@@ -244,8 +153,6 @@ for the JavaScript code in this tag.
Apps
"In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike" – Stefania Milan @@ -256,7 +163,7 @@ for the JavaScript code in this tag. The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the Administrator control panel under Add/remove apps the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps.
-+-
@@ -265,9 +172,9 @@ The base install of the system just contains an email server and Mutt client, bu
-Akaunting
-++-Akaunting
+A web based accounts system for small businesses or freelancers.
@@ -277,9 +184,9 @@ A web based accounts system for small businesses or freelancers.-BDS Mail
-++-BDS Mail
+-CryptPad
-++-CryptPad
+Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.
@@ -301,9 +208,9 @@ Collaborate on editing documents, presentations and source code, or vote on thin-DLNA
-++-DLNA
+Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.
@@ -313,9 +220,9 @@ Enables you to use the system as a music server which any DLNA compatible device-Dokuwiki
-++-Dokuwiki
+A databaseless wiki system.
@@ -325,9 +232,9 @@ A databaseless wiki system.-Edith
-++-Edith
+Extremely simple and distraction-free notes system.
@@ -337,9 +244,9 @@ Extremely simple and distraction-free notes system.-Emacs
-++-Emacs
+If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.
@@ -349,9 +256,17 @@ If you use the Mutt client to read your email then this will set it up to use em-Etherpad
-+++Email Server
++++Since many apps require email registration an email server is installed by default. You can find advice on using the email system here. +
++-Etherpad
+Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.
@@ -361,9 +276,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday-Federated wiki
-++-Federated wiki
+A new approach to creating wiki content.
@@ -373,9 +288,9 @@ A new approach to creating wiki content.-Friendica
-++-Friendica
+Federated social network system.
@@ -385,9 +300,9 @@ Federated social network system.-Ghost
-++-Ghost
+Modern looking blogging system.
@@ -397,9 +312,9 @@ Modern looking blogging system.-GNU Social
-++-GNU Social
+Federated social network based on the OStatus protocol. You can "remote follow" other users within the GNU Social federation.
@@ -409,9 +324,9 @@ Federated social network based on the OStatus protocol. You can "remote follo-Gogs
-++-Gogs
+Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar fork-and-pull workflow. If you can use Github then you can also use Gogs.
@@ -421,9 +336,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or-HTMLy
-++-HTMLy
+Databaseless blogging system. Quite simple and with a markdown-like format.
@@ -433,9 +348,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.-Hubzilla
-++-Hubzilla
+Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.
@@ -445,9 +360,9 @@ Web publishing platform with social network like features and good privacy contr-Icecast media stream
-++-Icecast media stream
+Make your own internet radio station.
@@ -457,9 +372,9 @@ Make your own internet radio station.-IRC Server (ngirc)
-++-IRC Server (ngirc)
+Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.
@@ -469,18 +384,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl-Jitsi Meet
-++-Jitsi Meet
+Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.
-KanBoard
-++-KanBoard
+A simple kanban system for managing projects or TODO lists.
@@ -490,9 +405,9 @@ A simple kanban system for managing projects or TODO lists.-Key Server
-++-Key Server
+An OpenPGP key server for storing and retrieving GPG public keys.
@@ -502,9 +417,9 @@ An OpenPGP key server for storing and retrieving GPG public keys.-Koel
-++-Koel
+Access your music collection from any internet connected device.
@@ -514,9 +429,9 @@ Access your music collection from any internet connected device.-Lychee
-++-Lychee
+Make your photo albums available on the web.
@@ -526,9 +441,9 @@ Make your photo albums available on the web.-Mailpile
-++-Mailpile
+Modern email client which supports GPG encryption.
@@ -538,9 +453,9 @@ Modern email client which supports GPG encryption.-Matrix
-++-Matrix
+Multi-user chat with some security and moderation controls.
@@ -550,9 +465,9 @@ Multi-user chat with some security and moderation controls.-Mediagoblin
-++-Mediagoblin
+Publicly host video and audio files so that you don't need to use YouTube/Vimeo/etc.
@@ -562,9 +477,9 @@ Publicly host video and audio files so that you don't need to use YouTube/Vimeo/-Mumble
-++-Mumble
+The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.
@@ -574,9 +489,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co-NextCloud
-++-NextCloud
+Store files on your server and sync them with laptops or mobile devices. Includes many plugins including videoconferencing and collaborative document editing.
