Fedora 33: Use custom DNS addresses - Unix & Linux Stack ...

Bitcoin mentioned around Reddit: Are there any decentralized, 100% FOSS Domain Name Systems (DNS)? For how long will we still have to rely on centralized DNS servers?! /r/linux

Bitcoin mentioned around Reddit: Are there any decentralized, 100% FOSS Domain Name Systems (DNS)? For how long will we still have to rely on centralized DNS servers?! /linux submitted by SimilarAdvantage to BitcoinAll [link] [comments]

How to anonymously host the continued development of youtube-dl offshore

Original sources of this guide (might be more up to date in case you're viewing a mirror of it):
In this guide I will go through how to anonymously host the continued development of youtube-dl offshore using companies that have a track record of being very resilient to DMCA takedowns. As a general disclaimer, youtube-dl is not illegal, no matter how much the RIAA wants it to be. Hosting it is not illegal, but the RIAA doesn't care about what's legal, so we'll have to act accordingly and not rely on companies that will bend over backwards for them. This post is basically my way of flipping the bird to the RIAA.
DMCA ignored hosting providers
RIAA report including DMCA ignored hosting providers
United States Trade Representative report including DMCA ignored hosting providers
ESA report including DMCA ignored hosting providers
MPAA report including DMCA ignored hosting providers
Europol report including DMCA ignored hosting providers
Former bulletproof hosting reseller reviews offshore hosting providers
Former bulletproof hosting reseller on what the most warez friendly hosting providers are
(Novogara aka Ecatel recently got busted for tax evasion and are shady as hell in general, allowing anything to be hosted on their servers, so its best to stay away from them.)
Take into account what data center the hosting provider uses. If they don't run their their own data center the company running the data center can shut down the server if the data center isn't DMCA ignored. That isn't to say that resellers can't be resilient, but it depends on how resilient the data center they use is.
Some countries like Ukraine, Kazakhstan, and Korea force hosting providers to use government SSL certificates, meaning that they can MITM the connection.
If anyone here is serious about hosting the continuation of the youtube-dl project, PM me (F_the_RIAA_2 on Reddit, FuckTheRIAA on Raddle) and I'll give you a more specific recommendation. Keeping the hosting provider secret makes it a lot harder to take down.
CDNs and proxies to hide the real hosting provider
DDoS-Guard - Highly recommended. Based in Russia. Doesn't care about DMCA at all. Currently provides protection for Nyaa (the world's largest public torrent tracker for anime and manga) and Sci-Hub (the world's largest piracy website for academic papers which is under constant legal pressure from big US publishers). Has a free plan and accepts Bitcoin for paid plans. DDoS-Guard might be inaccessible outside of Europe for a few hours/month, meaning that sites using it would be unreachable outside of Europe during that time. This is probably peering related, but I'm not sure. Just tell site visitors to use ProtonVPN's free plan and connect to one of their VPN servers in the Netherlands if that happens.
While I recommend DDoS-Guard, I'll list some other alternatives in case something happens:
CloudFlare - Might be a honeypot, especially since I'm not sure how they'd be able to get away with this otherwise, but CloudFlare works for now. Just don't expect privacy from them. They're a US based company so they'll probably be reigned in eventually, but for now they're having their Wild West days. CloudFlare has a free plan. If CloudFlare is not configured properly when set up the real hosting provider will be leaked. More info about that here: 1, 2, 3, 4, 5, 6, 7
It's a myth that Cloudflare does not forward DMCA complaints, they forward everything. However, Cloudflare does not store any "sensitive data", which means forwarding "useless" information is similar like ignoring the DMCA request. A general advice is that whenever you use Cloudflare you should use a bulletproof backend server as well to avoid DMCA takedown request in the first place, so less or nothing gets forwarded (less "leakage risk").
Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
OVPN's public IPv4 proxy (the Switzerland proxy) - Swedish company that provided a proxy for The Pirate Bay for a while, went to court because of it, and won. The two advantages with their Switzerland proxy in particular is that it's hosted by Interxion - the same Netherlands based company that is hosting Feral Hosting's DMCA ignored seedboxes - and that Switzerland is a pretty good jurisdiction. OVPN also scores well on That One Privacy Site. Accepts Bitcoin.
Before we go into registering a domain, I think it's worth considering if it's really worth keeping the name youtube-dl or if it could be spun off into a more accurate and less trademark infringing name like media-dl, for example. It downloads video and audio from a lot more sites than just YouTube, after all.
Resilient TLDs (there are more options than just these)
.is - As of a few years ago ISNIC had only ever suspended one domain and it was connected to ISIS.
When we asked whether ISNIC would follow Greenland’s lead and move for a proactive suspension, we got a clear answer.
“The short answer is no. Such an action would require a formal order from an Icelandic court. ISNIC is not responsible for a registrant’s usage of their domains,” ISNIC’s Marius Olafsson told TorrentFreak.
“This policy applies equally to any .is domain,” Olafsson says, adding that it’s the domain owner’s responsibility to abide by the law, not theirs.
Source: https://torrentfreak.com/pirate-bay-finds-safe-haven-in-iceland-switches-to-is-domain-130425/
“Domains can hardly be considered illegal any more than a street address. A street address is not illegal even if there is illegal activity in one apartment at the address,” ISNIC says.
Source: https://torrentfreak.com/torrent-domain-suspensions-damage-credibility-registrar-says-140617/
.to - Used by a lot of torrent and other filesharing websites. I have never seen one get suspended.
.ru / .su - Good for anything that doesn't affect Russia or go against Russian interests.
.cr is a resilient TLD according to the International Intellectual Property Alliance's (IIAP) report:
thepiratebay.cr domain is still online despite actions against it from the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Embassy in Costa Rica. Other notorious infringing sites are following the trend of using .cr domains as a safe haven (e.g., kickasstorrents.cr). Costa Rica’s failure to deal effectively with its obligations regarding online infringement, more than eight years after they came into force under DR-CAFTA, is a serious concern.
