8 Great and Free Open Source Alternatives

Welcome to the first installment of TOWR Guides, handy infographics that you can save, share, and refer to. This first foray deals with open source alternatives to the software that we’ve all been using for years—the Microsofts and Googles and Facebooks of the world. These companies are the go-to for so many types of things that we do on our computers every day, and yet they’ve become data collection platforms and festering cesspools of personal data, just waiting to be purchased or subpoenaed or even stolen…and that’s not even counting the warrantless searches and worse that are occurring. There’s good news, though—you have options.

Welcome to the first installment of TOWR Guides, handy infographics that you can save, share, and refer to. This first foray deals with open source alternatives to the software that we’ve all been using for years—the Microsofts and Googles and Facebooks of the world. These companies are the go-to for so many types of things that we do on our computers every day, and yet they’ve become data collection platforms and festering cesspools of personal data, just waiting to be purchased or subpoenaed or even stolen…and that’s not even counting the warrantless searches and worse that are occurring. There’s good news, though—you have options.

Data: The Crime Frontier

Data breaches have almost become a way of life, the new normal. In 2015, it wasn’t just cheating spouses that got hit. VTech’s hack exposed children’s photos and home addresses to any predator savvy enough to access the security hole. The Office of Personnel Management hack compromised 5.6 million sets of fingerprints and much more; the victims of the worst hack in US history were only offered credit monitoring services and a few platitudes. Last week, security giant Juniper found “unauthorized code” running on its servers that showed a level of sophistication found in nation-state level operations—and evidence shows that the code was there for three years before it was discovered.

In a world where true cybersecurity is an elusive and possibly even unattainable prize, it’s even more important to do our part to protect ourselves. Part of that means being very careful what software you use, what sites you visit, and what information you let those programs and websites have. Enter one solution: Open source software.

Open Source What?

For those new to the term, open source software means the code is available for anyone to look at. Other programmers can go through the code and find errors or security holes, or make modifications; they release the modified (or forked) version back to the community.5,754

The benefits of this are huge. When looking for a secure text messaging app, for instance, which app would you have more confidence in: A proprietary program where the company says it’s secure and you’re expected to trust them (and watch their site for any patches coming out after the fact)? Or an open source program with several public audits and discussions on the code, explaining whether it works or not, why it works, and what updates or tweaks it still needs?

All of this can be pretty overwhelming for the average person who’s been ‘in the Matrix’, so to speak, of proprietary commercial big-name software their whole lives. Thankfully, there are plenty of resources to help you make the switch. The first thing you can check out is our infographic. It’ll get you started with some basic alternatives. After you take a look at those, surf over to Alternative.to. It’s a huge database of open source software links for every operating system and program you can think of. Own a Windows laptop and an iPhone? Mac and Android? Whatever you have, there are options.

What Now?

Click the graphic below to enlarge, and right click to save it. Better yet, use the sharing buttons to spread the information to others! Do you have a favorite open source program? Let us know in the comments. Be sure to subscribe so you don’t miss any of our other guides!

8 Easy OPEN SOURCE ALTERNATIVES

 

 

 

 

 

 

Don’t Use Web-Based Email Search Services for OSINT Unless…

We often use web-based email search to find information about an email address, and in some cases, to find out information about who that email address communicates with. For those of us performing open source intelligence (OSINT) research for our various groups and personal vetting, email search is pretty important. Two of the most known web-based email search services are Reverse Genie and Email Sherlock.

While the services do provide information you need about an email address, it also notifies the owner of the email address that someone in your geographical area performed that search, and gives them a copy of the information it provided to you. This compromises your research and possibly your identity, especially if the target is aware that they’re on your radar in the first place.

Obviously, having your target notified that you’ve done a search on their email address defeats many purposes.

(For a general explanation of OSINT and some of the tools available, you can start here with this paper. There are MANY more resources on the web, including here at TOWR.)