@@ -586,9 +501,9 @@ Store files on your server and sync them with laptops or mobile devices. Include-PeerTube
-++-PeerTube
+Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better enables the streaming load to be shared across servers.
@@ -598,9 +513,9 @@ Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better en-PI-Hole
-++-PI-Hole
+The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.
@@ -610,9 +525,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo-Pleroma
-++-Pleroma
+Fediverse instance which is compatible with GNU Social and Mastodon, and suited for systems without much RAM or CPU resource.
@@ -622,9 +537,9 @@ Fediverse instance which is compatible with GNU Social and Mastodon, and suited-PostActiv
-++-PostActiv
+An alternative federated social networking system compatible with GNU Social, Pleroma and Mastodon. It includes some optimisations and fixes currently not available within the main GNU Social project.
@@ -634,9 +549,9 @@ An alternative federated social networking system compatible with GNU Social, Pl-PrivateBin
-++-PrivateBin
+A pastebin where the server has zero knowledge of the content being pasted.
@@ -646,9 +561,9 @@ A pastebin where the server has zero knowledge of the content being pasted.-Profanity
-++-Profanity
+A shell based XMPP client which you can run on the Freedombone server via ssh.
@@ -658,9 +573,9 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.-Riot Web
-++-Riot Web
+A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
@@ -670,9 +585,9 @@ A browser based user interface for the Matrix federated communications system, i-SearX
-++-SearX
+A metasearch engine for customised and private web searches.
@@ -682,9 +597,9 @@ A metasearch engine for customised and private web searches.-tt-rss
-++-tt-rss
+Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
@@ -694,9 +609,9 @@ Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via a-Syncthing
-++-Syncthing
+Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.
@@ -706,9 +621,9 @@ Possibly the best way to synchronise files across all of your devices. Once it h-Tahoe-LAFS
-++-Tahoe-LAFS
+Robust and encrypted storage of files on one or more server.
@@ -718,9 +633,9 @@ Robust and encrypted storage of files on one or more server.-Tox
-++-Tox
+Client and bootstrap node for the Tox chat/VoIP system.
@@ -730,9 +645,9 @@ Client and bootstrap node for the Tox chat/VoIP system.-Turtl
-++-Turtl
+A system for privately creating and sharing notes and images, similar to Evernote but without the spying.
@@ -742,18 +657,18 @@ A system for privately creating and sharing notes and images, similar to Evernot-Vim
-++-Vim
+If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.
-Virtual Private Network (VPN)
-++-Virtual Private Network (VPN)
+Set up a VPN on your server so that you can bypass local internet censorship.
@@ -763,9 +678,9 @@ Set up a VPN on your server so that you can bypass local internet censorship.-XMPP
-++XMPP
+Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as client state notification to save battery power on your mobile devices, support for seamless roaming between networks and message carbons so that you can receive the same messages while being simultaneously logged in to your account on more than one device.
diff --git a/website/EN/fediverse.html b/website/EN/fediverse.html index e42ef356..795e80b9 100644 --- a/website/EN/fediverse.html +++ b/website/EN/fediverse.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,7 +144,8 @@ for the JavaScript code in this tag.-+ +-
- +Homesteading the Fediverse
-++Homesteading the Fediverse +
+Some things you might want to know about the Fediverse:
--Federation as a concept
-++-Federation as a concept
+-The political definition of a federation is "a union of partially self-governing states or regions under a central (federal) government". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elemantary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. +The political definition of a federation is "a union of partially self-governing states or regions under a central (federal) government". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elementary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code.
-Keep the number of users on each server small
-++-Keep the number of users on each server small
+The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
-Drama will happen
-++-Drama will happen
+It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
-Don't be afraid to block
-++-Don't be afraid to block
+Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the Administrator control panel. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but this is a feature not a bug. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
-Network structure maps on to social structure
-++-Network structure maps on to social structure
+Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
-Keep your follows under the Dunbar number
-++-Keep your follows under the Dunbar number
+-Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. Real community happens at tribal scale. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. +Keep the number of other frequently active users you're following to under a couple of hundred. Your actual number of follows might be larger than this but could include users who rarely post anything. +
+ ++Once there are more than a couple of hundred highly active users in your timeline then you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will be drowned in the entropy. There are no algorithmic timelines to hide posts, and even if they're introduced then they create their own problems as an opaque form of censorship. Real community happens at tribal scale. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
-Avoid big public servers
-++Avoid big public servers
+It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
-+This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the GNU Free Documentation License version 1.3
diff --git a/website/EN/index.html b/website/EN/index.html index a9c57b09..9249cee9 100644 --- a/website/EN/index.html +++ b/website/EN/index.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,7 +144,8 @@ for the JavaScript code in this tag.-+ +
@@ -282,14 +191,23 @@ After installation it's possible that you might want some advice on how to run y
-
+- How to get a domain name
-- Apps available on the system
-- General usage
-- Frequently Asked Questions
-- Advice on setting up a mobile phone
-- I like this project. How can I help to support it?