In case you want cheaper options that are available on Njalla, .ch and .ws are said to be pretty good.
.ec is also looking pretty solid as Library Genesis (the world's largest book piracy website, which is under constant legal pressure from big US publishers) have been using it for some time without getting suspended.
Vulnerable TLDs
.com, .net, .cc, .tv, and .name are operated by VeriSign, a Washington DC based company that is controlled by the US government.
.org, .info, .asia, .aero, .ag, .bz, .gi, .hgn, .in, .lc, .me, .mobi, .mn, .sc and .vc are operated by Afilias, a company that blocked one of WikiLeaks' domains.
.site, .website, .tech, .online, .uno, .fun, .space, .store, and .press are operated by Radix, a company that has an anti-piracy partnership with the MPAA.
All TLDs operated by Donuts, a company that has an anti-piracy partnership with the MPAA.
Resilient domain registrars/resellers
Njalla - As anonymous as you can get when buying a domain. Njalla is a Nevis registered company that buys the more common domains from Canada based Tucows, which is pretty abuse friendly and some TLDs like .is they buy from the registry directly. They then lease it to you while legally speaking they own the domain. This means that you don't have to give them any personal information to register it and they take Monero. Njalla has a Tor Hidden Service, PGP key, and has support for registration via XMPP with OTR. Njalla is run by one of the Pirate Bay founders and they kept the Pirate Bay sense of humor alive when dealing with DMCA.
NiceVPS - As anonymous as you can get when buying a domain. NiceVPS is a domain reseller based in the Dominican Republic that buys the domain from easyDNS and then leases it to you, meaning that you don't have to provide any personal information since they own the domain on paper. Accepts Monero. Has a Tor Hidden Service, PGP key, and warrant canary. I've seen NiceVPS recommended on some websites, but I'm not sure how solid it is. Doesn't seem to offer all of the TLDs that Njalla, Openprovider, and easyDNS offer, including a lot of the more resilient ones.
Openprovider aka Hosting Concepts B.V. - Netherlands based registrar that is one of the most abused registrars by rogue pharma sites. Doesn't suspend domains without a WIPO decision or court order. Has a full section dedicated to it in the United States Trade Representative's 2019 report and a brief mention in the 2020 report.
easyDNS - Canada based registrar that has a big focus on due process. The current registrar of The Pirate Bay's .org domain, which it defended against the RIAA. Wouldn't suspend a domain for a video downloader like youtube-dl unless ordered by ICANN, CIRA, or a court according to their takedown policy. Accepts Bitcoin.
There are a few resellers of bulletproof Russian and Chinese registrars that accept cryptocurrency, but because those are pretty much only used by cyber criminals they would not be a good look for this project. And there's also the risk that they'll just be gone one day without a word and no way to transfer domain and not much recourse. Because of those reasons I'm omitting them from this list. I think the above mentioned registrars and resellers will be good enough, the project is legal after all.
Worth considering:
In order to anonymously directly register a domain at any of the other mentioned services than Njalla and NiceVPS you'd have to fake the WHOIS information, which violates ICANN's rules and registrars usually suspend domains because of that. I could especially imagine easyDNS doing this. Not sure how the other registrars would react to that, but ICANN does have the power to withdraw their accreditation - meaning that the registrars would lose the ability to issue domains - if they don't follow ICANN's rules. In the cases of Njalla and NiceVPS they aren't a registrar, they just fill in their own details and buy the domain for you from a registry/registrar when you register a domain using them.
If you use Njalla or NiceVPS you're handing over control of the domain to somebody else and have to take their word for it that you'll always have access to the domain. It's easier to trust Njalla than NiceVPS in this case since it's known who owns Njalla and they have more of a track record than NiceVPS, which is fairly unknown.
Let's Encrypt - Free, uses open source software, backed by EFF, Mozilla, and others. Easy to set up and easy to maintain with an auto-renewal script.
If you're using CloudFlare, you'll have to use their phony SSL certificate.
Keeping your server secure and other technical advice
Check your server, and how reliable it is in terms of security and privacy, online services like https://centminmod.com can test your server and it's configuration to ensure nothing is "leaking".
Check if someone can see your hidden backend server IP via https://dnsdumpster.com. In general you should block every IP connection to your backend server, only allow your own connection, VPN's or reverse proxies. You quickly can check if someone has an "open" backend IP service via services like https://censys.io.
Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
If you use CloudFlare, also check that your backend isn't leaking using CrimeFlare.
If you have set up email with your domain, use SMPT and a custom mail server so it doesn't leak your origin server IP. Email is the easiest way to leak origin server IP addresses.
Use SSH instead of VNC. With VNC the login information is sent unencrypted via plaintext, meaning that a rogue exit node in the Tor network and any server the login information is sent over on the clearnet could record your login information if they wanted to.
Use a password generator for all accounts and have it set to the max number of characters. Don't put the login information into a proprietary password manager or an online password manager. Make sure to back up the login information to multiple hard drives/SSDs/USBs/etc.
Try and make the site portable so that all software and all configurations can be saved to an ISO that can be spun up at any hosting provider at a moment's notice in case the site has to move at some point.
If you get a VPS, make sure it's KVM. KVM is much more secure than OpenVZ since OpenVZ doesn't have much separation between different customers on the same server. OpenVZ is also easy to oversell. Xen is also secure, but has worse performance than KVM.
Use nginx, it has a lot better performance than Apache.
Use MariaDB. It's a more up to date fork of MySQL developed by MySQL's original developer after he sold MySQL to Oracle. Contains bug fixes that sometimes have not gotten into MySQL yet. It is of course fully compatible with MySQL databases.
Basic security hardening (I'd probably use OSSEC + Shorewall instead of fail2ban and ufw, but I'm not an expert at this ¯\_(ツ)_/¯ )