You might be asking “Well, what am I supposed to use then?” There are a few things you can try; we aren’t saying stop performing email searches. Some of the issues could possibly be averted by using a VPN for all OSINT research—and not using that same VPN server again or for anything else (there are a host of VPN servers out there, even if you stick with only one provider). Using the Tor Browser is also a common-sense given. In addition, I’d recommend doing your OSINT research from a public wifi not in your immediate area. We all love doing our work while in comfy pants and our own recliner, but doing things right is far more important than doing them conveniently.

Whatever you do, don’t stop vetting your people—and by vetting I don’t mean “checking their Facebook profile to see what they post about and if you have mutual friends.” Keep in mind that there are currently known federal agents and informants that have mutual friends with you…and might even be friends with you themselves….collecting everything you post. Remember: it only takes one mistake to compromise your entire group.

If you’d be interested in a one-day class on how to vet your people and tighten your contact networks, contact us at TOWR@whiterose.us.

 

Run Your Own Mail Server

If you read our article on secure email yesterday and still wonder if that’s enough to protect your communications, then perhaps you’ve thought about setting up and hosting your own mail server. While this might sound fairly daunting, the truth is that you don’t have to be a technical guru to pull it off. Mail in a Box is a production-quality project allowing you to set up your own email server. This gives you total control over all facets of its security and any other options. The site has very clear setup instructions and even a video you can follow along.

Keep in mind that you won’t be able to run this at home because computers on most residential networks are blocked from sending mail both on the sending end (e.g. your ISP blocking port 25) and on the receiving end (by blacklists) because residential computers are all too often hijacked to send spam. Your home IP address is also probably dynamic and lacks configurable “reverse DNS.” If any of these apply to you, you’ll need to use a virtual machine in the cloud. You can, however, set it up on that virtual machine.

While we don’t recommend this for the beginner, it’s also not as difficult as you might think. Take a look and see what you think. From the website:

Mail-in-a-Box is based on Ubuntu 14.04 LTS 64-bit and uses very-well-documented shell scripts and a Python management daemon to configure the system. Take a look at the system architecture diagram and security practices.

Development takes place on github at https://github.com/mail-in-a-box/mailinabox.

Note that the goals of this project are to . . .

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent system configuration.
  • Not make a totally unhackable, NSA-proof server (but see our security practices).
  • Not make something customizable by power users.

Mail-in-a-Box is dedicated to the public domain using CC0.

There’s another option too, if you’ve got a Raspberry Pi laying around. This guide will literally walk you through booting your Raspberry Pi for the first time, all the way up to getting a secure webserver running. In fact, the guide itself is hosted on a Raspberry Pi. Take a look.

7 Secure Email Services You Should Leave Gmail For

[dropcap]W[/dropcap]e talk a lot about privacy and anonymity at TOWR, and for good reason. Today we’ll look at the criteria for a solid email service, and list seven secure email services that meet that criteria. If you’re still of the opinion that you “have nothing to hide” and don’t care if the government or hackers look at your emails or accounts, then you should consider Glenn Greenwald’s advice:

Over the last 16 months, as I’ve debated this issue around the world, every single time somebody has said to me, “I don’t really worry about invasions of privacy because I don’t have anything to hide.” I always say the same thing to them. I get out a pen, I write down my email address. I say, “Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.” Not a single person has taken me up on that offer.

(For those who are looking for more ways to answer the “I don’t have anything to hide” argument, you can read this thread on reddit. It’s got some fantastic counterpoints.) If you’re on board, let’s get started.

Continue reading “7 Secure Email Services You Should Leave Gmail For”

5 Critical Things You’re Missing in Your SHTF Training

[dropcap]Y[/dropcap]ou’ve got your stash of food and matches. You’ve stacked your ammo cans in the corner. You have guns and Fish-Mox and every kind of medical supply you can think of, with batteries and candles and flashlights and everything else. You’ve had your bug out bags forever and you’re an old hat at prepping. You’re ready for a full-on grid down situation…or are you?  Let’s take a look at five capabilities and SHTF training areas you’re probably missing.

Continue reading “5 Critical Things You’re Missing in Your SHTF Training”