The 8232 Project

I trust code more than politics.

  • 37 Posts
  • 55 Comments
Joined 1 year ago
cake
Cake day: February 25th, 2024

help-circle
  • There are plenty of options:

    • You can carry around a spare burner phone that is powered off. These are relatively cheap ($30 + the cost of your cell plan), and has the benefit of working even when your main phone dies. You can leave it charging in your car.
    • You can carry around a cellular hotspot, such as one from the Calyx Institute. This also helps fund a pro-privacy organization, and this hotspot can be used to provide internet for multiple devices. See this video for more information.
    • You can still call emergency services even without a SIM card.
    • If there are public Wi-Fi networks nearby, you can connect to those in order to get in touch with people you need.
    • You can ask anyone nearby for help. Whether it be borrowing their phone to make a phone call, using their phone as a hotspot, or having them help you directly.
    • Hike to the nearest civilization for help.
    • Wait for a bus to pass by, if they are in your area.
    • Some smart cars have the option to call for help built-in.
    • Use GrapheneOS with a carrier. It will still be much more private than using iOS, and you can disable the cellular radios when they are not in use by enabling Airplane Mode.

    Even without any of those, the chances that you will be completely stranded with no one to help and no way to call emergency services are very, very slim. Privacy protects you from more likely scenarios, such as data breaches or identity theft.










  • Hello there!

    I was wondering where you stand on the following topic: email obfuscation by using different aliases or throwaway email addresses for web accounts.

    This is a matter of threat model, but part of my threat model is making sure none of my accounts can be correlated with each other and that my real email is not given out. For those reasons, I use addy.io for email aliasing.

    While I thought that it was cool in the beginning, I found that even with a PW manager, things can become messy very quickly, and at a later stage, moving away entirely from iCloud’s “Hide my email” for example could turn out to be a nightmare and make things even more complicated.

    Bitwarden is a password manager that allows you to generate email aliases natively, and integrates nicely with addy.io. Switching between email aliasing services is a tedious process, but hopefully one you will only need to do a couple of times in your lifetime.

    So to cut to the chase: use your own email addresses every time or use a, preferably, self-hosted service for that specific use case of generating more or less random email addresses?

    Email aliasing provides numerous other benefits than what I listed here, such as being able to fight spam by fully disabling the leaked email alias, so there’s plenty more reasons to use it. I would avoid self-hosting an email alias service, because the domain you use is a unique identifier across aliases and defeats the purpose of anonymity. Furthermore, if you accidentally mess something up, you end up putting your own security at risk. It’s up to you.






  • I would be very interested to here what those other ways are.

    I’ve thought a lot about the many places governments can get funding from. The most obvious would be donations, if you can build a culture that is strongly oriented around donations. Housing, land, and school costs are sources we have today. Some more creative funding sources include: taxing companies (since companies are transparent this can be enforced), adding a wealth cap (and any extra income once that cap is hit goes towards the government), and heavy legal fines (currently legal fines are pretty small, especially for big corporations). The best way for a government to make money is to spend it responsibly to avoid useless costs or overspending. There’s plenty of other sources of income, but if done correctly they should cover the cost of no taxes and free healthcare.




  • I edit notes using vim or vscodium.

    You should probably try moving away from this practice. First, this leaves your notes vulnerable as they are not encrypted at rest. Second, those programs are not designed for private notes, meaning there is the potential for various leaks to happen that you may not even be able to catch (temporary system files, etc.). Using a dedicated notes editor (like Joplin) means you are using something designed to keep your notes confidential.

    Disclaimer: In the case of Joplin specifically, the developers take issue with implementing encryption at rest. Their philosophy is “If your computer’s disk is encrypted, then all your notes are already encrypted at rest.” This is flawed thinking for many reasons that I won’t get into here.


  • I would recommend Joplin, for these reasons:

    1. It’s digital (of course)
    2. It’s cross platform: iOS, Linux, Windows, macOS, and Android
    3. It’s fully open source
    4. It supports end-to-end encrypted syncing with different providers: Joplin Cloud, Dropbox, OneDrive, File system (for things like Syncthing), Nextcloud, WebDAV, S3 (Beta), and Joplin Server (Beta)
    5. It supports markdown editing

    When looking for software in general, write down what you are looking for and what your requirements are. Then, consider if there are any conflicting requirements (e.g. “I want my handwritten notes to be transcribed, but I don’t want any kind of handwriting recognition”). From there, you can make tough decisions or find a compromise. Then, think about any problems that may arise in the future. Do you plan to switch operating systems to something like GrapheneOS? Do you want to move away from cloud storage altogether? From there, you can get a good idea of what to look for. Good luck!



  • OP, I have been facing the same situation as you in this community recently. This was not the case when I first joined Lemmy but the behaviour around these parts has started to resemble Reddit more and more. But we’ll leave it at that.

    I’ve noticed that behavior is split between communities. Lemmy gets a bit weird because communities are usually hyper-specialized, and sometimes instances themselves cultivate different cultures (e.g. lemmy.ml is usually for privacy enthusiasts, since that’s where c/privacy is hosted). That, with the addition of specific idols for each community (e.g. Louis Rossmann for the selfhosted community) affects how each community behaves. That’s my theory, anyways.

    I am interested in the attack vector you mentioned; could you elaborate on the MITM attack?

    Basically the “this website is not secure” popup you see in your browser is sometimes due to the website using a self-signed cert. There’s no way to verify that that cert is from the website itself or from an attacker trying to inject their own cert, since there’s no CA attached to the cert. If an attacker injects their own self-signed cert, they can use that to decrypt your HTTPS traffic (since your browser will be encrypting using their cert) and then forward your traffic along to the real website so that from your perspective (minus the warning screen) nothing is wrong. I’m oversimplifying this, but that’s basically how it works.

    Unfortunately, if you don’t have control over your network, you cannot force a DNS server for your devices unless you can set it yourself for every individual client.

    I forgot to mention in this post, but because of browser fingerprinting reasons I don’t want to use a custom DNS. Thanks for the suggestion though!


  • Thank you for this!

    Is OPNsense like dd-wrt or OpenWrt?

    The thing is (and this is by no means a knock on you) if you are doing pen testing then you definitely need to increase your knowledge on networking.

    I have background in Wi-Fi hacking and LAN attacks, and I understand the structure of networking (LAN, WAN, layers of the internet, DNS, CAs, etc.). My head starts to hurt when RADIUS is involved, ad hoc networking (which I understand the concepts of, just not how it works. I want to learn this first), mDNS, and other complicated topics. I’m trying to push past those mental roadblocks and learn as best I can, but it’s a tricky topic!

    https://wiki.freeradius.org/

    There’s something to check out just to get some concepts. You can do plenty of things to harden your security that could give you the comfort you need without defaulting to encrypted connections over LAN.

    Thank you! I’ll definitely check this out. You’ve been a huge help!




  • This is fair, and does solve the problem. I didn’t explicitly state that I needed it to be convenient, so you’re right. Having one network that is LAN only and switching to it to use Jellyfin, and having a second network that is WAN only and using ProtonVPN there would probably be the most secure setup. Unfortunately, it still doesn’t solve the issue of encryption in transit over the LAN, but that might be fixable with Tailscale. The LAN could even be ethernet-only, to mitigate wireless attacks.

    That makes me wonder if there’s a way I could simply plug an ethernet cord from my phone to the airgapped Pi and use it that way. Is that possible? Surely it is. Could ProtonVPN be used on the phone even while the phone is connected physically to the Pi?