Privacy Idea

In this post, I ask for some help figuring out how I can secure my communications.  In this post, I talk about some ideas I’m currently doing.  Right now, I’m working on a proof-of-concept (to prove that I can do what I want and that it works how I want).  In this post, I’m going to outline what I’m going to do, why, and what I hope to gain.  As I accomplish things, I’ll link to detailed articles about what I did (partially so I can duplicate it later but also to help anyone who is trying to do something similar).

Goal What I hope to accomplish Rationale Instructions
 1. Get my own server hosted in a datacenter somewhere
1a. Use a VPS for testing purposes
 Have a server with a dedicated internet address and domain name.  It needs to have at least 10Mb/sec internet access (preferably unlimited is terms of data transfer limits)  a VPS is ok for testing purposes but the ONLY way to really guarantee no one else has access to my critical data (encryption keys, logs, archives, etc…) is to run my own.  Anything else and there is the risk that someone else can access my keys.  
2. Encrypt the drives

Encrypt everything but the boot partition*

I’m thinking about doing something really crazy like encrypting portions of the drive and destroying the keys.  That way, if the machine is powered off, I don’t have them any more.  I haven’t figured out how this might actually work though because I want to keep some of the stuff

 If it is mine and no one but me has access to the server, the government has 2 options:
  a) arrest me and make me turn over the keys
  b) seize the server and get the keys.  

If everything is encrypted and they seize the servers, they get nothing unless they arrest me.  If they arrest me, then I’ve got all kinds of other legal protections

  3. Get a VPN running  

 Yes, I can ssh into the server and do things.  But I want to be able to 
  a) replace the vpn I’m using right now
  b) run things (like minecraft) on my sever but not have them open to the public
  c) have access to the VPN from my tablet and phone too.

 Since I have a server (and my goal isn’t to hide where I am) I might as well use it.  I’ve always wanted to make it so my phone, tablet, and the rest of my devices can use the VPN.  With my current provider, I have to pay extra to have multiple devices connected.  I also have to trust them with my data.  This limits who I have to “trust” to a single ISP (from the datacenter).

Instructions for getting the server installed, configured, and running.

Instructions for configuring iptables to work with openVPN

 4. Get minecraft running  So I can move my minecraft server off my home computer  Might as well  
 5. Get some sort of VoIP server running  Secure voice communications (including logs).  The encryption will be handled by zrtp, I think on the client.  The server may be asterick or something else.  Since the keys are on the client, this isn’t so bad to have externally.  But I can’t rely on a service provider like Silent Circle to do it for me since they may have the ability to be a MiTM.  If I do it, even the logs are under my control  
 6. Get a secure chat server running same as above.     
 7. Backups  Use the server for off-site backups.  I plan on getting about 4 TB in a RAID configuration.  Why not use it for this too.  
 8. WebHosting  Again, I might as well use it if I have it.  THis will be secure with https    
 9. ownCloud  cloud storage baby  dropbox type functionality only on my server with me in control of the data.  THis means the files don’t have to be encrypted before I upload them  
 10. Email  I want the police to come to me if they want my email.  I’ll also use PGP for any secure coms  Right now, anything older than 180 days is not subject to 4th Amendment protections on an external service.  If I control it myself…they have to atleast come to me for it  

Leave a Reply

Your email address will not be published. Required fields are marked *