Difference between revisions of "MyLaptop"

From Technologia Incognita
Jump to: navigation, search
m (typos)
m
 
(30 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
== Goal ==
 
== Goal ==
  
* Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)
+
Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)
* Document it. A summary will be placed somewhere on this wiki including relevant links. I'll document it as a sort of diary on my own blog (http://www.van-schaik.org/)
 
* Achieve more privacy in your own virtual environment
 
 
 
== Why ==
 
 
 
I do not have to explain this, or do I?
 
  
 
== How ==
 
== How ==
Line 19: Line 13:
 
* Attend/contribute to the [[Privacy_Software_Workshop_Series]]
 
* Attend/contribute to the [[Privacy_Software_Workshop_Series]]
 
* Read what others have written ([https://www.bof.nl/ons-werk/internetvrijheid-toolbox/ Bit of freedom], [http://www.cryptoparty.in/, Crypto party] for example)
 
* Read what others have written ([https://www.bof.nl/ons-werk/internetvrijheid-toolbox/ Bit of freedom], [http://www.cryptoparty.in/, Crypto party] for example)
* Find alternatives for all-the-stuff I use now
+
* Find (open source) alternatives for all-the-stuff I use now
 
* Make my laptop more mine, step by step
 
* Make my laptop more mine, step by step
* Write and/or point to tutorials
+
* Write and/or point to tutorials and other useful sites
 +
 
 +
== Some of the things I did so far ==
 +
 
 +
'''Several things below were/are new to me, so if you have suggestions for other options or for improvements, please let me know.'''
 +
 
 +
=== Laptop / phone ===
 +
* OS
 +
** Encryption of my home directory (ticked the box to encrypt my home directory in Ubuntu)
 +
** [https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks Ubuntu sends searches to Amazon], disabled this
 +
** Reinstalled laptop with Debian
 +
* Changed browser: using firefox now i.s.o. chrome
 +
* Installed [[http://fixtracking.com/ several browser plugins], e.g.
 +
** HTTPSeverywhere - make use of https as much as possible
 +
** Better privacy - remove super cookies
 +
** DoNotTrack - block advertisement, trackers, web stat trackers
 +
** Ghostery - comparable with DoNotTrack, but works better
 +
** NoScript - block JavaScript and Java stuff
 +
* Alternatives for Google stuff
 +
** Use [https://duckduckgo.com/ DuckDuckGo] in stead of google search
 +
** Removed the mail forwarding to google mail and switched back to my own provider. Actually, it would be better to install your own mail server.
 +
** <s>Using a paper agenda now - couldn't find a good portable electronic alternative yet. This works just fine. (use the calendar of owncloud?)</s>
 +
** Using owncloud calendar, synchronized with phone
 +
** Replaced analytics with [http://piwik.org/ Piwik]
 +
** [http://www.openstreetmap.org/ OpenStreetMap] i.s.o. google maps
 +
* Removed mail and online banking from my mobile phone (can perhaps be put back after I changed the OS)
 +
* [[Privacy:SSH |SSH tunnel]] to encrypt internet traffic from another network (e.g. a public wifi spot) to a place I trust more
 +
* [https://projects.gnome.org/tomboy/ Tomboy notes] with [https://rsync.samba.org/ rsync] in stead of Evernote
 +
* Created a [[Privacy:PGP |PGP key]] and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
 +
** Getting a [[User:Narya/Notes/SmartCardPgp |PGP smartcard]] to work
 +
* Social media
 +
** Played around with [https://joindiaspora.com/ Diaspora] (as alternative to Facebook)
 +
** Checked out [http://retroshare.sourceforge.net/ Retroshare] - it's retro... and you can share things (chat, forum, mail, file, all friend2friend), uses PGP
 +
** Problem: no friends :( Have shut down my FB account anyway. Added bonus: more time to do more important stuff than clicking away evenings
 +
** Tried to install a Diaspora pod. Too complicated. I might try again once the debian package comes out
 +
** Betting on http://pump.io/ now. Installation up to configuration was easy. So far, so good. Next step is to configure it.
 +
* File storage, sharing, backup
 +
** Using encfs together with Dropbox - [http://www.howtogeek.com/121737/how-to-encrypt-cloud-storage-on-linux-and-windows-with-encfs/ How to]
 +
** Have switched to ownCloud (see section "Server")
 +
* Text messages via https://threema.ch/en/ but I'll probably replace this with messaging via my own communication server
  
== What did I do so far ==
+
=== Server ===
 +
* Installed [http://www.debian.org/ Debian]
 +
* Encrypted disk (option during setup)
 +
* Have set firewall rules (with [http://shorewall.net/ Shorewall])
 +
* Have installed [http://owncloud.org/ ownCloud] - can be used ala dropbox, and it has apps for calendar and contacts
 +
** I want to have the data on at least two different locations (because... backup):
 +
*** Have to figure out how to set up a virtual encrypted disk which is synchronized with another location
 +
*** If possible synchronize the user database too, so that I can run mirrored ownCloud instances
 +
*** Relevant thread: https://mail.kde.org/pipermail/owncloud/2012-June/003918.html
 +
*** Raspberry Pi with external USB drive might work. Synchronization by BTsync or something like that
 +
** Need to investigate how to make use of this more secure ([http://booki.flossmanuals.net/owncloud/owncloud-and-security/ info here])
 +
* Working on setting up https ([http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-1 some explanation], [https://beeznest.wordpress.com/2008/04/25/how-to-configure-https-on-apache-2/ example 1], [http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html example 2])
 +
** Forwarded the https port. Now I need to figure out how to redirect http requests to https
 +
* Installed [http://etherpad.org/ Etherpad], [https://github.com/ether/etherpad-lite/wiki/How-to-deploy-Etherpad-Lite-as-a-service as a service], only accessible from certain ips - for making and sharing notes
 +
** To do next: integrate etherpad with owncloud
  
