[NZLUG] Privacy server

Robin Paulson robin at bumblepuppy.org
Wed Jun 19 16:38:21 NZST 2013


On Tue, Jun 18, 2013 at 02:37:02PM +1200, Jim Cheetham wrote:
> I would be interested in having a local server/service that was
> intended to help protect my privacy. Many things need a central

definitely

> 'always-on' server portion, and part of the problem we have with
> online services is that we don't/can't trust the servers themselves.
> I'm thinking of something more paranoid than usual.
> 
> So perhaps we should start with a server that can be trusted, and

i'd suggest starting with a set of principles grounded in human 
behaviour/needs/wants, rather than driving it from the technology side. the 
technology is there to help us, so it should follow on from what we want to do.

> build on top of that. I know that we tend to look at technical
> solutions first, but lets go the other way :-
> * A group of people willing to contribute money (obviously the more
> people, the lower the sums involved)
> * A group of people willing to contribute time (not just sysadmins,
> but probably mostly)
> * A legal entity with an unchangeable purpose (a trust?) to own the resources
> * A constitution that describes how administrators are verified,
> chosen & removed

an incorporated society may be the way to go

> * An identity-verification standard for members (perhaps using cacert.org)

i'd suggest starting with a set of principles grounded in human
behaviour/needs/wants. what are we actually trying to do, and why? is it about 
privacy, or more than that? or a more basic principle (freedom?)? or saving 
money?

> On the technical front, I'd look for something like :
> * Dedicated hardware in a secured location (or multiple locations)
> * Encrypted boot disk? TRESOR kernel patch? Perhaps an out-of-band
> management device?
> * Free Software or Open Source Software only, from sources that are
> responsive to security issues
> * Mandatory client-side encryption; try to detect & reject any
> accidental plain-text
> * No logging of client connections

sounds good, but we get the human element down first

> Is anyone interested in helping to get something like this up and running?

yes

i'll tentatively suggest tangle ball in auckland as a location for a server, 
pending agreement by the members


More information about the NZLUG mailing list