Thank you very much Gary. This is very helpful. On Sat, 7 Nov 2020 at 12:09 AM, Gary Johnson <lambdatro...@disroot.org> wrote:
> Aniket Patil <aniket112.pa...@gmail.com> writes: > > > I don't know whether is this mailing list is appropriate to talk about > this > > subject or not, but I am going forward, please don't get me wrong. > > Hi Aniket, > > While computer security and data privacy are topics that I imagine a > number of Guix users are interested in, I imagine the full breadth of > this conversation may be beyond the scope of the help-guix mailing list. > However, insofar as Guix may be able to alleviate some of your concerns, > I would think that's something that folks here could help you with. > > > I have been following Richard M. Stallman, Eric S. Raymond, Arron Swartz > > for a long time. I know how to use and secure myself pretty much I would > > say. But I don't feel secure and have that reliance on the internet while > > using it. So I got X200 librebooted it, still using some proprietary wifi > > card, hence non-free distro like arch is my main OS. > > Okay, stop right there. You can buy an inexpensive, fully > libre-compliant USB wifi card from ThinkPenguin. Here's the link: > > > https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb > > Plug it into your X200, and you should hopefully be all set to install a > fully free OS like GNU Guix, which uses the linux-libre kernel and > therefore contains no proprietary firmware or binary blobs. > > > I want to get rid of this Google thing, I do have protonmail account, > > but I don't think that is reliable either. > > Google mines your data for profit. If this bothers you, don't use their > services. Perform a web search for "degoogle" and get to it. > > Protonmail has well-documented security practices. However, their email > servers don't allow access over IMAP or POP3, which means you have to > use their Javascript-based webmail interface. If you want to access your > email locally, you have to install their proprietary protonmail-bridge > application. There is no Guix package for this as its code is not free > software. > > There are better free software and privacy-respecting alternatives for > email hosting, such as disroot.org and riseup.net. Or you can install > and administrate your own email server using Guix! > > > Recently, I read zimouns vlog > > > > " right, Google is evil, but the storage and the search features are > really > > useful. So, I am thinking to switch to notmuch <https://notmuchmail.org/ > >, > > but not enough time to configure it, yet. " > > > > So, is notmuch is reliable? > > For a good free software solution on Guix that gives you control of your > data, I would recommend pairing offlineimap (which stores a local copy > of all your IMAP-accessible emails on your machine in case you lose > access to your email server or decide to bulk migrate your emails to a > new email server) with a local mail indexer like mu or notmuch. I'm > personally a big fan of mu and its Emacs interface mu4e. Of course, > everyone has their favorite email client, so go with whatever makes you > happiest when reading your mail. > > > I get paranoid after reading RMS, or Snowden. I think a lot about my > > privacy and others as well. Hence I am asking this, and participating in > > GNU projects and Free Software Projects. So coming to the point. > > > > How to or which email client shall I use or email service? > > I provided my suggestion above, but Guix comes with a wide variety of > free software CLI, TUI, and GUI email clients. Pick your favorite and > have fun. > > In terms of email security, there are a few simple rules to follow when > setting yourself up: > > 1. Always connect to your email servers (IMAP, POP, SMTP) with SSL/TLS > encryption enabled. This will ensure that no one between you and your > email server can read your messages. > > 2. Whenever possible (and particularly with any sensitive content), it > is good practice to encrypt your emails with GPG. This ensures that > anyone administrating your email server can't read your emails while > they are sitting in your remote folders. Unfortunately, in order to > do this, you have to encrypt each such message with the GPG key of > the person(s) you are sending it to. That means you have to invest > some effort in collecting other people's GPG keys, and often in > educating them about the purpose of email security as well. The FSF > provides a nice introduction to this here: > https://emailselfdefense.fsf.org > > > Recently I was browsing on TOR but I guess even TOR exposes my IP address > > on the internet. So shall I use it with a VPN? If So Which VPN? I know > > about WireGuard but it has a GPL2 license, not GPL3. > > TOR routes your network requests through a randomized series of > intermediate servers, which can make it somewhere between very hard and > impossible for your true IP address to be identified by the