oss [NSA Opt-Out] Alternatives to Proprietary Softwares

[f0rk_b0mb]

Alot of new Linux users are always on the lookout for alternatives to proprietary software. In light of the NSA Prism leaks, more and more people are switching to open source alternatives.

 

I found this really cool website with a simple easy to use chart of proprietary software and free alternatives.

Check it out here: https://prism-break.org/

 

One thing the chart forgot to mention was a secure email provider and a secure cloud provider. They mentioned it, however, I would recomend hosting your own email and cloud so you have complete control over your data. It is also pretty inexpensive.

 

Questions/comments? :)

[fusi0n]

Alot of new Linux users are always on the lookout for alternatives to proprietary software. In light of the NSA Prism leaks, more and more people are switching to open source alternatives.

 

I found this really cool website with a simple easy to use chart of proprietary software and free alternatives.

Check it out here: https://prism-break.org/

 

One thing the chart forgot to mention was a secure email provider and a secure cloud provider. I would recomend hosting your own email so you have complete control over your data. The same goes for cloud solutions: host your own.

 

Questions/comments? :)

This is actually pretty cool. Thanks for posting

[+Majesticmerc MVC]

I remember this website from when the NSA leaks first started but had totally forgotten about it! Looks much better and much more extensive now!

Great share :)

[Growled Member]

Very nice. Thanks for the info. :)

[Dot Matrix]

You really think open source is going to stop people from spying? :laugh:

 

Unless you host your own ISP, cloud server, files server, DHCP server, etc you're not breaking away from the spotlight.

[chrisj1968]

Tartarus, thanks alot bro for the great info. Best wishes to you.

[f0rk_b0mb]

You really think open source is going to stop people from spying? :laugh:

 

Unless you host your own ISP, cloud server, files server, DHCP server, etc you're not breaking away from the spotlight.

 

You are correct on that. Nothing is fool proof. Unless you use tor or some other secure VPN solution, everything is logged via your ISP. The idea (at least to me) is not to eliminate spying (you're living in a dream world if you think that is possible), but control what information you share. What a user feels comfortable sharing is solely up to the user. This chart simply provides options and answers to the particular user's questions on what to replace with an audited OSS version.  :)

[Anibal P]

Get off the internet and don't use a cell phone or text, only way to really be off the radar

 

If the NSA really wants to track a specific person they can unless they are 100% off the grid, anything you do is just a placebo

[PGHammer]

Get off the internet and don't use a cell phone or text, only way to really be off the radar

 

If the NSA really wants to track a specific person they can unless they are 100% off the grid, anything you do is just a placebo

Also, NSA itself (both directly and indirectly) is a major player in FOSS - and has been for years.

 

There's not a thing shocking about it, either - NSA has habitually driven IT every which way it can.  (The same is true of GCHQ - the UK equivalent and partner of NSA.)

 

Think about it.  You're an intelligence agency, and you are basically told to find out everything you can about subject X - and you don't have human agents to do your digging.  (Remember, NSA, unlike the CIA or DIA, uses no HUMINT.)

 

That means that a LOT of what we take for granted today - in and out of IT - doubtless has been influenced, in some way, by "Uncle Sam's hearing aid" (which is how some referred to NSA pre-Snowden).

[Athernar]

You really think open source is going to stop people from spying? :laugh:

 

Unless you host your own ISP, cloud server, files server, DHCP server, etc you're not breaking away from the spotlight.

 

Or you could be smart about it and use an encrypted tunnel, rather than blurt a bunch of nonsense.

 

Open source software doesn't require you to trust a 3rd-party that no government-requested backdoors have been installed, code can be audited. Closed source software is vulnerable in that regard.

[n_K]

'DuckDuckGo is a software-as-a-service (SaaS) hosted around the world that provides you with anonymous search results from these sources'

Funny, I remember someone proving that ddg is in-fact logged and completely UN-anonymous, so with that in mind I wouldn't really trust the list.

[Max Norris]

Open source software doesn't require you to trust a 3rd-party that no government-requested backdoors have been installed, code can be audited. Closed source software is vulnerable in that regard.

