I like the idea of providing a list of tools for “breaking the Prism” – in fact, I started such a list with Daniel van der Velden from Metahaven yesterday, but the EFF beat us to it – they’re wonderful that way. Except I don’t agree on every point…
See, while I agree that people should generally use free software, and should be using PGP (in the OpenPGP standard sense – not the PGP commercial software sense, an important distinction pointed out by @rikwes66) and OTR, and what not, I think their list of things is slightly lacking.
First off, riseup.net is a great e-mail service except in that their entire user base consists of people who are trying to be dissidents. This is like painting a fairly massive bullseye on the service, and one can be fairly confident that this is one of the things that is actively monitored.
Pidgin is a wonderful piece of software, but it is known to have a lot of security vulnerabilities. These are actively being patched, but I’d not recommend it for anything high security for now.
Bitmessage is an interesting concept, but to confuse it with e-mail is a very bad idea. It cannot communicate with the rest of the users of e-mail, and therefore it is not in any meaningful sense a replacement for any e-mail client.
This is where we get into some questions of licencing. I mentioned to @infil00p earlier that the licensing issue was important because, frankly, “mostly free” or “not entirely free” essentially translates to “eventually this thing will fuck you”. He disagreed, pointing at Tor, which is marked as “mostly free”. Tor is distributed under a BSD license, which is very much free software under any reasonable definition – up to and including the Free Software Foundation’s – although it is not Copyleft. I would contend that Tor is entirely free for all intents and purposes.
The issue is, less about licensing, really, and more about who has ultimate control over the infrastructure. If you can set up your own infrastructure, there is no problem.
I refer to my last post for why Etherpad and Ethercalc are insufficient.
As for Android and iOS, just treat them as untrustworthy. It’s way simpler.
This stuff is complicated, I’m afraid.