is create a bootable CD or USB drive with the files provided
and you’re set. Everything else will be preconfigured for you.
A virtual machine (VM) image like Whonix is designed to be run inside of a virtualization package like VirtualBox. VirtualBox can be installed on Windows, Linux, OS X, and Solaris. This means that if you're stuck using Windows or OS X for whatever reason, you can install VirtualBox and use Whonix to increase your privacy and security.
A virtual machine (VM) image like Whonix is designed to be run inside of a virtualization package like VirtualBox. VirtualBox can be installed on Windows, Linux, OS X, and Solaris. This means that if you're stuck using Windows or OS X for whatever reason, you can install VirtualBox and use Whonix to increase your privacy and security.
Android
Proprietary
-
Google Android
-
Google Play
Free alternatives
Operating system
-
CyanogenMod
Aftermarket firmware for Android devices. -
Replicant
Fully free Android distribution based on CyanogenMod. FSF endorsed -
Firefox OS
Free and open source operating system for Android-compatible devices. Digital distribution
-
F-Droid
Free and open source alternative to the Google Play app store for Android. FSF endorsed
Notes
CyanogenMod licensing:
Google Apps for Android (Gapps) are the proprietary applications by Google that come pre-installed with most Android devices. After flashing your firmware with either Cyanogenmod or Replicant, safeguard your data by not re-installing Google Apps on your phone.
“CyanogenMod does still include various hardware-specific code, which is also slowly being open-sourced anyway.”If Replicant supports your Android device, you should definitely use it instead of Cyanogenmod, as Replicant is fully free and runs without relying on proprietary system code.
Google Apps for Android (Gapps) are the proprietary applications by Google that come pre-installed with most Android devices. After flashing your firmware with either Cyanogenmod or Replicant, safeguard your data by not re-installing Google Apps on your phone.
iOS & WP
Proprietary
-
Apple iOS
-
Microsoft Windows Phone
Free alternatives
Notes
iOS
and WP are proprietary operating systems whose source code are not
available for auditing by third parties. You should entrust neither your
communications nor your data to a closed source device.
Web browser
Proprietary
-
Apple Safari
-
Google Chrome
-
Microsoft Internet Explorer
-
Opera
Free alternatives
- IP hidden
-
Tor Browser Bundle
Encrypted, anonymous web browsing powered by the Tor network. -
JonDonym
Private browsing with the JonDo IP anonymization service and JonDoFox profile for Firefox. - IP exposed
-
Mozilla Firefox
Fast, flexible and secure web browser with a vibrant add-on ecosystem. - Android
-
Orbot
The features and functionality of Tor for Android.
Notes
Try to use Tor Browser Bundle (TBB) for all of your web surfing. It will offer you far better anonymity than any other browser. Make sure to learn the basics of Tor
before using it. If the site you want to visit will not work in the
TBB, try Firefox instead, but realize these browsers do not anonymize
your IP by default.
TBB notes: Using the TBB to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node.
Firefox notes: This browser uses Google search by default: replace it with a more private alternative. Another debranded alternative to Firefox is Iceweasel, a browser for Debian-based distributions.
TBB notes: Using the TBB to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node.
Firefox notes: This browser uses Google search by default: replace it with a more private alternative. Another debranded alternative to Firefox is Iceweasel, a browser for Debian-based distributions.
Web browser add-ons
Free alternatives
- Privacy & security
-
Adblock Edge
Block advertisements and trackers across the web with filter subscriptions. -
Disconnect
Visualize and block invisible tracking of your search and browsing history. -
HTTPS Everywhere
Encrypt your communications from thousands of websites by enforcing HTTPS everywhere. -
NoScript
Only enable JavaScript, Java, and Flash for sites you trust. advanced -
RequestPolicy
Control which cross-site requests are allowed by sites you visit. advanced - Instant messaging
-
CryptoCat
Private and encrypted instant messaging within the web browser. OTR - Email encryption
-
Mailvelope
OpenPGP email encryption tool for major webmail services. PGP beta
Notes
Installing your own add-ons into the Tor Browser is not
recommended, as they may bypass Tor or otherwise harm your anonymity and
privacy. Check the EFF's Panopticlick to see how trackable your browser configuration is by third parties.
