Findmysec @ Findmysec @infosec.pub

Posts

12

Comments

222

Joined

1 yr. ago

Create a new user and give explicit permissions via doas + SELinux (corporate style lockdown). And deal with network policies with a DNS filter on your LAN (or maybe run an unbound service on her device with a different user without a login so she can't change the config). Easy

For Android, use a FOSS MDM

Lol he just pointed the gun at the NSA for forcing everyone to ship backdoors

You've brought a strawman into the conversation, but in short, uBlock is best maintained and tends to be the most robust. Your solution works too

If I say it here I might dox myself. I'd like for it to be a PGP conversation but I'm not quite there yet either (due to personal reasons). Sorry

Well, you're right. If the provider I have in mind evaporates one day I'll probably have to do that.

Clevis and Tang but even that can only really do so much.

Just encrypt storage on-site

Nice

Just find an unit with unmetered bandwidth, why do you need dedi?

I do seed stuff (I downloaded a TV show of around 40GB last month and I've been seeding it since). It just keeps seeding at full speed till the time they throttle my bandwidth. Last I checked I was over 7 in ratio for that thing, but whatever. It works out because I don't leech much

I will eventually move to a VPS provider who doesn't mind public torrents (I'll pay through XMR). This seems like a much better idea since my needs have diversified and I'd like everything together on one machine to save costs. There's other ways to use your seedbox too (without root access) and seed stuff that people really need/are deprived of (vague description on purpose).

Yes, that's a bit of a problem on the average seedbox. You'd have to modify your torrent to seed on I2P by adding I2P trackers (just a couple of them, nothing much), and then run either BiglyBT or I2PSnark to seed them on I2P. Unfortunately, most seedboxes don't give you root access, neither do they bundle these apps. Qbittorrent doesn't have good support for it yet unfortunately.

If you have an SBC/spare computer at home, would be great if you could attach a hard drive to it, install i2p/i2pd and either of the mentioned torrent clients, and seed from there in the meantime. Qbittorrent has seen community interest in I2P, unfortunately it's just not there yet

The OG I2P program is written in Java, which might show behavior like you mentioned (didn't stop immediately when stopping the service).

Please try I2PD, it's written in C++

I still have one of their ECO boxes but it's not doing much. I haven't torrented anything in the last 2 months I think (didn't find a need to).

Obviously, this doesn't change anything if you're still seeding to the clearnet. All this would do is cross-seed your torrents to the I2P network. I assume you have a suitable torrenting strategy already for the clearnet. If some day you were to abandon the clearnet for I2P, you would no longer need to take the precautions you do now because I2P is inherently private.

Please skim through the documentation for a high-level overview on I2P, and ask here if you don't understand something

Which plan? I used to use them too

Unless there's a zero-day, no. All traffic is encrypted and it should be impossible to correlate traffic chunks to identities like that

I'm assuming your seedbox providers allows you root access to the server? Which provider is this?

Yes, because it's P2P, every node acts as a router and thus distributes bandwidth to prevent congestion

If only people with the resources would seed

It's very easy to set up. Windows now has a slick installer.

The point is that logs are generated and then deleted but companies who do not wish to keep such logs (e.g. IP address of client who connects to the VPN). I2P sure to it's design, doesn't even generate such incriminating logs (it might generate other kinds of logs which is a different discussion).

Thanks