You’ve got trust issues. It’s understandable. Recent years haven’t been kind to our naive, blissful worldview that all software developers are looking out for our best interests.
Whether it’s Windows spying on you, or your browser compromising your privacy, there are good reasons to be cautious. Fortunately, there is a way to return to our digital utopian ideals of a safer and more secure internet for everyone: open-source software and tools.
Social networking was never supposed to be about government propaganda or privacy scandals. Instead, its aim was to simplify keeping up with your friends, including those you don’t see regularly. Even then, remembering names, important dates, and other information about all the people you meet feels like an impossible task.
Businesses recognized this years ago, creating Customer Relationship Management (CRM) software to record details of their customers to provide better service. But what if there was a personal CRM to help you improve your relationships and keep you in control of your confidential data?
Monica is an open-source personal CRM, designed to help you keep track of the people in your life. Using the web-based app, you can add notes about a person’s family, track how often you contact them, schedule reminders, and even track gifts you have shared with them.
The dashboard keeps you up to date with an overview of planned events and tasks related to your contacts. Monica even has a journaling feature for you to document your life (and even improve your mental health). Apps for both iOS and Android give you on-the-go access to your data. If you find yourself reluctant to share this much data with their servers, you can opt to self-host Monica.
Before 2014, Secure Socket Layers (SSL) and Transport Layer Security (TLS) were mostly unheard of outside of developer and security circles. Then, one of the web’s significant security vulnerabilities was discovered: Heartbleed. It affected an estimated 17 percent of servers running OpenSSL to provide secure connections to websites.
Although Heartbleed was picked up by news outlets spreading panic, the vulnerability was patched the same day it was disclosed. The response time was fast by any measure, made all the more impressive by the size of the OpenSSL team. The development group consists of just 13 people, 10 of whom are volunteers.
OpenSSL was first founded in 1998 as a fork of the now-defunct open-source project SSLeay. From its humble origins, it has gone on to become the standard for web server encryption. Not long after the Heartbleed disclosure, Google forked OpenSSL to create BoringSSL. Although the project is open-source, they explicitly warn people not to use it over OpenSSL, as they forked it specifically for their own use.
Sending large files over the internet can still be a challenge for the privacy-conscious. Cloud storage services have made it easier than ever to share your files online, but often leave you trading privacy for convenience. Options exist to share files without additional software, but also require you to upload your data to a third party server.
Sure, you could use a service like Takeafile which lets you share files without uploading to any third party servers. But if anonymity and security are high on your wish list, then you may use OnionShare. Not only is it open-source, but it makes use of the TOR network to securely and anonymously share files. The software—available for Linux, macOS, and Windows—creates a dedicated web server on the TOR network.
Dragging a file into the window creates a unique .onion URL to share with the recipient. Your files are hosted only on your computer, so the data is kept out of any third party’s hands. To download the file, the recipient does need to open the link in a TOR browser, so this may not be an option for everyone. That said, if you want your files to remain secret, this a worthy alternative.
In May 2018, researchers for Cisco’s Talos intelligence group uncovered evidence of malware targeting routers around the world. They estimated that as of May 24th 2018, VPNFilter had infected over 500,000 routers. The malware exploited the firmware found on many popular routers that still used the default login credentials.
Of course, it’s not the first time routers have been a security risk. But VPNFilter did show that routers still pose a threat to your security. Your router’s firmware is often cause of these vulnerabilities; it is likely developed, but woefully under-supported, by your ISP.
OpenWRT is an open-source Linux-based firmware developed for embedded devices like routers. It has an inbuilt web interface and is generally considered more stable than most router firmware. If the router improvements aren’t enough to convert you, then its other features may.
From monitoring network traffic, running a BitTorrent client, and configuring a network-wide VPN, there’s plenty to explore. Although there is currently no evidence that OpenWRT would have explicitly protected you from VPNFilter, it would have at least ensured you weren’t using the default username and password.
Virtual private networks (VPNs) have been a staple of corporate IT systems for decades. The first place many of us will have come into contact with VPNs is through our workplace. These days they are more commonly used as privacy tools, helping us combat censorship and keep data away from prying eyes. The spike in interest for VPNs over has led to an explosion of new providers. There are now free services, premium providers, and VPNs for Netflix.
OpenVPN, which was first released in 2002, is an open-source VPN protocol. It supports all major platforms including Linux, macOS, and Windows with mobile apps available for Android and iOS. Although many VPN providers have their native apps, those aren’t always available on every platform, making OpenVPN an ideal alternative. You may also have multiple VPN configurations for work, home, and other specific uses which you can store and connect to through the OpenVPN client.
OpenVPN uses 256-bit encryption via OpenSSL to protect your data in transit. A typical use for VPNs is to bypass firewalls, like the Great Firewall of China, and OpenVPN excels here too. By cloaking your data to make it appear like regular internet traffic, it can circumvent deep packet inspection. As OpenVPN is open-source, developers are encouraged to submit bug reports to improve the protocol. It also allows commercial projects to be spun off, like Private Tunnel which is developed by OpenVPN Inc.
Open-Source For Everyone
Scrutiny is important. If someone walked up to you on the street and promised to store your money securely, you probably wouldn’t take them at face value. Yet tech companies continue to convince us to hand over our data, despite constant reminders that we can’t trust them. Open-source software isn’t a panacea for all our data woes, but it does mean we can be more informed about where to place our trust.
There’s more to the open-source movement than just file sharing though. Linux is one of the most successful open-source projects of all time, with plenty of distributions to choose from.
But you don’t need to change operating systems to delve into the open-source rabbit hole. From browsers, to Windows tools, and cross-platform apps, there’s a whole world to explore. If installing a few apps isn’t radical enough for you, then you could always consider going all in and living a free and open-source life.