Unified Approach to Privacy and Security Documentation
- Inicie sesión ou rexístrese para enviar comentarios
I notice that the Trisquel manuals have a section on Privacy and Security:
https://trisquel.info/en/wiki/security
There is a lot of this kind of information about, and in many different places, and it seems to be changing all the time.
I was recently asked to help with an update of another manual on this topic hosted by FlOSSManuals:
https://flossmanuals.net/tech-tools-for-activism/
It was originally put together by the Tech Tools for Activism collective:
https://techtoolsforactivism.org/
I already aggregated some information about privacy and security here:
http://www.coactivate.org/projects/disintermedia/privacy-not-privatization
The activist hosting collective RiseUp.net also has documentation on this topic:
https://help.riseup.net/en/security
There are other groups working in this area too, such as the EFF:
https://www.eff.org/issues/privacy
https://panopticlick.eff.org/
...the LEAP project:
https://leap.se/
...and the Guardian Project:
https://guardianproject.info/
It seems to me it could be valuable to put together an online working group on privacy and security, with members from as many trustworthy groups as possible, to create and maintain one manual of privacy and security advice, with regular updates. This manual could then be mirrored by each group on their own website.
Would anyone be interested in getting involved in such a project, sometime early next year perhaps?
BTW Apologies for the rash of postings over the last few days. It's just such a relief to have both my laptops usable again, and I've been trying to get the last few issues worked out, and share a few ideas, before I head away for a week's holiday starting tomorrow. No more flooding from me, I promise! :)
No need to apologize my friend, it's all good interesting stuff! Glad to hear your boxes are running again. Enjoy your holiday!
the forum needs more real people like you and less posers. Don't stay away for too long!
We are launching dedicated security documentation:
:)
Rofl!!!!
So true...
hardenubuntu.com is full of great info, only thing i would add to that would be grsecurity, which works great with trisquel and libre kernel.
How do you configure Linux-Libre with Grsec? I mean, which settings do you use. Usually I would try that and either lose wifi, sound, orsomething else. So I am curious as to which settings you use.
Still would like to know about your grsec setup :)
Feel free to email me if you prefer.
hello, I use menuconfig and use the automatic settings and choose desktop (not server) I pick security over performance (I dont' notice a diff) And if you plan to use kvm or something select the correct virtualization options. (host and kvm) Thats pretty much it.
I've never had the problems you experience. Only problems I've ever had are suspend issues when using the older kernel, and real sluggish performance. But that is not really a grsec problem but more a nouveau on the older kernel problem. I would not recommend using the stable patch and would only recommend you use the testing patch. And keep the patch and kernel up to date when new versions come out.
Grsec is very easy to use on trisquel, because you don't have do anything special to allow the desktop and wm. Only issue will be the memory limits for the browser, and perhaps one or two control panel settings which require python. Or any demanding games you plan to play.
So I simply used the paxctl in the repos. and for example to make sure abrowser works you would do:
Paxctl -c /usr/lib/abrowser/abrowser
Paxctl -m /user/lib/abrowser/abrowser
Thats it. All i had to do. You will have to do that after everytime abrowser updates. If you have problems with any other programs, you can grep the syslog for pax or grsec entries and do the same for the processes you need to use.
I use grsec along with the default trisquel apparmor profiles (which includes abrowser) and a custom profile by ryan farmer for pidgin, and filter outgoing with ufw and don't have any issues. Grsec for me runs better on trisquel then any other distro i've used it on I would recommend you try it out.
Feel free to send me a message if you have any problems.
Here is also a good write up on how to harden your ufw firewall. http://ubuntuforums.org/showthread.php?t=1893751
Ignore his advice on Part 1. and instead simply do sudo ufw default deny outgoing. And then allow what you need.
Follow all the rest of his advice.
Since you use tor though you might not want to filter outgoing, unless you want to use fascistfirewall option in the torcc file, or specify multiple sockshttp ports if want besides 443 and 80, like 9001 9101 9150 9151 for examples. ( I forget the command) But you can still use the advice for the sysctl.conf regardless.
But I would recommend filtering outgoing connections for those that can.
Thanks for all the info. Right now I can't try it out, but i will surely let you know how it went when i do :)
Thanks again, and stay safe.
EDIT: Btw, i do use Tor for (almost) all traffic, so only ports that accept out traffic are 80 and 443. In traffic is set to always deny. I think using Tor improves the way I manage my firewall because mostly i only need to open its own ports.
You can lose anonymity by limiting the outgoing ports it can connect to though.
BTW: somebody other then me has logged into my trisquel account and changed my picture.... I also got an email about how osmeone initiated a change password...figures.
That must be the reason for the changes in your account: https://trisquel.info/forum/problems-access-trisquel-site#comment-81256
hmm possibly, tks for the reply.
I changed all my passwords just to be on the safe side.
Does anyone uses LEAP or BitMask?
Those look interesting. Didn't know about those.
I am (as most people know) a Tor user and I have made some simple experimentation with it. If someone needs help with Tor, I could try and help.
At this point I think Tor is the best chance we have, the most user friendly solution, the most advanced software, and the most well supported network. HOWEVER, for situations where you need something Tor won't do (torrents, video calls, etc) I think other solutions are welcome.
I2P for example is worth noting.
What about GNUNET has it ever done any serious work?
Would love to know more about BitMask.
I have experience with bitmask. If you need help with installing (very simple to tell you the truth), running or simply want info, feel free to contact me.
Basically I want to know what does it do. I mean, I understand it is a VPN software, that uses any service provider that uses the compatible software. RiseUp for example. BUT, what does it do exactly? Does it hide from websites my IP? Does it handle DNS requests probably? Is it a global proxy or can I configure it so that only one application is using this VPN?
I use Tor for most of my stuff, but when I have to use a torrent application or some other program that can't use it, I would like to have a way to encrypt my communications. Up to this point, I never found anything that could be as reliable as Tor (I2p is good on privacy, but bad on flexibility and speed, other solutions are bad on privacy and I don't trust them). RiseUp has been getting a good reputation among privacy conscious people all over the world, so I think using their service would be an option.
If you prefer to talk this over email, feel free to send me one :)
Hi, I would like to give a hand to you.
I am based in China, where the censorship floods.
I am going to translate some documentations on privacy and security to Chinese, and before this I need these knowledge :P
Is there anything I could help, either in translation or in maintaining the Chinese -version of the OS.
cheers
hi gnusercn. You'd need to ask Ruben either by mail or on Irc (username: quidam). The chinese language is not supported. Ask quidam. ciao
email name at domain
- Inicie sesión ou rexístrese para enviar comentarios