Difference between revisions of "MyLaptop"

From Technologia Incognita
Jump to: navigation, search
m
m
 
(16 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
== Goal ==
 
== Goal ==
  
* Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)
+
Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)
* Document it. A summary will be placed somewhere on this wiki including relevant links. I'll document it as a sort of diary on my own blog (http://www.van-schaik.org/)
 
* Achieve more privacy in my virtual environment and that of my friends/family
 
 
 
== Blog ==
 
* [http://www.van-schaik.org/2013/09/08/do-not-track/ Do not track] 08-09-2013
 
* [http://www.van-schaik.org/2013/09/08/e-mail-encryption/ e-Mail encryption] 08-09-2013
 
* [http://www.van-schaik.org/2013/10/01/hey-how-are-you-doing/ Hey, how are you doing] 01-10-2013
 
  
 
== How ==
 
== How ==
Line 22: Line 15:
 
* Find (open source) alternatives for all-the-stuff I use now
 
* Find (open source) alternatives for all-the-stuff I use now
 
* Make my laptop more mine, step by step
 
* Make my laptop more mine, step by step
* Write and/or point to tutorials
+
* Write and/or point to tutorials and other useful sites
  
 
== Some of the things I did so far ==
 
== Some of the things I did so far ==
Line 30: Line 23:
 
=== Laptop / phone ===
 
=== Laptop / phone ===
 
* OS
 
* OS
** Encryption of my home directory (checked the tickbox to encrypt my home directory in Ubuntu)
+
** Encryption of my home directory (ticked the box to encrypt my home directory in Ubuntu)
 
** [https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks Ubuntu sends searches to Amazon], disabled this
 
** [https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks Ubuntu sends searches to Amazon], disabled this
** Probably am going to install another OS on my laptop
+
** Reinstalled laptop with Debian
 
* Changed browser: using firefox now i.s.o. chrome
 
* Changed browser: using firefox now i.s.o. chrome
 
* Installed [[http://fixtracking.com/ several browser plugins], e.g.
 
* Installed [[http://fixtracking.com/ several browser plugins], e.g.
Line 42: Line 35:
 
* Alternatives for Google stuff
 
* Alternatives for Google stuff
 
** Use [https://duckduckgo.com/ DuckDuckGo] in stead of google search
 
** Use [https://duckduckgo.com/ DuckDuckGo] in stead of google search
** Removed the mail forwarding to google mail and switched back to my own provider. Actually, it would be better to install your own mail server or perhaps use a peer2peer mail system with e-mail encryption built-in
+
** Removed the mail forwarding to google mail and switched back to my own provider. Actually, it would be better to install your own mail server.
** Using a paper agenda now - couldn't find a could portable electronic alternative yet. This works just fine
+
** <s>Using a paper agenda now - couldn't find a good portable electronic alternative yet. This works just fine. (use the calendar of owncloud?)</s>
 +
** Using owncloud calendar, synchronized with phone
 
** Replaced analytics with [http://piwik.org/ Piwik]
 
** Replaced analytics with [http://piwik.org/ Piwik]
 
** [http://www.openstreetmap.org/ OpenStreetMap] i.s.o. google maps
 
** [http://www.openstreetmap.org/ OpenStreetMap] i.s.o. google maps
Line 50: Line 44:
 
* [https://projects.gnome.org/tomboy/ Tomboy notes] with [https://rsync.samba.org/ rsync] in stead of Evernote
 
* [https://projects.gnome.org/tomboy/ Tomboy notes] with [https://rsync.samba.org/ rsync] in stead of Evernote
 
* Created a [[Privacy:PGP |PGP key]] and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
 
* Created a [[Privacy:PGP |PGP key]] and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
 +
** Getting a [[User:Narya/Notes/SmartCardPgp |PGP smartcard]] to work
 
* Social media
 
* Social media
 
** Played around with [https://joindiaspora.com/ Diaspora] (as alternative to Facebook)
 
** Played around with [https://joindiaspora.com/ Diaspora] (as alternative to Facebook)
 
** Checked out [http://retroshare.sourceforge.net/ Retroshare] - it's retro... and you can share things (chat, forum, mail, file, all friend2friend), uses PGP
 
