Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services.

Operating system

Proprietary

  • Apple OS X
  • Google Chrome OS
  • Microsoft Windows

Notes

Apple, Google, and Microsoft are allegedly a part of PRISM. Their proprietary operating systems cannot be trusted to safeguard your personal information from the NSA. We have two free alternatives: GNU/Linux and BSD.

GNU/Linux has a much larger community to help you with the transition. It’s recommended that you begin your explorations by looking for a GNU/Linux distribution that suits your needs.

Debian has a long tradition of software freedom. Contributers have to sign a social contract and adhere to the ethical manifesto. Strict inclusion guidelines make sure that only certified open source software gets packaged in the main repositories.

Gentoo describes itself as a meta-distribution. The source code is compiled to binary applications on the user's machine allowing near-unlimited adaptability and complete retraceability of the program logic.

Linux Mint Debian Edition (LMDE) is probably the easiest-to-use distribution for people migrating from Microsoft Windows.

Both Fedora and openSUSE are community editions that serve as the stable basis for enterprise ready GNU/Linux distributions with commercial support. Companies all over the world trust Red Hat Inc. and SUSE Linux GmbH because of their transparency throughout the whole development process.

Parabola GNU/Linux is effectively 99% Arch Linux with a de-blobbed kernel and a meta-package that blocks unfree licenses. Both of these features can be installed under Arch.

Canonical’s Ubuntu is not recommended by PRISM Break because it contains Amazon ads and data leaks by default. GNU/Linux distributions based on Ubuntu are also currently not recommended due to several other reasons.

Note that gNewSense 2.3 is three years old and based on Ubuntu. You should use gNewSense 3.0 (based on Debian) instead.

Live CDs & VM images

 

Notes

A live distribution like Tails or Liberté Linux is the fastest and easiest way to a secure operating system. All you have to do is create a bootable CD or USB drive with the files provided and you’re set. Everything else will be preconfigured for you.

A virtual machine (VM) image like Whonix is designed to be run inside of a virtualization package like VirtualBox. VirtualBox can be installed on Windows, Linux, OS X, and Solaris. This means that if you're stuck using Windows or OS X for whatever reason, you can install VirtualBox and use Whonix to increase your privacy and security.

Android

Proprietary

  • Google Android
  • Google Play

Notes

CyanogenMod licensing: “CyanogenMod does still include various hardware-specific code, which is also slowly being open-sourced anyway.” —Wikipedia

If Replicant supports your Android device, you should definitely use it instead of Cyanogenmod, as Replicant is fully free and runs without relying on proprietary system code.

Google Apps for Android (Gapps) are the proprietary applications by Google that come pre-installed with most Android devices. After flashing your firmware with either Cyanogenmod or Replicant, safeguard your data by not re-installing Google Apps on your phone.

iOS & WP

Proprietary

  • Apple iOS
  • Microsoft Windows Phone

Notes

iOS and WP are proprietary operating systems whose source code are not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device.

Web browser

Proprietary

  • Apple Safari
  • Google Chrome
  • Microsoft Internet Explorer
  • Opera

Notes

Use a combination of JonDo + Secure Browser and another free browser to surf the web. Try to use JonDonym for as many things as possible. Browsing the web may be slower, but it will offer you far better anonymity. Make sure to learn the basics of JonDonym before using it.

Note: Signing in to PayPal or a banking website across the Tor network may trip the site's fraud protection software. Users should also be aware that signing into non-HTTPS websites may result in your credentials being captured by a malicious exit node.

Mozilla Firefox uses Google search by default. Google search should be replaced by a more private alternative.

Iceweasel is a de-branded Mozilla Firefox alternative for Debian based distributions.

Why are Chromium, SRWare Iron, et al. not recommended on PRISM Break? More info here.

Web browser add-ons

 

Notes

Safeguard your browsing habits and stop advertising companies from tracking you by installing Adblock Edge, Disconnect, and HTTPS Everywhere in Mozilla Firefox, GNUzilla IceCat, or Debian’s IceWeasel.

Install NoScript and enable ‘Forbid scripts globally’ to improve the security of your browser by preventing 0day JavaScript attacks. This is a drastic option as it will render many websites unusable as they rely heavily on JavaScript. NoScript offers a whitelist you can use to selectively enable JavaScript for sites you trust, but this is considered especially bad for your anonymity if you're using NoScript with Tor.

Why is Adblock Plus not recommended? Adblock Plus shows “acceptable ads” by default, which works against the purpose of the add-on. Either disable acceptable ads or use the Adblock Edge fork instead.

Ghostery is an alternative anti-tracker add-on to Disconnect. While the code is available, the license is currently proprietary.

