Coffeehouse Thread

20 posts

Hosting

Back to Forum: Coffeehouse
  • User profile image
    GoddersUK

    So this whole PRISM fiasco has got me looking to bring my online activities a little more... in house. To this end I'm looking for recommendations for reasonably priced trustworthy hosting  (that I can order and pay for from the UK) for a mail server, possibly a Diaspora pod and so forth. Alternatively does anyone have any experience of running a mail server off a static IP domestic broadband connection, behind a NAT router (EDIT: on hardware such as an old laptop)?

  • User profile image
    elmer

    It's funny, but the day before the PRISM thing broke, I was having the acid put on me about our in-house data-centre and why we are continuing to run all of our services in-house instead of pushing them out to cloud and hosted services. My primary defense was that once you let go of your data, you have no way of knowing who will get access to it... for which I was mocked as needing a tin-foil hat... and now I'm viewed as having sage status... LOL.

  • User profile image
    kettch

    @GoddersUK: If I were to pull out my tin foil hat, I'd say it doesn't matter if you trust the hosting provider. Either the government can roll up to the data center and take what they want, or they can just read what goes over the wire (This is my triple layer hat implying that your encryption isn't safe).

  • User profile image
    GoddersUK

    , kettch wrote

    @GoddersUK: If I were to pull out my tin foil hat, I'd say it doesn't matter if you trust the hosting provider. Either the government can roll up to the data center and take what they want, or they can just read what goes over the wire (This is my triple layer hat implying that your encryption isn't safe).

    TBH I'm kind of assuming the governments are only going to go after the big fishes with this kind of policy - it would be too much effort for them to go after every hosting provider, unless they were after something specific and knew who was hosting it. Of course if they make it a legal requirement things would change. That's one of the reasons I was considering self hosting (it would also protect me from the requirement in UK/EU law that email providers keep certain records for 12 months, and the fact that I know Google have 5+ years of my email on their servers...).

    Again, I'm going to assume that cracking every SSL connection/PGP mail in town requires more resources than the government reasonably has available and I have no reason to believe the government are specifically bugging me so I'm probably safe there. If they do think I'm an international super-terrorist they're sadly mistaken Sad.

    I'm going for reasonable protection of my privacy here, if I was a criminal I'd take a different route entirely. Anonymous webmail accounts set up and accessed only via TOR with all messages PGP protected and so on, probably.

  • User profile image
    DaveWill2

    @kettch: agreed. And then the next suggestion would be private encryption but that has 2 downsides: first, exchanging decryption info while being followed by a tinted windowed sedan with no meaningful markings. Second, the complexity of the encryption would have to be pretty awesome because ... have you seen the new NSA center they are building.

  • User profile image
    PopeDai

    , GoddersUK wrote

    So this whole PRISM fiasco has got me looking to bring my online activities a little more... in house. To this end I'm looking for recommendations for reasonably priced trustworthy hosting  (that I can order and pay for from the UK) for a mail server, possibly a Diaspora pod and so forth. Alternatively does anyone have any experience of running a mail server off a static IP domestic broadband connection, behind a NAT router (EDIT: on hardware such as an old laptop)?

    Don't. Mail-servers need to be redundant and highly-available, which is why redundancy for incoming-SMTP (aka "Mail exchange" or MX for short) is built-in to DNS.

    Also, you'll find many residential ISPs block port 25 to prevent spam, as the vast majority of spam comes from hijacked machines.

    If you're interested, I can provide you with a Hosted Exchange mailbox on my colocated gear in a Manchester datacenter for a nominal fee, I use it for my own mail and I have redundancy. Interested?

  • User profile image
    GoddersUK

    , PopeDai wrote

    *snip*

    Don't. Mail-servers need to be redundant and highly-available, which is why redundancy for incoming-SMTP (aka "Mail exchange" or MX for short) is built-in to DNS.

    Well I could just set a reliable external server (such as Outlook.com or my host's) up as the back up in the case that mine goes down. The DIY mailserver was just an idea that came into my head as a way to have a trustworthy host, I'm not a network admin and don't really know about the pheasibility of it.

    Also, you'll find many residential ISPs block port 25 to prevent spam, as the vast majority of spam comes from hijacked machines.

    Yep. I'm fairly sure there's something in the fine print of my current contract (O2) prohibiting me from doing so, regardless as to whether or not they block it Generally speaking I'm considering looking for an ISP who's views align more closely with my own once my current contract is up. The best I've found so far is A&A, although their usage caps are a bit low.

    A&A ISP wrote:

    The UK law at present can require us to put in place monitoring systems and also not to tell people we have done so. We do not have any black boxes designed to filter or monitor traffic and you are welcome to ask RevK on irc if this is still true at any time and take a lack of reply or evasive reply as you wish. Obviously we will ask if the law requires us to actually lie if ever we are subject to such legislation, and if not this statement would be removed. It is an interesting point as the statement that we are not filtering or monitoring is done for financial gain (to get customers) so if we were required to lie under RIPA we would be committing an offence under the Fraud Act. A debate to be had if ever it happens. You can probably get a clue if ever we dissolve the company and move all the contracts to a new company at any time...

    Now that's an attitude I like...

    If you're interested, I can provide you with a Hosted Exchange mailbox on my colocated gear in a Manchester datacenter for a nominal fee, I use it for my own mail and I have redundancy. Interested?

    Possibly. I'll get back you via these forums if I'm interested. Right now I'm looking at various options.

