• 1 Post
Joined duela urte bat
Cake day: urt. 15, 2022


What are the alternatives to OpenPGP that I can start using today?

It depends on what kind of threat you want to protect yourself against. VPN technology was never meant to do what most every day people are using it for these days.

A self hosted VPN will encrypt your network traffic between your device (laptop, smartphone, you name it) and your VPN server. So that cute hacker chick in the internet café can’t see what websites you’re browsing. But from your VPN server to the final destination, you’ll have the rely on TLS (as in, HTTPS for example) which is secure but then the question is, what do you need the VPN for in the first place?

An argument can be made that websites have a harder time following your smartphone around the real world by tracking the changes of your IP address. Because the VPN server has a fixed IP address and websites will only see this one IP address when you use your VPN instead of seeing “oh, now they’re using their home router’s IP address after having used their mobile internet provider’s IP address, so they must be home now”. But then again, using this fixed IP address as the only user, websites can easily identify that it’s you because nobody else uses your VPN server’s IP address.

A commercial VPN service lets many different people use the commercial VPN server’s IP address so there’s much noise and it’s hard for websites to make conclusions just based on the IP address.

But there’s a catch: beyond masking your IP address no VPN service (self hosted or not) can add additional protection. There are so many more things besides your IP address that websites use to track your every move across websites and even across different devices you use. A VPN cannot protect you from cookies, fingerprinting techniques, malicious downloads, hackers, …

So what can you take away from all this? While a VPN can be one part of your online security strategy, it alone isn’t enough for privacy or security online. I’d recommend you do your own research on the topic and get a feeling for the evil things that websites and other actors can and will do to you, what data they collect and what they can learn from it. Armed with that knowledge you can evaluate what you see as the greatest risk in your situation/circumstances and protect yourself effectively using the measures you really need. Maybe you’ll come to the conclusion that a VPN will help you achieve your goals, most likely you will need additional measures on top of or independent from a VPN.

Delta Chat is so underrated. You have to go in the settings to “enable” regular emails though which might be a deal breaker for people who just want to input their username and password and never touch any settings beyond that.

While it may not be in the official F-Droid repo, it certainly is in the IzzyOnDroid repo.

libsodium-file-crypter hasn’t received any commits in the past 4 years. Looks abandoned to me.

There is this tool called [age](https://github.com/FiloSottile/age) written in go and a fully compatible Rust implementation called [rage](https://github.com/str4d/rage). They promise to be a simple tool for encrypting files and other things. It only does encryption, using public key cryptography (Curve 25519 or SSH keys) or password based symmetric encryption. *(Please excuse me glossing over some details here)* It only encrypts things, no signatures beyond [AEAD](https://en.wikipedia.org/wiki/Authenticated_encryption) involved. It aims to be minimalistic and do just one thing reasonably well instead of being a mediocre multi tool. It doesn't aim to be a full replacement for things like OpenPGP. AFAICT there hasn't been a proper security audit yet. There seem to be some issues with the design as pointed out [here](https://neilmadden.blog/2019/12/30/a-few-comments-on-age/) which don't look like critical flaws to me, but then again I'm not a cryptography expert. Some of the questions I want to throw into the discussions are: * Is it any good? * In which situation would you use it? * What are some alternatives that do it differently or maybe even better and why is that? Bonus question: Is there a similar tool that uses an audited library like libsodium, and if not, would it be worth developing one?

Check out FreeDOS. It ships a text editor. You can find more than one spreadsheet application on archive.org. I’m not sure about mind maps though. Also, internet works if you want it to but it’s totally optional.

Oh, interesting. Adding this to my watch list.