From e048ade0a117691a8ccdc4e067572f0ae8dd6bf9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 8 Aug 2016 17:57:32 +0100 Subject: [PATCH] Removing javascript --- website/EN/backups.html | 66 +++----- website/EN/code.html | 14 +- website/EN/controlpanel.html | 102 +++++------- website/EN/faq.html | 192 ++++++++++----------- website/EN/index.html | 14 +- website/EN/installation.html | 128 +++++++------- website/EN/mesh.html | 116 ++++++------- website/EN/mirrors.html | 60 +++---- website/EN/mobile.html | 68 ++++---- website/EN/related.html | 14 +- website/EN/support.html | 68 ++++---- website/EN/usage.html | 314 +++++++++++++++++------------------ website/EN/usage_email.html | 168 +++++++++---------- website/EN/variants.html | 14 +- 14 files changed, 585 insertions(+), 753 deletions(-) diff --git a/website/EN/backups.html b/website/EN/backups.html index 19142b3f..cd88282c 100644 --- a/website/EN/backups.html +++ b/website/EN/backups.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -255,31 +255,31 @@ for the JavaScript code in this tag. -Backup keys +Backup keys -Backup to USB +Backup to USB -Restore from USB +Restore from USB -Distributed/remote backups +Distributed/remote backups -Restore from a friend +Restore from a friend -
-

Backup keys

-
+
+

Backup keys

+

As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the .gnupg keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:

@@ -303,9 +303,9 @@ A pro-tip for the best possible security is to create multiple USB drives contai

-
-

Backup to USB

-
+
+

Backup to USB

+

First and foremost - encrypt your USB drives! Even if you think you have "nothing to hide" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the Disk Utility application. Some instructions can be found here.

@@ -337,9 +337,9 @@ When the backup ends remove the USB drive and keep it somewhere safe. Even if it

-
-

Restore from USB

-
+
+

Restore from USB

+

Log into the system and become the root user:

@@ -363,9 +363,9 @@ Enter the LUKS password for the USB drive. When the restore is complete you can

-
-

Distributed/remote backups

-
+
+

Distributed/remote backups

+

Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.

@@ -389,12 +389,12 @@ You can then enter the usernames, domains and ssh logins for one or more remote

-
-

Restore from a friend

-
-
-

With a completely new Freedombone installation

-
+
+

Restore from a friend

+
+
+

With a completely new Freedombone installation

+

This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.

@@ -422,9 +422,9 @@ Finally select Restore from remote backup and enter the domain name of th

-
-

On an existing Freedombone installation

-
+
+

On an existing Freedombone installation

+

This is for more common situations in which maybe some data became corrupted and you want to restore it.

@@ -473,18 +473,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/code.html b/website/EN/code.html index d4739408..ab0b9b3c 100644 --- a/website/EN/code.html +++ b/website/EN/code.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -297,18 +297,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/controlpanel.html b/website/EN/controlpanel.html index d153abf6..c711faee 100644 --- a/website/EN/controlpanel.html +++ b/website/EN/controlpanel.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,54 +254,54 @@ for the JavaScript code in this tag. -Main menu +Main menu -User control panel +User control panel -About screen +About screen -Email filtering rules +Email filtering rules -Hubzilla menu +Hubzilla menu -IRC menu +IRC menu -Media menu +Media menu -Repository mirrors +Repository mirrors -Backup and restore menu +Backup and restore menu -Security menu +Security menu -User management menu +User management menu -
-

Main menu

-
+
+

Main menu

+

You can access the main menu by logging into the system.

@@ -334,9 +334,9 @@ To select anythng on the control panel use the up and down cursor keys an
-
-

User control panel

-
+
+

User control panel

+

When a user initially logs in they will see a version of the control panel with restricted options aimed at the kinds of things which someone who isn't the administrator might wish to do. An expected scenario is that you might have a few friends or family members on the system, and this is who this menu is intended for.

@@ -358,9 +358,9 @@ It's also possible for the user to define email filtering rules, add a ssh publi

-
-

About screen

-
+
+

About screen

+

To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address.

@@ -383,9 +383,9 @@ The Local Mirrors contains mirrored copies of the git repositories used by the s
-
-

Email filtering rules

-
+
+

Email filtering rules

+

You can add users to mailing lists, or block particular email addresses or subject lines in this menu.

@@ -400,9 +400,9 @@ You can add users to mailing lists, or block particular email addresses or subje
-
-

Hubzilla menu

-
+
+

Hubzilla menu

+

This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary.

@@ -417,9 +417,9 @@ This allows you to set the global directory location and obtain an SSL/TLS certi
-
-

IRC menu

-
+
+

IRC menu

+

You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing).

@@ -434,9 +434,9 @@ You can view the current IRC password or change it from here. Currently the IRC
-
-

Media menu

-
+
+

Media menu

+

It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA.

@@ -451,9 +451,9 @@ It's possible to add playable media to a USB drive and plug it into the system,
-
-

Repository mirrors

-
+
+

Repository mirrors

+

If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the About screen of the control panel).

@@ -468,9 +468,9 @@ If you don't want to use the default repositories, or don't have access to them,
-
-

Backup and restore menu

-
+
+

Backup and restore menu

+

You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key.

@@ -485,9 +485,9 @@ You can create backups or restore from backup here. It's also possible to create
-
-

Security menu

-
+
+

Security menu

+

If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system.

@@ -502,9 +502,9 @@ If you need to generate SSL/TLS certificates or change cypher details due to cha
-
-

User management menu

-
+
+

User management menu

+

Users can be added or removed here.

