[NZLUG] Privacy server
jim at gonzul.net
Tue Jun 18 14:37:02 NZST 2013
Following up from Nevyn's recent thoughts about a local email server
for people to use ...
I would be interested in having a local server/service that was
intended to help protect my privacy. Many things need a central
'always-on' server portion, and part of the problem we have with
online services is that we don't/can't trust the servers themselves.
I'm thinking of something more paranoid than usual.
So perhaps we should start with a server that can be trusted, and
build on top of that. I know that we tend to look at technical
solutions first, but lets go the other way :-
* A group of people willing to contribute money (obviously the more
people, the lower the sums involved)
* A group of people willing to contribute time (not just sysadmins,
but probably mostly)
* A legal entity with an unchangeable purpose (a trust?) to own the resources
* A constitution that describes how administrators are verified,
chosen & removed
* An identity-verification standard for members (perhaps using cacert.org)
On the technical front, I'd look for something like :
* Dedicated hardware in a secured location (or multiple locations)
* Encrypted boot disk? TRESOR kernel patch? Perhaps an out-of-band
* Free Software or Open Source Software only, from sources that are
responsive to security issues
* Mandatory client-side encryption; try to detect & reject any
* No logging of client connections
There are a lot of options, depending on how far you set the
paranoid-meter, and how far you set the hostproof-meter. And some
interesting ideas around using existing protocols in unusual ways
(like mailinator, for example).
Is anyone interested in helping to get something like this up and running?
More information about the NZLUG