On 8/28/20 3:54 PM, Poison BL. wrote:
On Mon, Aug 17, 2020 at 12:51 AM Caveman Al Toraboran
<toraboracave...@protonmail.com> wrote:
hi. context:
1. tinfoil hat is on.
2. i feel disrespected when someone does things to
my stuff without getting my approval.
3. vps admin is not trusty and their sys admin may
read my emails, and laugh at me!
4. whole thing is not worth much money. so not
welling to pay more than the price of a cheap
vps. moving to dedicated hardware for me is
not worth it. my goal is to make it annoying
enough that cheap-vps's admins find it a bad
idea for them to allocate their time to mingle
with my stuff.
thoughts on how to maximally satisfy these
requirements?
rgrds,
cm.
I'm rather late to the game with this, but at the end of the day, mail
coming *into* a mail server isn't typically encrypted (and even that
is only the body, the headers can still reveal a great deal, and are
necessary for the server to work with it). A packet dump at the switch
will turn over every piece of mail you receive along the way. Email's
not designed for end to end security by default. Secondly, any hosting
on hardware you don't control is impossible to fully secure, if the
services on that end have to operate on the data at all. You can
encrypt the drive, encrypt the mail stores themselves, etc, but all of
those things will result in the encryption key being loaded into ram
while the VPS is running, and dumping ram from the hypervisor layer
destroys every illusion of security you had. Dedicated hardware in a
locked cabinet is as close as you get to preventing physical attacks
when you're hosting in someone else's DC, and that's not nearly in the
same market segment, price-wise, as a cheap VPS. At best, if you have
sensitive email that you're sending or receiving, work with the other
end of the communication and then encrypt the contents properly. Even
better, go with a larger scale, paid, solution in which your email
isn't even remotely worth the effort to tamper with for the hosting
company's employees, and hope the contractual obligations are
sufficient to protect you. If you have any sort of controlled data
going in and out of your email, step up to a plan that adheres to the
regulatory frameworks you're required to adhere to and make very sure
the contracts for it obligate the vendor to secure things properly on
their end (aws, azure/o365/etc mostly all have offerings for, at
least, US Gov level requirements).
Hmmmmm. How about paying for codes the US F. Feds do not have, like Real
Random. Supposedly, they are legally pissing of the F. Feds. Do your own
evaluation. A US corp in good standing the F. Feds do not want anyone to
know. About. Why? For the F. Feds to challenge what they do, they have
to PUBLICLY disclose their p. p.
https://www.realrandom.co/wp/
yes it's commercial. But for Gentoo, I'd push for a deep discount. They
have totally awesome technology, and I know a sales guy there. Any
solution, should have open source codes, and options for non-publish
commercial codes. Are there back doors? Dunno. Ask. Make your own
decision. But rumors are the F. Feds are pissed at these guys, cause
they have real technology solutions right now. Not bullshit-AI jibberish.
Sure, by executive order Trump could single action them out of
existence, but rumor has it, he has already decided NO, on that pathway.
My postulate is US Citizens, in good legal standing, with NO felony
convictions, have superior rights to privacy, than the F. Feds. It's
constitutionally bake in by our for fathers. We just need to stand up
and demand this. F. these scumbag lawyers, judges and corrupt (sold out)
politicians.
The rest of the work is on their own. But, if we organize and stand up,
we can put this 'demon' back into the darkness (abyss). I have no fear
of the F. Feds. Others would be wise to self examine, before joining up
with such an effort.
James Horton, pe
