Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

[Aniket Patil]

[-- Attachment #1: Type: text/plain, Size: 1400 bytes --]

Hi,
I don't know whether is this mailing list is appropriate to talk about this
subject or not, but I am going forward, please don't get me wrong.

I have been following Richard M. Stallman, Eric S. Raymand, Arron Swartz
from long time. I know how to use and secure myself pretty much I would
say. But I don't feel secure and have that reliance on the internet while
using it. So I got X200 librebooted it, still using some proprietary wifi
card, hence non-free distro like arch is my main OS. I want to get rid of
this Google thing, I do have protonmail account, but I don't think that is
reliable either. Recently, I read zimouns vlog

" right, Google is evil, but the storage and the search features are really
useful. So, I am thinking to switch to notmuch <https://notmuchmail.org/>,
but not enough time to configure it, yet. "

So, is notmuch is reliable?

I get paranoid after reading RMS, or Snowden. I think a lot about my
privacy and others as well. Hence I am asking this, and participating in
GNU projects and Free Software Projects. So coming to the point.

How to or which email client shall I use or email service?

Recently I was browsing on TOR but I guess even TOR exposes my IP address
on internet. So shall I use it with VPN? If So which VPN? I know about
WireGuard but it has GPL2 license not GPL3.

What else can I do to secure myself?

TL;DR Just read last questions.

Aniket.

[-- Attachment #2: Type: text/html, Size: 2895 bytes --]

Re: Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

[Joshua Branson]

Hey Aniket,

This kind of question is best asked in help-guix@gnu.org.  That's where
non-developmental questions should go.  :)

But briefly here's my two cents: You should replace your wifi card.  I
believe there are other wifi cards available that work with free
software that should fit in your laptop.  Alternatively, there are even
ones that work with a usb port.  thinkpenguin.com should have some
options or ebay.  It'll cost you $10-$50 depending where you buy.

If you really want to browse the internet like Edward Snowden, then
having VPN over TOR is probably one of the better ways to go.  You'll
browsing speed probably won't support playing internet videos though.
You can set up your own VPN, but it's just easier to pay for it.  I use
expressVPN.  If you buy from expressVPN, let em know.  I can guide you
to setting it up with Guix.

I would recommend using Thunderbird as your email client.  We have it
packaged in guix as icedove.  I would also recommend dismail.de or
riseup.net to host your email.  Both are gratis, but please do consider
donating to their cause.

If you wanted to dive deeper into securing your computing, don't use a
computer. :)  But you could set up an encrypted hard drive, and possible
follow the Archlinux guide about security.

https://wiki.archlinux.org/index.php/Security#Hardened_malloc

Do note that updating your CPU microcode is technically non-free, which
is mentioned in the guide.

Feel free to re-ask this question by emailing help-guix@gnu.org.

Thanks,

Joshua

P.S.  Sorry if linking to the Arch GNU/Linux wiki is frowned upon, but
it still is the best wiki I've come across.

--
Joshua Branson
Sent from Emacs and Gnus
https://gnucode.me
https://video.hardlimit.com/accounts/joshua_branson/video-channels
"You can have whatever you want, as long as you help enough other people get what they want." - Zig Ziglar

Re: Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

[Pierre Neidhardt]

[-- Attachment #1: Type: text/plain, Size: 1512 bytes --]

Hi!

I don't understand why using a VPN would help with regard to privacy.
Tor should be doing the job here.  A VPN, as I understand it, only
forwards the privacy issue to a third-party (usually untrustworthy)
entity, the VPN service.

> You'll browsing speed probably won't support playing internet videos
> though.

Here you could use youtube-dl over Tor.  

~/.config/youtube-dl/config:

--8<---------------cut here---------------start------------->8---
--proxy socks5://127.0.0.1:9050
--8<---------------cut here---------------end--------------->8---

It takes time but then you can watch most videos offline afterwards.
Beside saving bandwidth and increasing your independance, that's a cool
feature on its own!

Emails leak metadata (like the people you talk to), regardless of
encryption.

We really need a replacement for emails... Anyone? :p

About Notmuch: to clarify, it's just the interface, not the hosting.
It's super cool, maybe the "easiest" to setup among Emacs clients (it's
still a bit involved), and I have my setup outlined here:

https://gitlab.com/ambrevar/dotfiles

> How to or which email client shall I use or email service?

Beside Protonmail, Riseup and dismail.de, I've also heard of Fastmail
and Mailo.  Pick the option that fits you best!

Another option is to buy a domain name at a service like Gandi:
https://www.gandi.net/.  They offer free mail hosting for their
subscribers.

Cheers!

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

Re: Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

[zimoun]

Hi,

On Thu, 05 Nov 2020 at 20:14, Aniket Patil <aniket112.patil@gmail.com> wrote:

> reliable either. Recently, I read zimouns vlog
>
> " right, Google is evil, but the storage and the search features are really
> useful. So, I am thinking to switch to notmuch <https://notmuchmail.org/>,
> but not enough time to configure it, yet. "

Is me that wrote this?  Where?  And when?


> So, is notmuch is reliable?
>
> I get paranoid after reading RMS, or Snowden. I think a lot about my
> privacy and others as well. Hence I am asking this, and participating in
> GNU projects and Free Software Projects. So coming to the point.
>
> How to or which email client shall I use or email service?
>
> Recently I was browsing on TOR but I guess even TOR exposes my IP address
> on internet. So shall I use it with VPN? If So which VPN? I know about
> WireGuard but it has GPL2 license not GPL3.
>
> What else can I do to secure myself?

Really opinionated reply; Friday’s troll! ;-)


I am not sure to understand the question: against what you want to be
secure.