nginx SSL/TLS hardening
Let's Encrypt auto-renewal script
If you need FTP server software, Pure-FTPd is the most secure option. Use SFTP instead of FTPS for better security and less of a headache.
Disable password access for administration, require login using SSH key, and limit the number of login attempts.
Change default ports, like SSH. If anyone tries to access the default SSH port, have the firewall block them for a few hours.
Disable root login.
More security tips for SSH are available here. Don't implement port knocking though.
Disable nginx logging once everything is set up to protect user privacy and improve performance.
Keep the software up to date to decrease the risk of your serveVPS being hacked.
Don't use analytics. If you have to, self-host Matomo (formerly known as Piwik). It's open source.
Keep up to date backups of the site on multiple hard drives/SSDs/etc.
Anonymous payments
Bitcoin is fully traceable nowadays and tumbling/mixing your Bitcoin won't make any difference.
Tumblers are useless
Against my better judgement, I’m going with this click bait heading, but the premise is correct. Due to the software running real time analysis on the ledger, simply avoiding taint and breaking up coins is now entirely ineffective, as it matches the full bitcoin amount to be received over a period of time, as the software is built around a neural net of sorts (talking out of school here, I’m not a programmer) it appears to self-correct in real time as a more "likely" or "accurate" owner conclusion is reached.
Source: Blockchain Analysis and Anti-Money Laundering (X-post from /DarknetmarketsOz)
Meanwhile Monero was the only cryptocurrency that that the US government couldn't track when they took down one of one of the biggest darknet drug markets and seized the site operator's cryptocurrencies. This is because Monero is the only major cryptocurrency properly designed to be private.
There has apparently been some recent developments when it comes to tracing Monero. You can read more about it in my comment on Reddit or Raddle. I wouldn't worry too much about it at this stage though.
Use I2P or Tor when transacting with cryptocurrency. I2P has some privacy benefits in its design over Tor:
Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing) Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived. I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.
However, I2P doesn't have as much funding and reseach or as big of a developer community behind it. I2P's userbase is also a lot smaller than Tor's. A full comparison about that can be found here. Monero chose I2P over Tor.
More information about Monero + I2P/Tor is available here.
Either get cryptocurrency donations or use a peer-to-peer exchange that doesn't enforce KYC (Know Your Customer) to buy Monero or Bitcoin. Unlike centralized exchanges, private sellers on decentralized exchanges won't automatically submit all their data to the government. Even if you get all of the cryptocurrency via donations and it therefore has no connection to your real identity at all you should still anonymize it via Monero so that it can't be traced from the donation wallet to the hosting provider which you want to keep hidden.
Some private sellers on peer-to-peer exchanges won't require IDs, while some might require it. If nothing is mentioned, it's worth asking the seller before you send them any money. A few even accept cash meetups and cash by mail (watch out for being scammed or mugged though). LocalCoinSwap, LocalCryptos, and LocalMonero even has sellers that accept gift cards (which you could buy with cash in a physical store). However, most gift cards are only redeemable in the country they were bought in, making this an option that won't work outside of the countries the sellers are based in. The one exception to this that I know of are Steam Wallet gift cards, which work internationally.
From what I've read there are some centralized exchanges that don't require KYC, but at least some of them freeze funds if they think it seems suspicious (which I would imagine a Tor IP would fall under) and they refuse to release the funds until they have been provided with an ID.
If you decide to buy cryptocurrency using a normal payment method, a wire transfer would be the option that involves the least amount of companies getting the transaction info, though I don't think you'd have much recourse with getting your money back if you got scammed and paid via wire transfer.
Bitcoin ATMs may require ID and usually have surveillance cameras around them, but this may vary depending on where you live.
If you bought Bitcoin, use XMR.to to exchange it to Monero. If the service provider only accepts Bitcoin and not Monero, exchange the Monero back to Bitcoin so that the Bitcoin has been anonymized. Don't pay in Bitcoin without exchanging it to Monero and back first.
Prepaid cards usually require SMS verification and are sometimes limited to purchases within the country they were sold in, so be sure to read up on whatever card you're considering using. Vanilla Visa gift cards used to be the go to for VPN buyers back in the day since they only required putting a zip code into a website, but things change, so read up about activation requirements and international purchases for the card in your country before buying anything and if you get information from an unofficial source, try and make sure that it's at least somewhat recent. If SMS activation is required there are two options. One option is buying a push-button burner phone and a prepaid SIM card at a physical store using cash, activate it at a major public place and then once the prepaid card is activated shut off the phone and take out the SIM card and the battery. Another option is buying access to a dedicated number in the same country that you bought the card in at an online SMS inbox site using cryptocurrency (the free SMS inboxes that have shared phone number might be used up already). The catch 22 there is that you wouldn't have any cryptocurrency yet at this stage, so it's not really an option unless you figure something out that I wasn't able to think of. If the prepaid card can't do international purchases you could withdraw the money into an anonymously created PayPal account (requires SMS verification). Expect the prepaid card and PayPal account to almost certainly get frozen if you try to pay with it over Tor. The risk is lower when paying via a VPN IP, but it's still a notable risk, especially if it's a VPN server with lots of users and you can never verify that the VPN provider isn't logging you. An anonymously paid for self-hosted VPN on a dedicated IP address in the same country that you bought the prepaid card would be less likely to cause the card to get frozen. Just don't connect to that self-hosted VPN directly using your real IP address since your ISP would see that and since you would be the only user of that self-hosted VPN it would be directly identifying. You could use the prepaid card on public WiFi, but that will give out your general location and will give the WiFi network your IP address. It will also give the WiFi network your MAC address, so be sure to set the MAC address to be random (just search something like "[operating system] random mac address on wifi" on DuckDuckGo). Then there's the issue that most browsers other than Tor Browser, SecBrowser, and Bromite are bad combating browser fingerprinting. Sure you could also customize Firefox with arkenfox user.js (formerly known as ghacks-user.js) and a bunch of add-ons to combat all the different kinds of tracking, but you'll just make your browser more unique the more you modify it.