Maps

Proprietary

  • Apple Maps
  • Google Maps
  • Google Earth
  • Microsoft Bing Maps

Notes

“If you spend time contributing to OpenStreetMap you are helping a good cause, and building a geographic database of the world which is free and open for all and forever.”

OpenStreetMap Wiki

Email service

Proprietary

  • Google Gmail
  • Microsoft Exchange
  • Microsoft Outlook.com
  • Yahoo! Mail

Notes

Important: switching from Gmail to one of the recommended services is only the first step to a secure email account. You’re still sending plain text messages. You and your contacts need to encrypt your messages with PGP. Scroll down to find an email client that supports PGP.

The only way to have full control over your email and personal data is to run your own mail server (e.g. with Kolab). This is not for everyone though, as it requires considerable time investment and technical knowledge. There are some providers that try do things right and run servers for you. Please decide for yourself whether you trust them with your data.

MyKolab is hosted in Switzerland and benefits from the strong Swiss privacy laws. It is run exclusively with free software and using the service supports the development of Kolab. Also, it lets you export all your data at any time.

Why not Hushmail? See 'compromises to email privacy'.

If you decide to host your own server, then Kolab is a good choice. It integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.

While not complete yet, the FreedomBox project is aiming at creating a turnkey solution for encrypted communications.

Email client

Proprietary

  • Apple OS X Mail
  • IBM Notes
  • Microsoft Office Outlook
  • Novell Groupwise

Notes

Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail.

Find out more about the differences between Mozilla Thunderbird and Icedove.

Email encryption

 

Notes

“Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications.”

Wikipedia

PRISM Break does not recommended S/MIME email encryption because of its reliance on third-party certificates from central authorities. Read more here.

Instant messaging

Proprietary

  • AOL Instant Messenger
  • Google Talk
  • Apple OS X Messages
  • WhatsApp Messenger
  • Yahoo! Messenger
  • Viber Messenger

Notes

“Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing.”

Wikipedia

Note that Pidgin stores your IM account passwords in plain text. You can avoid this by (1) not saving your password in Pidgin, (2) encrypting your file system with software like TrueCrypt, or (3) storing your Pidgin password securely with the Debian package pidgin-gnome-keyring.

Pidgin with OTR and dbus enabled has a security bug that can be exploited by malicious programs on your PC. See the upstream bug report for more information and possible workarounds.

TorChat is not related to nor sponsored by the official Tor Project.

Threema is not recommend by PRISM Break as it is closed source software. Freely available source code is a necessary condition for privacy and security.

Video conferencing & VoIP

Proprietary

  • FaceTime
  • Google+ Hangouts
  • Google Talk
  • Skype

Notes

Jitsi is a drop-in, encrypted replacement for almost all the tasks Skype is used for.

Please note that that Jitsi may request non-secure information during encrypted chat if you paste a link into it. Also, if Jitsi is set up to use Tor, it may leak DNS information by not using Tor for DNS resolution.

Linphone, an alternative to Jitsi, currently has unresolved security weaknesses.

Social networking

Proprietary

  • Google+
  • Facebook
  • LinkedIn
  • Twitter

Notes

If you have system administration knowledge, please strongly consider running an instance of pump.io (or something else) for your friends, family, or favorite community. Many of them would be willing and grateful to escape Facebook if you provide them a way out.

For those of you without your own server, RetroShare is the easiest way to start your own encrypted social network.

identi.ca is a popular Twitter-like social networking hub for the free and open source software community built on pump.io.

Cloud storage

Proprietary

  • Apple iCloud
  • Dropbox
  • Google Drive
  • Microsoft SkyDrive

Notes

BitTorrent Sync, MEGA, SpiderOak, and Tarsnap are services that are built on either partially or fully proprietary software. They will not be recommended on PRISM Break until they open source the entirety of their codebase.

With closed source software, you need to have 100% trust in the vendor because there's nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.

Document collaboration

Proprietary

  • Google Docs
  • Microsoft Office Web Apps
  • Zoho Office Suite

Notes

Riseup also offers email, VPN, and chat services.

Media publishing

Proprietary

  • Flickr
  • Instagram
  • Picasa
  • Tumblr
  • YouTube
  • Vimeo

Notes

Self-hosting your media is important for privacy and security. Hosting your blog on WordPress.com is no better for your data security than Blogger or Tumblr.

Warning: Using avatars in WordPress will activate Gravatar, which which will send your email address to gravatar.com. Avatars are activated by default and can be turned off under “Settings > Discussion > Avatars”.