server you > are connecting to. The first TOR node that you connect through will know > your IP address, of course. > > Guix provides the tor, tor-client, and torsocks packages. > > Connecting to a VPN allows you to make network connections to remote > servers using an IP address originating from the VPN rather than from > your personal computer. You can think of VPNs as being similar to TOR > with just one intermediate node. > > Guix provides the openvpn package and service definitions for this. > > > What else can I do to secure myself? > > Just installing a fully free OS like GNU Guix is probably the most > impactful thing you can do to take control of your computing. > > Using local file encryption with GPG (or even encrypting your entire > hard drive) are tools you can use if you are concerned about hackers > getting direct access to your computer. > > Using SSL/TLS + TOR/VPN to encrypt and anonymize your network > connections should go a long way towards preserving your privacy while > online. > > Beyond these steps, the main thing to watch out for is running untrusted > files you downloaded from the internet. > > If you download a large file (such as an executable, ISO image, or zip > file), verify the file hash (e.g., md5sum, sha*sum) and/or GPG signature > if they are provided by the remote server. > > When you are reading emails, always use a plaintext-only email client to > reduce your risk from phishing attacks via spoofed links, mail tracking > via inline images, and a variety of security exploits that are made > possible by using a web browser engine within your email client to > render HTML emails. See https://useplaintext.email/ for more info. > > When browsing the web, use a privacy respecting search engine like > DuckDuckGo or Searx, use HTTPS whenever possible (try the HTTPS > Everywhere plugin for Icecat), and either disable Javascript or run with > the LibreJS browser plugin enabled. Guix provides the icecat browser > with these features enabled by default. Alternatively, feel free to > browse the web using a Javascript-free, text-mode web browser like lynx, > links, w3m (or emacs-w3m), or eww (the Emacs Web Wowser, which has an > awesome Readable mode that strips many sites down to their content with > a single key press). Less websites will work as normal in these modes, > but using can teach you a great deal about which sites are doing more to > protect user freedom and security and which aren't. > > Another awesome project that I participate in is Gemini. This community > has been working for just over one year now to create an alternative > web-like space running over the new Gemini protocol that is: > > - Encrypted: TLS is mandatory > > - Private: no tracking information other than your IP address is ever > sent to a server, and no cookies exist within the protocol > > - Authenticated: user logins and sessions are created using user-managed > TLS client certificates rather than traditional user/password systems > + cookies > > - Predictable: one request = one document returned, and no pages trigger > unpredictable multi-file download cascades as in HTML (i.e., for CSS, > JS, fonts, images, etc.) which can lead to slow page loads and open > you up to numerous privacy-violating tracking and analytics software > packages. > > - Fully Libre-compliant: The Gemini protocol and its associated text > markup format (text/gemini, a.k.a. "gemtext") are simple enough that > any moderately talented programmer should be able to write their own > client or server with a few days of work. (I wrote a full-featured > Gemini server in just 200 lines of Clojure that supports both file > sharing and arbitrary CGI-style applications.) The simplicity of this > protocol and markup format ensure that users can remain in total > control of their computing without being forced to use one of a half > dozen corporate created web browsers that employ enough programmers to > implement enough of the specs for HTTP, HTML, CSS, JS, EME, etc. to > actually render most websites correctly. > > Guix currently provides the Gemini server, gmnisrv, and the Gemini > clients, bombadillo and emacs-elpher. > > Keep on hacking in the Free world, > Gary > > P.S. My apologies to any Guix mailing list members who felt this > conversation was off topic. I did my best to loop each conversation > point back to the relevant Guix packages or services that could > fulfill the OP's needs. > > -- > GPG Key ID: 7BC158ED > Use `gpg --search-keys lambdatronic' to find me > Protect yourself from surveillance: https://emailselfdefense.fsf.org > ======================================================================= > () ascii ribbon campaign - against html e-mail > /\ www.asciiribbon.org - against proprietary attachments > > Why is HTML email a security nightmare? See https://useplaintext.email/ > > Please avoid sending me MS-Office attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html >
