345 lines
20 KiB
Plaintext
Executable File
345 lines
20 KiB
Plaintext
Executable File
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
VeeChit,
|
|
|
|
Normally I don't respond to emails that sound like requests for interviews
|
|
because they're invariably either an attempt to get me to dox myself or the
|
|
person asking the questions doesn't like how blunt and direct I am with my
|
|
responses and just calls me a bitch and tells me to kill myself. But today I'm
|
|
feeling reckless, so fuck it, I'll take the bait just this once.
|
|
|
|
> 1. What is the reason for your importance to security and privacy? Is it a
|
|
personal interest or a need that must be paid attention to?
|
|
|
|
I assume by "your importance to security and privacy" you mean to ask why they
|
|
are important to *me*, not how *I* am important to *them*. The answer is
|
|
straightforward: growing up in a repressive household where writing innocuous
|
|
poems online about being gay is worthy of being grounded and socially isolated
|
|
from one's support networks and friends for several weeks at a time will turn a
|
|
relatively outgoing woman into a paranoid and bitter one. The trauma of not
|
|
knowing whether or not sharing my opinions and viewpoints on things will be met
|
|
with violence at any given moment is a burden I have carried with me since
|
|
adolescence and will likely carry for the rest of my life.
|
|
|
|
Even though I now live on my own and have far more control over my life than I
|
|
did even a year ago, I still have a deep-seated psychological need to protect
|
|
myself technologically against random device searches, spyware, and attempts at
|
|
stalking through the Internet. I physically cannot bring myself to use any
|
|
operating system that doesn't have full-disk encryption either baked into the
|
|
operating system (any mainstream Linux distro) or can't be jimmy-rigged to have
|
|
FDE (Windows via VeraCrypt), so even though Haiku fascinates me, I can't use it
|
|
as anything other than a toy, a curiosity. All of my external USB drives are
|
|
encrypted. I store my files in plaintext or free-as-in-freedom file formats
|
|
whenever possible to ease the pain of potentially having to jump ship to a
|
|
different operating system at a moment's notice. (Since, you know, I might have
|
|
to use a different software suite there.) I use terminal programs whenever
|
|
possible so I can replicate my Debian setup on every computer I own regardless
|
|
of processing power, from my beefy gaming desktop to the ancient 32-bit tower I
|
|
inherited from my great-grandmother. If I lose access to one device for some
|
|
reason, whether a deliberate confiscation by a "well-meaning" family member or
|
|
theft or simply the device dies and doesn't work anymore, I can be up and
|
|
running on any other one I own within a few hours.
|
|
|
|
I am also increasingly paranoid of a potential shutdown or interruption of the
|
|
Internet. Living for years in a house with a piss-poor connection that
|
|
constantly drops out does that to you, I guess. I keep burned DVDs of the
|
|
Debian installer in my personal archives because one DVD will let you set up a
|
|
full Debian system with a pretty decent collection of software available for
|
|
further installation without needing any Internet at all. As Debian is my Linux
|
|
distro of choice, knowing I can bootstrap a new system (or a salvaged one)
|
|
without an Internet connection brings me great peace of mind. I also only use
|
|
software that can operate entirely without an Internet connection, such as
|
|
Hydrus (https://github.com/hydrusnetwork/hydrus). I felt very smug that week in
|
|
July when Twitter wouldn't let you see anything without logging in and the
|
|
whole Internet was complaining about all the content on the birdsite they
|
|
couldn't look at anymore and yet my local collection of funny images was
|
|
completely unaffected.
|
|
|
|
> 2. Considering the number of users of social networks and messengers such as
|
|
WhatsApp - Telegram, does it matter if I use Signal or Matrix or PGP email?
|
|
|
|
WhatsApp isn't used at all where I live. Telegram is only used by nutty
|
|
conspiracy theorists. Everyone I know just uses plain SMS. I have more to say,
|
|
but I hate repeating myself, so I'll just elaborate more in the next answer.