@@ -542,18 +542,6 @@ Users can be added or removed here.
Back to top | E-mail me
- -
diff --git a/website/EN/faq.html b/website/EN/faq.html index 1bf0242e..d45582ae 100644 --- a/website/EN/faq.html +++ b/website/EN/faq.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -255,19 +255,19 @@ for the JavaScript code in this tag. -I don't have a static IP address. Can I still install this system? +I don't have a static IP address. Can I still install this system? -Why not support building images for Raspberry Pi? +Why not support building images for Raspberry Pi? -Why use Github? +Why use Github? -Keys and emails should not be stored on servers. Why do you do that? +Keys and emails should not be stored on servers. Why do you do that? @@ -275,83 +275,83 @@ for the JavaScript code in this tag. -Why can't I access my .onion site with a Tor browser? +Why can't I access my .onion site with a Tor browser? -What is the best hardware to run this system on? +What is the best hardware to run this system on? -Can I add more users to the system? +Can I add more users to the system? -Why not use Signal for mobile chat? +Why not use Signal for mobile chat? -What is the most secure chat app to use on mobile? +What is the most secure chat app to use on mobile? -How do I remove a user from the system? +How do I remove a user from the system? -How do I reset the tripwire? +How do I reset the tripwire? -Is metadata protected? +Is metadata protected? -How do I create email processing rules? +How do I create email processing rules? -Why isn't dynamic DNS working? +Why isn't dynamic DNS working? -How do I change my encryption settings? +How do I change my encryption settings? -How do I get a domain name? +How do I get a domain name? -How do I get a "real" SSL/TLS/HTTPS certificate? +How do I get a "real" SSL/TLS/HTTPS certificate? -How do I renew a Let's Encrypt certificate? +How do I renew a Let's Encrypt certificate? -I tried to renew a Let's Encrypt certificate and it failed. What should I do? +I tried to renew a Let's Encrypt certificate and it failed. What should I do? -Why use self-signed certificates? +Why use self-signed certificates? -Why not use the services of $company instead? They took the Seppuku pledge +Why not use the services of $company instead? They took the Seppuku pledge -Why does my email keep getting rejected as spam by Gmail/etc? +Why does my email keep getting rejected as spam by Gmail/etc?
-
-

I don't have a static IP address. Can I still install this system?

-
+
+

I don't have a static IP address. Can I still install this system?

+

Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.

@@ -361,9 +361,9 @@ The lack of a static IP address can be worked around by using a dynamic DNS serv

-
-

Why not support building images for Raspberry Pi?

-
+
+

Why not support building images for Raspberry Pi?

+

The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.

@@ -373,9 +373,9 @@ So although the Raspberry Pi is cheap and hugely popular it's not supported by t

-
-

Why use Github?

-
+
+

Why use Github?

+

Github is paradoxically a centralized, closed and proprietary system which happens to mostly host free and open source projects. Up until now it has been relatively benign, but at some point in the name of "growth" it will likely start becoming more evil, or just become like SourceForge - which was also once much loved by FOSS developers, but turned into a den of malvertizing.

@@ -393,9 +393,9 @@ Currently many of the repositories used for applications which are not yet packa

-
-

Keys and emails should not be stored on servers. Why do you do that?

-
+
+

Keys and emails should not be stored on servers. Why do you do that?

+

Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:

@@ -453,17 +453,17 @@ In the home environment a box with a good firewall and no GUI components install
-
-

Why can't I access my .onion site with a Tor browser?

-
+
+

Why can't I access my .onion site with a Tor browser?

+

Probably you need to add the site to the NoScript whitelist. Typically click/press on the noscript icon (or select from the menu on mobile) then select whitelist and add the site URL. You may also need to disable HTTPS Everywhere when using onion addresses, which don't use https.

-
-

What is the best hardware to run this system on?

-
+
+

What is the best hardware to run this system on?

+

It was originally designed to run on the Beaglebone Black, but that should be regarded as the most minimal system, because it's single core and has by today's standards a small amount of memory. Obviously the more powerful the hardware is the faster things like web pages (blog, social networking, etc) will be served but the more electricity such a system will require if you're running it 24/7. A good compromise between performance and energy consumption is something like an old netbook. The battery of an old netbook or laptop even gives you UPS capability to keep the system going during brief power outages or cable re-arrangements, and that means using full disk encryption on the server also becomes more practical.

@@ -473,9 +473,9 @@ It was originally designed to run on the Beaglebone Black, but that should be re

-
-

Can I add more users to the system?

-
+
+

Can I add more users to the system?

+

Yes. Freedombone can support a small number of users, for a "friends and family" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those).

@@ -499,9 +499,9 @@ Another point is that Freedombone installations are not intended to support many

-
-

Why not use Signal for mobile chat?

-
+
+

Why not use Signal for mobile chat?

+

Celebrities recommend Signal. It's Free Software so it must be good, right?

@@ -522,9 +522,9 @@ To give credit where it's due Signal is good, but it could be a lot better. The

-
-

What is the most secure chat app to use on mobile?

-
+
+

What is the most secure chat app to use on mobile?

+

On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.

@@ -534,13 +534,13 @@ The current safest way to chat is to use Con

-There are many other fashionable chat apps with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified. +There are many other fashionable chat apps with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.

-
-

How do I remove a user from the system?

-
+
+

How do I remove a user from the system?

+

To remove a user:

@@ -556,9 +556,9 @@ Select Administrator controls then Manage Users and then Delete

-
-

How do I reset the tripwire?

-
+
+

How do I reset the tripwire?

+

The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:

@@ -574,9 +574,9 @@ Select Administrator controls then "reset tripwire" using cursors and spa

-
-

Is metadata protected?

-
+
+

Is metadata protected?

+

"We kill people based on metadata" @@ -592,9 +592,9 @@ Even when using Freedombone metadata analysis by third parties is still possible

-
-

How do I create email processing rules?

-
+
+

How do I create email processing rules?

