I have some security software installed. Am I safe?
NO. Mass surveillance systems are not stopped by virus scanners, security suites, or other common security software. Mass surveillance relies on problems with network connections, apps and internet services to collect information on you. What is not collected through these methods, is taken from companies that hold your information by court order.
What is OSTIF, why do you exist?
The Open Source Technology Improvement Fund is an organization for strengthening open source security software projects. I know that is a mouthful of technical jargon. So lets break it down. Open source software is software that is created in the open by a community. Everyone can see how this software is made and can trust that this software will do exactly what it is supposed to do. On the other hand, commercial software is often close-source code. This means that you can only see the software working after you install it. Programmers cannot look at the code and verify that the software will always do exactly what it is supposed to do because all of these underlying functions are hidden. This means that close-source software can be subject to sabotage, either by manipulating the code to make it less secure (a back door) or by finding security problems that go unfixed because programmers cannot review the source code for the app (bugs).
For this reason, open source security software is the only type of security software that we can all trust is mostly free of disastrous bugs and completely free of back doors.
Our goals take this one step further. We take the open source software and get it looked over by professionals, line by line. We then also add the software to a program where anyone in the world can hunt for bugs in the open source code, and if they find a serious one, they can get a paycheck from us, called a bug bounty. This encourages a LOT of people to look at the code and find bugs. These things combine make open source security software stronger and more trustworthy.
Why should I care about surveillance? How does this impact me?
If you found out the government was intercepting all of your mail and reading it, would you be concerned? Does your opinion change if it is your medical records? Letters from your attorney? Financial information? The truth is that it is far worse than that. They are looking at your email, location data, phone records, browsing habits, text messages, chat logs, your social media and even pilfering passwords from weak systems.
EVEN IF your answer to the previous paragraph is “so what? I have nothing to hide.” You should consider the impact that this has on free speech, freedom to assemble, a free press, patient-doctor confidentiality, attorney-client privilege, and so much more. Just because you are not concerned about your personal information (you should be anyway!) it doesn’t mean that other people do not have information that is valuable. This information can be used to sway elections, sabotage business negotiations, or even round up people of an opposing political party.
EVEN FURTHER if you don’t care about the implications in your home country, you should consider the impact that free and open software has on the world stage. There are places where people are jailed or even murdered for speaking out about their beliefs, for speaking out against the government or simply for being born into the wrong family. Free and open security software has the power to protect people who have no other recourse.
What is the supported software? How do I get it?
All of this software is available to use right now. The OSTIF is working to make this software better.
VeraCrypt – For encrypting your files.
OpenVPN – For encrypting connections over the internet, securely.
Off the Record – (Windows version is Pidgin + Plugin) Encrypted chats
Off the Record – (Apple OSX version is Adium) Encrypted chats
GnuPG – (Windows version is GPG4WIN) Encrypting Email and Files
GnuPG – (Apple OSX version is GnuPG for OSX) Encrypting Email and Files
OpenSSL – This project is special, it is built into a huge number of apps and it used for servers to host secure web pages. You do not need to download it.
Tor – A fully encrypted network that you connect to for privacy. More powerful than OpenVPN but slower.
Mailvelope – A plugin for Chrome and Firefox that allows you to more easily encrypt webmail, like gmail, yahoo, outlook. It uses the OpenPGP framework (which is open source).
How do I use it?
This section will be updated with guide videos. If i cannot locate the guide videos, I will create them myself.
Why did you select project X and not project Y?
We selected the projects based on their purpose and their potential. We needed to select an app to protect your chats (Off the Record), an app to protect your network connections (OpenVPN), open encryption code that is used by other applications (OpenSSL), an app to protect data on your hard drive (VeraCrypt), an app to protect your email and its attachments (GnuPG).
Off the Record and GnuPG were selected because there is strong evidence that they are actually strong, as evidenced by the Snowden revelations. OpenVPN was selected because it is widely used, and it works for Windows, Apple OSX, Linux, and BSD. OpenSSL was selected because it is widely used, having a 69% market share in top 1,000,000 websites. VeraCrypt was selected because it is the successor to the powerful TrueCrypt software, and has the potential to be a worldwide gold standard for file encryption.
How do you fund these goals?
From donors like you. Every donation makes a significant contribution to the strength of these apps.
Why should I trust you? How do you spend donated money?
Every dollar that OSTIF takes in and spends is posted publicly here:
https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM
We also post annual reviews of our revenue and spending and how we performed in relation to our goals.
https://ostif.org/ostif-financial-report-for-fy2016/