 |
---------------------------------------- |
|
Data Security Ratings |
|
August 10th, 2018 |
|
---------------------------------------- |
|
|
|
Christina has been posting about data security [0][1] with some |
|
engagement from others [2]. |
|
|
 |
[0] Christina - Infosec And Data Privacy Part 1 |
|
[1] Christina - Infosec And Data Privacy Part 2 |
|
[2] Solderpunk - Data Security Ratings |
|
|
|
It's very interesting stuff which started on Mastodon and |
|
continued in gopherspace. It's worth a read. |
|
|
|
I had one last thought I wanted to share based on an exchange on |
|
IRC. Some people have brought up threat levels and planning your |
|
security for the type of danger you really face, not ridiculous |
|
levels of paranoia. We're not all Snowden, after-all. That being |
|
said, I wanted to share my email system so you can see what |
|
happens when you go off the deep end with no real reason. |
|
|
|
First of all, I use neomailbox for my mail provider. They're |
|
pretty great, in a country with better data privacy laws than the |
|
US, and have solid privacy policies and encryption measures in |
|
place to protect their users. They offer a unique feature that |
|
I've not found in other providers: they will auto-sign incoming |
|
mail with your public key if you request it. While mail that |
|
wasn't encrypted at the source may still be vulnerable in |
|
transmission, after it hits their servers its safety just took |
|
a major step up. |
|
|
|
Next, I only connect to neomailbox over a VPN & Tor. Outgoing mail |
|
relayed through their servers wipes metadata anyway, but it's just |
|
another stupid thing to do in protecting the connection itself. |
|
How do I connect? Good old pop3, baby. I don't leave anything on |
|
the server. |
|
|
|
Mail is fetched locally and the system auto-disconnects from the |
|
internet. When browsing messages I remain offline. I reply and |
|
queue up my outgoing mail. When ready to send, browsing shuts down |
|
and the machine reconnects safely to send it on its way. |
|
|
|
The local maildir is backed up over spideroak, encrypting the |
|
mailboxes of already encrypted messages offsite to another machine |
|
in case of calamity. |
|
|
|
That's it! Fun right? |
|
|
|
I want to reiterate, this is completely unnecessary for my threat |
|
level and it was done more as a hobby project to see how far |
|
I could push it. Airgapping, redundant encryption, it's too much |
|
for people to bother with. It's a great illustration of why other |
|
people give up and just settle for whatever. |
|
|
|
If you're new to infosec, do yourself a favor and get a protonmail |
|
account. That's about as good as you're going to do without |
|
putting in a bunch of work. Is it as good as what Snowden does? Oh |
|
hells no. But you're not on the run from the US government, are |
|
you? It'll keep google off your back, and you're less likely to |
|
fall victim to simple scams. |
