Open Source Technology Improvement Fund (OSTIF)
Open Source Technology Improvement Fund (OSTIF)
We are an organization that builds and improves powerful data security tools to protect information around the world.
We are an organization that builds and improves powerful data security tools to protect information around the world. Read more
You are being watched.
Governments around the world are violating your rights with widespread digital surveillance, spanning the entire globe.
I have some security software installed. Am I safe?
NO. Mass surveillance systems are not stopped by virus scanners, security suites, firewalls or other common security software. Mass surveillance relies on problems with network connections, apps and internet services to collect information about you. What is not collected through these methods is taken from companies that hold your information by court order in multiple countries.
What is OSTIF, why do you exist?
The Open Source Technology Improvement Fund is an organization for strengthening open source security software projects. I know that is a mouthful of technical jargon. So lets break it down. Open source software is software that is created in the open by a community. Everyone can see how this software is made and can trust that this software will do exactly what it is supposed to do.
On the other hand, commercial software is often close-source code. This means that you can only see the software working after you install it. No one can see the actual code. Programmers cannot look at the code and verify that the software will always do exactly what it is supposed to do because all of these underlying functions are hidden. This means that close-source software can be subject to sabotage, either by manipulating the code to make it less secure (a back door) or by finding security problems that go unfixed because programmers cannot review the source code for the app (bugs).
For this reason, open source security software is the only type of security software that we can all trust is mostly free of disastrous bugs and completely free of back doors.
Our goals take this one step further. We take the open source software and get it looked over by professionals, line by line. We then also add the software to a program where anyone in the world can hunt for bugs in the open source code, and if they find a serious one, they can get a paycheck from us, called a bug bounty. This encourages a LOT of people to look at the code and find bugs. These things combined make open source security software stronger and more trustworthy.
Why should I care about surveillance? How does this impact me?
If you found out the government was intercepting all of your mail and reading it, would you be concerned? Does your opinion change if it is your medical records? Letters from your attorney? Financial information?
The truth is that it is far worse than that. They are looking at your email, location data, phone records, browsing habits, text messages, chat logs, your social media and even pilfering passwords from weak systems.
EVEN IF your answer to the previous paragraph is "so what? I have nothing to hide." You should consider the impact that this has on free speech, freedom to assemble, a free press, patient-doctor confidentiality, attorney-client privilege, and so much more. Just because you are not concerned about your personal information (you should be anyway!) it doesn't mean that other people do not have information that is valuable. This information can be used to sway elections, sabotage business negotiations, or even round up people of an opposing political party.
EVEN FURTHER if you don't care about the implications in your home country, you should consider the impact that free and open software has on the world stage. There are places where people are jailed or even murdered for speaking out about their beliefs, for speaking out against the government or simply for being born into the wrong family. Free and open security software has the power to protect people who have no other recourse.
What is the supported software? How do I get it?
All of this software is available to use right now, for free. OSTIF is working to make this software better.
VeraCrypt - For encrypting your files.
OpenVPN - For encrypting connections over the internet, securely.
Off the Record - (Windows version is Pidgin + Plugin) Encrypted chats
Off the Record - (Apple OSX version is Adium) Encrypted chats
GnuPG - (Windows version is GPG4WIN) Encrypting Email and Files
GnuPG - (Apple OSX version is GnuPG for OSX) Encrypting Email and Files
OpenSSL - This project is special, it is built into a huge number of apps and it used for servers to host secure web pages. You do not need to download it.
Tor - A fully encrypted network that you connect to for privacy. More powerful than OpenVPN but slower.
Mailvelope - A plugin for Chrome and Firefox that allows you to more easily encrypt webmail, like gmail, yahoo, outlook. It uses the OpenPGP framework (which is open source).
Your KickStarter goal seems high. Where is all of this money going?
OSTIFs goal figures are a result of the inherent costs of running a KickStarter (7.5% to 10% overhead) along with the actual cost of the programs. Our organization is organized from the top-down to be efficient and eliminate all possible sources of waste.