Online transactions

Proprietary

  • PayPal
  • Google Wallet

Notes

Learn more about Bitcoin and get started with your first free wallet at We Use Coins.

Digital distribution

Proprietary

  • Steam

Notes

Desurium is only the client. You will still have to trust/depend on the proprietary desura service.

VPN client

Proprietary

  • Cisco Systems VPN Client
  • Viscosity

Notes

Learn more about JonDo and why it is better than any other service including TOR

Encrypted virtual private network (VPN) technology can be used by ordinary Internet users to connect to proxy servers for the purpose of protecting one’s identity and online footprint.

More on Wikipedia.

Web analytics

Proprietary

  • Google Analytics

Notes

Piwik analytics powers this site. It‘s set up to anonymize the last two bits (255.255.???.???) of visitor IPs. Check out the live data here: prism-break.org/analytics and view our privacy policy.

DNS provider

Proprietary

  • Google Public DNS

Notes

Google Public DNS permanently logs your ISP and location information for analysis. Your IP address is also stored for 24 hours.

OpenNIC has not adopted an official policy concerning log query privacy/anonymization. You may choose anonymous DNS servers on this page.

Anonymizing network

 

Notes

Learn more why JonDoNym is better than any other anonimyzing service/VPN, including TOR
Some arguments posted in gray and their reply afterwards
JonDonym is centralized, while Tor is distributed.
JonDonym is organized nearly in the same way like Tor. Software development and project coordination is done by JonDos GmbH for JonDonym like TorProject.org is responsible for software development and project coordination for Tor.
Mix operators are verified but are independent of JonDos GmbH like Tor operators.
Most Tor authority servers are running by members of TorProject.org or strong associated persons. They can kick off Tor nodes they don't like (bad exits). A small list of excludes nodes you may find here: https://trac.torproject.org/projects/tor/wiki/doc/badRelays
TorProject.org gets 70% of money from the US government. Because it is it the most important part of earnings TorProject.org depends on donations by US government.
JonDonym get earnings only for premium services. It is independent of any government but only depends on the user. That's why it is commercial services. I can not see a disadvantage here. You pay software developer only if you have money.
Law enforcement issues
Tor admins have to follow the same law like JonDonym mix operators. They don't work out of law. If a Tor admin will get a court order he has to follow or pay 50.000 Euro (in Germany, may be different in other countries) and a Tor admin has to follow surveillance court orders in the U.S. TorProject.org doesn't inform the admins and user about this, but hide this information private doesn't increase security.
(I didn't know a Tor admin who get a court order, but I know more than one Tor server which was closed by search warrant.)
JonDonym caps bandwidth to 30-50?kBit/s for free users.
But premium services of JonDonym are 10x faster than Tor.
Lastly, JonDonym relies on Java to function
This was not a problem for you in case of Jitsi (VoiP client), I2P (anonymisation network) or OpenFire or Tigase (cross-plattform XMPP server). Why it is a problem here?
At least: I2P is broken: http://wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf
"In this paper, we describe an attack that can be used to break the anonymity of a victim who is using anonymized resources in I2P for example, a user browsing eepsites (I2Ps terminology for anonymous websites) or chatting."
The issues are not fixed in the latest release. Why you are listing broken services but not JonDonym?

Meshnet

 

Notes

A meshnet is a decentralized peer-to-peer network, with user-controlled physical links that are usually wireless.

“Mesh networking (topology) is a type of networking where each node must not only capture and disseminate its own data, but also serve as a relay for other nodes, that is, it must collaborate to propagate the data in the network.”

Wikipedia

XMPP Server

 

Notes

“Extensible Messaging and Presence Protocol (XMPP) is a communications protocol for message-oriented middleware based on XML (Extensible Markup Language). The protocol was originally named Jabber, and was developed by the Jabber open-source community in 1999 for near real-time, instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has also been used for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, Internet of Things applications such as the smart grid, and social networking services.”

Wikipedia

SIP Server

 

Notes

“The Session Initiation Protocol (SIP) is a signaling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks.”

Wikipedia

Self-hosting solutions

 

Notes

--

What is “free software”?

“Free software” means software that respects users’ freedom and community. Roughly, the users have the freedom to run, copy, distribute, study, change and improve the software. With these freedoms, the users (both individually and collectively) control the program and what it does for them. (more …)

The Free Software Foundation

Take action against PRISM.

MASSIVE SURVEILLANCE EXPOSED

Recent reports by the Guardian and the Washington Post confirm secret spying programs on phone records and Internet activity. It‘s time for a full accounting of America’s secret spying programs—and an end to unconstitutional surveillance. (more …)

The Electronic Frontier Foundation