|
|
|
|
> 3. Why do people give the least importance to security and privacy? Is it
|
|
because of lack of information or not caring about this issue? For example,
|
|
most people do not use ad blockers, VPNs, open source software! Or they install
|
|
any program on their phones and PCs
|
|
|
|
You have to understand that most people have more pressing and immediate issues
|
|
in their life than the vague-to-them threat of corporate surveillance or vendor
|
|
lock-in. If you ask some random person off the street what their top five
|
|
concerns are right now, "privacy on the Internet" almost certainly isn't going
|
|
to make the list. They're going to say things like "making rent" and "the
|
|
rising cost of living" and "going bankrupt from a single medical bill". If
|
|
they're the type to glance at the news every so often, they might also say
|
|
"climate change" or "nuclear war".
|
|
|
|
In the disabled community, we have a concept called "spoons". Spoons are like a
|
|
measure of mental energy. Usually one gets a limited number of spoons each day
|
|
to spend on daily activities like doing one's laundry or feeding oneself or
|
|
tidying up the house... You get the point. (Hopefully.) The average person is
|
|
using all their spoons on staying alive. If they come home from work exhausted
|
|
and only have three spoons, they are going to spend those on making dinner and
|
|
showering and maybe some mindless Netflix consumption before collapsing into
|
|
bed. They're not going to be learning how to be a sysadmin and setting up a VPS
|
|
to self-host things. To them, that is like a second *unpaid* job with little to
|
|
no personal benefit. Maybe it would pad their resume out, but if they're not
|
|
looking for a tech job, what's the point to them?
|
|
|
|
Think about the misogynistic stereotype of the "wine mom" who likes to scroll
|
|
through Facebook and comment on cringy Minions memes and post unflattering
|
|
group photos of her family members taken during holidays. To you and me, she
|
|
might be hopelessly caught in the spiderweb of corporate algorithms sucking her
|
|
dry for data to feed to advertisers. But to her, she is just socializing with
|
|
the people in her life she loves. (Well, whichever ones are on Facebook,
|
|
anyway.) In her eyes, she is doing nothing wrong, and people like you and me
|
|
are trying to destroy her method of keeping in contact with far-flung family
|
|
members and trying to force her to absorb the equivalent of a computer science
|
|
degree in order to use a "fedi-what?" whose interfaces aren't nearly as flashy
|
|
and whose denizens are nasty and brutish and not as easily shut out as
|
|
exclusion from one's Facebook friend list would be.
|
|
|
|
"Normal" people don't care about privacy and security. They don't care if their
|
|
tools are proprietary or spying on them or could go away at a moment's notice
|
|
if the company behind them shuts down. They want to play games with their
|
|
friends (Windows) and socialize (Discord and every mainstream social media
|
|
site) and get help with their homework (Google search). "Normal" people are not
|
|
swayed by appeals to ethics or morals when it comes to their technology. The
|
|
most that letting them know their iPhone was made with Chinese slave labor will
|
|
do is momentarily make them feel bad; they will not stop buying iPhones. If the
|
|
privacy community wants to get "normal" people on board, they have to figure
|
|
out how to overcome the apathy and make their alternatives more convenient and
|
|
less expensive than what the "normal" people are already using.
|
|
|
|
I wrote a blog post a while back discussing many of these same ideas:
|
|
https://mayvaneday.org/blog/2021/september/not-harmful.html
|
|
|
|
> 4. Do you think having a site and YouTube channel and teaching people can be
|
|
useful? Or do people not care?
|
|
|
|
One of the questions further down in your email implies you want to start a
|
|
site (and you haven't already) and you're going around asking people for advice
|
|
on how to do that. Listen: you *have* to move beyond caring what other people
|
|
think. Trends on the Internet these days are frequently outlived by the common
|
|
housefly. If you base your entire online existence on being "useful" to others,
|
|
you're going to spend the rest of your life pursuing ghosts with little to no
|
|
reward. Chasing the dopamine of online validation is how we ended up with
|
|
platforms like TikTok and the lunacy that goes on there. If you're going to put
|
|
in the work to make a website, it has to be about something that interests
|
|
*you*. The motivation has to come from inside, not outside. You don't know
|
|
who's going to look at your site in the future, so you might as well have it
|
|
cater to the only guaranteed audience: yourself.
