{"id":3006,"date":"2010-06-25T21:45:49","date_gmt":"2010-06-26T01:45:49","guid":{"rendered":"http:\/\/blogs.n1zyy.com\/n1zyy\/?p=3006"},"modified":"2010-06-25T21:45:49","modified_gmt":"2010-06-26T01:45:49","slug":"big-brother-and-kill-switches","status":"publish","type":"post","link":"https:\/\/blogs.n1zyy.com\/n1zyy\/2010\/06\/25\/big-brother-and-kill-switches\/","title":{"rendered":"Big Brother and Kill Switches"},"content":{"rendered":"<p>It&#8217;s being fiercely opposed and is a far way from reality anyway, but every now and then my tinfoil hat quotient is elevated.<\/p>\n<p>I haven&#8217;t bought anything, don&#8217;t plan to do so too immanently, and won&#8217;t talk publicly about it if I do, but I&#8217;d just like to put a few things out there:<\/p>\n<ul>\n    <li>Good-enough 1U servers are a dime a dozen on eBay. If you need virtualization support, gobs of RAM, or really good disks, the prices are a bit higher, but if dual 3GHz Xeons, 2GB RAM, and a pair of 36GB SCSI disks (mirrored for redundancy) work for you, you have a wealth of options for under $200.<\/li>\n    <li><a href=\"http:\/\/prq.se\/?p=colo&#038;intl=1\">prq.se<\/a> is famous for hosting The Pirate Bay and Wikileaks, two sites that a lot of powerful people would like to go away. Their colo plans for 1U start at $80\/month. (Dedicated servers start at $123, though there&#8217;s also a $200\/month setup fee.) They offer <a href=\"http:\/\/prq.se\/?p=tunnel&#038;intl=1\">tunnel services<\/a> for much lower prices, but if you&#8217;re building a tinfoil-hat encrypted international tunnel, you&#8217;d probably do well to not trust anyone.<\/li>\n    <li><a href=\"http:\/\/openvpn.net\/\">OpenVPN<\/a> is free, easy enough to use, and supported (in userspace) on all major platforms. (ssh tunneling would work, but it&#8217;s kind of a hassle if you want to tunnel everything through it.)<\/li>\n    <li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Dm-crypt\">Disk encryption<\/a> is nothing new. I think, ideally, you&#8217;d set the box up so that it could be booted unattended, but the &#8216;privileged&#8217; data (e.g., \/home, anything <a href=\"http:\/\/en.wikipedia.org\/wiki\/Chroot\">chrooted<\/a>, and any logging you did) would require that someone log in and provide a passphrase to mount the secure partitions. (Important: don&#8217;t log connections to an unencrypted partition if you can help it.)<\/li>\n    <li><a href=\"http:\/\/www.squid-cache.org\/\">Squid<\/a> is a nice proxy if there will be more than a couple concurrent users.<\/li>\n    <li><a href=\"http:\/\/www.torproject.org\/\">Tor<\/a> exit node. <a href=\"http:\/\/en.wikipedia.org\/wiki\/Plausible_deniability\">Plausible reliability<\/a>. Tor seems to provide it natively, but <a href=\"http:\/\/www.faqs.org\/docs\/Linux-HOWTO\/Bandwidth-Limiting-HOWTO.html\">iptables can throttle bandwidth<\/a> too.<\/li>\n<\/ul>\n<p>I get about 120ms pings to PRQ. Not wonderful, but not so shabby given the distance.<\/p>","protected":false},"excerpt":{"rendered":"<p>It&#8217;s being fiercely opposed and is a far way from reality anyway, but every now and then my tinfoil hat quotient is elevated. I haven&#8217;t bought anything, don&#8217;t plan to do so too immanently, and won&#8217;t talk publicly about it &hellip; <a href=\"https:\/\/blogs.n1zyy.com\/n1zyy\/2010\/06\/25\/big-brother-and-kill-switches\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3006","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/posts\/3006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/comments?post=3006"}],"version-history":[{"count":0,"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/posts\/3006\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/media?parent=3006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/categories?post=3006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.n1zyy.com\/n1zyy\/wp-json\/wp\/v2\/tags?post=3006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}