Anonymous Internet browsing
Use Tor when doing anything in connection with the site, including when using PuTTY and FileZilla. Verify the integrity of the Tor Browser installer using PGP before running it so that you know that it hasn't been tampered with. Use a bridge if you don't want your ISP/government to see that you're using Tor. Running Tor over a VPN may seem like a good idea, but even if the VPN provider really doesn't keep logs (which is impossible to verify) using Tor over VPN can make you easier to track since that makes the VPN service a permanent entry node [1][2][3][4] and there's also VPN fingerprinting. If Deep Packet Inspection (DPI) is a concern you can use Pluggable Transports [1][2] to disguise the Tor traffic. Keep Tor Browser up to date. Never run Tor Browser in full screen. That makes you more easily trackable as websites can detect the real resolution of your screen. Don't install any add-ons or plugins, that makes you a lot easier to track. If you have logged in and then logged out of a site it can link you to other accounts you have on the same site using session cookies if you login to those accounts without hitting the "New Identity" button to relaunch Tor Browser with a clean slate. Block JavaScript when the website doesn't require it, that's the closest thing you'll come to an ad blocker. Use the Hidden Service version of sites when available, that way your Internet traffic never goes onto the clearnet and it also adds three more proxies between you and the site's server for a total of six proxies.
Since you shouldn't use an ad blocker with Tor Browser it's important that you keep your operating system up to date to minimize the risk of getting infected in case you come across some malicious JavaScript via for example malvertising when you have JavaScript activated.
If you use Windows and don't want to switch to Linux (even though you can set up dual boot or just boot it from a USB without even having to install it on your computer), use a non-admin user account and have an admin account that you only use to authorize trusted software to run, that will mitigate 94% of critical Windows vulnerabilities. You can use a tool like W10Privacy to decrease the amount of tracking in Windows 10, just be sure that the tool you use is updated to match the latest version of Windows 10 or you might brick your OS.
Use an end-to-end encrypted no logs email provider located outside of Five Eyes, Germany, Enemies of the Internet, and countries under surveillance - preferably ProtonMail - when signing up for all of those services. Use a different email address for anything not related to the administration of the website. ProtonMail has a Tor Hidden Service, but signing up for ProtonMail is only possible on the clearnet address, so you'd have to go into Tor Browser's privacy settings and change "Prioritize .onion sites when known" from "Always" to "Ask every time" when you register the ProtonMail account. Change it back to "always" once the registration is complete. And yes, it is possible to sign up for ProtonMail via Tor. It's not easy finding an exit node that hasn't gotten blocked yet, and you will most likely need a secondary anonymous email account on another email provider to send a verification code to, but it is possible. Don't try using a disposable email service, ProtonMail blocks pretty much all of them so you'll just waste time and will probably get your account frozen. Once you have made an account, go into Settings > Security and then wipe and disable the authentication logs. Once that's done - before you sign up for anything - log out and wait a while then log back in, just to see if their anti-fraud system decides to freeze your account or not.
If you go for a email provider other than ProtonMail, keep in mind that it has to be there for the long haul in order to be usable. If it suddenly shuts down without notice, you're pretty much shit out of luck. So try and go for one that has been around for a while and seems like it will continue to stick around.
Comparison of alternatives:
Use a new username that you haven't used before.
Use end-to-end encryption for all private communications. ProtonMail has built-in end-to-end encryption between ProtonMail accounts. If you want to encrypt email with PGP when communicating with non-ProtonMail users follow this guide. That will allow you to import it into ProtonMail. Just remember that the subject line will not be encrypted by PGP. PGP/MIME gives out less metadata than PGP inline and is just better in general, so use PGP/MIME. For file transfers you can also use OnionShare if the receipient also uses Tor Browser or put the file(s) into a password protected .7z file using 7-Zip with the "Encrypt file names" option enabled + a password generator set to the max number of characters that you then upload to Disroot Upload. Be aware that the lufi software that Disroot Upload runs on keeps the filename visible after the file has been deleted. If you need an end-to-end encrypted pastebin, self-host PrivateBin or use Disroot's PrivateBin. Disroot uses a privacy respecting hosting provider and claim that they don't keep logs for services that don't require an account, such as Disroot Upload and Disroot's PrivateBin.
Use DuckDuckGo instead of Google. At least when doing work related to the site. It has a Tor Hidden Service that you can easily find by searching "duckduckgo onion" or "duckduckgo hidden service" on DuckDuckGo.
Rely on open source software and privacy respecting services when it comes to processing and storing data related to the site. PrivacyTools.io, awesome-privacy, AlternativeTo, and GitHub makes it easy to find privacy respecting alternatives.
Keep software on your devices up to date to decrease the risk of it being compromised by an exploit.
And yeah, I probably went pretty deep on some of the less relevant sections, but I thought it was best to include everything.
submitted by Fuck_the_RIAA to youtubedl [link] [comments]