+- How to get a domain name +
+- Improving security +
+- Adding or removing users +
+- Apps available on the system +
+- Frequently Asked Questions +
+- Advice on setting up a mobile phone +
+- I like this project. How can I help to support it? +
If you find bugs, or want to add a new app to this system see the Developers Guide and Code of Conduct. There is a Matrix chat room available at #fbone:matrix.freedombone.net.
@@ -298,7 +216,7 @@ If you find bugs, or want to add a new app to this system see the available here. -+This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the GNU Free Documentation License version 1.3
diff --git a/website/EN/security.html b/website/EN/security.html new file mode 100644 index 00000000..4d2656de --- /dev/null +++ b/website/EN/security.html @@ -0,0 +1,250 @@ + + + + ++ + + + + + + + + + + + + + +++ ++ ++++
++Authentication with keys
++++It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: +
+ ++ ++ +freedombone-client +++On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then: +
+ ++ssh myusername@freedombone.local -p 2222 ++ ++Select Administrator controls and re-enter your password, then Manage Users and Change user ssh public key. Copy and paste the ssh public keys which appeared after the freedombone-client command was run. Then go to Security settings and select Allow ssh login with passwords followed by no. +
+ ++You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to. +
+++Administrating the system via an onion address (Tor)
++++You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following: +
+ ++ ++ +ssh username@freedombone.local -p 2222 +++Select Administrator controls then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system: +
+ ++ ++ +freedombone-client +++This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with: +
+ ++ ++ +ssh username@address.onion -p 2222 +++Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating. +
++ + + ++ + diff --git a/website/EN/usage_email.html b/website/EN/usage_email.html index 45dfc6d6..28b814e9 100644 --- a/website/EN/usage_email.html +++ b/website/EN/usage_email.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - -+Back to top | E-mail me ++- - - + + + + - + @@ -235,7 +144,8 @@ for the JavaScript code in this tag. -+ +-
- --Things to be aware of
-++-Things to be aware of
+Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register.
@@ -316,9 +222,9 @@ So if you want to use your own email address hosted on your own system you do ne-A technical note about email transport security
-++-A technical note about email transport security
+Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are possible attacks against STARTTLS in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
@@ -329,25 +235,26 @@ From http-The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor +The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor
-Add a password to your GPG key
-++-Add a password to your GPG key
+If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.
+@@ -357,25 +264,26 @@ Having a password on your GPG key will prevent someone from reading your email <ssh username@domainname -p 2222 gpg --edit-key username@domain passwd save quit -exit +exit-Publishing your GPG public key
-++-Publishing your GPG public key
+If you havn't already then you should publish your GPG public key so that others can find it.
+ssh username@domainname -p 2222 gpg --send-keys username@domainname -exit +exit-Mutt email client
--++Mutt email client
++-
@@ -388,6 +296,7 @@ Mutt is a terminal based email client which comes already installed onto the Fre
+@@ -408,124 +317,124 @@ Some useful keys to know are:ssh username@domainname -p 2222- + - + - "/" -Search for text within headers +"/" +Search for text within headers - * -Move to the last message +* +Move to the last message - TAB -Move to the next unread message +TAB +Move to the next unread message - d -Delete a message +d +Delete a message - u -Undelete a mail which is pending deletion +u +Undelete a mail which is pending deletion - $ -Delete all messages selected and check for new messages +$ +Delete all messages selected and check for new messages - a -Add to the address book +a +Add to the address book - m -Send a new mail +m +Send a new mail - ESC-m -Mark all messages as having been read +ESC-m +Mark all messages as having been read - S -Mark a message as spam +S +Mark a message as spam - H -Mark a message as ham +H +Mark a message as ham - CTRL-b -Toggle side bar on/off +CTRL-b +Toggle side bar on/off - CTRL-n -Next mailbox (on side bar) +CTRL-n +Next mailbox (on side bar) - CTRL-p -Previous mailbox (on side bar) +CTRL-p +Previous mailbox (on side bar) - CTRL-o -Open mailbox (on side bar) +CTRL-o +Open mailbox (on side bar) - r -Reply to an email +r +Reply to an email - L -Reply to a mailing list email +L +Reply to a mailing list email - ] -Expand or collapse all threads +] +Expand or collapse all threads - [ -Expand of collapse the current thread +[ +Expand of collapse the current thread - CTRL-k -Import a PGP/GPG public key +CTRL-k +Import a PGP/GPG public key - v -View current email in different formats, such as HTML +v +View current email in different formats, such as HTML - CTRL-u -View long URLs +CTRL-u +View long URLs - @@ -548,9 +457,9 @@ There is one irksome thing about email within mutt, and that's if you get sent aq -Quit +q +Quit -Thunderbird/Icedove
-++Thunderbird/Icedove
+-Another common way in which you may want to access email is via Thunderbird (also known as Icedove on Debian). This may be especially useful if you're trying to convert former Windows users who may previously have been using some version of Outlook.
