Hey, Your postings on this subject are interesting, it seems you know about what your are talking about.
What should be your summary global advice for creating an hosting offshore corporation/foundation to help human right watchers and activists, say as eg Greenpeace, hrw.org , tibetans, chinesse/asian free speech/democacy activists, and the like?. If we are able to provide these communities with strong privacy-security-enhanced turnkey hosting services, individials, corporations, foundations will become also interested to adhere (or to order, if we go on business)our hosting system(s) and services... There are other considerations to implement in the hosting servers and customers PC's to help against Big Brother(s), as it's the software (and OS): Here OpenBSD can help a lot as the OS of choice, but it requires yet a lot of implementations and tricky configurations. To be implemented: Fully encryption of the OS boxes (a-la drivecrypt / compusec), also encrypting (eventually on fake video-music file containers for stegaqnography?) the users space via OTF-like (truecrypt?) encryption, including one or more layers of denial plausibility with fake/honey-pots areas if server maintainers or hosted customers are eventually forced (or hacked) to reveal their pass keys. The hoster company should never be able to decrypt the hosted customers content, its their matter and their privacy. A new kind of "secure&private" hosting standard should be created, e.g to force the use of only strong SSL for browsing and e-mail/webmail, and allowing only gpg protected communications on specific or aproved-verified secured pre-configured software clients. And networking ONLY on gateways as tor, i2p, mixminion, jap, freenet or similar systems. And etc etc... I can't understand why everyone still gives their websites on (weak/cleartext) http, instead of using strong https that should be the standard. Most if not all of the current PC boxes and bandwiths allow this, or not?. Why is https only used for banking, order former and the like, and not for everything? All this seems a lot of job (we all are working on that), but once done it can set up a new standard(s) for data and communications privacy ( a new standard that can/should have its own brand name) not only for individuals but also for corporations (industrial and commercial secrets theft causes billions loses), govs. We believe that this is an essential feature for a fair world and to reach a new degree of civilization, justice, equity and fraternity (if we can avoid to extinguish the humanity in the meantime): Information and association of the masses is a very powerful power. If and when you can freely communicate with everyone at the last desert village inhabitants in deep Africa, if and when a global worldwide individual can learn, know, opine and vote, then there will be a new kind of planet lobby from the masses against any ill-minded government, corporation, money or justice laws that can change the world in decades. And there are enough goods and resources in earth for all to leave in peace; someone is tricking us the wrong way. Here the OLPC (one laptop per children, wifi connected and solar/handcrank powered) is a good step (we are working also on an OpenBSD based version suite to fit on these as an alternate of the standard software (probably bigbro-dirty as not-privacy secured at all) . Of course, a super-secure information/communication/privacy system will help also criminals and ill-minded likes, but we must fight against them not at the price of losing our freespeech nor robbing the freespeech (nor the planet) of our childs, that are the real owners of the world. macintoshzoom --------------------------------------------------------------- On Wed, 18 Jun 2008 13:29:29 +0000 [EMAIL PROTECTED] wrote: > > But if ISP's must have blackbox on their interfaces (hello FBI),than you can't > > trust your local hosting company even if they are very friendly ;-) > > Cisco prefers a blueish-black color. Juniper boxes tend to be white and blue. > > In most Western countries there are many ISPs; if many of them were forced to have, in secret, black boxes on their networks, it would soon be public that that is occuring. > > Providers are, in many cases, being forced to allow, unmonitored, snooping by their governments - read up on CALEA. Hardware based routing platforms will be able to handle only a very small amount of traffic, the CPUs that are used in them tend to be very slow and even the fastest CPUs can route only a tiny amount of the traffic modern hardware-based routers can. > > So, if the government wants to monitor YOU specifically, or occasionally monitor everyone, they might be able to do it via CALEA. > > If I wished to monitor a large amount of peoples traffic (not all - that's not technically feasible), I would try and use passive taps with the cooperation of major transit providers. If I was on a smaller budget, then I would just do that with some major telcos. The NSA appears to have decided to use a hybrid approach. If I had very large amounts of money that I am willing to spend (well, government has lots of money, and it's not theirs, so why would they mind spending it?) I would do the same with cable providers (not the coax kind). > > I would definitely try and avoid small ISPs and IXPs - high maintenance, high whining and very difficult to perform surveillance using them clandestinely. Laying a submarine cable is far more expensive than starting an ISP or IXP. > > So, basically, you are being paranoid about the wrong things. [demime 1.01d removed an attachment of type application/pgp-signature]
