Free software isn’t free. Someone’s got to shell out for the expensive development, maintenance, bug fixes and updates for programs that so many of us who live online have come to see as almost natural resources. And increasingly, those taken-for-granted tools have become vital for the privacy and security of millions of people.
So as the end of 2014 approaches, this might be the time to add a few free software security projects like the ones we’ve listed below to your annual tax-deductible donations. “There’s no way around it. If we want tools that are secure and usable, then these projects need funding,” says Trevor Timm, executive director of the Freedom of the Press Foundation, a non-profit that has run fundraising campaigns for encryption software. “They don’t have a business model. They’re not doing this to make money. Their first priority is the security of users.”
A year of Snowden-fueled privacy interest, Timm adds, has driven a new crowd to cash-strapped free software privacy projects for whom every new user often represents a new demand on resources. “When a lot of these projects started, there wasn’t a giant user base. Now so many people depend on these tools for privacy,” says Timm. “If we’re going to use them, it’s important to give back to the projects that created them.”
Here are a few of WIRED’s suggestions for your yuletide crypto philanthropy:
Tor, whose name comes from the acronym The Onion Router, remains perhaps the world’s most effective tool for evading surveillance online. By encrypting a user’s traffic in layers and routing it through randomly chosen computers spread around the world, Tor makes it nearly impossible to track down a user’s identity or censor his or her Web browsing. In the wake of Snowden’s revelations, the tool has nearly doubled in usage to around two million active users, straining its infrastructure.
Tor receives much of its funding from the U.S. military and the State Department. But Freedom of the Press’s Timm says that government funding shouldn’t dissuade individuals from donating. “One part of the US government may the biggest funder of an encryption project, while at the same time as other parts of the government want to see it outlawed,” says Timm, referring in part to the FBI director James Comey’s recent statements about encryption’s dangers. “If people really want to support projects like Tor, they should help them become less reliant on that government funding.”
The operating system Tails, or The Amnesiac Incognito Live System, has all the properties of the ideal private operating system. It boots from a USB drive, leaving no trace on the computer it’s running on. And it routes all the user’s traffic over Tor, foiling even malware attacks that might be designed to cause a Tor user’s computer to leak identifying data.
Edward Snowden himself has praised Tails as a means to strengthen vulnerable communication endpoints. And filmmaker Laura Poitras used Tails when communicating with Snowden for months to arrange his unprecedented leak of NSA secrets. Despite all of that, Tails has received little mainstream support and may be the security software most in need of users’ donations.
SecureDrop, which started with some of the last code written by free information activist Aaron Swartz, aims to turn every news organization into a potential WikiLeaks. The software integrates Tor to allow sources to anonymously upload secret documents. The Freedom of the Press Foundation has adopted SecureDrop, manages its fundraising, and has now helped more than a dozen news outlets to install it, including The Washington Post, The Guardian, and The Intercept. It promises to become a crucial investigative journalism tool that allows reporters to stay a step ahead of any surveillance that would seek to identify their most sensitive sources.
When privacy conscious users think of the venerable encryption software PGP, they think of Phil Zimmermann, the folk hero cryptographer who first released PGP in 1991. Less heralded is the group known as GPG Tools, which now maintains the open-source version of PGP known as Gnu Privacy Guard. (The original PGP became the product of a private company and ended up being acquired by the security giant Symantec.) GPG Tools makes an enormous swathe of strong encryption use cases possible, particularly for email. In a sign of its tight resources, it began charging for downloads of its Mail plugin for Mac last month. But other versions of the software remain free, and could use a little financial support.
Open Whisper Systems
Open Whisper Systems, created by the hacker and privacy activist Moxie Marlinspike, is quickly becoming the world’s most widely implemented tool for encrypting smartphone messaging. The project began in 2010 with the Android apps Redphone and Textsecure, which allow end-to-end, strongly encrypted voice calls and text messages. Then earlier this year, OWS added Signal, which enables the same encrypted calls from iPhones, too. And then, in a landmark move last month, the ultra-popular messaging app Whatsapp announced that it would be integrating Textsecure into its Android app installed on hundreds of millions of phones, with an iPhone implementation to follow. With that kind of mass adoption, Textsecure is on its way to becoming the go-to protocol for anyone who wants to add surveillance-breaking protection to their smartphone messaging program. You can donate to the project through the Freedom of the Press Foundation.
Cryptographer Nadim Kobeissi has made it his mission to create the world’s simplest crypto applications; Cryptocat makes Web-based encrypted messaging so simple a five-year-old can use it. Despite early criticism for security flaws, the ultra-usable program now gets strong reviews from the cryptography community, and has been downloaded more than 750,000 times. Kobeissi’s newer project is Minilock, a public key encryption program designed to be so simple that it doesn’t even require creating an account or storing a key on the user’s machine. You can donate support Cryptocat via Paypal here.
Off The Record Messaging
Cryptocat and Textsecure have both integrated Off-The-Record (OTR) messaging, the gold standard protocol for encrypted instant messaging. (Though Textsecure has recently shifted to using its own code instead.) Created by Ian Goldberg and maintained by his research group at the University of Waterloo, (which also hosts its fundraising) OTR’s plugins for Jabber clients like Adium and Pidgin have made it popular for everyone from WikiLeaks to Russian drug dealers.
OpenSSL provides the crypto protocol used by two thirds of the web’s SSL-encrypted websites. And until last summer, it had only four core programmers and a single full-time employee. The lack of love for such an important open-source project only came to light in April, when the flaw in OpenSSL known as Heartbleed made it possible to compromise millions of servers around the world that implement the protocol. OpenSSL has since received more development help and funding from major tech firms. But the project is still seeking more donations (though not tax deductible ones, unfortunately) and corporate sponsorships.
Provided from: Techcrunch.