As you see, I am still using Gmail.  Most of the time, I compose emails
using Emacs.  Sometimes, I reply using their web interface.  Most of the
time, I read and search emails via Notmuch (+Emacs frontend), and
sometimes via the web interface.  Whatever.

I try to replace the web interface facilities.  However my emails are
still stored on the Google infrastructure.  And somehow, 50% of all our
emails are stored by Google.  (This one is! because of your and my gmail
addresses.)

https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours

And even, it is a public mailing list, therefore data are on the Google
infrastructure.  And even if it is not a public mailing list but an
encrypted email, then it is almost sure that Google will get the
metadata around––which are clear.  Snowden explains clearly that:
metadata is one of the key.

Replace Google by whatever is scaring.

If you use another email service, you have to trust this service.  For
example, I have a Proton email account but I have no proof that they are
really doing what they claim to do; since all their code is not “open“.
And even the code would be “open“, I have no proof that the binary they
run corresponds to the code.  Well, the only way is to run your own
service.  But even with that, you are not protected against the 2
previous collects.

About privacy, the emails are doomed.  Period.

And I am not speaking about how to trust the binaries we use.  For
example, Pandoc is not secure since the Haskell compiler GHC is not
bootstrappable.  Another example is the Nyxt webbrowser because of the
Common Lisp SBCL reproducibility issue.  Emacs is not reproducible
neither.  Zillions of other example are around… I am not talking about
how to trust the binaries running TOR or VPN or whatever service.  And
last, how to trust the hardware?

Well, the question you have to answer first is: against what you want to
protect.

If you are paranoid, then you should be unplugged.  Else, you have to
first define what is your personal policy and what is the one of the
people you interact with.


Hope that helps,
simon

ps:
As Joshua wrote, these questions are better on help-guix@gnu.org. :-)

Re: Guide! Help! Using guix, or GNU/Linux, for secrecy, privacy.

[Aniket Patil]

[-- Attachment #1: Type: text/plain, Size: 3941 bytes --]

Hi zimoun,

Yes, you wrote it on your blog.
http://zimoun.github.io/about/
Read first reference.

Also, unplugging from everything is not an option. I feel so. I will think
about it.

For hardware isn’t running X200 with libreboot as BIOS enough, with
trisquel on top of that or any other free distro?


Thanks for help.

Aniket.

On Fri, 6 Nov 2020 at 6:07 PM, zimoun <zimon.toutoune@gmail.com> wrote:

> Hi,
>
> On Thu, 05 Nov 2020 at 20:14, Aniket Patil <aniket112.patil@gmail.com>
> wrote:
>
> > reliable either. Recently, I read zimouns vlog
> >
> > " right, Google is evil, but the storage and the search features are
> really
> > useful. So, I am thinking to switch to notmuch <https://notmuchmail.org/
> >,
> > but not enough time to configure it, yet. "
>
> Is me that wrote this?  Where?  And when?
>
>
> > So, is notmuch is reliable?
> >
> > I get paranoid after reading RMS, or Snowden. I think a lot about my
> > privacy and others as well. Hence I am asking this, and participating in
> > GNU projects and Free Software Projects. So coming to the point.
> >
> > How to or which email client shall I use or email service?
> >
> > Recently I was browsing on TOR but I guess even TOR exposes my IP address
> > on internet. So shall I use it with VPN? If So which VPN? I know about
> > WireGuard but it has GPL2 license not GPL3.
> >
> > What else can I do to secure myself?
>
> Really opinionated reply; Friday’s troll! ;-)
>
>
> I am not sure to understand the question: against what you want to be
> secure.
>
> As you see, I am still using Gmail.  Most of the time, I compose emails
> using Emacs.  Sometimes, I reply using their web interface.  Most of the
> time, I read and search emails via Notmuch (+Emacs frontend), and
> sometimes via the web interface.  Whatever.
>
> I try to replace the web interface facilities.  However my emails are
> still stored on the Google infrastructure.  And somehow, 50% of all our
> emails are stored by Google.  (This one is! because of your and my gmail
> addresses.)
>
>
> https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours
>
> And even, it is a public mailing list, therefore data are on the Google
> infrastructure.  And even if it is not a public mailing list but an
> encrypted email, then it is almost sure that Google will get the
> metadata around––which are clear.  Snowden explains clearly that:
> metadata is one of the key.
>
> Replace Google by whatever is scaring.
>
> If you use another email service, you have to trust this service.  For
> example, I have a Proton email account but I have no proof that they are
> really doing what they claim to do; since all their code is not “open“.
> And even the code would be “open“, I have no proof that the binary they
> run corresponds to the code.  Well, the only way is to run your own
> service.  But even with that, you are not protected against the 2
> previous collects.
>
> About privacy, the emails are doomed.  Period.
>
> And I am not speaking about how to trust the binaries we use.  For
> example, Pandoc is not secure since the Haskell compiler GHC is not
> bootstrappable.  Another example is the Nyxt webbrowser because of the
> Common Lisp SBCL reproducibility issue.  Emacs is not reproducible
> neither.  Zillions of other example are around… I am not talking about
> how to trust the binaries running TOR or VPN or whatever service.  And
> last, how to trust the hardware?
>
> Well, the question you have to answer first is: against what you want to
> protect.
>
> If you are paranoid, then you should be unplugged.  Else, you have to
> first define what is your personal policy and what is the one of the
> people you interact with.
>
>
> Hope that helps,
> simon
>
> ps:
> As Joshua wrote, these questions are better on help-guix@gnu.org. :-)
>

[-- Attachment #2: Type: text/html, Size: 5190 bytes --]