In this post, I ask for some help figuring out how I can secure my communications. In this post, I talk about some ideas I’m currently doing. Right now, I’m working on a proof-of-concept (to prove that I can do what I want and that it works how I want). In this post, I’m going to outline what I’m going to do, why, and what I hope to gain. As I accomplish things, I’ll link to detailed articles about what I did (partially so I can duplicate it later but also to help anyone who is trying to do something similar).
Goal | What I hope to accomplish | Rationale | Instructions |
1. Get my own server hosted in a datacenter somewhere 1a. Use a VPS for testing purposes |
Have a server with a dedicated internet address and domain name. It needs to have at least 10Mb/sec internet access (preferably unlimited is terms of data transfer limits) | a VPS is ok for testing purposes but the ONLY way to really guarantee no one else has access to my critical data (encryption keys, logs, archives, etc…) is to run my own. Anything else and there is the risk that someone else can access my keys. | |
2. Encrypt the drives |
Encrypt everything but the boot partition* I’m thinking about doing something really crazy like encrypting portions of the drive and destroying the keys. That way, if the machine is powered off, I don’t have them any more. I haven’t figured out how this might actually work though because I want to keep some of the stuff |
If it is mine and no one but me has access to the server, the government has 2 options: If everything is encrypted and they seize the servers, they get nothing unless they arrest me. If they arrest me, then I’ve got all kinds of other legal protections |
|
3. Get a VPN running |
Yes, I can ssh into the server and do things. But I want to be able to |
Since I have a server (and my goal isn’t to hide where I am) I might as well use it. I’ve always wanted to make it so my phone, tablet, and the rest of my devices can use the VPN. With my current provider, I have to pay extra to have multiple devices connected. I also have to trust them with my data. This limits who I have to “trust” to a single ISP (from the datacenter). |
Instructions for getting the server installed, configured, and running. |
4. Get minecraft running | So I can move my minecraft server off my home computer | Might as well | |
5. Get some sort of VoIP server running | Secure voice communications (including logs). The encryption will be handled by zrtp, I think on the client. The server may be asterick or something else. | Since the keys are on the client, this isn’t so bad to have externally. But I can’t rely on a service provider like Silent Circle to do it for me since they may have the ability to be a MiTM. If I do it, even the logs are under my control | |
6. Get a secure chat server running | same as above. | ||
7. Backups | Use the server for off-site backups. | I plan on getting about 4 TB in a RAID configuration. Why not use it for this too. | |
8. WebHosting | Again, I might as well use it if I have it. THis will be secure with https | ||
9. ownCloud | cloud storage baby | dropbox type functionality only on my server with me in control of the data. THis means the files don’t have to be encrypted before I upload them | |
10. Email | I want the police to come to me if they want my email. I’ll also use PGP for any secure coms | Right now, anything older than 180 days is not subject to 4th Amendment protections on an external service. If I control it myself…they have to atleast come to me for it |