Doesn't do a bit of good when the information is being given up at the other end, regardless of whatever OS you're running. I seriously doubt the court orders are asking something along the lines of "give us a copy of all messages stored except from people using open source operating systems."

[Athernar]

Doesn't do a bit of good when the information is being given up at the other end, regardless of whatever OS you're running. I seriously doubt the court orders are asking something along the lines of "give us a copy of all messages stored except from people using open source operating systems."

 

Which is why you also use an encrypted tunnel to an endpoint you trust.

[Max Norris]

Which is why you also use an encrypted tunnel to an endpoint you trust.

Right, I got that part, but was commenting on the other part.

[Athernar]

Right, I got that part, but was commenting on the other part.

 

I'm not sure what you're getting at then.

 

Using open source software will indeed not stop spying once data leaves your system, as much is common sense. The point was using OSS in such a case provide assurances that your system cannot be compromised by a unknown backdoor installed by a 3rd-party vendor.

 

Both approaches are required, as not having one defeats the other.

[Max Norris]

The point was using OSS in such a case provide assurances that your system cannot be compromised by a unknown backdoor installed by a 3rd-party vendor.

That's a bit of a stretch. The core OS as delivered from the distribution, sure, of course excluding services not on your system given by the distro, just a bit of tinfoil but who's to say Canonical isn't handing over your search terms and other user data from Unity for example? It's already going to Amazon, why not the NSA too? And no, I'm just pulling that out of thin air as a hypothetical example.. if it were true you wouldn't know. But after the fact? No. Any OS can be compromised regardless of who made it, especially since you would theoretically run software outside of what was given to you out of the box to begin with, even on Linux not all of some very common software is open source, and that's completely ignoring the obvious issues that can be done as malware. That's discounting any unproven tin-foil conspiracy theories of course.

[Athernar]

That's a bit of a stretch. The core OS as delivered from the distribution, sure, of course excluding services not on your system given by the distro, just a bit of tinfoil but who's to say Canonical isn't handing over your search terms and other user data from Unity for example? It's already going to Amazon, why not the NSA too? And no, I'm just pulling that out of thin air as a hypothetical.. if it were true you wouldn't know. But after the fact? No. Any OS can be compromised regardless of who made it, especially since you would theoretically run software outside of what was given to you out of the box to begin with, even on Linux not all of some very common software is open source. That's discounting any unproven tin-foil conspiracy theories of course.

 

Problem with the above here is you assume I use Ubuntu. I don't trust Canonical to make good technical decisions, let alone that they're not passing on data.

 

Distros such as Arch or Gentoo however offer the platform in which you can establish trust.

[riahc3]

Hello,

You are correct on that. Nothing is fool proof. Unless you use tor or some other secure VPN solution, everything is logged via your ISP. The idea (at least to me) is not to eliminate spying (you're living in a dream world if you think that is possible), but control what information you share. What a user feels comfortable sharing is solely up to the user. This chart simply provides options and answers to the particular user's questions on what to replace with an audited OSS version.  :)

tor AFAIK is open source. A small bug in the code could be found, not disclosed, and your encrypted information can still be seen.

With this, I want to comment that using open source software is not more or less secure. Im just stating a possibility...

[markwolfe Veteran]

That's a bit of a stretch. The core OS as delivered from the distribution, sure, of course excluding services not on your system given by the distro, just a bit of tinfoil but who's to say Canonical isn't handing over your search terms and other user data from Unity for example? It's already going to Amazon, why not the NSA too? And no, I'm just pulling that out of thin air as a hypothetical example.. if it were true you wouldn't know. But after the fact? No. Any OS can be compromised regardless of who made it, especially since you would theoretically run software outside of what was given to you out of the box to begin with, even on Linux not all of some very common software is open source, and that's completely ignoring the obvious issues that can be done as malware. That's discounting any unproven tin-foil conspiracy theories of course.

I think that Athernar's point was that with FLOSS, you can at least know the source is out there to be audited (and, if you are a tinfoil-hatter, you can audit it yourself).  There is zero chance of auditing closed source software.