bchDNS and Generalizing Bitcoin 2020

Happy upgrade day everyone!
Now, as the drama is the past, and we have the best team of developers focusing on moving Bitcoin forward, I would like to bring up the topic that has first being brought up exactly 10 years ago on bitcointalk. That is, adding DNS capabilities to Bitcoin. The thread is in many ways wonderful and I recommend it as a reading if anyone missed it.

The (tl;dr) story

The decentralized dns was a dream long before Bitcoin was alive, and the problem was well formulated as u/zooko's triangle. I would dare say decentralized dns was as much desired as decentralized currency. It just so happened bitcoin came first.
So people began discussing how to utilize bitcoin to bring decentralized dns to life. There were different proposals like integrate it into bitcoin, or make it a separate blockchain. The discussion was hot, but then Satoshi came in and expressed his opinion that separate blockchain under the same cpu power was the way to go. The Namecoin was born a bit later as a separate chain to be merged mined with Bitcoin. Fun fact, this thread was one the last places where satoshi participated in discussions before leaving the forum.
Satoshi's proposal was extremely clever tech-wise, but it didn't turn well for Namecoin as it was basically forgotten, despite it's a coin with total hash rate that exceeded Bitcoin Core's during btc/bch oscillations. It may very well be the time has yet to come for Namecoin. One thing is for sure – if dns was integrated into bitcoin, the progress in that scene would have been much greater to this day. For example, the coin addresses would have been a thing of the past the same way ip addresses are. And all that today. And I would dare suppose many browsers and linux distros would have this system integrated. It's easy to see this from today's perspective, but it was impossible ten years ago.
What's following is a little insight around what's going on with namecoin today, my speculations about the foreseeable future and my proposal for the present.

Namecoin and Tor Browser

For the past several years enormous work has been done by u/biolizard89 and the team in terms of integrating namecoin name resolutions into a browser. This is all being done in the context of Tor Browser, because that's where decentralized domains are needed the most nowadays. Today, Namecoin name resolutions is an opt-in feature in nightly Tor Browser on gnu/linux builds. You can watch Jeremy Rand's talk to get the more detailed picture about the progress and design principles of that integration. I will just provide a high-level overview below.
This whole integration is basically an electrum wallet built into a browser, capable of resolving names through nmc-enabled electrumx servers. The client/server communication is tunneled through tor. The key thing here is that Jeremy made a fantastic work stripping everything fatty from electrum to achieve very browser friendly ~3mb binary.


That being said, we are nearing the time namecoin is resurrected from ashes of coinmarketcap ratings. It's hard to time the events, but that will happen for sure. From there on the adoption will explode. In two-three years we will have ToFirefox/Brave to name a few browsers that will embrace decentralized dns. The question is, will other coins embrace Namecoin, or will they integrate it into their chains? The temptation would be too high for many projects to integrate it. For example, zcash may include name registrations much faster than namecoin will enable private transactions, thus zcash based dns will provide more value as the dns system for Tor.
Despite it's possible to have several tld's in a single chain, namecoin will more likely be focused on a single one, which is dot bit. Other coins will provide their own tld's, forming a fully parallel and independent (and even more decentralized) dns layer with many tlds, each providing benefits based on underlying blockchain value. For example, zcash-based tld will allow for fully anonymous domains etc.


I propose to the Bitcoin community to reevaluate the decision made 10 years ago about not integrating the dns system into blockchain. The whole dns 'layer' is 3 new opcodes – name_new, name_firstupdate, and name_update and a little bit of code to glue that. The solution is truly battle tested, and if the community believes in idea that bitcoin must take and integrate all the best from the industry to compete and win, name registration is the well baked stuff.
By integrating the dns in our blockchain we may provide additional value and fix several mistakes. First, name registration in our TLD may be much more expensive, making it harder to namesquat the TLD. As Julian Assange pointed out in a famous interview from 2011:
JA OK, so, once you have a system of currency that is easy to use like that, then you can start to use it for things that you want to be scarce. What is the example of some things that we want to be scarce? Well, domain names. Names. We want names to be scarce. We want short names to be scarce, otherwise if they are not scarce, if it doesn’t take work to get them, as soon as you have a nice naming system, some arsehole is going to come along and register every short name themselves.
The short name scarcity was hard to implement ten years ago, it’s darn easy when underling currency is valuable. The .bch TLD may provide access to short names, while .bit may work well for general audience.
Second, we may have non-expiring names to solve financial and social id’s. That alone will solve a huge wallet usability problem in a nicest way possible. I am fully aware of u/JonathanSilverblood CashAccounts, but they rely heavily on 3rd parties to provide indexing, while op_code based names can be resolved and verified using SPV, which is proven, robust and long term solution. Besides improving wallet UX, such naming system will greatly benefit maturing Memo protocol, where users will be able to have unique names.
The P2P ecash combined with decentralized naming system is the powerful mixture, if you think a bit!
submitted by shengchalover to btc [link] [comments]

What I currently use for privacy (after almost 2 years of long investing into it)