|
|
|
|
When I'm looking for a tutorial for something online, I always skip the YouTube
|
|
section at the top of the search engine results page or just put "-youtube" in
|
|
the query. Videos are clunky, bandwidth-intensive, hard to search, and not
|
|
easily updated. Don't bother making videos for YouTube unless you're mirroring
|
|
them elsewhere, like on a personal PeerTube instance.
|
|
|
|
> 5. Has the content of your site ever helped someone who thanked you or even
|
|
donated?
|
|
|
|
Literature? Sure, I get plenty of people emailing me out of the blue to praise
|
|
my poetry.
|
|
|
|
Writing about tech? Usually it's people trying to get me to play unpaid tech
|
|
support with unparseable grammar or the Lokinet devs harassing me once again
|
|
because I said their software sucks. Or it's an email full of misogynistic
|
|
slurs for the crime of being a woman on the Internet.
|
|
|
|
Nobody donates because I have no ways of donating listed on my site. Keeping
|
|
everything non-commercial gives me a legal advantage because, if someone tries
|
|
to argue copyright infringement or that I've done them some other damage, they
|
|
have no evidence that I've seen any monetary profit from the activities in
|
|
question. Plus then I don't have to deal with figuring out how to keep myself
|
|
pseudonymous from donors while still being able to convert the pretend Internet
|
|
money into something I can buy groceries with.
|
|
|
|
> 6. Why are you not a member of any social media such as Twitter - Instagram -
|
|
Mastodon?
|
|
|
|
Because they all invariably hate women. Every single damn social media site has
|
|
a culture where women and their opinions are only welcome if they're peddling
|
|
pornography or parroting the party line of the patriarchy. No dissent is
|
|
allowed. Even just the simple statement of "I'm a woman" is enough to get waves
|
|
of harassment, sexual or otherwise, sent one's way, and the platforms rarely do
|
|
anything about it because of the sheer volume of the abuse and "muh freeze
|
|
peach". (Have you ever read the book *Haters* by Bailey Poland? You really
|
|
should.) Even on a supposedly pro-woman platform like Ovarit, the misogyny
|
|
hounds me: I mainly stayed in the circles about technology, and people
|
|
frequently accused me of secretly being biologically male because I... knew
|
|
more about tech than the average poster. VeeChit, does that sentiment make any
|
|
sense to you? "Women are naturally incompetent at technology, so anyone who's a
|
|
woman and likes computers is secretly a man"? Because it doesn't make a single
|
|
damn shred of sense to me. Especially when coming from a group of
|
|
self-proclaimed feminists.
|
|
|
|
> In your opinion, what is the difference between someone who is not a member
|
|
of these networks and someone who uses these social networks?
|
|
|
|
A person who uses social media is just a person. A person who *doesn't* use
|
|
social media is still just a person. If you want me to be like those alt-tech
|
|
sites with Pepe frogs or Lain in the header who write thousands of words about
|
|
how they're morally superior for not using social media, you're going to leave
|
|
this email sorely disappointed.
|
|
|
|
The effect that a social media network has on you heavily depends on the social
|
|
circles you interact with inside that network. There's a world of difference
|
|
between the handful of Japanese fan artists that live in my RSS feed reader and
|
|
your average "RATIOOOOOO" poster who still consumes "offensive" memes better
|
|
left in 2016 and thinks unsolicited references to porn are the pinnacle of
|
|
comedy. But both groups are on Twitter. I've had respectful interactions with
|
|
people on Instagram the brief period I was on there, and I've had hate
|
|
campaigns against me on the fediverse. Sure, Twitter has an algorithm that
|
|
optimizes for making its users spend as much time as possible in the app, and
|
|
most fediverse servers don't. But clowns will be clowns no matter what circus
|
|
they're in.
|
|
|
|
In the same vein, I've met antisocial creeps who don't use social media but
|
|
will still probably end up in a jail cell for hate crimes one day, and I've met
|
|
perfectly well-adjusted individuals who like to scroll through their Facebook
|
|
feed during their lunch break at work. Holding the reductive opinion of "social
|
|
media users bad, non-users good" is unproductive and will just serve to make
|
|
you feel isolated and resentful.
