Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I didn't know that. Hmm, sounds like it's decently likely this is a bit overblown then. I mean, I suppose there are a lot of lazy companies out there that will skip this, but that severely limits the functionality in a way that it's going to force the secure method.
It opens users to timing attacks.
If there are 10000 notifications per second. And across 100 incidents user A does something to cause a notification and user B receives a notification within network latency time periods, it is likely user A is talking to user B.
Whilst that seems like arbitrarily useless data, having this at the giga/peta scale that the US government is processing it, you can quickly build a map of users "talking" to users.
Now, this requires the help of other parties. You need to know that user A is using WhatsApp at the time. And yeh, you don't know what the message is, but you know that they are hitting WhatsApps servers. And you know that within 5 minutes of User B receiving a notification, they are also then contacting WhatsApp servers.
So now you know that user A is likely talking to user B via WhatsApp.
And also user G, I X and M are also involved in this conversation.
And you bust user G on some random charge. And suddenly warrants are issued for more detailed examination of users A, B, I, X and M.
Maybe they have nothing to hide and are just old college friends. Or maybe they are a drug ring, or whatever.
It's all the "I have nothing to hide", phones being tied to a person, privacy and all that.
We can't really comprehend the data warehouse/lake/ocean level of scale required to realise what all the little pieces of meta data and tracking information being able to add up to "User A is actually this person right here right now and they bought a latte at Starbucks and got 5 loyalty points" level of tracking.
Is it likely this bad?
Probably.
Theres the "Target knows I'm pregnant before told anyone" story.
https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
That's over a decade ago. It's not let off. And you can bet that governments are operating at a level a few years beyond private industry.
So yeh, every bit of metadata counts