---------------------------------------- | |
Data Security Ratings | |
August 10th, 2018 | |
---------------------------------------- | |
Christina has been posting about data security [0][1] with some | |
engagement from others [2]. | |
[0] Christina - Infosec And Data Privacy Part 1 | |
[1] Christina - Infosec And Data Privacy Part 2 | |
[2] Solderpunk - Data Security Ratings | |
It's very interesting stuff which started on Mastodon and | |
continued in gopherspace. It's worth a read. | |
I had one last thought I wanted to share based on an exchange on | |
IRC. Some people have brought up threat levels and planning your | |
security for the type of danger you really face, not ridiculous | |
levels of paranoia. We're not all Snowden, after-all. That being | |
said, I wanted to share my email system so you can see what | |
happens when you go off the deep end with no real reason. | |
First of all, I use neomailbox for my mail provider. They're | |
pretty great, in a country with better data privacy laws than the | |
US, and have solid privacy policies and encryption measures in | |
place to protect their users. They offer a unique feature that | |
I've not found in other providers: they will auto-sign incoming | |
mail with your public key if you request it. While mail that | |
wasn't encrypted at the source may still be vulnerable in | |
transmission, after it hits their servers its safety just took | |
a major step up. | |
Next, I only connect to neomailbox over a VPN & Tor. Outgoing mail | |
relayed through their servers wipes metadata anyway, but it's just | |
another stupid thing to do in protecting the connection itself. | |
How do I connect? Good old pop3, baby. I don't leave anything on | |
the server. | |
Mail is fetched locally and the system auto-disconnects from the | |
internet. When browsing messages I remain offline. I reply and | |
queue up my outgoing mail. When ready to send, browsing shuts down | |
and the machine reconnects safely to send it on its way. | |
The local maildir is backed up over spideroak, encrypting the | |
mailboxes of already encrypted messages offsite to another machine | |
in case of calamity. | |
That's it! Fun right? | |
I want to reiterate, this is completely unnecessary for my threat | |
level and it was done more as a hobby project to see how far | |
I could push it. Airgapping, redundant encryption, it's too much | |
for people to bother with. It's a great illustration of why other | |
people give up and just settle for whatever. | |
If you're new to infosec, do yourself a favor and get a protonmail | |
account. That's about as good as you're going to do without | |
putting in a bunch of work. Is it as good as what Snowden does? Oh | |
hells no. But you're not on the run from the US government, are | |
you? It'll keep google off your back, and you're less likely to | |
fall victim to simple scams. |