To make software freedom a regular part of the discourse and response to massive spying, we need to go a few levels deeper on how software freedom and vulnerability to snooping interact. But much more than that, we need to implement and deploy free network services such that they are a real option for the masses and thus pertinent in a non-theoretical fashion. Can we use news such as the disclosure of PRISM (even if that turns out to be fake, there will be plenty of others) to motivate building and adoption of free network services?
How’s that going? The FSF has launched a surveillance campaign, unsurprisingly putting freedom front and center (title of this post cribbed from their headline “Protect your freedom and privacy; join us in creating an Internet that’s safer from surveillance”):
If we want to defang surveillance programs like PRISM, we need to stop using centralized systems and come together to build an Internet that’s decentralized, trustworthy, and free “as in freedom.”
Lots of guides to protecting your privacy are appearing, mostly recommending and explicitly mentioning free software in some way.
PRISM ⚡ Break almost exclusively recommends free software (the current exceptions are two meta-search engines), explains what free software is at the bottom of the page, and gives the following rationale at top:
Stop the American government from spying on you by encrypting your communications and ending your reliance on proprietary services.
Tactical Tech’s quick guide to privacy-respecting alternatives also almost exclusively recommends free software (the current exception is again a meta-search engine) and says in the introduction:
We recommend using Free and open-source software tools, because their security credentials and weaknesses can be independently verified and using them can make surveillance or invasion of privacy much more difficult.
Freedom of the Press Foundation’s Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance discusses free software extensively (including ways in which it is not a panacea) in the Software You Can Trust section, and notes (emphasis added) that:
Like all good cryptography software, Tor is free software, complete with an open bug tracker, mailing lists, and source code.
It also explains how to use OTR (encrypted chat) with Google and Facebook’s proprietary services (more on that below).
EFF’s Technology to Protect Against Mass Surveillance (Part 1) mentions that certain programs are free and open source software, but doesn’t explicitly say anything about the pertinence of that characteristic. It mentions a few proprietary services which offer “host-proof” backups, and concludes with:
Creating host-proof applications is challenging and involves trade-offs. For example, a host-proof service can’t easily search through your data, because it can’t read the data. And it can’t help you recover your data if you forget or lose your password, though there are ways the service could help you create your own password-recovery options.
There have been attempts to create host-proof services beyond the realm of backups, including host-proof web-based chat like Cryptocat. We’ve heard from people who are doing exciting work in this area, targeting host-proof social networking and online collaboration, as well as host-proof online storage with 100% open source client software. We expect to see a lot of announcements in this area. If demand for these technologies continues to increase, we could see a new wave of more privacy-protective communications tools.
As with using OTR to encrypt chats so that a service provider can’t tell what you’re saying, client-based encryption generally mitigates one privacy threat, whether the service is proprietary or not (but the service still knows who you’re communicating with, how much, when, etc).
These guides aren’t remotely mass media, but hopefully they’ll be sources used by mass media. I don’t know how that’s going, or whether software freedom is included in polite policy discourse in response to PRISM, or whether any of this is having a discernible impact on adoption and developer attention. Anyone care to research that?
Also let’s make sure software freedom is a leading part of the discourse about privacy, but not fall into a trap of making surveillance mitigation/privacy protection the leading argument for software freedom. Evan Prodromou has a pertinent quote in a recent interview:
Phew! That’s such a dangerous topic. There’s a real hazard of focusing the discussion on what’s wrong with centralized social networking—privacy violations! stifled innovation! government surveillance! unfair playing fields!—and just getting people really bummed out before they ever even start thinking about what the alternatives could be.
It’s like opening a box full of spiders and snakes right someone’s face and yelling BOOGETY BOOGETY BOOGETY. People just want to get the hell away from you; they’re not going to stop to listen to whatever it is your selling, no matter how great it is.