The problem with open source software, and the reason that these projects need our support in the first place, is that open source software is easy to copy and therefore has low monetary value and no profit motive. The projects are created and maintained by people who donate their time and expertise. Without having any money involved in these projects, setting up advanced auditing and bug bounty programs (both of which are expensive) are impossible for these projects to manage themselves, yet the threat of mass surveillance and the consequences of vulnerabilities means that this software should be as strong as possible.
Our expenses for KickStarter inflate our numbers quite a bit. We have to pay for printing for certificates and t-shirts and pay for shipping including international shipping. Under normal conditions a donation would have 90% of its amount applied to the cause. For KickStarter the processing fees and rewards eat up half of that 90%.
It is also important to understand that software auditing is expensive. There are less than 20,000 people in the world that are qualified to handle this sort of task and they command large salaries, and professional auditing is usually done by a team of these talented programmers and cryptographers that specialize in different areas of software security.
The figures are essentially the same for our stretch goals, although the projects are different, our fixed costs as an organization are very low, and the money that gets to us after KickStarter expenses almost entirely goes to the projects cited below in our fundraiser goals.
How do I use it?
This section will be updated with guide videos. If we cannot locate good guide videos, we will create them ourselves. We were unable to find videos that were sufficiently simple for new users to understand. New videos are being shot and edited now.
How did you select projects to support?
We selected these projects based on their purpose and their potential. We needed to select an app to protect your chats (Off the Record), an app to protect your network connections (OpenVPN), open encryption code that is used by other applications (OpenSSL), an app to protect data on your hard drive (VeraCrypt), an app to protect your email and its attachments (GnuPG).
Off the Record and GnuPG were selected because there is strong evidence that they are actually unbreakable, as revealed by the disclosures of Edward Snowden. OpenVPN was selected because it is widely used, and it works for Windows, Apple OSX, Linux, and BSD. OpenSSL was selected because it is widely used, having a 69% market share in top 1,000,000 websites. VeraCrypt was selected because it is the successor to the powerful TrueCrypt software, and has the potential to be a worldwide gold standard for file encryption.
How do we support these goals?
By donating to our cause, and by spreading the word about OSTIF and mass surveillance.
Our Kickstarter campaign includes four sets of goals, from our primary goals to three sets of stretch goals should we exceed funding for our primary goal. The figures we have reached are based on multiple price quotes for services from companies that we would entrust to carry out our project goals.
We are also revealing our T-shirt designs for Gold and Platinum KickStarter Supporters!
The gold designs are pretty self-explanatory. You will be able to select any of the gold supporter designs and choose your front and back (see below).
We have unique designs for our Platinum supporters. Platinum supporters get a special shirt with a QR code and custom URL, that takes you directly to an OSTIF page with a personalized thank you from us, that is cryptographically signed by us and impossible to forge. Here is an example page!
You also get designs that are more complex with more colors, and a very special design to me, the OTR document shirt. The OTR document shirt is the actual Snowden document that was released by Jacob Appelbaum and Laura Poitras at 31c3 (i believe with the help of Der Spiegel). It is the document that revealed to the world that governments can not break real crypto. This moment was the moment that motivated me personally to act, and to support strong open crypto to fight government surveillance. You can see the actual reveal here: https://youtu.be/0SgGMj3Mf88?t=32m29s
We believe in the power of community and understand that everyone can make a difference. If you're on board with our mission, spread the word!
Risks and challenges
Our risks and challenges are with the fundraising itself. We have extensively networked with the security community, and designed systems that inspire people to perform well. We have experience with incentives-based contracts and evaluating prospective partnerships for risk-factors. We have thoroughly vetted the security companies that we plan to partner with, and have over one thousand hours of negotiation involved in the bug bounty system with the various supported open-source software projects. We have already completed the most significant legwork for the project, and just need the funding to execute our goals.
Lastly, there are challenges associated with creating and curating a community. However, we believe in our mission and are confident others will as well.Learn about accountability on Kickstarter
- (30 days)