[NZLUG] Privacy server

Jim Cheetham jim at gonzul.net
Tue Jun 18 14:37:02 NZST 2013


Following up from Nevyn's recent thoughts about a local email server
for people to use ...

I would be interested in having a local server/service that was
intended to help protect my privacy. Many things need a central
'always-on' server portion, and part of the problem we have with
online services is that we don't/can't trust the servers themselves.
I'm thinking of something more paranoid than usual.

So perhaps we should start with a server that can be trusted, and
build on top of that. I know that we tend to look at technical
solutions first, but lets go the other way :-
* A group of people willing to contribute money (obviously the more
people, the lower the sums involved)
* A group of people willing to contribute time (not just sysadmins,
but probably mostly)
* A legal entity with an unchangeable purpose (a trust?) to own the resources
* A constitution that describes how administrators are verified,
chosen & removed
* An identity-verification standard for members (perhaps using cacert.org)

On the technical front, I'd look for something like :
* Dedicated hardware in a secured location (or multiple locations)
* Encrypted boot disk? TRESOR kernel patch? Perhaps an out-of-band
management device?
* Free Software or Open Source Software only, from sources that are
responsive to security issues
* Mandatory client-side encryption; try to detect & reject any
accidental plain-text
* No logging of client connections

There are a lot of options, depending on how far you set the
paranoid-meter, and how far you set the hostproof-meter. And some
interesting ideas around using existing protocols in unusual ways
(like mailinator, for example).

Is anyone interested in helping to get something like this up and running?

-jim


More information about the NZLUG mailing list