** Checked out [http://retroshare.sourceforge.net/ Retroshare] - it's retro... and you can share things (chat, forum, mail, file, all friend2friend), uses PGP
 +
** Problem: no friends :( Have shut down my FB account anyway. Added bonus: more time to do more important stuff than clicking away evenings
 +
** Tried to install a Diaspora pod. Too complicated. I might try again once the debian package comes out
 +
** Betting on http://pump.io/ now. Installation up to configuration was easy. So far, so good. Next step is to configure it.
 +
* File storage, sharing, backup
 +
** Using encfs together with Dropbox - [http://www.howtogeek.com/121737/how-to-encrypt-cloud-storage-on-linux-and-windows-with-encfs/ How to]
 +
** Have switched to ownCloud (see section "Server")
 +
* Text messages via https://threema.ch/en/ but I'll probably replace this with messaging via my own communication server
  
 
=== Server ===
 
=== Server ===
Line 59: Line 61:
 
* Have set firewall rules (with [http://shorewall.net/ Shorewall])
 
* Have set firewall rules (with [http://shorewall.net/ Shorewall])
 
* Have installed [http://owncloud.org/ ownCloud] - can be used ala dropbox, and it has apps for calendar and contacts
 
* Have installed [http://owncloud.org/ ownCloud] - can be used ala dropbox, and it has apps for calendar and contacts
** This is not really a cloud solution, but it might become one when doing the following:
+
** I want to have the data on at least two different locations (because... backup):
*** Want to figure out how to set up a virtual encrypted disk which is synchronized with another location
+
*** Have to figure out how to set up a virtual encrypted disk which is synchronized with another location
 
*** If possible synchronize the user database too, so that I can run mirrored ownCloud instances
 
*** If possible synchronize the user database too, so that I can run mirrored ownCloud instances
 
*** Relevant thread: https://mail.kde.org/pipermail/owncloud/2012-June/003918.html
 
*** Relevant thread: https://mail.kde.org/pipermail/owncloud/2012-June/003918.html
 +
*** Raspberry Pi with external USB drive might work. Synchronization by BTsync or something like that
 
** Need to investigate how to make use of this more secure ([http://booki.flossmanuals.net/owncloud/owncloud-and-security/ info here])
 
** Need to investigate how to make use of this more secure ([http://booki.flossmanuals.net/owncloud/owncloud-and-security/ info here])
 
* Working on setting up https ([http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-1 some explanation], [https://beeznest.wordpress.com/2008/04/25/how-to-configure-https-on-apache-2/ example 1], [http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html example 2])
 
* Working on setting up https ([http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-1 some explanation], [https://beeznest.wordpress.com/2008/04/25/how-to-configure-https-on-apache-2/ example 1], [http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html example 2])
** https works, but http is broken now. Need to figure out how to redirect http requests to https
+
** Forwarded the https port. Now I need to figure out how to redirect http requests to https
 +
* Installed [http://etherpad.org/ Etherpad], [https://github.com/ether/etherpad-lite/wiki/How-to-deploy-Etherpad-Lite-as-a-service as a service], only accessible from certain ips - for making and sharing notes
 +
** To do next: integrate etherpad with owncloud
  
== To do ==
+
=== Communication ===
* A lot
+
* Comm server
* Have fun and not become too paranoid ;)
+
** The plan is to use SIP phones and a client for chatting and/or video calls
* Be realistic: if you have a secret, don't put it on the interweb or on your computer
+
** Installed [http://www.asterisk.org/ Asterisk] and tried out the [http://www.linphone.org/ LinPhone] and [http://icanblink.com/ Blink] clients
 +
** Communication works, now stuck at making TLS and sRTP work [https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial Tutorial]
 +
* [https://subrosa.io/ Subrosa] is a really nice alternative for Skype. You can install it on your own server or use it via subrosa.io. It is web based
 +
* Trying out [https://www.mailpile.is/ Mailpile] - a web client for your mail with PGP encryption
  
 
[[Category:Privacy]]
 
[[Category:Privacy]]

Latest revision as of 23:09, 28 December 2015

Projects
Participants Narya
Skills Software, Social Networking, Common sense, Cryptography, Learning
Status Active
Niche Software
Purpose Education

Goal

Make my laptop more MY laptop (and my e-mail.. my calendar... backup... social networks... and well, anything really)

How

Some of the things I did so far

Several things below were/are new to me, so if you have suggestions for other options or for improvements, please let me know.