|
|
|
|
> 7. What is the main advantage of being anonymous on the Internet?
|
|
|
|
People can't hate-crime you if they don't know what slurs to use. Then again,
|
|
if you never see any visible minorities on the Internet, if you never see any
|
|
opinions that go outside the zeitgeist of the average "straight white
|
|
middle-class American male"... it starts to feel like, if you don't fit the
|
|
profile of that aforementioned average Internet user, there's no real place for
|
|
you on the Internet. Either you have to pretend to be a member of a demographic
|
|
who hates your guts - a sheep wearing wolf's skin to avoid being eaten - or you
|
|
forgo your anonymity and risk being sexually harassed or having deepfakes made
|
|
of you in pornographic situations or doxxed and have violence inflicted on you
|
|
in real life.
|
|
|
|
But you specifically mentioned *advantage*, not *harm*. Assuming you're
|
|
*actually* anonymous and not the kiddie's idea of anonymity - "I opened an
|
|
incognito window so my daddy can't see my browsing history" - companies can't
|
|
advertise to you as easily because their data's all muddled up. If you have a
|
|
shared Whoogle (Google frontend) instance accessible over Tor and one person's
|
|
searching for programming tips and one's looking up video game walkthroughs and
|
|
one's doing price comparison on beauty products and one's doing research on an
|
|
ancient historical event, what pre-defined slot, what archetype, is Google
|
|
supposed to file any of them under? To Google, it looks like one singular
|
|
discombobulated person. I might be in the United States, but the Whoogle
|
|
instance might be in Brazil or some obscure European country. Have you ever
|
|
tried to turn on a VPN and then rawdog a YouTube video? I get weird ads for
|
|
products in Japan. I can't understand a single word of what's going on. The
|
|
advertising fails.
|
|
|
|
> 8. According to your experience, what is the best and most secure VPN
|
|
available that you recommend?
|
|
|
|
All VPNs are scams. Use Tor for the actually sensitive shit. There's nothing
|
|
worth watching on streaming platforms, but if you disagree, I leech off of
|
|
Riseup VPN for torrenting and I've yet to find a site that blocks me.
|
|
|
|
> 9. I am planning to start a site with Hugo, but I have no experience on the
|
|
server side to set up the web server and security matters... Can you help or
|
|
introduce a reference that you approve?
|
|
|
|
All CMSes are bloat. If you're running a hobbyist site and you feel like you
|
|
need seventeen build pipelines just to output some static HTML and CSS, you
|
|
seriously need to rethink the structure of your site. I've handwritten every
|
|
single page of my site since I switched off of WordPress, and I've never had a
|
|
problem.
|
|
|
|
> What web server do you recommend for clearnet and onion?
|
|
|
|
There is only one good web server in existence, and it's Caddy. Forget about
|
|
copy-pasting incomprehensible configuration files to make nginx happy. Here's a
|
|
perfectly functional Caddy site in only 5 lines of config:
|
|
|
|
mayvaneday.org {
|
|
root * /var/www/mayvaneday/
|
|
file_server
|
|
encode gzip
|
|
}
|
|
|
|
With that, I get automatic TLS renewal, file compression, and HTTP-to-HTTPS
|
|
redirection. No weird redirect blocks like with nginx.
|
|
|
|
Tor sites work the same. You just have to put "http://" in front of the
|
|
hostname so Caddy doesn't try to get a TLS certificate.
|
|
|
|
http://myonionhere.onion {
|
|
root * /var/www/mysite/
|
|
file_server
|
|
encode gzip
|
|
}
|
|
|
|
> 10. From which site should I buy a VPS - Domain, is it safe and accepts
|
|
Crypto?
|
|
|
|
The only way you're going to be "safe" when publishing is if you use Hyphanet
|
|
(formerly Freenet) for the whole thing. Otherwise you run the risk of at least
|
|
one component of your setup failing: your VPS provider kicks you off on a whim,
|
|
your domain provider revokes your domain, you self-host at home and the power
|
|
or Internet goes out, you mess up your DNS records and your domain points to
|
|
the wrong server...