+
ssh username@domainname -p 2222
@@ -651,9 +651,9 @@ Spamassassin is also available and within Mutt you can use the S (shift+s) key t
-
-

Why isn't dynamic DNS working?

-
+
+

Why isn't dynamic DNS working?

+

If you run the command:

@@ -678,9 +678,9 @@ https://www.privateinternetaccess.com/pages/whats-my-ip/
-
-

How do I change my encryption settings?

-
+
+

How do I change my encryption settings?

+

Suppose that some new encryption vulnerability has been announced and that you need to change your encryption settings. Maybe an algorithm thought to be secure is now no longer so and you need to remove it. You can change your settings by doing the following:

@@ -696,9 +696,9 @@ Select Administrator controls then select Security Settings. You w

-
-

How do I get a domain name?

-
+
+

How do I get a domain name?

+

Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.

@@ -766,9 +766,9 @@ You should now be able to send an email from postmaster@mynewdomainname a
-
-

How do I get a "real" SSL/TLS/HTTPS certificate?

-
+
+

How do I get a "real" SSL/TLS/HTTPS certificate?

+

If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:

@@ -788,9 +788,9 @@ One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS

-
-

How do I renew a Let's Encrypt certificate?

-
+
+

How do I renew a Let's Encrypt certificate?

+

Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.

@@ -810,9 +810,9 @@ Select Administrator controls then Security settings then Renew

-
-

I tried to renew a Let's Encrypt certificate and it failed. What should I do?

-
+
+

I tried to renew a Let's Encrypt certificate and it failed. What should I do?

+

Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:

@@ -828,9 +828,9 @@ Select Administrator controls then Security settings then Creat

-
-

Why use self-signed certificates?

-
+
+

Why use self-signed certificates?

+

Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up scary-scary looking browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is no certainty about who that connection is with.

@@ -852,17 +852,17 @@ For now a self-signed certificate will probably in most cases protect your commu

-
-

Why not use the services of $company instead? They took the Seppuku pledge

-
+
+

Why not use the services of $company instead? They took the Seppuku pledge

+

That pledge is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "on our side". Post-nymwars and post-PRISM we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.

-
-

Why does my email keep getting rejected as spam by Gmail/etc?

-
+
+

Why does my email keep getting rejected as spam by Gmail/etc?

+

Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.

@@ -922,18 +922,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/index.html b/website/EN/index.html index 355be64c..2c9c51ad 100644 --- a/website/EN/index.html +++ b/website/EN/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -356,18 +356,6 @@ This site can also be accessed via a Tor browser at 4fvfozz6g3zmvf76.onion
Back to top | E-mail me
- -
diff --git a/website/EN/installation.html b/website/EN/installation.html index 6965ac17..13000ce3 100644 --- a/website/EN/installation.html +++ b/website/EN/installation.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,11 +254,11 @@ for the JavaScript code in this tag. -Building an image for a Single Board Computer or Virtual Machine +Building an image for a Single Board Computer or Virtual Machine -Checklist +Checklist @@ -266,34 +266,34 @@ for the JavaScript code in this tag. -Installation +Installation -Social Key Management - the 'Unforgettable Key' +Social Key Management - the 'Unforgettable Key' -Final Setup +Final Setup -Keydrives +Keydrives -On Client Machines +On Client Machines -Administering the system +Administering the system -
-

Building an image for a Single Board Computer or Virtual Machine

-
+
+

Building an image for a Single Board Computer or Virtual Machine

+

You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the freedombone-image command.

@@ -379,9 +379,9 @@ If the image build fails with an error such as "Error reading from server. Re
-
-

Checklist

-
+
+

Checklist

+

Before installing Freedombone you will need a few things.

@@ -395,17 +395,17 @@ Before installing Freedombone you will need a few things.
-
-

Installation

-
+
+

Installation

+

There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.

-
-

On a Laptop, Netbook or Desktop machine

-
+
+

On a Laptop, Netbook or Desktop machine

+

If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:

@@ -424,9 +424,9 @@ freedombone menuconfig
-
-

On a single board computer (SBC)

-
+
+

On a single board computer (SBC)

+

Currently the following boards are supported:

@@ -510,9 +510,9 @@ Using the password 'freedombone'. Take a note of the new login password and then
-
-

As a Virtual Machine

-
+
+

As a Virtual Machine

+

Virtualbox and Qemu are supported. You can run a 64 bit Qemu image with:

@@ -534,42 +534,42 @@ The default login will be username 'fbone' and password 'freedombone'. Take a no
-
-

Social Key Management - the 'Unforgettable Key'

-
+
+

Social Key Management - the 'Unforgettable Key'

+

During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities

-
-

You have the gnupg keyring on an encrypted USB drive

-
+
+

You have the gnupg keyring on an encrypted USB drive

+

If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.

-
-

You have a number of key fragments on USB drives retrieved from friends

-
+
+

You have a number of key fragments on USB drives retrieved from friends

+

-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more Keydrives. +If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more Keydrives.

-
-

You can specify some ssh login details for friends servers containing key fragments

-
+
+

You can specify some ssh login details for friends servers containing key fragments

+

Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.

-
-

Final Setup

-
+
+

Final Setup

+

Any manual post-installation setup instructions or passwords can be found in /home/username/README. You should remove any passwords from that file and store them within a password manager such as KeepassX.

@@ -687,16 +687,16 @@ On your internet router, typically under firewall settings, open the following p
-
-

Keydrives

-
+
+

Keydrives

+

After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:

-
-

Master Keydrive

-
+
+

Master Keydrive

+

This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the Disk Utility application. Then plug it into the Freedombone system, then from your local machine run:

@@ -712,9 +712,9 @@ Select Administrator controls then Backup and Restore then Back

-
-

Fragment keydrives

-
+
+

Fragment keydrives

+

This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the Disk Utility application. Plug it into the Freedombone system then from your local machine run the following commands:

@@ -735,9 +735,9 @@ Fragments are randomly assigned and so you will need at least three or four keyd
-
-

On Client Machines

-
+
+

On Client Machines

+

You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.

@@ -755,9 +755,9 @@ freedombone-client
-
-

Administering the system

-
+
+

Administering the system

+

To administer the system after installation log in via ssh, become the root user and then launch the control panel.

@@ -801,18 +801,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/mesh.html b/website/EN/mesh.html index c1dd59e1..b33c20c0 100644 --- a/website/EN/mesh.html +++ b/website/EN/mesh.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,34 +254,34 @@ for the JavaScript code in this tag. -What is a mesh network? +What is a mesh network? -The Freedombone Mesh +The Freedombone Mesh -Installation +Installation -Wifi adaptors +Wifi adaptors -Using the mesh +Using the mesh -Further reading +Further reading -
-

What is a mesh network?

-
+
+

What is a mesh network?

+

The internet as it currently exists is mostly organised according to a client/server model. Servers run the web services and store the data and clients are the laptops, desktops and other devices accessing the servers. In a mesh network there isn't any clear division between clients and servers. The computers on a mesh network are known as "peers" and they can perform the functions of both clients and servers. Commonly this is also known as a "peer to peer" network.

@@ -313,20 +313,20 @@ Example use cases would be:
-
-

The Freedombone Mesh

-
+
+

The Freedombone Mesh

+

The Freedombone mesh is offline - in the sense of not being part of the larger internet - and consists of a set of computers with the software installed communicating wirelessly using ordinary wifi. Peers can enter or leave the network and it will adjust automatically. All communications between peers is end-to-end encrypted, so although it's easy to join the network it's not easy to passively evesdrop.

-
-

Installation

-
-
-

Two types of system

-
+
+

Installation

+
+
+

Two types of system

+

Installation is split into two categories, routers and user devices.

@@ -344,9 +344,9 @@ Small computers acting as mesh routers can also be battery operated or solar pow

-
-

Installing on routers

-
+
+

Installing on routers

+

Whatever system you're going to use as a mesh router should have a new Debian Jessie install on it. It's advisable that this be a new install so that there is no existing software on the system which could confuse the mesh install process.

@@ -416,9 +416,9 @@ The reboot is needed in order to enable zram and the hardware random number gene

-
-

Installing on user devices

-
+
+

Installing on user devices

+

Typically on a laptop with a Debian-based distro installed, open a terminal and type:

@@ -452,16 +452,16 @@ sudo dpkg -i batctl_2014.1.0-2_amd64.deb
-
-

Wifi adaptors

-
+
+

Wifi adaptors

+

There are a small number of wifi adaptors which are compatible with a fully free software stack.

-
-

Atheros AR9271

-
+
+

Atheros AR9271

+

To install the firmware for this:

@@ -479,17 +479,17 @@ mv *.fw /lib/firmware
-
-

Using the mesh

-
+
+

Using the mesh

+

The following sections only apply to client devices. Mesh routers are only for routing network traffic and operating trackers and distributed hash tables for bootstrapping purposes.

-
-

Switching from internet to mesh mode

-
+
+

Switching from internet to mesh mode

+

To join the mesh network open a terminal and type:

@@ -519,9 +519,9 @@ If for any reason things don't seem to be updating you can force an update by is
-
-

Chat

-
+
+

Chat

+

If you have a Tox client installed on your system then you can use that to communicate with other mesh peers. A limitation is that if peers change you may need to quit the application and restart it in order to receive the updated list of DHTnodes. The Toxic client is installed by default, but you may also want to install qTox for a more conventional-looking user experience.

@@ -568,9 +568,9 @@ A note for the security-conscious is that broadcasting Tox IDs via the network (

-
-

Blogging

-
+
+

Blogging

+

The Freedombone mesh uses a fully decentralized blogging system called ZeroBlog. It behaves rather like other peer-to-peer file sharing systems in that if you are reading the blog of another user you are also simultaneously seeding it to other peers (acting as both a client and a server). This allows the system to scale well, while also being robust to any peer failing or leaving the network.

@@ -588,17 +588,17 @@ To add a new blog entry click the new post button, edit the title and con

-
-

Other services

-
+
+

Other services

+

It is hoped that a decentralized forum will be added, but this is not yet complete. In the mean time a substitute is to use the Tox group chat feature.

-
-

Turning off the mesh

-
+
+

Turning off the mesh

+

If you wish to return to the internet then open a terminal and type:

@@ -615,9 +615,9 @@ After a few seconds your usual internet wifi connection should be re-established
-
-

Further reading

-
+
+

Further reading

+

For much more extensive details about deploying wireless networks there is an excellent book called Wireless Networking in the Developing World which is worth reading. It's not necessarily exclusively about mesh networks, but may be useful in terms of advice about antennas, reflections, extending wifi range and so on.

@@ -651,18 +651,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/mirrors.html b/website/EN/mirrors.html index a8e7bdbe..b15ee6f3 100644 --- a/website/EN/mirrors.html +++ b/website/EN/mirrors.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,62 +254,62 @@ for the JavaScript code in this tag. -What are mirrors and why do they exist? +What are mirrors and why do they exist? -What security do mirrors have? +What security do mirrors have? -How do I set up mirrors? +How do I set up mirrors? -Do mirrors include debian package repositories? +Do mirrors include debian package repositories? -What do I need to do to keep the mirrored repositories updated? +What do I need to do to keep the mirrored repositories updated? -
-

What are mirrors and why do they exist?

-
+
+

What are mirrors and why do they exist?

+

It would be nice if all of the applications used by this project were packaged for Debian, but currently they're not. This means that various upstream git repositories are used and these mostly reside on Github. What if Github were to go away, become paying only or be censored in some manner which was difficult to work around? To guard against this possibility the repositories are mirrored on each install and can then be made available to other users so that new installations or updates could still occur without the original default repos.

-
-

What security do mirrors have?

-
+
+

What security do mirrors have?

+

On each install you have a mirrors user created, whose only purpose is to mirror upstream repositories. A random password is generated for the mirrors user which can be seen within the control panel and so given to other users who may need it.

-
-

How do I set up mirrors?

-
+
+

How do I set up mirrors?

+

The interactive installer will ask whether you want to configure the main respositories. Enter the URL, which will typically be an onion address, the ssh port number and the password for the mirrors on that system.

-
-

Do mirrors include debian package repositories?

-
+
+

Do mirrors include debian package repositories?

+

No. Packages for Debian will still be accessed in the conventional manner.

-
-

Can I change mirrors after the system has been installed

-
+
+

Can I change mirrors after the system has been installed

+

Yes. From the control panel select "Set the main repository"

@@ -324,9 +324,9 @@ Yes. From the control panel select "Set the main repository"
-
-

What do I need to do to keep the mirrored repositories updated?

-
+
+

What do I need to do to keep the mirrored repositories updated?

+

Nothing. That happens as part of regular automatic updates.

@@ -360,18 +360,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/mobile.html b/website/EN/mobile.html index 82459115..837eccb6 100644 --- a/website/EN/mobile.html +++ b/website/EN/mobile.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -270,9 +270,9 @@ Mobile phones are insecure devices, but they're regarded as being so essential t -
-

Open

-
+
+

Open

+

Use a Linux based phone operating system. Typically this will mean Android, but could also mean Cyanogenmod or Replicant. Cyanogen is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by Cyanogenmod. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.

@@ -283,45 +283,45 @@ Why is it so important to run Linux on a phone? Aren't iThings supposed t
-
-

Remove

-
+
+

Remove

+

So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of surveillance capital. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.

-
-

Encrypt

-
+
+

Encrypt

+

Encrypt your phone. This can usually be done via Settings/Security and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.

-
-

Apps

-
+
+

Apps

+

Installing F-droid and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.

-
-

Lock

-
+
+

Lock

+

Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called Locker, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.

-
-

Onion

-
+
+

Onion

+

Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not theoretically impossible but at least very hard for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.

@@ -332,9 +332,9 @@ In F-droid under the repositories menu you can enable the guardian pro
-
-

ssh

-
+
+

ssh

+

The most secure way to access email is via an ssh connection and shell interface. This is not highly convenient, but it does keep your email and GPG key off of the phone which improves your security. If your phone is subsequently stolen then even if an adversary can get past the lock screen there are no emails stored on the phone. Install Connectbot, generate an RSA key of at least 2048 bits and give it a password. Copy and paste the ssh public key to a pastebin and then add it to home/myusername.ssh/authorized keys on Freedombone. Then add an ssh account for the Freedombone, using port 2222. Before you log in you will need to ensure that the ssh key is unlocked. If you lose your phone then you can remove that public key from authorized_keys and anyone in possession of the phone will no longer be able to get ssh access to your system.

@@ -345,18 +345,18 @@ This is a defense in depth approach in which there are multiple hurdles w
-
-

Services

-
+
+

Services

+

For information on configuring various apps to work with Freedombone see the usage section. Also see advice on chat apps in the FAQ.

-
-

Battery preservation

-
+
+

Battery preservation

+

Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.

@@ -394,18 +394,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/related.html b/website/EN/related.html index 5e04a847..8d69a88b 100644 --- a/website/EN/related.html +++ b/website/EN/related.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -299,18 +299,6 @@ The following projects made Freedombone possible.
Back to top | E-mail me
- -
diff --git a/website/EN/support.html b/website/EN/support.html index a3a55df1..a1051f7b 100644 --- a/website/EN/support.html +++ b/website/EN/support.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -246,9 +246,9 @@ for the JavaScript code in this tag.

Support

-
-

Contact details

-
+
+

Contact details

+

This site can also be accessed via a Tor browser at 4fvfozz6g3zmvf76.onion

@@ -275,21 +275,21 @@ This site can also be accessed via a Tor browser at 4fvfozz6g3zmvf76.onion
-
-

Things which would be nice to have

-
-
-

Ideas

-
+
+

Things which would be nice to have

+
+
+

Ideas

+

Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.

-
-

Money

-
+
+

Money

+

At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.

@@ -300,27 +300,27 @@ If you find this project useful then you may wish to consider donating to
-
-

Testing and reporting bugs

-
+
+

Testing and reporting bugs

+

Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.

-
-

Web design and artwork

-
+ -
-

More education and promotion

-
+
+

More education and promotion

+
@@ -338,18 +338,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
-
-

Translations

-
+
+

Translations

+

To add translations modify the json files within the locale subdirectory. Then make a pull request on the Github site.

-
-

Packaging

-
+
+

Packaging

+

Helping to package GNU Social and Hubzilla for Debian would be beneficial.

@@ -384,18 +384,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/usage.html b/website/EN/usage.html index 727bc555..480c9fdb 100644 --- a/website/EN/usage.html +++ b/website/EN/usage.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,15 +254,15 @@ for the JavaScript code in this tag. -Readme +Readme -Improving ssh security +Improving ssh security -Administrating the system via an onion address (Tor) +Administrating the system via an onion address (Tor) @@ -274,46 +274,46 @@ for the JavaScript code in this tag. -Syncing to the Cloud +Syncing to the Cloud -Play Music +Play Music -Microblogging (GNU Social) +Microblogging (GNU Social) -Sharing things +Sharing things -Social Network +Social Network -Chat Services +Chat Services -RSS Reader +RSS Reader -Git Projects +Git Projects -Adding or removing users +Adding or removing users -
-

Readme

-
+
+

Readme

+

After the system has installed a README file will be generated which contains passwords and some brief advice on using the installed systems. You can read this with the following commands:

@@ -334,9 +334,9 @@ To exit you can either just close the terminal or use CTRL-x CTRL-c follo

-
-

Improving ssh security

-
+
+

Improving ssh security

+

To improve ssh security you can generate an ssh key pair on your system and then upload the public key to the Freedombone.

@@ -389,9 +389,9 @@ If you wish to only use ssh keys then log in to the Freedombone, become the root
-
-

Administrating the system via an onion address (Tor)

-
+
+

Administrating the system via an onion address (Tor)

+

You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:

@@ -437,9 +437,9 @@ Subsequently even if dynamic DNS isn't working you may still be able to administ

-
-

Syncing to the Cloud

-
+
+

Syncing to the Cloud

+

Syncthing provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "men in the middle", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from.

@@ -449,9 +449,9 @@ Freedombone provides Syncthing shared directories for each user on the system, p

-
-

On a laptop

-
+
+

On a laptop

+

Install syncthing:

@@ -506,9 +506,9 @@ Now wait for a few minutes. Eventually you will see two messages appear within t

-
-

On Android

-
+
+

On Android

+

Install Syncthing and Connectbot from F-droid.

@@ -539,12 +539,12 @@ Now wait for a few minutes or more. Eventually you should receive two notificati
-
-

Play Music

-
-
-

With the DLNA service

-
+
+

Play Music

+
+
+

With the DLNA service

+

An easy way to play music on any mobile device in your home is to use the DLNA service. Copy your music into a directory called "Music" on a USB thumb drive and then insert it into from socket on the Beaglebone.

@@ -585,12 +585,12 @@ The DLNA service will only work within your local home network, and isn't remote
-
-

Microblogging (GNU Social)

-
-
-

Initial setup

-
+
+

Microblogging (GNU Social)

+
+
+

Initial setup

+

To log into your GNU Social site first obtain your username and password from the "microblogging" section of the readme file.

@@ -619,17 +619,17 @@ GNU Social has a clutter-free mobile user interface which can be accessed via a
-
-

Direct Messages (DMs) and privacy

-
+
+

Direct Messages (DMs) and privacy

+

One important point about GNU Social is that although direct messages (DMs) are treated as being private their security is quite poor. If you want real communications privacy then use other systems such as XMPP+OMEMO/OTR, Tox or email with GPG. GNU Social is primarily about fully public communications.

-
-

Using with Emacs

-
+
+

Using with Emacs

+

If you are an Emacs user it's also possible to set up GNU Social mode as follows:

@@ -714,9 +714,9 @@ And as a quick reference the main keys are:
-
-

Sharing things

-
+
+

Sharing things

+

If you have the GNU Social microblogging system installed then it's also possible to share things or services between groups or with particular users. This can be useful for sharing items within a family, club or in a local sharing economy. Sharing things freely, without money, reveals the social basis at the root of all economics which money normally conceals or obscures.

@@ -743,20 +743,20 @@ The "catalog" button then allows you to search for shared things within t
-
-

Social Network

-
-
-

Domains

-
+
+

Social Network

+
+
+

Domains

+

Both Hubzilla and GNU Social try to obtain certificates automatically at the time of installation via Let's Encrypt. This will likely mean that in order for this to work you'll need to have obtained at least one "official" domain via a domain selling service, since Let's Encrypt mostly doesn't seem to work with free subdomains from sites such as freeDNS.

-
-

Initial install

-
+
+

Initial install

+

On first visiting your Hubzilla site you'll see the login screen. The first thing you need to do is register a new user. The first user on the system then becomes its administrator.

@@ -770,19 +770,19 @@ On first visiting your Hubzilla site you'll see the login screen. The first thin
-
-

Chat Services

-
-
-

IRC

-
+
+

Chat Services

+
+
+

IRC

+

IRC is useful for multi-user chat. The classic use case is for software development where many engineers might need to coordinate their activities, but it's also useful for meetings, parties and general socialising.

-
-

Irssi

-
+
+

Irssi

+

The easiest way to use irssi is to connect to your system, like this:

@@ -798,9 +798,9 @@ Then select IRC from the menu. However, other than via this method using

-
-

HexChat

-
+
+

HexChat

+

HexChat (formerly XChat) is compatible with proxying via Tor and so provides the best security when connecting to your IRC server. It will allow you to connect to your IRC server's onion address.

@@ -978,9 +978,9 @@ Click close and then connect.
-
-

Emacs

-
+
+

Emacs

+

If you are an Emacs user then you can also connect to your IRC server via Emacs.

@@ -1013,9 +1013,9 @@ Add the following to your Emacs configuration file:
-
-

Changing or removing the IRC password

-
+
+

Changing or removing the IRC password

+

By default the IRC server is set up to require a password for users to log in. The password is the same for all users. If you want to change or remove the password:

@@ -1033,20 +1033,20 @@ Select Administrator controls then IRC Menu and then change the pa
-
-

XMPP/Jabber

-
-
-

About XMPP

-
+
+

XMPP/Jabber

+
+
+

About XMPP

+

A well written article on the state of XMPP and how it compares to other chat protocols can be found here.

-
-

Using with Gajim

-
+
+

Using with Gajim

+

In mid 2016 Gajim became the first desktop XMPP client to support the OMEMO end-to-end security standard, which is superior to the more traditional OTR since it also includes multi-user chat and the ratcheting mechanism pioneered by Open Whisper Systems. To install it:

@@ -1092,9 +1092,9 @@ If you wish to use OpenPGP to encrypt your messages then go to Edit/Accounts<
-
-

Using with Profanity

-
+
+

Using with Profanity

+

The Profanity shell based user interface and is perhaps the simplest way to use XMPP from a laptop. It's also a good way to ensure that your OTR keys are the same even when logging in from different laptops or devices, and it also means that if those devices later become compomised then there are no locally stored OTR keys to be found.

@@ -1184,9 +1184,9 @@ When accessed via the user control panel the client is automatically routed thro

-
-

Using with Jitsi

-
+
+

Using with Jitsi

+

Jitsi is the recommended communications client for desktop or laptop systems, since it includes the off the record (OTR) feature which provides some additional security beyond the usual SSL certificates.

@@ -1216,9 +1216,9 @@ You can also see this vide

-
-

Using with Ubuntu

-
+
+

Using with Ubuntu

+

The default XMPP client in Ubuntu is Empathy. Using Empathy isn't as secure as using Jitsi, since it doesn't include the off the record feature, but since it's the default it's what many users will have easy access to.

@@ -1236,17 +1236,17 @@ Click on Advanced and make sure that Encryption required and Ig

-
-

Using Tor Messenger

-
+ -
-

Using with Android/Conversations

-
+
+

Using with Android/Conversations

+

Install F-Droid

@@ -1282,16 +1282,16 @@ Then select Next. When chatting you can use the lock icon to encrypt your
-
-

Tox

-
+
+

Tox

+

Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within the README within your home directory. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available.

-
-

Using the Toxic client

-
+
+

Using the Toxic client

+

Log into your system with:

@@ -1315,20 +1315,20 @@ Then from the menu select Tox Chat. Tox is encrypted by default and also
-
-

VoIP (Voice and text chat)

-
-
-

Text chat

-
+
+

VoIP (Voice and text chat)

+
+
+

Text chat

+

In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.

-
-

Using with Ubuntu

-
+
+

Using with Ubuntu

+

Within the software center search for "mumble" and install the client then run it. Skip through the audio setup wizard.

@@ -1338,9 +1338,9 @@ Click on "add new" to add a new server and enter the default domain name for the

-
-

Using with Android

-
+
+

Using with Android

+

Install F-Droid

@@ -1375,24 +1375,24 @@ Selecting the server by pressing on it then connects you to the server so that y
-
-

SIP phones

-
+
+

SIP phones

+

Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security.

-
-

About ZRTP

-
+
+

About ZRTP

+

ZRTP appears to be the current best standard to end-to-end encrypted voice calls, combining good security with simplicity of use. When the initial cryptographic negotiation between phones is done at the start of a call a short authentication string (SAS) is calculated and displayed at both ends. To check that there isn't anyone intercepting the call and acting as a man in the middle - as stingray type devices try to do - the short authentication string can be read out and verbally confirmed between the callers. If it's the same then you can be pretty confident that the call is secure.

-
-

Using with CSIPSimple

-
+
+

Using with CSIPSimple

+

Add an account. Under General Wizards choose Expert and enter the following details:

@@ -1448,9 +1448,9 @@ If everything is working the account should appear in green with a status of

-
-

Using with Ring

-
+
+

Using with Ring

+

From the menu select Manage accounts.

@@ -1503,9 +1503,9 @@ Select the Security tab. Under SRTP Key Exchange select ZRTP
-
-

RSS Reader

-
+
+

RSS Reader

+

The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier.

@@ -1517,9 +1517,9 @@ The way that RSS reading is set up on Freedombone gives you strong reading priva
-
-

Finding the onion address

-
+
+

Finding the onion address

+

See the control panel for the RSS reader onion address.

@@ -1544,9 +1544,9 @@ To set up the system open http://rss_
-
-

On mobile

-
+
+

On mobile

+

To access the RSS reader from a mobile device you can install a Tor compatible browser such as OrFox. It will try to automatically change to the mobile version of the user interface. Remember to add the site to the NoScript whitelist, and you may also need to turn HTTPS Everywhere off.

@@ -1558,9 +1558,9 @@ A note for the paranoid is that on mobile devices you get redirected to a differ
-
-

With Emacs

-
+
+

With Emacs

+

If you are an Emacs user then you can also read your RSS feeds via the Avandu mode.

@@ -1602,9 +1602,9 @@ And ensure that the Tor daemon is installed:
-
-

Git Projects

-
+
+

Git Projects

+

Github is ok, but it's proprietary and funded by venture capital. If you been around on the internet for long enough then you know how this story eventually works itself out - i.e. badly for the users. It's really only a question of time. If you're a software developer or do things which involve the Git version control system then it's a good idea to become accustomed to hosting your own repositories, before the inevitable Github shitstorm happens.

@@ -1642,9 +1642,9 @@ This will stop any spam accounts being created by random strangers or bots. You

-
-

Adding or removing users

-
+
+

Adding or removing users

+

Log into the system with:

@@ -1701,18 +1701,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/usage_email.html b/website/EN/usage_email.html index 23953d3e..efa79f90 100644 --- a/website/EN/usage_email.html +++ b/website/EN/usage_email.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -254,54 +254,54 @@ for the JavaScript code in this tag. -Things to be aware of +Things to be aware of -A technical note about email transport security +A technical note about email transport security -Add a password to your GPG key +Add a password to your GPG key -Publishing your GPG public key +Publishing your GPG public key -Mutt email client +Mutt email client -Thunderbird/Icedove +Thunderbird/Icedove -K9 Android client +K9 Android client -Subscribing to mailing lists +Subscribing to mailing lists -Adding email addresses to a group/folder +Adding email addresses to a group/folder -Ignoring incoming emails +Ignoring incoming emails -Your own mailing list +Your own mailing list -
-

Things to be aware of

-
+
+

Things to be aware of

+

Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register.

