- 09 Jun 2014 20:05
#14419325
Here is my progress on taking back my email.
For those with the technical know-how, here is my new secure setup.
Postfix (mta)
Dovecot (lda, imaps, pop3s)
spamd, clamav
https
OwnCloud (over https)
tinydns (over https)
The above are the tools I use. Many different combos exist that would do exactly the same job.
For email redundancy:
Imapsync is syncing from one server to another. If one machine goes down, my users can login to the backup server temporarily to manage their mail.
If you don't want to spend any money on certs, use SSL self-signed ssl certs with 2048 bit encryption.
No more google, yahoo, Microsoft, and certainly this is not good news for the nsa.
I'm currently working on adding OpenPGP.org to the imap client.
To get off Skype or public phone system, look into:
Jitsi (secure skype alternative)
ostel.co (encrypted phone calls)
OSTN
All my setup costs me $19/year for hosting.
What I've done is to make it impossible for the nsa to sit between me and my isp and grab my messages. But if the nsa can't snoop on your email as the email travels around, it can still compel your isp to allow access to your saved data. This is true. But:
1. It'd have to do that on an individual bases, instead of just hoovering up every data as it passes through the wire.
2. if you're really interested in privacy, you won't be hosting your servers in the US. To have full control of your servers, make sure all the servers are in a place like Switzerland. Switzerland doesn’t do things like seize servers or record conversations.
I'm aware that only a very tiny minority of people are capable of pulling a setup like this off on their own. But at least people need to be informed that they can take back their email from the surveilance state if they choose to.
You often hear naive individuals say...
1. I have nothing to hide, so why worry if the government is spying on me?
-- Remind me never to do business with idiots like these.
-- Everybody has something to hide. Unless you never ever do business online. Also, it's nobody's business but yours what you have in your email. Period.
-- Since you have nothing to hide, would you let your government search your home without a warrant? That is the same thing as letting government have access to your email without your knowledge.
-- How do you know who is looking at your email on the other end? It could be your foe.
-- Imagine you're a reporter, with confidential sources. You're saying it's fine for govt to just grab your sources?
2. Hey, the nsa can get into my email anyway, so why even try to fight it?
-- Not true. Email can be made private and secure. My solution provides end-to-end encryption, which effectively thwarts nsa's MITM theft.
3. I trust government to do the right thing.
-- Really? Government does a lot of things wrong. You forget that govt is just people.
4. Secure email makes it impossible to surveil criminals.
-- He who gives up his rights for security, would have neither.
-- How many real criminals have been caught by Obama's global spying?
-- Is Angela Merkel a criminal? Is Mexico's president a criminal? Why is your govt spying on them?
5. It's all a waste of time. The nsa can break any encrypted message.
-- Not true. I have not heard of AES being broken. The real guarantee we have that any of these crypto systems are secure is that the CIA wouldn't use them if the NSA could break them. FYI, government agencies spy against each other too.
6. But the spy agency, nsa can try backdoor ways like attacking certificates.
-- The cert authorities have a credibility to uphold. AES is used for global banking, business, medical and government records. If there were a backdoor in aes, and that backdoor were discovered, commerce would be broken.
-- We'd revisit this topic when the nsa has built its quantum computer, that could potentially break any encryption.
The bottom line is that you can use the web securely at next to no cost. The big boys (yahoo, google, MS, etc) can no longer be trusted, so no need to surrender your privacy to them. Pretty much all the services they provide can be privately run by you, on servers you control.
For those with the technical know-how, here is my new secure setup.
Postfix (mta)
Dovecot (lda, imaps, pop3s)
spamd, clamav
https
OwnCloud (over https)
tinydns (over https)
The above are the tools I use. Many different combos exist that would do exactly the same job.
For email redundancy:
Imapsync is syncing from one server to another. If one machine goes down, my users can login to the backup server temporarily to manage their mail.
If you don't want to spend any money on certs, use SSL self-signed ssl certs with 2048 bit encryption.
No more google, yahoo, Microsoft, and certainly this is not good news for the nsa.
I'm currently working on adding OpenPGP.org to the imap client.
To get off Skype or public phone system, look into:
Jitsi (secure skype alternative)
ostel.co (encrypted phone calls)
OSTN
All my setup costs me $19/year for hosting.
What I've done is to make it impossible for the nsa to sit between me and my isp and grab my messages. But if the nsa can't snoop on your email as the email travels around, it can still compel your isp to allow access to your saved data. This is true. But:
1. It'd have to do that on an individual bases, instead of just hoovering up every data as it passes through the wire.
2. if you're really interested in privacy, you won't be hosting your servers in the US. To have full control of your servers, make sure all the servers are in a place like Switzerland. Switzerland doesn’t do things like seize servers or record conversations.
I'm aware that only a very tiny minority of people are capable of pulling a setup like this off on their own. But at least people need to be informed that they can take back their email from the surveilance state if they choose to.
You often hear naive individuals say...
1. I have nothing to hide, so why worry if the government is spying on me?
-- Remind me never to do business with idiots like these.
-- Everybody has something to hide. Unless you never ever do business online. Also, it's nobody's business but yours what you have in your email. Period.
-- Since you have nothing to hide, would you let your government search your home without a warrant? That is the same thing as letting government have access to your email without your knowledge.
-- How do you know who is looking at your email on the other end? It could be your foe.
-- Imagine you're a reporter, with confidential sources. You're saying it's fine for govt to just grab your sources?
2. Hey, the nsa can get into my email anyway, so why even try to fight it?
-- Not true. Email can be made private and secure. My solution provides end-to-end encryption, which effectively thwarts nsa's MITM theft.
3. I trust government to do the right thing.
-- Really? Government does a lot of things wrong. You forget that govt is just people.
4. Secure email makes it impossible to surveil criminals.
-- He who gives up his rights for security, would have neither.
-- How many real criminals have been caught by Obama's global spying?
-- Is Angela Merkel a criminal? Is Mexico's president a criminal? Why is your govt spying on them?
5. It's all a waste of time. The nsa can break any encrypted message.
-- Not true. I have not heard of AES being broken. The real guarantee we have that any of these crypto systems are secure is that the CIA wouldn't use them if the NSA could break them. FYI, government agencies spy against each other too.
6. But the spy agency, nsa can try backdoor ways like attacking certificates.
-- The cert authorities have a credibility to uphold. AES is used for global banking, business, medical and government records. If there were a backdoor in aes, and that backdoor were discovered, commerce would be broken.
-- We'd revisit this topic when the nsa has built its quantum computer, that could potentially break any encryption.
The bottom line is that you can use the web securely at next to no cost. The big boys (yahoo, google, MS, etc) can no longer be trusted, so no need to surrender your privacy to them. Pretty much all the services they provide can be privately run by you, on servers you control.
A liberal is someone who feels a great debt to his fellow man, a debt he proposes to pay off with your money.
A corporation’s primary goal is to make money. Government’s primary role is to take a big chunk of that money and give it to others.
A corporation’s primary goal is to make money. Government’s primary role is to take a big chunk of that money and give it to others.