this post was submitted on 03 Aug 2023
96 points (100.0% liked)

Privacy

31808 readers
369 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 20 comments
sorted by: hot top controversial new old
[–] mypasswordis1234@lemmy.world 56 points 1 year ago* (last edited 1 year ago)

My privacy hardening tips are:

  • Avoid 5-eyes, 9-eyes and 14-eyes countries^[1]^.
  • Don't use CloudFlare or any CDN/AntiDDOS services because they decrypt all traffic that goes to and from your server^[2]^^. You don't know what they do with it.
  • DNS queries sent by the server should be encrypted^[3]^ so that the ISP/data center cannot see them.
  • If you want a VPS: try getting KVM instead of LXC one. It's so easy to automate processes scanning on the fly^[4]^
[–] Nsh@lemmy.ca 32 points 1 year ago (2 children)
[–] Potato_in_my_anus@lemmy.ml 17 points 1 year ago (1 children)

Yep, my money goes to Switzerland. This message was brought to you by Proton.

Jokes aside, I do really have been using Proton Mail and VPN for quite some time.

[–] Nsh@lemmy.ca 10 points 1 year ago

Yes, proton is pretty awesome for privacy and security. And it's also because the Swiss laws has made it possible.

[–] sasquash471@feddit.de 13 points 1 year ago

Switzerland might still be a good choice, but the government also made some questionable laws which weakens piracy in the recent years.

[–] rando@lemmy.ml 19 points 1 year ago (1 children)
[–] jet@hackertalks.com 14 points 1 year ago* (last edited 1 year ago) (2 children)

To really be censorship resistant you have to follow the example of the pirate streaming services. Have servers in multiple places. Multiple domain names. Be resilient to any instance going down.

Any capability the server has to violate user privacy a government has. So ensure you have as few capabilities as possible to violate privacy. If your users are very vulnerable make sure that you don't have the data to expose them ever.

You can consider hosting in a "safe country" That's just the beginning. You could make your service available on tor via hidden service address. That way even if users don't have good operational security themselves you try to protect them from leaking their activity to whoever their vulnerable to

[–] mypasswordis1234@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

If your users are very vulnerable make sure that you don’t have the data to expose them ever.

aka disable any logs or delete them automatically, periodically.

[–] pineapplelover@lemm.ee 14 points 1 year ago* (last edited 1 year ago) (2 children)

Switzerland, Iceland, Finland, Spain, Egypt,~~Sweden~~, and some 3rd world countries that don't really give a shit (though they might give a shit if your country makes them give a shit)

[–] Potato_in_my_anus@lemmy.ml 21 points 1 year ago (1 children)
[–] pineapplelover@lemm.ee 3 points 1 year ago

Woops. I'll edit

[–] polskilumalo@lemmygrad.ml 2 points 1 year ago

Switzerland and Sweden

Are you serious right now? Protect privacy and free speech by hosting right in the imperial core? Bruh.

[–] original_reader@lemm.ee 7 points 1 year ago (1 children)

Here is an article that helps a bit with that.

It goes almost without saying that you definitely want to avoid the United States and even more so China, Russia and so forth.

[–] thehellboy@fosstodon.org 2 points 1 year ago

@original_reader @Freez this is from 2019. Is this still actual? Probably not....

[–] UnverifiedAPK@lemmy.ml 6 points 1 year ago

Somewhere in South America

[–] mojo@lemm.ee 5 points 1 year ago

Sweden or Switzerland have good laws for this.

[–] possiblylinux127@lemmy.zip 2 points 1 year ago* (last edited 1 year ago)

Honestly self host with physical security. As long as your house isn't raided your fine.

You could also setup a vps gateway that routes traffic over wireguard into a isolated environment at home. This should be better for privacy.