First of all, my threat model: I'm just an average person that wants to AVOID the maximum I can to be monitored and tracked by the government and big corps, a lot of people out there REALLY hate me and I've gone through lots of harassment and other stuff, I also plan to take my activism and love for freedom more seriously and to do stuff that could potentially lead me to very high danger or even put my life on the line. That being said, my main focus is on something that is privacy-friendly but also something with decent security (no point having a lot of privacy if a script kiddie can just break into it an boom, everything is gone) anonymity is also desirable but I'm pretty aware that true 100% anonymity is simply not possible and to achieve the maximum you can of it currently you'd have to give up A LOT of stuff in which I don't think I really could. So basically, everything that I said + I don't want to give up some hobbies of mine (as playing games etc)
Here's what I use/have done so far, most of it is based on privacytools.io list and research I've done.
Google Pixel 3a XL running GrapheneOS
Apps: Stock apps (Vanadium, Gallery, Clock, Contacts etc) + F-DROID, NewPipe, OsmAnd+, Joplin, Tutanota, K-9 Mail, Aegis Authenticator, KeePassDX, Syncthing, Signal, Librera PRO, Vinyl, Open Camera and Wireguard.
I also use BlahDNS as my private DNS.
Other smartphone stuff/habits: I use a Supershieldz Anti Spy Tempered Glass Screen Protector on my phone and I also have a Faraday Sleeve from Silent Pocket which my phone is on most of the times (I don't have smartphone addiction and would likely advice you to break free from smartphone addiction if you have it). I NEVER use bluetooth (thank god Pixel 3a have a headphone jack so yeah, no bluetooth earphones here) and always keep my Wi-Fi off if I'm not using it.
I have a desktop that I built (specs: Asus B450M Gaming, AMD Ryzen 3 3300X, Radeon RX 580 8GB, 16GB DDR4 2666Mhz, 3TB HDD, 480GB SSD) that is dualbooted with QubesOS and Arch Linux.
Qubes is my main OS that I use as daily driver and for my tasks, I use Arch for gaming.
I've installed linux-hardened and its headers packages on my Arch + further kernel hardening using systctl and boot parameters, AppArmor as my MAC system and bubblewrap for sandboxing programs. I also spoof my MAC address and have restricted root access, I've also protected my GRUB with password (and use encrypted boot) and have enabled Microcode updates and have NTP and IPV6 disabled.
Also on Arch, I use iptables as a firewall denying all incoming traffic, and since it's my gaming PC, I don't game on the OS, instead, I use a KVM/QEMU Windows VM for gaming (search "How I Built The "Poor-Shamed" Computer" video to see what I'm talking about) I also use full disk encryption.
E-Mails: I use ProtonMail (Plus Account paid with bitcoin) and Tutanota (free account as they don't accept crypto payment yet, come on Tutanota, I've been waiting for it for 2 years already) since I have plus account on ProtonMail it allows me to use ProtonMail Bridge and use it on Claws Mail (desktop) and K-9 Mail (mobile) as for Tutanota I use both desktop and mobile app.
Some other e-mails habits of mine: I use e-mail aliases (ProtonMail plus account provides you with 5) and each alias is used for different tasks (as one for shopping, one for banking, one for accounts etc) and none of my e-mails have my real name on it or something that could be used to identify me. I also highly avoid using stuff that require e-mail/e-mail verification for usage (e-mail is such a pain in the ass tbh) I also make use of Spamgourmet for stuff like temporary e-mail (best service I found for this doing my research, dunno if it's really the best tho, heard that AnonAddy does kinda the same stuff but dunno, recommendations are welcomed)
Browsers/Search Engine: As mentioned, I use Vanadium (Graphene's stock browser) on mobile as it is the recommended browser by Graphene and the one with the best security for Android, for desktop I use a Hardened Firefox (pretty aware of Firefox's security not being that good, but it's the best browser for PC for me as Ungoogled Chromium is still not there in A LOT of things + inherent problems of Chrome as not being able to disable WebRTC unless you use an extension etc) with ghacks-user.js and uBlock Origin (hard mode), uMatrix (globally blocking first party scripts), HTTPS Everywhere (EASE Mode), Decentraleyes (set the recommended rules for both uBlock Origin and uMatrix) and Temporary Containers as addons. I also use Tor Browser (Safest Mode) on a Whonix VM on Qubes sometimes. DuckDuckGo is my to-go search engine and I use DNS over HTTPS on Firefox (BlahDNS as my provider once again)
browsing habits: I avoid JavaScript the maximum I can, if it's really needed, I just allow the scripts temporarely on uBlock Origin/uMatrix and after I'm done I just disable it. I also generally go with old.reddit.com instead of reddit.com (as JavaScript is not required to browse the old client), nitter.net for checking twitter stuff (although I rarely have something peaking my interest on Twitter) and I use invidious.snopyta.org as youtube front-end (I do however use YouTube sometimes if a video I wanna see can't be played on invidious or if I wanna watch a livestream) and html.duckduckgo.com instead of duckduckgo.com other than avoiding JavaScript most of my browsing habits are just common sense at this point I'd say, I also use privatebin (snopyta's instance) instead of pastebin. I also have multiple firefox profiles for different tasks (personal usage, shopping, banking etc)
VPN: I use Mullvad (guess you can mention it here since it's PTIO's recommended) paid with bitcoin and honestly best service available tbh. I use Mullvad's multihop implementation on Wireguard which I manually set myself as I had the time and patience to learn how.
password manager: KeePassXC on desktop and KeePassDX on my smartphone, my password database for my desktop is stored on a USB flash driver I encrypted with VeraCrypt.
some other software on desktop: LibreOffice (as a Microsoft Office substitute), GIMP (Photshop substitute), Vim (I use it for multiple purposes, mainly coding IDE and as a text editor), VLC (media player), Bisq (bitcoin exchange), Wasabi (bitcoin wallet), OBS (screen recording), Syncthing (file sync), qBitTorrent (torrent client) and Element (federated real-time communication software). I sadly couldn't find a good open-source substitute to Sony Vegas (tested many, but none was in the same level of Vegas imo, KDENLive is okay tho) so I just use it on a VM if I need it (Windows VM solely for the purpose of video editing, not the same one I use for gaming)
router: I have an Asus RT-AC68U with OpenWRT as its firmware. I also set a VPN on it.
cryptocurrency hardware wallet: I store all of my cryptocurrency (Bitcoin and Monero) on a Ledger Nano S, about 97% of my money is on crypto so a hardware wallet is a must for me.
I have lots of USB flash drivers that I use for Live ISOs and for encrypted backups. I also have a USB Data Blocker from PortaPow that I generally use if I need to charge my cellphone in public or in a hotel while on a trip (rare occasion tbh).
I have a Logitech C920e as webcam and a Blue Yeti microphone in which I never let them plugged, I only plug them if it's necessary and after I'm done I just unplug them.
I also have a Nintendo Switch Lite as a gaming console that I most of the times just use offline, I just connect to the internet if needed for a software update and then just turn the Wi-Fi off from it.
Other Habits/Things I've done:
payments: I simply AVOID using credit card, I try to always pay on cash (I live in a third-world country so thank god most of people here still depend on cash only) physically and online I try my best to either by using cryptocurrency or using gift cards/cash by mail if crypto isn't available. I usually buy crypto on Bisq as I just don't trust any KYC exchange (and neither should you) and since there aren't many people here in my area to do face to face bitcoin trade (and I'm skeptical of face to face tbh), I use the Wasabi Wallet (desktop) to coinjoin bitcoin before buying anything as this allows a bit more of privacy, I also coinjoin on Wasabi before sending my bitcoins to my hardware wallet. I also don't have a high consumerism drive so I'm not constantly wanting to buy everything that I see (which helps a lot on this criteria)
social media/accounts: as noted, aside from Signal and Element (which I don't even use that often) I just don't REALLY use any social media (tried Mastodon for a while but I was honestly felt it kinda desert there and most of its userbase from what I've seen were some people I'd just... rather don't hang with tbh) and, althoug not something necessary is something that I really advise people to as social media is literally a poison to your mind.
I also don't own any streaming service like Netflix/Amazon Prime/Spotify etc, I basically pirate series/movies/songs and that's it.
I've also deleted ALL my old accounts from social media (like Twitter etc) and old e-mails. ALL of my important and main accounts have 2FA enabled and are protected by a strong password (I use KeePass to generate a 35 character lenght password with numbers, capital letters, special symbols etc, each account uses a unique password) I also NEVER use my real name on any account and NEVER post any pictures of myself (I rarely take pictures of stuff if anything)
iot/smart devices: aside from my smartphone, I don't have any IOT/smart device as I honestly see no need for them (and most of them are WAY too expensive on third-world countries)
files: I constatly backup all of my files (each two weeks) on encrypted flash drivers, I also use BleachBit for temporary data cleaning and data/file shredding. I also use Syncthing as a substitute to stuff like Google Drive.
Future plans:
learn to self-host and self-host an e-mail/NextCloud (and maybe even a VPN)
find something like BurneHushed but FOSS (if you know any please let me know)
So, how is it? anything that I should do that I'm probably not doing?
submitted by StunningDistrust to privacytoolsIO [link] [comments]

Delightful Privacy

Delightful Privacy delightful

This is a collection of software, operating systems, and other miscellaneous tools to help the average user fight for their privacy and security online.

Operating Systems


Fedora uses Security-Enhanced Linux by default, which implements a variety of security policies, including mandatory access controls, which Fedora adopted early on. Fedora provides a hardening wrapper, and does hardening for all of its packages by using compiler features such as position-independent executable (PIE). Wikipedia


Pop!_OS provides full out-of-the-box support for both AMD and Nvidia GPUs. It is regarded as an easy distribution to set-up for gaming, mainly due to its built-in GPU support. Pop!_OS provides default disk encryption, streamlined window and workspace management, keyboard shortcuts for navigation as well as built in power management profiles. The latest releases also have packages that allow for easy setup for TensorFlow and CUDA. Wikipedia


Debian is one of the oldest operating systems based on the Linux kernel. The project is coordinated over the Internet by a team of volunteers guided by the Debian Project Leader and three foundational documents: the Debian Social Contract, the Debian Constitution, and the Debian Free Software Guidelines. New distributions are updated continually, and the next candidate is released after a time-based freeze. Wikipedia

openSUSE Tumbleweed - Rolling Release!

Any user who wishes to have the newest packages that include, but are not limited to, the Linux Kernel, SAMBA, git, desktops, office applications and many other packages, will want Tumbleweed. openSUSE

For enhanced security

Qubes OS

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems. Wikipedia


Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its incoming and outgoing connections are forced to go through Tor, and any non-anonymous connections are blocked. Wikipedia).*


Whonix is a Debian GNU/Linux–based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network to accomplish this. Wikipedia

Web Browsers

For Desktop

Firefox Needs manual tweaking to be more secure! Use ghacks

Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Wikipedia Recommended addons: uBlock Origin | Https Everywhere | Privacy Badger | Privacy Possum | Decentraleyes | NoScript | CanvasBlocker


Tor is free and open-source software for enabling anonymous communication. The name derived from the acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user. Wikipedia