If you're using a Firefox-based browser, you can safeguard your browsing habits and stop advertising companies from tracking you by installing Adblock Edge, Disconnect, and HTTPS Everywhere.
Install NoScript and enable ‘Forbid scripts globally’ to improve the security of your browser by preventing 0day JavaScript attacks. This is a drastic option as it will render many websites unusable as they rely heavily on JavaScript. NoScript offers a whitelist you can use to selectively enable JavaScript for sites you trust, but this is considered especially bad for your anonymity if you're using NoScript with Tor.
Why is Adblock Plus not recommended? Adblock Plus shows “acceptable ads” by default, which works against the purpose of the add-on. Either disable acceptable ads or use the Adblock Edge fork instead.
Ghostery is an alternative anti-tracker add-on to Disconnect. While the code is available, the license is currently proprietary.
If you're using a Firefox-based browser, you can safeguard your browsing habits and stop advertising companies from tracking you by installing Adblock Edge, Disconnect, and HTTPS Everywhere.
Install NoScript and enable ‘Forbid scripts globally’ to improve the security of your browser by preventing 0day JavaScript attacks. This is a drastic option as it will render many websites unusable as they rely heavily on JavaScript. NoScript offers a whitelist you can use to selectively enable JavaScript for sites you trust, but this is considered especially bad for your anonymity if you're using NoScript with Tor.
Why is Adblock Plus not recommended? Adblock Plus shows “acceptable ads” by default, which works against the purpose of the add-on. Either disable acceptable ads or use the Adblock Edge fork instead.
Ghostery is an alternative anti-tracker add-on to Disconnect. While the code is available, the license is currently proprietary.
Web search
Proprietary
-
Google Search
-
Microsoft Bing
-
Yahoo! Search
Free alternatives
Notes
DuckDuckGo is a software-as-a-service (SaaS) hosted around the world that provides you with anonymous search results from these sources. DDG open source components are available here.
There is also a DuckDuckGo hidden service at 3g2upl4pq6kufc4m.onion for Tor users.
MetaGer is a SaaS by the German non-profit SUMA e.V. that provides you with anonymous meta search results.
Startpage is a SaaS hosted in the USA and the Netherlands that provides you with anonymous Google search and image results through a free proxy.
Ixquick (run by the same company as Startpage) is a meta search engine that returns combined results from nearly 100 sources - excluding Google.
YaCy is a promising project that offers fully decentralized peer-to-peer search. The more people who start using it, the better the results will become.
There is also a DuckDuckGo hidden service at 3g2upl4pq6kufc4m.onion for Tor users.
MetaGer is a SaaS by the German non-profit SUMA e.V. that provides you with anonymous meta search results.
Startpage is a SaaS hosted in the USA and the Netherlands that provides you with anonymous Google search and image results through a free proxy.
Ixquick (run by the same company as Startpage) is a meta search engine that returns combined results from nearly 100 sources - excluding Google.
YaCy is a promising project that offers fully decentralized peer-to-peer search. The more people who start using it, the better the results will become.
Maps
Proprietary
-
Apple Maps
-
Google Maps
-
Google Earth
-
Microsoft Bing Maps
-
Yahoo! Maps
Free alternatives
Notes
“If you spend time contributing to OpenStreetMap you are helping a good cause, and building a geographic database of the world which is free and open for all and forever.”
Email service
Proprietary
-
Google Gmail
-
Microsoft Exchange
-
Microsoft Outlook.com
-
Yahoo! Mail
Free alternatives
- Service
-
Autistici/Inventati
A full range of privacy-aware services including hosting, VPNs, email, IM, and more. approval required -
MyKolab
Secure, private Kolab accounts hosted in Switzerland for 10 CHF per month. paid service -
Riseup
Secure communication tools for people working on liberatory social change. invitation required USA hosted - Peer to peer software
-
Bitmessage
beta -
RetroShare
PGP - Server software
-
Kolab
Groupware solution for email, files, calendars, address books and synchronization to mobile devices.
Notes
Here are some email providers that try do things right
and run email for you. Please decide for yourself whether you trust them
with your data.
