santorihelix

santorihelix said ()

Yacy is probably the best followed by Searx although not if you're on Whonix which makes the usage of Yacy (and I'm guessing Searx too) insecure. If you aren't on Whonix and you want good results, you could locally host your Searx instance and adjust the search targets to your liking. This would also be your most private choice since it's

  • open source and you don't have to trust a website to actually deploy what you advertise
  • you can route it over Tor (alas, I didn't check how) or just morty which will sanitize your searches

P.S. Yes I know Searx is technically a metasearch engine, but hey, it gets the search done.

2

santorihelix said ()

Just be sure to check (and know beforehand) the signing key of your server so the exit node can't MitM. At first connect you'll get something like

The authenticity of host omecha.info (89.234.176.136)' can't be established.
ECDSA key fingerprint is SHA256:v7u4albDUtGH1EXWEwlt0KnzY9GDY5EqodUymKSbiSw
Are you sure you want to continue connecting (yes/no)?

When you say yes the server will be added to ~/.ssh/known_hosts so from then on ssh has you covered; that is, it'll error if the pubkey doesn't match the one saved in your file.

1

santorihelix said ()

It's pretty sad that most schools require Zoom despite them being pieces of shit. I don't really get why. It's not like Zoom has amazing functionalities that trump over stuff like Jitsi. I've been using Jitsi for a while now and I've literally lost zero functionality. I just send the students the meeting link and they open it on their browser and voila.

1

santorihelix said ()

Tor Browser. I like not having to think about the stuff you mentioned. If you don't want to route over Tor for some reason, I'd suggest SecBrowser. It's Tor Browser without the Tor routing. With this, while having security, you don't even have to worry about fingerprinting since it's the same as regular Tor and you won't be making yourself unique with the addons you'd need to install on other browsers.

2

santorihelix said ()

A few ideas:

  • I'm not sure how the user models work with Postmill but I think it'd be great to have a place to enter PGP public keys where others could use use more easily for practice
  • Again, I'm not sure how plausible this is but being able to collaborate on posts would be great and unique.
  • OMEMO chatrooms?

BTW I'm writing a "fool-proof" GPG guide to pin on /f/cryptography (but only for GNU/Linux since that's all I know) and and a guide for /f/opsec.

1

santorihelix said () (edited )

From what I gather, judges usually rule key disclosure when the government already knows the information in the device and it's not for getting new evidence but making the evidence available to the court. In any case I don't think the cops can just lawfully request your key, like they can't search your house without a warrant on normal occasions. My question is what happens if you forgot your password for real? Is there any possibility for them to deny that you forgot it except rubber-hose cryptanalysis?

Source: https://en.wikipedia.org/wiki/Key_disclosure_law#United_States

2

santorihelix said () (edited )

3