[liberationtech] Advice needed for secure IM/Voice/Video Service
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Fri Jun 28 19:35:45 PDT 2013
Il 6/29/13 1:02 AM, Anthony Papillion ha scritto:
> So I'm setting up a new Jabber service at www.patts.us.
>
> I want to make it as secure and safe as possible for people to use it
> and I'd like some advice. Here's what I've done so far:
>
> 1. Turned off all logging on the server (httpd, xmpp, etc)
> 2. Doesn't require ANY user info to register
> 3. Doesn't log conversations
> 4. Allows access via Tor
It would be a nice transparency measure to run a small web server that
provide direct access to the full server filesystem, allowing to browse
everything and download any files, with few exceptions such as SSH or
SSL private keys.
That way anyone would be able to fully inspect the server, even without
logging-in, by assessing configurations and checking out that logs are
not kept.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
More information about the liberationtech
mailing list