MyKolab is hosted in Switzerland and benefits from the strong Swiss privacy laws. It is run exclusively with free software and using the service supports the development of Kolab. Also, it lets you export all your data at any time.
Bitmessage is a promising alternative to email, but it has not yet been audited by security professionals. Use at your own risk. If you decide to try out Bitmessage, make sure to generate a completely random ID to greatly reduce the probability of ID collisions.
Why not Hushmail? See 'compromises to email privacy'.
If you decide to run your own server, Kolab is a worth looking into for mail management. It integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.
MyKolab is hosted in Switzerland and benefits from the strong Swiss privacy laws. It is run exclusively with free software and using the service supports the development of Kolab. Also, it lets you export all your data at any time.
Bitmessage is a promising alternative to email, but it has not yet been audited by security professionals. Use at your own risk. If you decide to try out Bitmessage, make sure to generate a completely random ID to greatly reduce the probability of ID collisions.
Why not Hushmail? See 'compromises to email privacy'.
If you decide to run your own server, Kolab is a worth looking into for mail management. It integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.
Email client
Proprietary
-
Apple OS X Mail
-
IBM Notes
-
Microsoft Office Outlook
-
Novell Groupwise
Free alternatives
-
Mozilla Thunderbird
Multi-platform email application with mail encryption through the Enigmail add-on. -
Enigmail
OpenPGP email encryption add-on for Thunderbird and Icedove. PGP -
TorBirdy
Add-on that makes Thunderbird and Icedove connect through Tor. experimental -
Claws Mail
Lightweight, featureful email application for multiple platforms with built-in PGP support. PGP -
Sylpheed
Lightweight, user-friendly email application for multiple platforms with built-in PGP support. PGP - Android
-
K-9 Mail
Email application for Android devices with built-in PGP support. PGP
Notes
Switching from a proprietary service like Gmail to one of
the more transparently-run email services is the first
step to a secure email account.
The second step is getting you and your contacts to encrypt your plain text messages with PGP encryption. This section contains free email clients that support PGP.
Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail.
Find out more about the differences between Mozilla Thunderbird and Icedove.
The second step is getting you and your contacts to encrypt your plain text messages with PGP encryption. This section contains free email clients that support PGP.
Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail.
Find out more about the differences between Mozilla Thunderbird and Icedove.
Email encryption
Free alternatives
Notes
“Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications.”PRISM Break does not recommended S/MIME email encryption because of its reliance on third-party certificates from central authorities. Read more here.
Instant messaging
Proprietary
-
AOL Instant Messenger
-
Apple OS X Messages
-
Google Talk
-
Trillian
-
Viber Messenger
-
WhatsApp Messenger
-
Yahoo! Messenger
Free alternatives
-
Pidgin
Free universal instant messaging client. XMPP OTR -
Off-the-Record Messaging - OTR
Install and enable this plugin in Pidgin for encrypted chat. -
TorChat
Anonymous, decentralized P2P chat built on Tor Hidden Services. - IRC
-
BitlBee
IRC instant messaging gateway that supports a bunch of protocols. XMPP OTR - Android
-
Gibberbot
Private, secure OTR messaging for Android. OTR -
TextSecure
Secure SMS/MMS communication for Android. -
Xabber
OTR-encrypted instant messaging for Android. XMPP OTR - Apple iOS
-
ChatSecure
Encrypted IM for iOS devices.
Notes
“Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.Note that Pidgin stores your IM account passwords in plain text. You can avoid this by (1) not saving your password in Pidgin, (2) encrypting your file system with software like TrueCrypt, or (3) storing your Pidgin password securely with the Debian package pidgin-gnome-keyring.
The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing.”
Pidgin with OTR and dbus enabled has a security bug that can be exploited by malicious programs on your PC. See the upstream bug report for more information and possible workarounds.
TorChat is not related to nor sponsored by the official Tor Project.
Threema is not recommend by PRISM Break as it is closed source software. Freely available source code is a necessary condition for privacy and security.
Video conferencing & VoIP
Proprietary
-
FaceTime
-
Google+ Hangouts
-
Google Talk
-
Skype
Free alternatives
Notes
Get a free SIP account for Jitsi and/or CSipSimple with The Guardian Project’s Ostel service.