@@ -560,9 +469,9 @@ The following instructions should be carried out on the client machines (laptop,-Initial setup
-++-Initial setup
+Install Thunderbird and Enigmail. How you do this just depends upon your distro and software manager or "app store".
@@ -588,9 +497,12 @@ The settings should be as follows, substituting mydomainname.com for your-
- Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password
-- Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password
-- Username: myusername
+- Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password +
+- Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password +
+- Username: myusername +
@@ -618,14 +530,15 @@ Select "yes" to change default settings.
-Import your GPG keys
-++Import your GPG keys
+On the Freedombone export your GPG public and private keys.
+-ssh username@domainname -p 2222 gpg --list-keys username@domainname gpg --output ~/public_key.gpg --armor --export KEY_ID @@ -638,6 +551,7 @@ On your laptop or desktop you can import the keys with:+@@ -659,6 +573,7 @@ Remove your exported key files, both on your laptop/desktop and also on the Freescp -P 2222 username@domain:/home/username/*.gpg ~/+shred -zu ~/public_key.gpg shred -zu ~/private_key.gpg@@ -666,9 +581,9 @@ shred -zu ~/private_key.gpg-Using for the first time
-++-Using for the first time
+Click on the Thunderbird menu, which looks like three horizontal bars on the right hand side.
@@ -703,9 +618,9 @@ Get into the habit of using email encryption and encourage others to do so. Rem-Making folders visible
-++-Making folders visible
+By default you won't be able to see any folders which you may have created earlier using the mailinglistrule script. To make folders visible select:
@@ -721,312 +636,23 @@ Make sure that "show only subscribed folders" is not checked. Then click-K9 Android client
---A point about GPG on Android
-+- -+-Android apps
+-Before trying to set up email on Android you may want to consider whether you really need to do this. Android (and its variants) is not a particularly secure operating system and whether or not you wish to store GPG keys on it depends on your threat model and in what situations you'll be using your device. -
- --If you are going to use email on an Android device then ensure that you have full encryption enabled via the security settings, so that if you subsequently lose it, or if it gets stolen, the chances of encryption keys being exposed are minimised. +Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead install Mailpile and access your email via the webmail interface.
