privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Feature Suggestion | Hosting Guidlines #1196

New Issue
Open
opened 2019-08-22 18:21:35 +00:00 by ggg27 · 3 comments
ggg27 commented 2019-08-22 18:21:35 +00:00 (Migrated from github.com)
Copy Link

Description: Discussion thread for adding "secure hosting provider" to Software Criteria

Why?: There are a lot of web hosting providers promoting privacy (see #1181), the goal of this issue is to set criteria. Especially for issues like #1043 and #934.

What do you recommend?:
The current VPN criteria is:

  • Prioritize Products by privacy respecting nationality.
  • Cannot be based in USA or UK.
  • Must be acessable via free software (i.e OpenVPN, WireGuard)
  • Use Encryption
  • Accept Cryptocurrency
  • No logging policy

I think this is a good start. Although, I would like to propose expanding "Must be acessable via free software" to include free/libre cPanels like VESTA as well as using privacy respecting OSes (like Debian or OpenBSD/LibertyBSD) and up-to-date free/libre hypervisors.

Plus, free and anonymous sign-ups are fairly common and good thing to consider adding.
Most providers except signup via email.

OpenSSH is standard now, so basically everybody encrypts their connection to a VPS and web-hosting is generally done using HTTPS-client. Certbot should work for everything else.

Note: I did want to expand on the "Cannot be based in USA or UK." should this apply to hosting providers as well?

**Description**: Discussion thread for adding "secure hosting provider" to [Software Criteria](https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md#software-criteria) **Why?**: There are a lot of web hosting providers promoting privacy (see [#1181](https://github.com/privacytoolsIO/privacytools.io/issues/1181)), the goal of this issue is to set criteria. Especially for issues like #1043 and #934. **What do you recommend?**: The current VPN criteria is: - [ ] Prioritize Products by privacy respecting nationality. - [ ] Cannot be based in USA or UK. - [ ] Must be acessable via free software (i.e OpenVPN, WireGuard) - [ ] Use Encryption - [ ] Accept Cryptocurrency - [ ] No logging policy I think this is a good start. Although, I would like to propose expanding "Must be acessable via free software" to include free/libre cPanels like [VESTA](https://github.com/serghey-rodin/vesta) as well as using privacy respecting OSes (like Debian or OpenBSD/LibertyBSD) and up-to-date free/libre hypervisors. Plus, free and anonymous sign-ups are fairly common and good thing to consider adding. Most providers except signup via email. OpenSSH is standard now, so basically everybody encrypts their connection to a VPS and web-hosting is generally done using HTTPS-client. [Certbot](https://www.wikipedia.org/wiki/Certbot) should work for everything else. ______________ **Note**: I did want to expand on the "Cannot be based in USA or UK." should this apply to hosting providers as well?
Mikaela commented 2019-09-30 18:22:48 +00:00 (Migrated from github.com)
Copy Link

Some things I would like to see:

  • eco friendliness (see https://datacenterlight.ch/ for example)
  • ethical (e.g. I don't want to see PTIO recommending providers that host child porn https://github.com/privacytoolsIO/privacytools.io/issues/1299#issuecomment-536671500)
    • This is not a call to delist Tor or other "darknets", as far as I am aware of, their developers have a stance against child porn, but cannot affect what users use them for regardless of whether it's bad. And if there was a backdoor against child abusers, there would be nothing to prevent it from being used against the next whistleblower or similar.
    • I am also not supporting that the providers should mass surveill what goes on their servers (I don't know whether the hosts of CyberBunker were aware of the illicit content on their services, but I hope that when someone reports malicious content on a server to the provider, the provider will confirm this claim and then take action).
Some things I would like to see: * eco friendliness (see https://datacenterlight.ch/ for example) * ethical (e.g. I don't want to see PTIO recommending providers that host child porn https://github.com/privacytoolsIO/privacytools.io/issues/1299#issuecomment-536671500) * This is not a call to delist Tor or other "darknets", as far as I am aware of, their developers have a stance against child porn, but cannot affect what users use them for regardless of whether it's bad. And if there was a backdoor against child abusers, there would be nothing to prevent it from being used against the next whistleblower or similar. * I am also not supporting that the providers should mass surveill what goes on their servers (I don't know whether the hosts of CyberBunker were aware of the illicit content on their services, but I hope that when someone reports malicious content on a server to the provider, the provider will confirm this claim and then take action).
👍 1
blacklight447 commented 2019-10-04 11:22:44 +00:00 (Migrated from github.com)
Copy Link

We will be making a solid set of criteria after our email section is finished.

We will be making a solid set of criteria after our email section is finished.
Mikaela commented 2019-10-13 08:36:21 +00:00 (Migrated from github.com)
Copy Link

Comments from Linda at Matrix:

Prioritize Products by privacy respecting nationality.

What does that mean?

Also fyi, I'm not in favor of "no logging". Under the GDPR, with legitimate interests or legal obligation, it is fine for me for any provider to keep logs (of IP-addresses, metadata) for the "safety" of the user.
That only has to happen transparently and communicated to the individual.

If there's something about data protection, it should be in those countries where the EU Commission has given an affirmative adequacy decision.

When the law doesn't say something, and in international markets, I really would like to see clear terms of service which also provide some "protections" for the client for disputes.

Comments from Linda at Matrix: >> Prioritize Products by privacy respecting nationality. > > What does that mean? > Also fyi, I'm not in favor of "no logging". Under the GDPR, with legitimate interests or legal obligation, it is fine for me for any provider to keep logs (of IP-addresses, metadata) for the "safety" of the user. > That only has to happen transparently and communicated to the individual. > If there's something about data protection, it should be in those countries where the EU Commission has given an affirmative adequacy decision. > When the law doesn't say something, and in international markets, I really would like to see clear terms of service which also provide some "protections" for the client for disputes.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🔍🤖 Search Engines
approved
approved, waiting for a PR
dependencies
Pull requests that update a dependency file
duplicate
feedback wanted
high priority
I2P
The Invisible Internet Project (I2P)
iOS
low priority
OS
Operating Systems
Self-contained networks
Social media
stale
A label for stalebot if it gets added
streaming
Anything related to media streaming.
todo
Tor
Anything covering the Tor network
WIP
active work in progress, do not merge or PR (yet)!
wontfix
Issues or bugs that will not be fixed and/or do not have significant impact on the project.
XMPP
Extensible Messaging and Presence Protocol
[m]
Matrix protocol
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
Browser Extension related issues
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
Correction of content on the website
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
Firefox & forks, about:config etc.
💻 hardware
🌐 hosting
🏠 housekeeping
Anything primarily related to site cleanup.
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
Virtual Private Network
🌐 website issue
*Technical* issues with the website.
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
Domain Name System
🗨️ instant messaging (im)
🇦🇶 translations
Anything covering a translated version of the site
No Label
enhancement
🌐 hosting
Milestone
No items
No Milestone
Assignees
Clear assignees
jonah
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1196
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?