Jitsi warnings: Jitsi may request non-secure information during encrypted chat if you paste a link into it. Also, if Jitsi is set up to use Tor, it may leak DNS information by not using Tor for DNS resolution. Lastly, Jitsi records chat history in unencrypted form.
Linphone, an alternative video conferencing and VoIP option, currently has unresolved security weaknesses.
Jitsi warnings: Jitsi may request non-secure information during encrypted chat if you paste a link into it. Also, if Jitsi is set up to use Tor, it may leak DNS information by not using Tor for DNS resolution. Lastly, Jitsi records chat history in unencrypted form.
Linphone, an alternative video conferencing and VoIP option, currently has unresolved security weaknesses.
Cloud storage
Proprietary
-
Apple iCloud
-
Dropbox
-
Google Drive
-
Microsoft SkyDrive
Free alternatives
Notes
BitTorrent Sync, MEGA, SpiderOak, and Tarsnap are
services that are built on either partially or fully proprietary
software. They will not be recommended on PRISM Break until they open
source the entirety of their codebase.
With closed source software, you need to have 100% trust in the vendor because there's nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.
With closed source software, you need to have 100% trust in the vendor because there's nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.
Document collaboration
Proprietary
-
Google Docs
-
Microsoft Office Web Apps
-
Zoho Office Suite
Free alternatives
Notes
The etherpad project maintains a list of sites that run etherpad services. Please only choose from the services that use SSL, and research the site's background before trusting them with your data.
Riseup also offers email, VPN, and chat services.
Riseup also offers email, VPN, and chat services.
Media publishing
Proprietary
-
Flickr
-
Instagram
-
Picasa
-
Tumblr
-
YouTube
-
Vimeo
Free alternatives
- Service
-
Noblogs.org
Blog publishing platform based on WordPress, by autistici.org. -
MediaCrush
Privacy-first fast media (image, video, audio) hosting. USA hosted - Software
-
MediaCrush
You can also run self-hosted instances of MediaCrush. -
GNU MediaGoblin
Decentralized media publishing platform. FSF endorsed -
Piwigo
Self-hosted photo gallery platform. -
WordPress
Self-hosted website publishing platform. -
Zenphoto
Self-hosted media management system.
Notes
Self-hosting your media is important for privacy and
security. Hosting your blog on WordPress.com is no better for your data
security than Blogger or Tumblr.
Warning: Using avatars in WordPress will activate Gravatar, which which will send your email address to gravatar.com. Avatars are activated by default and can be turned off under “Settings > Discussion > Avatars”.
Warning: MediaCrush includes Google Analytics and Google Adsense if you do not have Do Not Track enabled.
Warning: Using avatars in WordPress will activate Gravatar, which which will send your email address to gravatar.com. Avatars are activated by default and can be turned off under “Settings > Discussion > Avatars”.
Warning: MediaCrush includes Google Analytics and Google Adsense if you do not have Do Not Track enabled.
Online transactions
Proprietary
-
PayPal
-
Google Wallet
Free alternatives
Notes
Learn more about Bitcoin and get started with your first free wallet at We Use Coins.
Digital distribution
Proprietary
-
Steam
Free alternatives
Notes
Desurium is only the client. You will still have to trust/depend on the proprietary desura service.
Virtual Private Network (VPN)
Proprietary
-
Cisco Systems VPN Client
-
Viscosity
Free alternatives
- Service
-
A/I VPN
Secure personal VPN service provided by Autistici/Inventati. approval required -
Riseup VPN
Secure personal VPN service provided by Riseup. USA hosted - VPN client
-
OpenVPN
Free software VPN client. -
Libreswan
Free software VPN client 3rd generation derived from Openswan. -
Openswan
Free software VPN client derived from FreeS/WAN. -
strongSwan
Free software VPN client derived from FreeS/WAN.
Notes
Encrypted virtual private network (VPN) technology can be
used by ordinary Internet users to connect to proxy servers for the
purpose of protecting one’s identity and online footprint.
More on Wikipedia.
More on Wikipedia.