To the tech savvy people this is probably just basic stuff, but for me it isn't and I guess it isn't for the average internet user
+
=== Communication ===
* Checked the tickbox to encryption my home directory (Ubuntu)
+
* Comm server
* Removed the mail forwarding to google mail and switched back to my own provider. That doesn't help - link to news item data retention here -. Actually you need to install your own mail server
+
** The plan is to use SIP phones and a client for chatting and/or video calls
* SSH tunnel to encrypt internet traffic from another network (e.g. a public wifi spot) to a place I trust more
+
** Installed [http://www.asterisk.org/ Asterisk] and tried out the [http://www.linphone.org/ LinPhone] and [http://icanblink.com/ Blink] clients
* Installed HTTPSeverywhere - make use of https as much as possible
+
** Communication works, now stuck at making TLS and sRTP work [https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial Tutorial]
* To take a look at: Ghostery plugin
+
* [https://subrosa.io/ Subrosa] is a really nice alternative for Skype. You can install it on your own server or use it via subrosa.io. It is web based
* Tomboy notes with sync in stead of Evernote
+
* Trying out [https://www.mailpile.is/ Mailpile] - a web client for your mail with PGP encryption
* Created a PGP key and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
 
  
== To do ==
+
[[Category:Privacy]]
* A lot
 
* Have fun and not become too paranoid (I already noticed that you get aware of many issues when you dive into this)
 
* Be realistic: if you have a secret, don't put it on the interweb or on your computer
 

Latest revision as of 23:09, 28 December 2015

Projects
Participants Narya
Skills Software, Social Networking, Common sense, Cryptography, Learning
Status Active
Niche Software
Purpose Education

Goal

Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)

How

Some of the things I did so far

Several things below were/are new to me, so if you have suggestions for other options or for improvements, please let me know.

Laptop / phone

  • OS
    • Encryption of my home directory (ticked the box to encrypt my home directory in Ubuntu)
    • Ubuntu sends searches to Amazon, disabled this
    • Reinstalled laptop with Debian
  • Changed browser: using firefox now i.s.o. chrome
  • Installed [several browser plugins, e.g.
    • HTTPSeverywhere - make use of https as much as possible
    • Better privacy - remove super cookies
    • DoNotTrack - block advertisement, trackers, web stat trackers
    • Ghostery - comparable with DoNotTrack, but works better
    • NoScript - block JavaScript and Java stuff
  • Alternatives for Google stuff
    • Use DuckDuckGo in stead of google search
    • Removed the mail forwarding to google mail and switched back to my own provider. Actually, it would be better to install your own mail server.
    • Using a paper agenda now - couldn't find a good portable electronic alternative yet. This works just fine. (use the calendar of owncloud?)
    • Using owncloud calendar, synchronized with phone
    • Replaced analytics with Piwik
    • OpenStreetMap i.s.o. google maps
  • Removed mail and online banking from my mobile phone (can perhaps be put back after I changed the OS)
  • SSH tunnel to encrypt internet traffic from another network (e.g. a public wifi spot) to a place I trust more
  • Tomboy notes with rsync in stead of Evernote
  • Created a PGP key and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
  • Social media
    • Played around with Diaspora (as alternative to Facebook)
    • Checked out Retroshare - it's retro... and you can share things (chat, forum, mail, file, all friend2friend), uses PGP
    • Problem: no friends :( Have shut down my FB account anyway. Added bonus: more time to do more important stuff than clicking away evenings
    • Tried to install a Diaspora pod. Too complicated. I might try again once the debian package comes out
    • Betting on http://pump.io/ now. Installation up to configuration was easy. So far, so good. Next step is to configure it.
  • File storage, sharing, backup
    • Using encfs together with Dropbox - How to
    • Have switched to ownCloud (see section "Server")
  • Text messages via https://threema.ch/en/ but I'll probably replace this with messaging via my own communication server

Server

  • Installed Debian
  • Encrypted disk (option during setup)
  • Have set firewall rules (with Shorewall)
  • Have installed ownCloud - can be used ala dropbox, and it has apps for calendar and contacts
    • I want to have the data on at least two different locations (because... backup):
      • Have to figure out how to set up a virtual encrypted disk which is synchronized with another location
      • If possible synchronize the user database too, so that I can run mirrored ownCloud instances
      • Relevant thread: https://mail.kde.org/pipermail/owncloud/2012-June/003918.html
      • Raspberry Pi with external USB drive might work. Synchronization by BTsync or something like that
    • Need to investigate how to make use of this more secure (info here)
  • Working on setting up https (some explanation, example 1, example 2)
    • Forwarded the https port. Now I need to figure out how to redirect http requests to https
  • Installed Etherpad, as a service, only accessible from certain ips - for making and sharing notes
    • To do next: integrate etherpad with owncloud

Communication

  • Comm server
    • The plan is to use SIP phones and a client for chatting and/or video calls
    • Installed Asterisk and tried out the LinPhone and Blink clients
    • Communication works, now stuck at making TLS and sRTP work Tutorial
  • Subrosa is a really nice alternative for Skype. You can install it on your own server or use it via subrosa.io. It is web based
  • Trying out Mailpile - a web client for your mail with PGP encryption