|
|
|
|
If you stil insist on setting up a clearnet site, and your site is static HTML
|
|
and CSS, you're better off using something like Codeberg Pages
|
|
(https://codeberg.page) and then pointing a domain to it. My current domain
|
|
registrar is Namesilo. I *think* they accept crypto, but I don't know for sure,
|
|
and I don't really give a shit either way since I think all crypto is a scam.
|
|
(https://www.stephendiehl.com/blog/crypto-is-a-scam.html)
|
|
|
|
> 11. What do you think is the main advantage of using Ublock origin, Linux and
|
|
free software?
|
|
|
|
It throws a wrench in the corporate advertising machine. I believe advertising
|
|
is cognitive terrorism: companies are trying every trick in the book to force
|
|
you to spend time and energy thinking about them and their products. Even if
|
|
your sentiment on a product or the ad promoting it is bad, it's still worming
|
|
its way somewhere into your brain. I can remember advertising jingles and theme
|
|
songs from almost twenty years ago when I was still a toddler, *long* after the
|
|
original marketing dollars were spent. Corporations want to live in your head
|
|
rent-free. Why else would they make such annoying commercials on TV and
|
|
streaming services? Why else would over two hundred *billion* dollars be spent
|
|
every year (just counting the USA!) to compete for your finite time, attention,
|
|
and neuron space? (https://www.statista.com/topics/979/advertising-in-the-us/)
|
|
I'm at the point where I'm going to start committing acts of property damage.
|
|
Have you ever seen those photos of European countries where billboards are
|
|
banned along the highways? The gigantic swaths of pristine land unmarred by
|
|
corporate signage? It feels like I'm on an alien planet.
|
|
|
|
This is another benefit of having an offline-first setup. Advertisers can't
|
|
track me if my data's not going anywhere. They can't burrow their way into my
|
|
system like the ads in Windows 10's start menu if my system has no way into it.
|
|
|
|
> 12. In your opinion, which operating system do you recommend for security
|
|
work? Whonix - Tails - Qubes OS
|
|
|
|
"Security", or "secure"? If I was going to test the security of something, I'd
|
|
use Kali instead. Qubes is for when you don't trust your software. Tails is for
|
|
when you don't trust your network. Whonix is for when you don't trust your
|
|
ability to set up a secure environment and you just need a "good enough"
|
|
solution.
|
|
|
|
VeeChit, please tell me where you got this email address from and how you found
|
|
my site because, judging from the fact you addressed me as "Vanevander" without
|
|
the space and not as my actual name (Vane Vander), this smells a lot like a
|
|
mass email you fired off to multiple webmasters without reading any part of my
|
|
site first.
|
|
|
|
- - vclv
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQFOBAEBCgA4FiEEq2j4OrvQF4SeDEtjVj/VgT2D7rUFAmTT+A8aHHZhbmV2YW5k
|
|
ZXJAbWF5dmFuZWRheS5hcnQACgkQVj/VgT2D7rXnEgf9GQ8At0mbcp3f6N1FAMno
|
|
w+XDyF8eQQ0IHVnw542RN4Fx6aIp10b/hj2WTgSw2OHFfeljLvwk+NTadb6vR2R6
|
|
zgPjZHHusMZFBJWWaegf+SwDzeirmAtiVThru6yTnR22Cibn04qO2X949wo9UL3S
|
|
tdzWhIwMYiFe32sYuUFxxlQJRKEHjkshHed29YoyJ3lDU3M+nt7hVoeAaby/bzhV
|
|
9QtCjfcmf2l+AeXoymQylGv5pIRARy9m/ZsOQiTJEz2CC551R9sOvCWaQJiIHKhZ
|
|
1N4nFoLepaWyFwSSy8hJlvyDAUe9+heyJs1tXeA1UTXuYCZnaJaLnvk7YhRXJxOe
|
|
uw==
|
|
=vdGk
|
|
-----END PGP SIGNATURE-----
|