New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Well you need to practice encryption then. Encryption is the only way to be safe today.
Use PGP for mail. Use full disk encryption. Use RedPhone/TextSecure on mobile.
You get the point.
You can check some simple things such as:
Some things I like to avoid or at least find really annoying are hosts that don't have any e-mail address on their site (having to use ticket systems/contact forms).
These things don't really guarantee anything about privacy but at least shows that a host is serious about their business.
Thanks, will definitely check that!
@heartbleed: sure it's the only way but not many people are ready to consider using an envelope when they send an email... And if you write/answer only to people using PGP then you might look suspicious in our era and you might not keep too many IRL friends...
(Hmmm. Probably better forget this privacy thing and use gmail ? ;-) )
Well do you want the FACTS about life and not the bullshit answer?
Encryption is the only way to protect your data in todays world. That is a FACT.
I agree with you. So I guess I'm going to set up a mail server in my basement. Filter mail to reject everything that's not encrypted. Sit and Enjoy.
Then I'd have to find only paranoid friends and would be able to use this email address only to register to PGP friendly websites that would accept to send me only encrypted messages.
I mean it makes sense and is probably the best way (at least the closest to snail mail) but heck, the web's not ready for that level of privacy yet.
So how do we adapt to the "FACTs" in the meantime? I guess a stable/serious provider (BuyVM, Leaseweb or Prometeus come to mind) with small setup for emails/website is enough for my needs.
But yeah, that doesn't mean much real privacy as a matter of "FACT" but I guess it's still better than trusting a big corp that is created to harvest your private data to turn it into profit...
Couldn't give a shit. I host nothing illegal, nothing private. Private stuff is hosted at home or on dedis with encrypted drives. Simple. You want your data secure get your hand out of your pocket.
Not simple at all. Unless you only mount those drives remotely, by exporting the space somehow, that is not safe even encrypted. I can get your password from memory in 5 minutes.
As for not hosting anything illegal, that is not the point here, if you do that, there are other ways to tell, as it is visible online, the point is that your private data, such as name and address were not leaked to the police without proper papers or criminals. We can be reasonably sure that already happened, so, nothing to lose anymore.
Whilst that's true, you're assuming there is perfect collaboration and capability at the other end. You're almost assuming the other end is just an individual, when really it's a big group of individuals, organisations and groups with varying interests. So they may not as a group have enough of an incentive or even the capacity with the incentive to spy on you.
That is true, also, but you can be sure almost any criminal group will gladly sell your data and it more or less gets into public domain. Each new breach will distribute it more widely, each year passing has similar effect. Governments do crack criminals and they get the data as a bonus, or give them some leeway in exchange for certain "services". Your statement is true, but it is mere an amendment to the idea "everyone has your data". it is rather: "almost everyone can have access to your data if needed and it is almost freely available".
lol I made this myself:
My data is even more secure. It's encrypted with a MD5 hash and written on a piece of paper inside of a safe in my basement hidden in some room. The best part is, the safe is both fire and water resistant
that won't work with me or any other provider I hope as I wouldn't even allow them to do anything until I verify it is a legitimate and valid order as if you just wrote a warrant yourself that will most likely end up with you being written an actual arrest warrant from the courts for fraud and forgery when I report you lol
Like I would actually try to write my own lol
When the suits come in you have no time to check the warrants.
If you want a provider that you can trust to keep your private data, well, private, there are a few signs of whether they'll take your privacy seriously.
The most obvious sign being, "Do they have a privacy policy?", and if so, how does it read? Does it spell out consumer protections and data protection, or does it read like a CYA for the company? Any good privacy policy will have some give/take, but you should always know what you're signing up for so you can align your expectations.
Another good question is "Who's working there?". Is this a company manned by the web hosting mafia? Who are their upstreams (unfortunately, this question is becoming increasingly relevant--I digress.)?
And finally, if you're trying to do illegal things and that's why you need privacy, well then:
Not insinuating that you are, but if someone is reading with that intention, let me clear things up. Like @rds100 said, a court order is going to stop any of the protections that you had. If the courts want your information and start sending subpoenas, they're going to get it.
That is why you need encryption. If there is a court order you will be protected.
Just a reminder though that very few companies will fight a court order.
And they usually lose. So encrypt your data and be safe knowing the math will save you.
Great advice. Thanks!
But even in this case. Privatelayer had privacy friendly TOS/privacy policy but did leak some customer data...
Right. But if you use a VPS then.. encryption doesn't matter that much (except to store encrypted files that won't be deciphered on the VPS itself)
Many people fail to see this issue, I will keep insisting on it. Simply encrypting your FS or anything you will mount on a vm you have no physical absolute control over, is not safe. makes it harder a bit, but only keeps noobs out.
You can encrypt a vps but they will just grab the keys from ram if they raid the server.
Most likely they will have a portable ups to keep the system powered on if it's valuable.
But it's still good practice to encrypt. If you have a decent provider they will cut the power when they get raided so full disk encryption on the vps might save you.
Doubtful as this decent provider would suddenly be at risk of being liable for whatever crime it would be to make it more difficult for law enforcement to get their hands on evidence. It could end up being obstruction of justice or - with a sufficiently creative prosecutor - destruction of evidence.
Not to mention the financial and reputational repercussions if they cut the power to the wrong servers.
@MrX turning power off, is not a crime. When they want to pickup the PC's/Servers.
The Data is still there, so who cares? But entcrypted.
You're right. What I meant was that turning power off can be a crime if it is done to intentionally make it more difficult for law enforcement to obtain data required for an investigation.
Requiring law enforcement to just boot a server back up probably wouldn't be obstruction, but knowingly helping a criminal hide their data by depriving law enforcement of the ability to read the decrypted data while running would put the host at risk of being held liable.
If it's done unknowingly, it's of course a different matter.
@MrX well then I wonder why the lavabit guy is not in jail for turning off his service instead of letting law enforcement have access to it
Well personally I don't care if the state get access to my data with a court order. I just would like the provider not to leak my personal data to some company or other people asking them. I don't mind if they give my details if they are required by law: I'm not a criminal.
(By the way, I strongly believe that criminals know how to cover their tracks and have the money to buy servers in crime-friendly obscure data centers)
But to get back on the encryption topic: I guess that the police would rather ask the provider for a copy of the container. And in that case you don't even need the computer to be shut down or even seized - and I guess that in most cases it can happen without you knowing or even guessing!
In most cases there is a "need" to cause as much disruption as possible to "teach a lesson" and "show them" we are "tough on crime". Privacy has nothing to do with the police states, people must know they have no rights and no hope, especially those "aiding and abetting" in upholding "criminals" rights.
I've found that obtaining privacy is pretty simple. Just manufacture your own hardware and never leave the Faraday cage within your spaceship as it orbits beyond the Van Allen Radiation Belts. Bada bing bada boom!
Simple? Yes.
Costly? Indeed.
And who said it's costless/cheap/easy to obtain? (: