56
linuxxx
7y

Although I do give some privacy related advice here and there on here, I'm planning on hiring a server dedicated to devRant regarding privacy/tiny simple tools.

I've got the folloing in mind:

- Host the privacy website
- Put a pi-hole server on it for everyone to use
- Own IP lookup API which would display it in a few data formats.

Any other ideas?

Comments
  • 9
    What would be the benefit of that to the community? @Lahsen2016
  • 6
    Awesome and generous idea! Maybe a secure chatroom on the server?
  • 7
    @404response Sounds like a great idea, I know some people who'd still like to work on a custom encrypted chat which would be using the Signal crypto protocol.

    @Lahsen2016 Ah fair enough :)
  • 2
    @linuxxx I would be happy to help
  • 1
    @404response We'd first have to port the existing JS library to a library which is actually usable :). Something that requires cryptographic knowledge which I don't have at that level myself :/
  • 4
    Make sure you're company that owns the vps won't close your account if some jackass uses the vpn for torrenting.

    I would say something to use to store contacts like owncloud but i think that would be pushing it cause of the amount of disk space needed
  • 0
    @linuxxx well you have a lot more knowledge on that than me but I am sure we can figure it out. Which language should it be ported to?
  • 3
    @404response I was working on that until i got real busy. It was still js cause i wanted keys to stay clientside. The problem was that the js library was written for electron but needed to be ported to work in browser and the documentation is shit abit nonexistant
  • 3
    @PerfectAsshole @404response what the asshole said :P

    Perfect asshole*
  • 1
  • 0
    I have wanted to learn more about encryption / cryptography for a long time so I guess now is the right time :)
  • 0
    IP lookup as in whois lookup?

    Shameless plug to my PHP whois site:
    https://github.com/olback/...
  • 1
    Oh also, public pihole would be so awesome. I've got a pihole running my Pi but only on my LAN :/
  • 11
    So basically instead of everyone running their own nodes, you want to centralize everything and use something that logs every single dns request on default, genius! 😍
  • 0
    @JoshBent im really unsure if this is sarcastic or not
  • 2
    @linuxxx you know @JoshBent and @LeFlawk have a point got any ideas for a way to ssh in with just read access to it where people can check config files and logs?
  • 4
    @PerfectAsshole yes, you're doing great, please make him think that's a great idea (maybe emphasize a bit more on "root" access?), then somebody for sure will write a bot/cron (just by pure coincidence) which will log and publicly shame everyone who uses it, wasn't there recently just a wave of aroused scriptkiddies running around on devrant suggesting this as a project anyway? this could be the first milestone! I fully support this, tag me in the collab when you do this guys!

    This idea (as presented) has no place nor future, those nodes are for a reason not centralized and giving public access to ANY server (be it read only or smth. else) is a bad idea to begin with but which apparently has also an admin that wants to host a pi-hole _publicly_ makes it even better.

    I honestly doubt you @linuxxx - you always try to seem as very advanced in security, privacy etc and then let it rip one after another. I see you wanting to host something, but for fucks sake don't host a botnet.
  • 1
    @PerfectAsshole Not to mention that you can never trust any other party in making sure your data is secure (especially one that apparently has very small or no knowledge whatsoever in managing it) - and because it would be a community project, it would have a much higher hit rate than any of self made shitty vps.
  • 1
    Adding to "trust into other parties" (which can't be just flat without mentioning the full image). How likely is it that some small host or "friendly devrant neighbour" fucks up his security and leaks all your data he so perfectly collected or hosts (don't start any bullshit like "I won't log anything" - fuck up security - get MITM for all your do it yourself glued together chat protocols [how is that by the way any better than what telegram is shit on here? especially with "I have no knowledge in cryptography"]) versus a big company like google or even shit ass facebook - they have highly trained and highly paid people that live and just wet themselves waiting for scriptkiddies attempting to fuck around. Also what are the consequences for both - a small hoster/devranter fucking up and leaking all your shit, versus the big company.
  • 3
    @JoshBent that problem is why i asked him if he had any ideas. It doesnt matter if you make a "readonly" user cause they usually can write files in /dev/shm,/tmp,/var/tmp and /run/user/(uid) which can be excuteable.

    As for @linuxxx, he's still learning. his heart and mind are in the right place trying to help people out.

    And as for the vpn, i wouldn't use it cause i already have a selfhosted vpn
  • 1
    @JoshBent I can see that you are referring to the chat room idea and also me mentioning that I don't know much about cryptography. I would have seen the chatroom as a learning project. No one ever said that it should be an actual messenger like telegram. It is a project to learn more about the topic, at least that's what I would have thought.
  • 2
    Fucking christ, I am writing this shit as message for the third time by now thanks to the fucking feature of "click a pixel away from the comment textbox and all your shits gone". Basically @linuxxx I fully support your privacy site idea, since its a cool project and you are hanging on it for a while by now already too - but let the other dangerous bullshit spawned and mentioned in this thread - be a dream of those 9 year olds on devrant that post ideas like "let's fuck people up publicly and have a giggle about it! ROFL". Regarding your public IP lookup API, it's a nice project to learn how things work, especially regarding API development, but if you want to take it beyond that, you have bad cards, because those get abused heavily but all kinds of chinese bots etc. - so you would have to implement some sort of filtering, blocking and auth

    (cont.)
  • 2
    also you have tons of competition which are dedicated to this for years and handle 150 requests per minute for free. (just recently used one to check where the iptables blocked IPs of my honeypot were coming from for example)
  • 1
    @404response that wasn't even the main thing, but sure it's all fine and games for learning experiences to a certain point.
  • 1
    @PerfectAsshole exactly my point, but learning does not mean make users run into a blade of malicious people, by being too naive, too unprepared, too positive/optimist, ..
  • 2
    @PerfectAsshole just scroll through the past 2 weeks (or maybe a week is enough) of how much fucking elementary schoolers we have that just want to for example MITM and scan peoples info just to archive and publish it for the "lulz".
  • 1
    @JoshBent there are ways to allow ssh as a readonly user, the easiest way is building a custom shell that only has cd, ls, cat, and more built in combine it with a fuse filesystem that has the write functions stubed it makes it impossible for that user to do anything besides just look at the files in question. I was going to do it as a learning exercise for him but since you want to say the idea is impossible to do securely i guess i had to say how it needed to be done. As long as the key directory is unreadable the system would be secure.
  • 2
    @PerfectAsshole I am aware of such ways, yet still, this makes me just want to quote what I wrote before your message - it's some self written or limited wrapped shell just like any of those learning websites have (just less trouble, because they actually container it etc., but offtopic) - how can you know what you ls or cat isn't just a hardcoded string that gets spit out if you cat that exact file/path? do you see where I am coming from or should I expand even further on this.
  • 2
    @JoshBent yeah i see where you're coming from now, i was thinking from somebody taking over the server
  • 1
    @Condor I agree with you, though where did everyone pick up the vpn idea to begin with? I think @PerfectAsshole was the first one to missread something or think a pi-hole is a vpn maybe?
  • 1
    @PerfectAsshole well that's just obvious and only minutes away, if one implements his own (wrapped) shell or gives some sort of access to begin with.
  • 2
    @JoshBent yeah i get alittle mixed up cause alot of people that use pi-hole also setup a vpn and i keep forgetting its just a blackhole dns
  • 1
    @PerfectAsshole it's ok I just don't want people to shift too much to something that hasn't actually been thrown out (thankfully) as a fully blown idea (yet), as it's just too handy to adress that instead of the actual critique I have towards all this.
  • 2
    @Condor just as @PerfectAsshole mentioned it's a dns server which just has a shitty web-interface and a blacklist running on it - basically an adblocker fucked so hard together to work as a dns.
  • 1
    @Condor not only that (addressing your edit) - EVERYONE would know you did (and the 10 year olds of devrant would publish it here for everyone - to see their "h4cking skillz"), since pi-hole on default logs every single dns request done and also it was suggested to give access to that data via one way or another previously in this thread anyway.
  • 1
    @Condor you misunderstood, the pi-hole on base does not allow external access - the people in this thread, basically wanted to make it public.
  • 1
    @Condor good question, yet no answers as of yet.
  • 4
    @JoshBent @Condor @PerfectAsshole This discussion has been very insightful for me
  • 0
    @Condor @JoshBent I've already set one up which a few ranters use but I turned logging off for privacy reasons
  • 0
    @JoshBent I turn off logging every time I install one of those, even if its solely for personal use ;)
  • 0
    @JoshBent Why the fuck are you suddenly accusing me of wanting to host a botnet?! I'm not getting what you mean by that comment at all.
  • 0
    @JoshBent Also define rip it one after another please.
  • 1
    I can help with the IP api
  • 0
    i don't know if I like the pihole idea, cuz I don't have money to support all the sites I want to visit, that's why I don't use ad block so the money goes to the creator. Does pihole block just the trackers or it block ads them selves too?
  • 1
    @vhoyer It just returns nothing (or something like that) for the DNS requests which contain ad/tracking domains! Can also define your own wildcard/domain specific white/blacklists :)
  • 2
    @linuxxx well then, that's sounds like a nice level of configurations, then I could block wix from trying to advertise me something I'll never buy xD
  • 0
    Regarding the chat - XMPP (e. g. EJabberd) is a good option (The oxolotl protocol is available if you're using a compatible client).
  • 1
    @theCalcaholic How does it work with metadata?
  • 0
    @linuxxx However you configure it. ;)

    You control the server.
  • 1
    @theCalcaholic Would it take much not to save any metadata at all?
  • 0
    @linuxxx No, that's the easiest of all configurations. Just don't write the logs.
  • 1
    @theCalcaholic I'm not talking about logs!
  • 0
    @linuxxx I don't think it saves metadata anywhere else than in the logs. But I'll check in greater detail when I'm at home.
  • 1
    @theCalcaholic metadata == everything of a message except for it contents. From who to who, time, date, IP addresses etc etc
  • 0
    @linuxxx Yes I know. XMPP caches messages until they have been transmitted. After that they are removed from the server. So, if you don't log anything there is no metadata remaining after a message has arrived.
  • 0
    @linuxxx I was pretty clear, you might want to re-read and others that answered it understood it too, so I don't see any reason for you not to?

    Ask away if any of my questions or concerns were difficult to understand (for whatever the reason might be) - especially the first line is pretty easy "centralized instead of running own nodes" imho which directly addresses your "but I deactivate logs" which I ALSO addressed seperately, basically read again, since you can't tell me you did even remotely read what I wrote.
  • 0
    Oh I read everything but let me read it again just to be sure @JoshBent
  • 0
    @JoshBent I completely misinterpreted what @PerfectAsshole said, I thought he meant providing shell access in general with no specific reason but now I'm seeing that you'd mean the config files for pi-hole etc.

    I'm hosting a pi-hole for a few devRant friends anyways but as for the logging part you've got a good point, it's hard to prove if I'd log anything or not.

    The pi-hole server is off the table, good points, also keep in mind that it was just an idea, going to do the IP lookup thingy anyways and as for that one, feel free to use it or not, that's up to you but I'd find it very useful for myself personally.

    Not centralized, which nodes are you talking about?

    The part I really do not get is the botnet part? It'd be one server which has a few useful api's running and the privacy website possibly, what would that have to do with a botnet?
  • 0
    @PerfectAsshole @JoshBent Although, would there be privacy concerns regarding a thing like an IP lookup api? (as in literally, you'd do a request and it'll show you your public IP)
  • 0
    @linuxxx ip lookup is just a page which shows you the ip from which it was requested - so it only uses data any page/webserver could access.
  • 0
    @theCalcaholic And dns queries would reveal a lot more about a person than just an IP address I guess, that's why the pihole thingy isn't the best idea
  • 0
    @linuxxx This is data you need to store when running a XMPP server:

    (Relatively) mandatory:
    -the ID
    -password hash
    -offline messages (messages sent to a contact who wasn't online at the time) - they'll be deleted when they can be transmitted

    Optional:
    - If you want to enable contacts syncing you need to store these in the server
    - If you want to keep a message history on the server in order to sync them to clients, you need to store it (otherwise a client only knows the messages which were received while it was online).
  • 1
    @linuxxx well any shell access is the problem to begin with, which leads to the botnet call - since any implementation of a wrapped shell or read only shell etc. would just end in someone here on devrant or outside of devrant getting root one way or another and then doing with it whatever he wants (add it to a botnet, host his scanning tools, ..) - log all dns traffic silently, log everything the next ssh users do or inject into their sessions via sshrc or other ways, basically theres tons of fun one can do after he elevated himself to root or equivalent on a server.

    "logging part you've got a good point, it's hard to prove if I'd log anything or not."

    Exactly my point, nor can you trust your own server either after implementing even half the ideas that were presented here. (which you did realize aren't great, thankfully)

    (cont.)
  • 1
    "Not centralized, which nodes are you talking about?"

    The pi-hole is meant to be hosted either locally or per user, so if one of those gets fucked, nobody else is affected by a stupidity of one misconfigured install or its security.

    Regarding the IP-API - I thought you would have done something more like an IP geo-lookup, which determines based on the IP where its from, for example via ip-range lookup table, but you just want something like https://www.ipify.org/ or http://ip-api.com/docs/api:json
  • 1
    @linuxxx right. Apparently I misunderstood your question. :)

    I thought you were talking about a page to check whether or not your VPN is working.
  • 3
    @JoshBent My main issue with the shell access was indeed the fact that Linux isn't 100% secure and if someone finds a privilege escalation flaw yeah that would be fucked.

    I'll keep running my own pihole on my Vps for myself since I'd like a privacy conscious DNS server wherever I am.

    The api is literally meant as an equivilant of whatsismyio.com etc but I got blocked there a few times while playing around with a custom build VPN client.

    Apologies if I gave the impression of suddenly being the bad guy/untrustworthy when it comes to privacy, I got a little excited there without thinking about the pihole idea flaws. Thanks for taking the time to explain stuffs, I think I got everything now.

    Oh and relating to the part where you mentioned script kiddies running around exposing stuff in reference to me, I already clearly changed my opinion on that one which you gave me props for :D
  • 1
    @linuxxx props again for actually rethinking it all :)
  • 1
    @JoshBent Hey, not all my ideas are genius by default! But I can get excited with these kinda things aaaand then I sometimes overlook things :). But anyways, what do you think about the IP lookup thing? Also with different kind of encodings I thought and maybe later on stuff like user agents or some headers or so? Idk, just brainstorming with myself.
  • 1
    @linuxxx what do you mean by different encodings since I don't really see how anything else but utf8 would be handy? 😅 but besides that yeah sure, it's basically like one or three lines of php iirc
  • 0
    @JoshBent rephrase, data types maybe? Like JSON, XML, CSV 😬
  • 1
    @linuxxx ahh ye sure, have a look above I posted one of the more popular ones, they have already a good feature set you could base your ideas of
  • 3
    This is very interestint. I have to follow this ideas.
  • 1
    I kust love the discussions that start on here, I can learn so much stuff from all the comments :)
  • 0
    Tor bridge and log all the data 😂
Add Comment