Servers

The only way to have full control over your personal data is to run your own server. This is not for everyone though, as it requires considerable time investment and technical knowledge.

Disk Encryption
Notes

2014-05-28: TrueCrypt currently has security issues and is not recommended.

If you’re running GNU/Linux, dm-crypt with LUKS is the recommended encryption option.

Gentoo GNU/Linux maintains a guide for dm-crypt with LUKS.

Arch GNU/Linux maintains a guide to dm-crypt with LUKS. Also useable for Parabola GNU/Linux.

Slackware Linux maintains a guide to dm-crypt with LUKS.

Transparency in this context means that individual programs don't need to manage encryption of their own data, because this is provided equally for all programs by the encryption tool (like dm-crypt). More details on this in the Wikipedia.

Proprietary
Apple FileVault
BitLocker Drive Encryption
Symantec Drive Encryption
DNS
Notes

Google Public DNS permanently logs your ISP and location information for analysis. Your ip-address is also stored for 24 hours.

OpenNIC has not adopted an official policy concerning log query privacy/anonymization. More information here.

Proprietary
Google Public DNS
Email Clients
Notes

Switching from a proprietary service like Gmail to one of the more transparently-run email services on PRISM Break is the first step to a secure email account.

The second step is getting you and your contacts to encrypt your plain text messages with PGP encryption. This section contains free email clients that support PGP.

Read the Email Self-Defense guide by the Free Software Foundation to learn how to encrypt your email messages.

Here is a guide by Security In A Box to encrypting your email with Mozilla Thunderbird, GNU Privacy Guard (GPG), and Enigmail.

Find out more about the differences between Mozilla Thunderbird and Icedove.

Proprietary
Apple Mail
Enterprise Suite
Notes
The enterprise suite category is for solutions for organizations that cover more than 10 categories in an integrated fashion (ex.: logins work throughout all apps, etc.)
Proprietary
Google Apps for Work
Office 365 Enterprise E5
Zoho Office Suite
File Storage & Sync
Notes

Cloud file storage is also available via Chwala/iRony components of Kolab with the capability to integrate various storage backends. Files are accessible via storage layer access options, WebDAV and Kolab web interface integrating Roundcube.

Tarsnap is not recommended on PRISM Break due to its strict copyright on the client that makes it difficult to replace the service in the event Tarsnap is shut down.

BitTorrent Sync, MEGA, and SpiderOak are services that are built on either partially or fully proprietary software. They will not be recommended on PRISM Break until they open source the entirety of their codebase.

With closed source software, you need to have 100% trust in the vendor because there's nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.

Another alternative to cloud storage is local backup with external hard drives and USB flash drives. This method is reliably more secure than storing data on a network, but comes at a convenience cost.

Proprietary
Dropbox
Google Drive
Microsoft OneDrive
Mail Servers
Notes

A beginner’s guide to running your own mail server is available here: “NSA-proof your e-mail in 2 hours”.

Kolab integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.

What is an MTA?

“Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.

The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.”

Proprietary
Operating Systems
Notes

Apple, Google, and Microsoft are allegedly a part of PRISM. Their proprietary operating systems cannot be trusted to safeguard your personal information from the NSA. We have two free alternatives: GNU/Linux and BSD.

GNU/Linux has a much larger community to help you with the transition. It’s recommended that you begin your explorations by looking for a GNU/Linux distribution that suits your needs. Additionally the Free Software Foundation hosts a list of completely Free distributions.

Debian has a long tradition of software freedom. Contributors have to sign a social contract and adhere to the ethical manifesto. Strict inclusion guidelines make sure that only certified open source software gets packaged in the main repositories. You may also want to disable contrib and non-free repositories.

Fedora is a community edition that serve as the stable basis for enterprise ready GNU/Linux distributions with commercial support. Companies all over the world trust Red Hat Inc. because of their transparency throughout the whole development process.

Canonical’s Ubuntu is not recommended by PRISM Break because it contains Amazon ads and data leaks by default. GNU/Linux distributions based on Ubuntu are also currently not recommended due to several other reasons.

Proprietary
Apple macOS Server
Microsoft Windows Server
Operating Systems (Live)
Notes

A live distribution like Tails is the fastest and easiest way to a secure operating system. All you have to do is create a bootable CD or USB drive with the files provided and you’re set. Everything else will be preconfigured for you.

A virtual machine (VM) image like Whonix is designed to be run inside of a virtualization package like VirtualBox. VirtualBox can be installed on Windows, Linux, macOS, and Solaris. This means that if you're stuck using Windows or macOS for whatever reason, you can install VirtualBox and use Whonix to increase your privacy and security.

Proprietary
Productivity
Proprietary
Apple iWork for iCloud
Doodle
Evernote
Google Docs
Microsoft Office Web Apps
Novell Groupwise
Zoho Docs
Social Networks
Notes

If you have system administration knowledge, please strongly consider running an instance of pump.io (or something else) for your friends, family, or favorite community. Many of them would be willing and grateful to escape Facebook if you provide them a way out.

For those of you without your own server, RetroShare is the easiest way to start your own encrypted social network.

identi.ca is a popular Twitter-like social networking hub for the free and open source software community runs a pump.io software platform.

Proprietary
Facebook
Google+
LinkedIn
Twitter
Video & Voice
Notes

Get a free Sip-account for Jitsi and/or CSipSimple with The Guardian Project’s Ostel service, or for Linphone with the Linphone Free SIP service.

Note: Encryption is only supported for voice and video, but not for instant messaging.

Proprietary
Apple FaceTime
Facebook
Google+
Skype
TeamSpeak
Ventrilo