-- -Compiling the development version
----To get K9 working with Freedombone you'll need to install development versions of OpenKeychain and K9. At the time of writing the versions available in F-Droid do not support PGP/MIME or the "hidden recipient" feature of GPG. It is hoped that at some stage the patches will be integrated into the mainline or functionally equivalent changes made. Admittedly, this is not at all user friendly, but currently it's the only way to read Freedombone email on Android systems. -
- --Build script for OpenKeychain: -
- --- -mkdir ~/develop -cd ~/develop -git clone https://github.com/bashrc/open-keychain -cd open-keychain -git checkout origin/bashrc/hidden-recipient-minimal -git checkout -b bashrc/hidden-recipient-minimal -cd tools -nano build.sh ---Then add the following: -
- --- -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='openkeychain' -SDK_VERSION='r23.3.4' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [[ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz -fi -tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 22, SDK 21.1.2' - -export ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -cd $SDK_DIR/tools -./android sdk - -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -# android sdk -cd $PROJECT_HOME -git submodule init && git submodule update - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/OpenKeychain/build/outputs/apk -if [ ! -f OpenKeychain-debug.apk ]; then - echo 'OpenKeychain-debug.apk was not found' - exit -3 -fi - -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/OpenKeychain/build/outputs/apk/OpenKeychain-debug.apk" -exit 0 ---Save and exit with CTRL-o, CTRL-x. -
- --- -chmod +x build.sh -./build.sh ---Build script for K9: -
- --- -cd ~/develop -git clone https://github.com/k9mail/k-9 -cd k-9 -cd tools -nano build.sh ---Then add the following: -
- --- -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='k-9' -SDK_VERSION='r24.3.3' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz - tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -fi -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 17, SDK 19.1' -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -android sdk -cd $PROJECT_HOME - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/k9mail/build/outputs/apk -if [ ! -f k9mail-debug.apk ]; then - echo 'k9mail-debug.apk was not found' - exit -3 -fi -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/k9mail/build/outputs/apk/k9mail-debug.apk" -exit 0 ---Save and exit with CTRL-o, CTRL-x. -
- ---chmod +x build.sh -./build.sh ----Import your GPG key into OpenKeychain
----With your device connected to a laptop via USB cable and with USB debugging enabled on it: -
- --- -ssh username@domainname -p 2222 -gpg --list-keys username@domainname -gpg --output ~/public_key.gpg --armor --export KEY_ID -gpg --output ~/private_key.gpg --armor --export-secret-key KEY_ID -cat ~/public_key.gpg ~/private_key.gpg > ~/mygpgkey.asc -exit -scp -P 2222 username@domainname:/home/username/mygpgkey.asc ~/ -sudo apt-get install android-tools-adb -push ~/mygpgkey.asc /sdcard/ -shred -zu ~/mygpgkey.asc ---Then on your device select OpenKeychain and import your key from file. -
---Incoming server settings
----
-- Select settings/account settings
-- Select Fetching mail/incoming server
-- Enter your username and password
-- IMAP server should be your domain name
-- Security: SSL/TLS (always)
-- Authentication: Plain
-- Port: 993
---Outgoing (SMTP) server settings
----
-- Select settings/account settings
-- Select Sending mail/outgoing server
-- Set SMTP server to your domain name
-- Set Security to SSL/TLS (always)
-- Set port to 465
-- Set authentication to PLAIN
-- Enter your username and password
-- Accept the SSL certificate
---Crypto settings
----Select settings, Account settings, OpenKeychain and then select your key and press Allow. You should now be able to decrypt emails by entering your GPG passphrase. -
- --You may also want to change the amount of time for which passwords are remembered, so that you don't need to enter your passphrase very often. -
---Folders
----To view any new folders which you may have created using the mailinglistrule script from your inbox press the K9 icon at the top left to access folders, then press the menu button and select refresh folder list. -
- --If your folder still doesn't show up then press the menu button, select show folders and select all folders. -
--Subscribing to mailing lists
-++-Subscribing to mailing lists
+To subscribe to a mailing list log in as your user (i.e. not the root user).
+@@ -1036,14 +662,15 @@ Select Administrator controls then Email filtering rules then Assh username@domainname -p 2222-Adding email addresses to a group/folder
-++-Adding email addresses to a group/folder
+Similar to adding mailing list folders you can also add specified email addresses into a group/folder.
+@@ -1053,14 +680,15 @@ Select Administrator controls then Email filtering rules then Assh username@domainname -p 2222-Ignoring incoming emails
-++-Ignoring incoming emails
+It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.
+@@ -1070,29 +698,12 @@ Select Administrator controls then Email filtering rules then Bssh username@domainname -p 2222-Your own mailing list
-+diff --git a/website/EN/users.html b/website/EN/users.html new file mode 100644 index 00000000..5532e051 --- /dev/null +++ b/website/EN/users.html @@ -0,0 +1,201 @@ + + + + ++Using I2P for email transport
+-If you want to set up a public mailing list then when installing the system remember to set the PUBLIC_MAILING_LIST variable within freedombone.cfg to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers. +For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the bdsmail app. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.
- --To subscribe to your list send a cleartext email to: -
- --- -mymailinglistname+subscribe@domainname ---Tip: When using the Mutt email client if you want to send an email in cleartext then press p (for PGP) on the sending screen and select clear. Unsecure email is treated as being the exception rather than the default. -
- --Return to the home page - + + + + + + + + + + + + + + +++ ++ ++++
+Log into the system with: +
+ ++ ++ +ssh username@domainname -p 2222 +++Select Administrator controls then User Management. +
+ + ++++
+
+ + + ++ ++Back to top | E-mail me ++