[okfn-discuss] [OKFN-Local-Coord] Which e-mail service or mail transfer agent are you using/do you recommend?
Karsten Gerloff
gerloff at fsfeurope.org
Mon Jul 1 11:12:46 UTC 2013
Hi,
On Sun, Jun 30, 2013 at 10:45:37PM +0200, stef wrote:
>
> On Sun, Jun 30, 2013 at 02:59:23PM -0500, heath rezabek wrote:
> > For hosting services, which includes the ability to set up and control your
> > own mailserver (or any other service you can install as well as some
> > quick-setup options), I recommend Dreamhost with highest recommendations.
>
> i think it is also important to check if the servers are in europe, or in the
> us. i think dreamhost is in the us, no?
>
> i use postfix also. if you want to protect your correspondence then a vps wont
> do, you need to control your own physical hw. is a bit more expensive, but
> also a lot more safe. there's other ways around this, by using custom crypto,
> but it's not as good as real hw.
>
> i'd also avoid web-based interfaces, and stick with local clients, avoiding
> also phones.
>
> so you need only a postfix and a dovecot imap server, which after setting up
> only needs the occasional security update. but if you already have something
> like this, why not run your own xmpp server and yacy/seeks search engine.
While Stef's recommendations are valid, I'd like to point out
that it's important to think about what, exactly, you're trying to
defend against. You'll also need to decide to which length you
want to go to protect your privacy, and the privacy of the people
you talk to online.
If you want to avoid a scenario where some large corporation
shares your data wholesale with others, whether voluntarily or
under force, then the solution is not to give your data to such
corporations in the first place.
Here, running your own mail, XMPP etc. servers (or paying someone
you trust to do it for you) helps, as does replacing "data
hoovers" such as Facebook with decentralised / distributed social
networking tools (e.g. diaspora*, identi.ca etc). You'll also want
to replace Skype with something like Jitsi, and Dropbox with
something self-hosted such as OwnCloud.
This will make it less convenient for an attacker to get hold of
your information, as it's no longer all stored in a few central
places.
Note that many of these programs will not be as polished as their
non-free alternatives, so you'll need to decide whether your
prefer shiny toys or privacy.
If you're trying to defend against someone who might intercept
specific sensitive conversations, you'll want encryption. A lot of
email clients (e.g. Thunderbird) let you use GnuPG, the Free
Software implementation of the OpenPGP standard. For chat, a
number of Free Software clients can handle OTR encryption (which
stands for "off the record").
Such measures will probably keep the contents of your messages
private, but not the metadata (who you're talking to, for how
long, from where etc.).
If you're trying to protect yourself, and the people you
communicate with, against attackers who might simply steal or
confiscate your computers, you'll want to encrypt your hard
drives. Many GNU/Linux distributions offer this as an option
during the install process.
Whatever programs you use for communication and, especially,
encryption, you'll want to make sure that they're Free Software.
Given the things we've heard in the past few weeks, it's probably
safe(r) to assume that anything where you can't look at the source
code contains a back door for the government.
As an example, here's what I do myself. My work for FSFE means
that I communicate with lots of people, and handle sensitive data
occasionally [1]. My setup is by no means perfect. It's merely the
balance I've found between privacy, security and convenience.
YMMV. [2]
- I store my mail on a server run by a small company, where I
know the owners personally. I'm paying them EUR 8 a month for
administration, shell access, 2GB server space and other
sundries. I trust them because I know them, and because I know
where their company's revenue comes from (from me, and people
like me). And because I can go and yell at them if they do
something I disagree with.
+ On that server, I'm also running OwnCloud, for easy file
storage and sharing.
- I use GnuPG to encrypt sensitive emails. My preferred mail
client is Mutt, but that's a detail - others work just as
well.
- For chat, I use FSFE's XMPP servers, and those of the company
mentioned above. For social networking, I use identi.ca (which
is currently shifting to a new platform, so I'm not sure how
well it'll work a week from now.)
- I encrypt the hard drives on my desktop and my laptop. This is
easy to do when I install a new operating system, and is
probably the simplest thing on this list.
- I run my searches through DuckDuckGo rather than Google. It's
still a centralised service, but at least that way my search
data doesn't get linked with everything else I do around the
Internet. (DuckDuckGo has a Firefox plugin which is pretty
convenient.) FSFE's website search uses YaCy, which is a
distributed search engine.
Note that all these measures are purely defensive. They don't make
the problem of surveillance go away. They just slightly reduce
your risk of suffering from the problems associated with
surveillance. So there's one more point I'd like to add to the
list:
- I participate in politics. Together with many other people and
groups, we're trying to build a society where surveillance will
be the exception rather than the norm. Technology can provide
us with useful tools, and can shelter us a bit while we do this
work. But it won't do the job for us.
Hope this helps.
Best regards,
Karsten
[1] I'm talking about sensitive as in "if this leaks, it'd be
trouble and bad press" rather than "OMG there's a SWAT team coming
through the window".
[2] Views on what's an appropriate level of security differ
widely. Some people will think I'm paranoid. stef will think I'm
horribly sloppy.
--
Karsten Gerloff [ ] <gerloff at fsfeurope.org>
Free Software Foundation Europe [ ][ ][ ] [http://fsfe.org]
President | | +49 176 9690 4298
Support software freedom! [http://fsfe.org/support]
Free Software Foundation Europe e.V. is a German Verein registered
at the Registergericht Hamburg (VR 17030).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.okfn.org/pipermail/okfn-discuss/attachments/20130701/7cab390f/attachment.sig>
More information about the okfn-discuss
mailing list