Web analytics
Proprietary
-
Google Analytics
Free alternatives
Notes
Piwik analytics powers this site. It‘s
set up to anonymize the last three bits (255.xxx.xxx.xxx) of visitor
IPs. Check out the live data here: prism-break.org/analytics and view our privacy policy.
DNS provider
Proprietary
-
Google Public DNS
Free alternatives
- Service
-
CloudNS
DNS hosting service with DNSCrypt, DNSSec, and Namecoin support. -
OpenNIC Project
Open, democratic, and anti-censorship DNS provider. - Software
-
DNSCrypt
A tool to secure communications between a client and a DNS resolver. -
Namecoin
Distributed DNS for the .bit TLD based on Bitcoin technology. advanced
Notes
Google Public DNS permanently logs your ISP and location information for analysis. Your IP address is also stored for 24 hours.
OpenNIC has not adopted an official policy concerning log query privacy/anonymization. You may choose anonymous DNS servers on this page.
OpenNIC has not adopted an official policy concerning log query privacy/anonymization. You may choose anonymous DNS servers on this page.
Anonymizing network
Free alternatives
-
Freenet
Decentralized censorship-resistant network. -
I2P
The invisible internet project. -
Syndie
Distributed, anonymous forum software. -
Tor Hidden Services
The Tor network offers access to *.onion websites. -
GNUnet
GNUnet is a fully free P2P network. - Android
-
Nightweb
Anonymous I2P network for Android and desktop.
Notes
--
Meshnet
Free alternatives
-
Project Meshnet
A decentralized alternative to the internet. -
freifunk.net
A non-commercial open grassroots initiative to support free radio networks around the world. German -
guifi.net
Open, free and neutral wireless network for everyone. -
Project Byzantium
Byzantium is a live Linux distribution that delivers easy-to-use mesh networking. -
LibreVPN
A free network that runs over other networks. Spanish
Notes
A meshnet is a decentralized peer-to-peer network, with user-controlled physical links that are usually wireless.
“Mesh networking (topology) is a type of networking where each node must not only capture and disseminate its own data, but also serve as a relay for other nodes, that is, it must collaborate to propagate the data in the network.”
Server operating system
-
Apple OS X Server
-
Microsoft Windows Server
Free alternatives
- GNU/Linux
-
CentOS
Enterprise class computing platform with 100% binary compatbility with RHEL. -
Debian
Strictly free, ethical GNU/Linux distribution. -
SME Server
Simple distro based on CentOS with preconfigured mail, file sharing, web server, and more. -
Yunohost
Personal distribution based on Debian with preconfigured mail, IM, and web server. - BSD
-
FreeBSD
A free BSD-derived operating system. -
OpenBSD
A secure BSD operating system. most paranoid
Notes
The only way to have full control over your personal data
is to run your own server. This is not for everyone though, as it
requires considerable time investment and technical knowledge.
XMPP server software
Free alternatives
-
ejabberd
XMPP server written in Erlang/OTP for GNU/Linux and OS X. GPLv2 -
Openfire
Cross-platform XMPP server written in Java. Apache -
Prosody IM
Flexible XMPP server written in Lua. MIT/X11 -
Tigase
Cross-platform XMPP server written in Java. GPLv3 -
Metronome IM
XMPP server software based on Prosody, with advanced management/microblogging features. ISC and MIT/X11
Notes
“Extensible Messaging and Presence Protocol (XMPP) is a communications protocol for message-oriented middleware based on XML (Extensible Markup Language). The protocol was originally named Jabber, and was developed by the Jabber open-source community in 1999 for near real-time, instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has also been used for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, Internet of Things applications such as the smart grid, and social networking services.”
SIP server
Free alternatives
Notes
“The Session Initiation Protocol (SIP) is a signaling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks.”Here’s a guide by Asipto to setting up and running your own Skype-like SIP service with Kamailio in under an hour.
Hardware & software setup
--
Social networking
Proprietary
Free alternatives
buddycloud
Diaspora
Friendica
Movim
pump.io
Tent
Notes
For those of you without your own server, RetroShare is the easiest way to start your own encrypted social network.
identi.ca is a popular Twitter-like social networking hub for the free and open source software community built on pump.io.