Laptop / phone

  • OS
    • Encryption of my home directory (ticked the box to encrypt my home directory in Ubuntu)
    • Ubuntu sends searches to Amazon, disabled this
    • Reinstalled laptop with Debian
  • Changed browser: using firefox now i.s.o. chrome
  • Installed [several browser plugins, e.g.
    • HTTPSeverywhere - make use of https as much as possible
    • Better privacy - remove super cookies
    • DoNotTrack - block advertisement, trackers, web stat trackers
    • Ghostery - comparable with DoNotTrack, but works better
    • NoScript - block JavaScript and Java stuff
  • Alternatives for Google stuff
    • Use DuckDuckGo in stead of google search
    • Removed the mail forwarding to google mail and switched back to my own provider. Actually, it would be better to install your own mail server.
    • Using a paper agenda now - couldn't find a good portable electronic alternative yet. This works just fine. (use the calendar of owncloud?)
    • Using owncloud calendar, synchronized with phone
    • Replaced analytics with Piwik
    • OpenStreetMap i.s.o. google maps
  • Removed mail and online banking from my mobile phone (can perhaps be put back after I changed the OS)
  • SSH tunnel to encrypt internet traffic from another network (e.g. a public wifi spot) to a place I trust more
  • Tomboy notes with rsync in stead of Evernote
  • Created a PGP key and set the default settings to "encrypt mail" for the people who are already in my list (key ring)
  • Social media
    • Played around with Diaspora (as alternative to Facebook)
    • Checked out Retroshare - it's retro... and you can share things (chat, forum, mail, file, all friend2friend), uses PGP
    • Problem: no friends :( Have shut down my FB account anyway. Added bonus: more time to do more important stuff than clicking away evenings
    • Tried to install a Diaspora pod. Too complicated. I might try again once the debian package comes out
    • Betting on http://pump.io/ now. Installation up to configuration was easy. So far, so good. Next step is to configure it.
  • File storage, sharing, backup
    • Using encfs together with Dropbox - How to
    • Have switched to ownCloud (see section "Server")
  • Text messages via https://threema.ch/en/ but I'll probably replace this with messaging via my own communication server

Server

  • Installed Debian
  • Encrypted disk (option during setup)
  • Have set firewall rules (with Shorewall)
  • Have installed ownCloud - can be used ala dropbox, and it has apps for calendar and contacts
    • I want to have the data on at least two different locations (because... backup):
      • Have to figure out how to set up a virtual encrypted disk which is synchronized with another location
      • If possible synchronize the user database too, so that I can run mirrored ownCloud instances
      • Relevant thread: https://mail.kde.org/pipermail/owncloud/2012-June/003918.html
      • Raspberry Pi with external USB drive might work. Synchronization by BTsync or something like that
    • Need to investigate how to make use of this more secure (info here)
  • Working on setting up https (some explanation, example 1, example 2)
    • Forwarded the https port. Now I need to figure out how to redirect http requests to https
  • Installed Etherpad, as a service, only accessible from certain ips - for making and sharing notes
    • To do next: integrate etherpad with owncloud

Communication

  • Comm server
    • The plan is to use SIP phones and a client for chatting and/or video calls
    • Installed Asterisk and tried out the LinPhone and Blink clients
    • Communication works, now stuck at making TLS and sRTP work Tutorial
  • Subrosa is a really nice alternative for Skype. You can install it on your own server or use it via subrosa.io. It is web based
  • Trying out Mailpile - a web client for your mail with PGP encryption