Privacy, security, open source: It’s harder than it looks.
CONTENT WARNING: Mentions of dark web and police operations relating to children
When I first tried to move to more open/free/private/secure/better alternatives to software, I had some difficulty in doing so. Many people I know also had this problem and they usually gave up a month later. I believe of several issues that make this an issue. Here is why:
For the most part, if you need a resource to find better alternatives to the software you already use. For security, privacy, etc you have to look at websites and online forums that are based on opinion, don’t get updates, or get filled with buzzwords and attitudes they try to promote. To me, the worst offender for this, ironically, is the Free Software Foundation.
The Free Software Foundation uses the term ‘malware’ to describe software with undesirable, inconvenient features or are incompatible with other software - which mostly consists of proprietary software.1 It is common knowledge that back doors and surveillance features are alike to malicious software, of course; However, I believe that the FSF stretching this term for almost all software that is proprietary is stupid, and causes panic or would make the FSF seem almost conspiracy theorist in the ideals of someone who doesn’t know what any of this stuff means. The FSF should keep an attitude that communities that EFF and other groups have, to make people aware of the dangers that actually exist.
Secondly, there are not many sites that centralise a resource for libre or open source software alternatives. But, websites like ‘PRISM Break’ and ‘Privacy Tools’ do this format but for software, services and behaviours that promote a privacy focused internet lifestyle. A lot of these sites to me seem to be missing a lot of resources or services, and some of them that they promote are closed source or contain proprietary blobs like DuckDuckGo or Startpage.
Even if the program is proprietary, I still believe it can somewhat have privacy if there is truth behind the claims, like Lavabit, the former email service. However these are the types of things that do not meet my requirements. I want to a move to an open source (libre preferred) computer lifestyle.
Many websites, blogs, social media pages or “subreddits” may have resources but these also are varied due to opinions and how much trust these people put on one service or software. The issue with using things like this is that they can be incorrect, outdated, biased or sponsored.
Reading the room: Government is invincible
Every online service, Every. Single. One. requires you to trust them. Terms of Services, Community Guidelines and what they say about their product is all still just words. Just because it’s on their web page does not mean they’re forced to do it that way or that they are actually doing what they say behind your back. Your favourite VPN may be hosted in Seychelles or Panama but if you’re looking at this for a selling point, stop what you are doing and move to the Tor network if you are that paranoid about the location of a clearnet service.
For the most part, Email is recommended or in modern terms, required to make an account on web services. When you use an Email service, you are putting trust in the email service provider, whether it is ProtonMail, Tutanota, Cockmail or others. You host your own Email service? Cool, but wouldn’t that make you stand out even more than someone who doesn’t? Another argument to fight back the last point.
You cannot use a service that requires email without either being part of something you might not be comfortable using, or using something you like and standing out like you glow in the dark.
I don’t follow guidance but instead try to use less and less, I plan to move social media elsewhere, or slowly reduce the footprint. Using Mastodon over Twitter still means you have the elevated risk of using a service ran by someone else, with a federated service also, you risk communicating with another individual outside of your own hosted one. I generally believe it is safe and being open source, that it is beneficial. Just because its open source doesn’t however, stop someone from hosting an instance with malicious intent or that the instance hosted by the creators is different to the one where the code is posted publicly.
If it is part of the clearnet, it will always be vulnerable. Police departments, the FBI, NCA, GCHQ, NSA, CIA, and every other agency you can think of probably have the skill to seize the site, identify people, and keep it up to use it against others. Even darknet websites like Silk Road and Child’s Play succumbed to the powers of government. The latter was under control by the Australian Task Force Argos to be used as a honeypot2. If you are a target, you are not safe regardless of what you are going to be doing.
You are the biggest threat to your privacy and security. Why would someone do all the work when they can just go straight to you? Read:
‘"No good! It’s 4096-bit RSA! Our evil plan is foiled!"
What would actually happen: (Holding money tag and wrench): “His laptop’s encrypted. Drug him and hit him with this $5 wrench until he tells us the password”’
– xkcd #538 ‘Security’ 3
It is a consensus that a privacy focused lifestyle will protect you from corporate surveillance and prevent you for being used as a statistic or an advertisement. It will not, however, hide you from a government, a threat in the real world, or an adversary like an advanced persistent threat. If you really need to be hidden from a government entity, throw every electronic you have in the trash.
This is not me writing about my or any other government negatively, nor am I advising how you should hide activity from them. Why? Because their operations are secret, anything I’d promote could also have the risk of you standing out even more.
Government vs. corporate surveillance, in two sentences
The corporation sees you’re using Tor Browser, they can’t do anything. A government sees you’re using Tor Browser, you’re suspicious.
Moving away to what you’re familiar with is hard
As of writing I still use Twitter. I still use YouTube. I still have my first Gmail account. Websites and forums always try and say just to get rid of it. You aren’t the OP of their post and everyone is different. Right now I currently do transitions to free software piece by piece. Like on my post about Discord, I mentioned step by step on what I did to make it less important to me, and more of a reason for me to eventually delete the account I had.
I still have to use paint.net, a Windows program, and Windows for university work, the latter I unfortunately have no choice on the matter. I am still yet to find a good graphics program like PDN (except GIMP). It’s about searching and trying and trying until it’s right.
Promote freedom, not privacy
Privacy and security mean a lot to me. However, libre or open source software is an umbrella that can put both of them together. I want to migrate completely to open source alternatives that have a clean record for both of those things with everything I use going forward. For example, I moved away from Google’s Android, to LineageOS.
I would like to see a website that instead of promoting privacy only, promotes open source alternatives to the popular software we use today. Some of these previous websites mentioned have done this, but because they don’t promote their privacy despite being better than the rest, they don’t get so much credit.
Free software is easier to be reviewed for privacy and security concerns and because it is separate from big business, you are automatically removing yourself from the dangers of surveillance capitalism which primarily use closed source software. Free/Open source/libre software is software created BY individuals FOR individuals, a community focused on making something better than the competitor regardless of the money or of the reward.
I may try and make a website for this in the future. One that can be contributed by anyone, on a neutral viewpoint, and give promotion or even help with making alternatives to improve people’s transition efforts to open source. Only one can dream.
Lukas Hartmann of MNT Research and his team are creating a laptop with mostly open components, open schematics, hardware, and design called the MNT Reform. I have backed this laptop and it officially reached it’s goal and plans to ship tomorrow as I am writing this. Using open hardware like his will help me in stretching the goals I want to fufill. Please check out his work at https://mntmn.com. It makes me happy to know things like this have got recognition that they deserve.