• 2 Posts
  • 26 Comments
Joined 1 year ago
cake
Cake day: August 22nd, 2023

help-circle

  • If you arent an actual journalist who is being personally, specifically hunted then you probably don’t need to take the same precautions as one.

    And yea, the guide boils down to “none of these things are 100% safe but they are realistic things you can do that can offer more protection than not doing them.”

    Your skimming of the article missed how they do indeed talk about the shortcomings of every suggestion they have. For example, the article also does indeed talk about how you can turn off gps but your phone will still ping towers revealing your location, and goes on to say that you can put your phone in a faraday bag but that isnt practical for most people but is indeed an option if you want to do it.





  • I think that that is right that I fundamentally want an archive, not what a normal mail server provides. Part of my thought on looking at mail servers is that those would integrate directly with whatever other front-end/client that I’d normally use, whereas an archive maybe would not.

    And regarding archive-specific stuff, I am seeing some things on a search, but I guess i’m wondering if folks here have any recommendations. When I look at , for example, nothing comes up for email archive, just for email servers. That, plus what I see when searching, makes me think that the archive-specific stuff is either oriented to business or oriented to a CLI (like NotMuch, which was mentioned in the discussion here and does look cool).





  • This article isnt about how emails associated with logins got released in a breach, but that documents that are uploaded to the archive are stamped with the email address of the account that uploaded it and that can be viewed by anyone who downloads the document.

    So in standard, everyday use of the site, email addresses are being revealed and are associated with the actions of that person. Like if I upload a copy of the manual for my washing machine or something, which is a more benign example, my email is linked to that document now.

    Then combine this with (1) the internet archive says in multiple spots that they dont reveal this info anywhere, and (2) the issue has been raised to the organization, and it becomes more of a specific negligence from them.


  • This article isnt about how emails associated with logins got released in a breach, but that documents that are uploaded to the archive are stamped with the email address of the account that uploaded it and that can be viewed by anyone who downloads the document.

    So in standard, everyday use of the site, email addresses are being revealed and are associated with the actions of that person. Like if I upload a copy of the manual for my washing machine or something, which is a more benign example, my email is linked to that document now.

    Then combine this with (1) the internet archive says in multiple spots that they dont reveal this info anywhere, and (2) the issue has been raised to the organization, and it becomes more of a specific negligence from them.



  • It sounds like you have a heavy duty door lock to be very secure, but you are essentially trying to backdoor all that security with a new internet-connected thing. An adversary only has to break the weakest link here, rendering the physical door lock obsolete.

    If you are just going to have some digitally-connected device ultimately controlling access to the house, I’d go with just some standard door lock that does that (i haven’t used em but they exist). The physical lock on those is surely less what you have know, but with your proposed solution the physical lock probably isnt what people who crack anyway.








  • Ive got this working with Caddy and Adguard

    I use Caddy as my reverse proxy. It is running on the machine in the basement with all the different docker-container-services on different ports. My registrar is set up so that *.my-domain.com goes to my IP.

    Caddy is then configured for ‘service-a.my-domain.com’ to port 1234, and the others going to their ports. This is just completely standard reverse proxy.

    For some subdomains (i.e. different services) ive whitelisted only the local network. There is some config for that.

    Im pretty sure that I also have to have adguard do a dns rewrite on the local network as well. That is, adguard has a rewrite for ‘*.my-domain.com’ to go to 192.168.0.22 (the local machine with caddy). I think i had to do this to ensure that when the request gets to caddy it is coming from the local whitelisted network rather than my public IP (which changes every couple months, but could be more).