@@ -315,9 +315,9 @@ So if you want to use your own email address hosted on your own system you do ne

-
-

A technical note about email transport security

-
+
+

A technical note about email transport security

+

Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are possible attacks against STARTTLS in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.

@@ -333,9 +333,9 @@ The researchers also uncovered mass scale attacks of STARTTLS sessions being str
-
-

Add a password to your GPG key

-
+
+

Add a password to your GPG key

+

If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.

@@ -357,9 +357,9 @@ Having a password on your GPG key will prevent someone from reading your email <
-
-

Publishing your GPG public key

-
+
+

Publishing your GPG public key

+

If you havn't already then you should publish your GPG public key so that others can find it.

@@ -373,9 +373,9 @@ gpg --send-keys username@domainname
-
-

Mutt email client

-
+
+

Mutt email client

+
@@ -541,9 +541,9 @@ When reading emails you will initially need to enter your GPG password. It will
-
-

Thunderbird/Icedove

-
+
+

Thunderbird/Icedove

+

Another common way in which you may want to access email is via Thunderbird (also known as Icedove on Debian). This may be especially useful if you're trying to convert former Windows users who may previously have been using some version of Outlook.

@@ -553,9 +553,9 @@ The following instructions should be carried out on the client machines (laptop,

-
-

Initial setup

-
+
+

Initial setup

+

Install Thunderbird and Enigmail. How you do this just depends upon your distro and software manager or "app store".

@@ -611,9 +611,9 @@ Select "yes" to change default settings.

-
-

Import your GPG keys

-
+
+

Import your GPG keys

+

On the Freedombone export your GPG public and private keys.

@@ -662,9 +662,9 @@ shred -zu ~/private_key.gpg
-
-

Using for the first time

-
+
+

Using for the first time

+

Click on the Thunderbird menu, which looks like three horizontal bars on the right hand side.

@@ -699,9 +699,9 @@ Get into the habit of using email encryption and encourage others to do so. Rem
-
-

Making folders visible

-
+
+

Making folders visible

+

By default you won't be able to see any folders which you may have created earlier using the mailinglistrule script. To make folders visible select:

@@ -717,12 +717,12 @@ Make sure that "show only subscribed folders" is not checked. Then click
-
-

K9 Android client

-
-
-

A point about GPG on Android

-
+
+

K9 Android client

+
+
+

A point about GPG on Android

+

Before trying to set up email on Android you may want to consider whether you really need to do this. Android (and its variants) is not a particularly secure operating system and whether or not you wish to store GPG keys on it depends on your threat model and in what situations you'll be using your device.

@@ -732,9 +732,9 @@ If you are going to use email on an Android device then ensure that you have ful

-
-

Compiling the development version

-
+
+

Compiling the development version

+

To get K9 working with Freedombone you'll need to install development versions of OpenKeychain and K9. At the time of writing the versions available in F-Droid do not support PGP/MIME or the "hidden recipient" feature of GPG. It is hoped that at some stage the patches will be integrated into the mainline or functionally equivalent changes made. Admittedly, this is not at all user friendly, but currently it's the only way to read Freedombone email on Android systems.

@@ -940,9 +940,9 @@ Save and exit with CTRL-o, CTRL-x.
-
-

Import your GPG key into OpenKeychain

-
+
+

Import your GPG key into OpenKeychain

+

With your device connected to a laptop via USB cable and with USB debugging enabled on it:

@@ -967,9 +967,9 @@ Then on your device select OpenKeychain and import your key from file.

-
-

Incoming server settings

-
+
+

Incoming server settings

+
  • Select settings/account settings
  • Select Fetching mail/incoming server
    • @@ -981,9 +981,9 @@ Then on your device select OpenKeychain and import your key from file.
-
-

Outgoing (SMTP) server settings

-
+
+

Outgoing (SMTP) server settings

+
  • Select settings/account settings
  • Select Sending mail/outgoing server
    • @@ -996,9 +996,9 @@ Then on your device select OpenKeychain and import your key from file.
-
-

Crypto settings

-
+
+

Crypto settings

+

Select settings, Account settings, OpenKeychain and then select your key and press Allow. You should now be able to decrypt emails by entering your GPG passphrase.

@@ -1008,9 +1008,9 @@ You may also want to change the amount of time for which passwords are remembere

-
-

Folders

-
+
+

Folders

+

To view any new folders which you may have created using the mailinglistrule script from your inbox press the K9 icon at the top left to access folders, then press the menu button and select refresh folder list.

@@ -1022,9 +1022,9 @@ If your folder still doesn't show up then press the menu button, select <
-
-

Subscribing to mailing lists

-
+
+

Subscribing to mailing lists

+

To subscribe to a mailing list log in as your user (i.e. not the root user).

@@ -1040,9 +1040,9 @@ Select Administrator controls then Email filtering rules then A

-
-

Adding email addresses to a group/folder

-
+
+

Adding email addresses to a group/folder

+

Similar to adding mailing list folders you can also add specified email addresses into a group/folder.

@@ -1058,9 +1058,9 @@ Select Administrator controls then Email filtering rules then A

-
-

Ignoring incoming emails

-
+
+

Ignoring incoming emails

+

It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.

@@ -1076,9 +1076,9 @@ Select Administrator controls then Email filtering rules then B

-
-

Your own mailing list

-
+
+

Your own mailing list

+

If you want to set up a public mailing list then when installing the system remember to set the PUBLIC_MAILING_LIST variable within freedombone.cfg to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers.

@@ -1126,18 +1126,6 @@ Return to the home page
Back to top | E-mail me
- -
diff --git a/website/EN/variants.html b/website/EN/variants.html index 7c1d4bee..23f8c680 100644 --- a/website/EN/variants.html +++ b/website/EN/variants.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -302,18 +302,6 @@ Return to the home page
Back to top | E-mail me
- -