  • User profile image
    DavidJohnson

    There used to be the stipulation that any incidental collection of information that was addressed to/from a countries citizen was not to be used and destroyed. Be it a US Agency, UK Agency, Canadian Agency  or other.. The NSA was prevented from collecting information from US citizens and this was closely followed by simply co-locating another country's employee i.e. GCHQ employee on the site, the NSA employee would take anything that had US citizens details and move it outside of their database, and the GCHQ employee would add it to their database.  This way the letter of the law if not the spirit of the law was enforced.

     

    Those who would sacrifice freedom for security deserve neither - Benjamin Franklin

  • User profile image
    evildictait​or

    , DavidJohnson wrote

    The NSA was prevented from collecting information from US citizens and this was closely followed by simply co-locating another country's employee i.e. GCHQ employee on the site, the NSA employee would take anything that had US citizens details and move it outside of their database, and the GCHQ employee would add it to their database.  This way the letter of the law if not the spirit of the law was enforced.

    William Hague; Foreign Secretary in the UK made a completely clear statement that this is not the case:

    Mr Hague added: "The idea that in GCHQ people are sitting working out how to circumvent a UK law with another agency from another country is fanciful, it is nonsense. I can give people that assurance."

  • User profile image
    blowdart

    , evildictait​or wrote

    *snip*

    Also, your assertion is at odds with this very clear direct quote from William Hague; Foreign Secretary in the UK:

    *snip*

    Except they've been doing it for years. That's what ECHELON was for.

  • User profile image
    evildictait​or

    , blowdart wrote

    *snip*

    Except they've been doing it for years. That's what ECHELON was for.

    There is a difference between lawfully sharing information or building shared infrastructure and DavidJohnson's assertion that GCHQ and NSA target each other's citizens in order to bypass the specific safeguards in law designed afforded to UK and US citizens by their respective constitutions.

  • User profile image
    blowdart

    , evildictait​or wrote

    "The idea that in GCHQ people are sitting working out how to circumvent a UK law with another agency from another country is fanciful, it is nonsense. I can give people that assurance."

     

    Let's look at that wording. UK law. It's nothing about helping the US circumvent US law (spying on their own citizens), which is the current scandal ....

  • User profile image
    evildictait​or

    , blowdart wrote

    *snip*

    Let's look at that wording. UK law. It's nothing about helping the US circumvent US law (spying on their own citizens), which is the current scandal ....

    William Hague is only commenting on the UK side of the "scandal" (in which people are worried that GCHQ spied on UK citizens by asking the US to do it for them).

    For a US equivalent statement (not that you even really need one - since the US asking the UK to spy on US citizens to circumvent US safeguards laid down in law would be illegal), you need look no further than the Director of National Intelligence's "facts sheet" here:

    The Government cannot target anyone under the court-approved procedures for Section 702
    collection unless there is an appropriate, and documented, foreign intelligence purpose for the
    acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear
    proliferation) and the foreign target is reasonably believed to be outside the United States.
    We cannot target even foreign persons overseas without a valid foreign intelligence purpose.

    In addition, Section 702 cannot be used to intentionally target any U.S. citizen, or any other
    U.S. person, or to intentionally target any person known to be in the United States. Likewise,
    Section 702 cannot be used to target a person outside the United States if the purpose is to
    acquire information from a person inside the United States.

    Or in other words, the suggestion that US spies sit around in Fort Meade dreaming up ways to ask their foreign counterparts to spy on US citizens in order to avoid full oversight from the US legal system, Congress and the Executive branch is the stuff of Hollywood and not of reality.

  • User profile image
    blowdart

    , PopeDai wrote

    If you're interested, I can provide you with a Hosted Exchange mailbox on my colocated gear in a Manchester datacenter for a nominal fee, I use it for my own mail and I have redundancy. Interested?

    Hah. Remember where you're living now. And you're not a citizen, you don't have the same protection as US citizens do. Your mail server isn't safe.

    As an aside I pay gradwell.net for my mail services. They do POP/IMAP/SMTP and Exchange.

  • User profile image
    GoddersUK

    , evildictait​or wrote

    *snip*

    William Hague; Foreign Secretary in the UK made a completely clear statement that this is not the case:

     

    *snip*

    Hague's statement was very carefully worded. He didn't deny the allegations, he didn't say they're not breaking (and have never broken) the law. He just said they're not exploiting some obscure loophole.

    Of course that requires me to believe that William Hague is telling the truth and has been told the truth. Which I'm not sure I do.

    EDIT: In fact, if there's nothing untoward going on here, care to explain this:

    http://order-order.com/2013/06/08/d-notice-june-7-2013/

  • User profile image
    GoddersUK

    @blowdart: Except that "protection" has been shown to be next to worthless. While having a private mailserver located outside the USA probably means he's not part of the routine surveillance. Not that I'd but it past the NSA to send a letter like this:

    Dear PopeDai,

    We request that you forward all your emails to us. Please not that you are not allowed to inform yourself of this request.

    Best regards,

    The NSA

  • User profile image
    Harlock123n​ew

    , evildictait​or wrote

    *snip*

    The people's representatives decide. The people vote in open elections for people that they believe are going to represent their views (liberal, right-wing, or somewhere in between), and those people are elected to Congress and the Senate and the Office of President.

    In Congress and in the Senate through open debate and discourse they decide where the line is drawn, and that line is set in law, and this gives the President the authority to set the policies of the intelligence agencies.

    *snip*

    Ultimately, it's the Supreme Court who ensure that everyone at the NSA have worked according to the actual laws specified by Congress, but Congress also have oversight to ensure that the NSA isn't just playing by the letter, but also by the intent of the law.

    Well I thing we can see how well that system is working.... 

  • User profile image
    GoddersUK

    , Harlock123n​ew wrote

    *snip*

    Well I thing we can see how well that system is working.... 

    doubleplusgood

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.