Then, once you are comfortable that the source is clean, and not able to skim data off and send to an outsider, you can use secure tunnelling, personal encryption (GPG/PGP), TOR or any other such tools to ensure that you have the best chance of either being undetected, or at least suitably encrypted if your email, etc is intercepted.

Again. Tinfoil hat stuff.  I'm happy just as I am, and if the NSA wants to skim the headers of my emails to see I am getting spammed for reduced mortgage rates and such, so be it.  Google, Microsoft, my cable ISP etc all can already read the entire contents of my mail already.  I just don't get my panties in a twist over it.  Privacy is pretty much dead already.

[f0rk_b0mb]

By using open source software, it makes it a hell of a lot harder, expensive, and time consuming for the NSA to do anything. The code is also open source--full audits are done every day on it and nobody has found anything. Do you really think the NSA is that stupid to put a backdoor in freely accessible code? Hell no they aren't! The NSA was laying low--if it wasn't for Snowden, we still wouldn't know about this. 

[f0rk_b0mb]

Hello,

tor AFAIK is open source. A small bug in the code could be found, not disclosed, and your encrypted information can still be seen.

With this, I want to comment that using open source software is not more or less secure. Im just stating a possibility...

 

Whoops marked you post as solved. Didn't mean to do that. :D

 

 

Anyway, It's open source. If a bug is found, it will be resolved very quickly. I highly doubt there's going to be a bug that compromises encryption.

[n_K]

By using open source software, it makes it a hell of a lot harder, expensive, and time consuming for the NSA to do anything. The code is also open source--full audits are done every day on it and nobody has found anything. Do you really think the NSA is that stupid to put a backdoor in freely accessible code? Hell no they aren't! The NSA was laying low--if it wasn't for Snowden, we still wouldn't know about this. 

Are you high? They put backdoors in encryption, NO-ONE noticed until snowdens leaked stuff. NSA made and released SELinux plus it was rumoured the FBI has a backdoor in the *BSD TCP/IP stack, no-ones found intentional bugs in either, that doesn't mean there isn't any, and if they have hidden backdoors you can bet your darn arse off they've tried VERY HARD to make sure no-one finds it.

[markwolfe Veteran]

Are you high? They put backdoors in encryption, NO-ONE noticed until snowdens leaked stuff. NSA made and released SELinux plus it was rumoured the FBI has a backdoor in the *BSD TCP/IP stack, no-ones found intentional bugs in either, that doesn't mean there isn't any, and if they have hidden backdoors you can bet your darn arse off they've tried VERY HARD to make sure no-one finds it.

Tinfoil hat?  GPG is open source. Look at the code that does the encryption yourself, if you please, or trust the rest of the world filled with experts.  No backdoors have been found.

If you still believe what you posted,I hope you are securely posting this from your doomsday bunker, on someone else's computer, on a connection you hand-made just a few minutes ago, and will blow up with TNT after you make each post.

Seriously, posting statements like yours just fools the gullible into believing a crazy conspiracy.

[n_K]

Tinfoil hat?  GPG is open source. Look at the code that does the encryption yourself, if you please, or trust the rest of the world filled with experts.  No backdoors have been found.

If you still believe what you posted,I hope you are securely posting this from your doomsday bunker, on someone else's computer, on a connection you hand-made just a few minutes ago, and will blow up with TNT after you make each post.

Seriously, posting statements like yours just fools the gullible into believing a crazy conspiracy.

GPG can be cracked through bruteforce, again, in snowdens leaked material.

And quite frankly I don't really care if they're secretly able to access my PC, I'd find it annoying but I'm not gonna just suddenly stop using any electrical items because of it.

[Growled Member]

Again. Tinfoil hat stuff.  I'm happy just as I am, and if the NSA wants to skim the headers of my emails to see I am getting spammed for reduced mortgage rates and such, so be it.  Google, Microsoft, my cable ISP etc all can already read the entire contents of my mail already.  I just don't get my panties in a twist over it.  Privacy is pretty much dead already.

 

I usually consider the internet to be like a huge shopping mall. I don't think I will have any privacy at either place. I think most people are fooled because they access the internet from the safety of their own homes.