Without signing in to a Google Account, Chromium does pretty well in terms of security and privacy. However, Chromium still has some dependency on Google web services and binaries. In addition, Google designed Chromium to be easy and intuitive for users, which means they compromise on transparency and control of internal operations.
ungoogled-chromium addresses these issues in the following ways:

For mobile

Bromite Android Only

Bromite is a Chromium fork with ad blocking and privacy enhancements; take back your browser! Bromite

Firefox Focus Android - iOS

Firefox Focus is a free and open-source privacy-focused browser from Mozilla, available for Android and iOS. Wikipedia

Tor Browser for mobile Android - iOS

Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly. GitHub



Tutanota is an end-to-end encrypted email software and freemium hosted secure email service. Wikipedia


There are many ears listening on the Internet, which is why all our services require mandatory SSL/TLS-encrypted data transmission. For additional security, we also use enhanced (green) security certificates ("EV") by the independent SwissSign trust service provider from Switzerland (Check the padlock symbol in your web browser's URL field). But this is just the beginning – there is so much more that we do. Mailbox


Disroot is a decentralized cloud-based service that allows you to store your files and communicate with one another. Established by a privacy-focused organization of volunteers, if we look at Disroot as an email provider specifically, it stands out thanks to its emphasis on security with a completly free open-source approach. ProPrivacy


ProtonMail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland by scientists who met at the CERN research facility. ProtonMail uses client-side encryption to protect email content and user data before they are sent to ProtonMail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps. Wikipedia

Search Engine


searx is a free metasearch engine, available under the GNU Affero General Public License version 3, with the aim of protecting the privacy of its users. To this end, searx does not share users' IP addresses or search history with the search engines from which it gathers results. Tracking cookies served by the search engines are blocked, preventing user-profiling-based results modification. By default, searx queries are submitted via HTTP POST, to prevent users' query keywords from appearing in webserver logs. Wikipedia - Find public instances of searx here searx.space


Startpage is a web search engine that highlights privacy as its distinguishing feature. Previously, it was known as the metasearch engine Ixquick, At that time, Startpage was a variant service. Both sites were merged in 2016. Wikipedia


YaCy is a free distributed search engine, built on principles of peer-to-peer (P2P) networks. Its core is a computer program written in Java distributed on several hundred computers, as of September 2006, so-called YaCy-peers. Each YaCy-peer independently crawls through the Internet, analyzes and indexes found web pages, and stores indexing results in a common database (so called index) which is shared with other YaCy-peers using principles of P2P networks. It is a free search engine that everyone can use to build a search portal for their intranet and to help search the public internet clearly. Wikipedia


If you need anonymity and privacy online use Tor instead, if you are looking to bypass a geo-restriction, don't trust public WiFi, or are looking to Torrent, a VPN will help you.


Mullvad is an open-source commercial virtual private network (VPN) service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. Mullvad accepts Bitcoin and Bitcoin Cash for subscriptions in addition to conventional payment methods.
No email address or other identifying information is requested during Mullvad's registration process. Rather, a unique 16-digit account number is anonymously generated for each new user. This account number is henceforth used to log in to the Mullvad service.
The TechRadar review notes that "The end result of all this is you don't have to worry about how Mullvad handles court requests to access your usage data, because, well, there isn't any." Wikipedia


ProtonVPN utilizes OpenVPN (UDP/TCP) and the IKEv2 protocol, with AES-256 encryption. The company has a strict no-logging policy for user connection data, and also prevents DNS and Web-RTC leaks from exposing users' true IP addresses. ProtonVPN also includes Tor access support and a kill switch to shut off Internet access in the event of a lost VPN connection.
In January 2020, ProtonVPN became the first VPN provider to release its source code on all platforms and conduct an independent security audit. ProtonVPN is the only VPN to do so, even though experts say this is a crucial factor in deciding whether to trust a VPN service. Wikipedia

For information about alternatives to software and services.

If you are looking for alternatives to proprietary services like Discord and Facebook, or an open-source alternative to Photoshop, check out our list about Awesome-Alternatives

Mirrors are kept up to date, this post may lag behind as we add stuff in.

submitted by CipherOps to LinuxCafe [link] [comments]

Fun with Dynamic DNS services and bitcoind

I realize that bitcoind has this capability built in, but thought it might be fun to configure it manually. As some background, most people look at their network and they have some address like That is a private network address. Sites like WhatIsMyIpAddress.com will tell you what your EXTERNAL IP address is. When your running a bitcoin node, people will connect to your external IP.
Problem is... your ISP may cycle that IP address every week or so. bitcoind has a nice feature baked in called discover which will do the work of guessing your external IP as it changes. But if you are doing anything where you need to expose your RPC API externally (*danger*) then it would be nice to have some FQDN to go after to do the IP translation.
Originally, I had always solved this by exposing my node as an onion node. Since onion nodes traverse NATs and firewalls fairly effortlessly this was an easy option. But previously I had played around with Dynamic DNS service. I've used noip.com but there are likely dozens of services out there that will get the job done.
Once you have enabled a NoIP hostname, you can name it in your bitcoin.conf using the externalip=coolbtcnode.ddns.net. Then, assuming you setup all the RPC auth and port forwarding, you could access your node via RPC at coolbtcnode.ddns.net
As I said... it's a redundancy, since discover=1 does most of this for you, but still thought someone might enjoy the tip.
submitted by brianddk to Bitcoin [link] [comments]

What I currently use for privacy

So this is what software I currently use for privacy, would like some opinions if possible:
Starting with my cellphone, my device is a Google Pixel 3A XL with GrapheneOS flashed, I have the following apps installed:
F-Droid and AuroraOSS (as my app stores), NewPipe (youtube client), Vanadium (web browser), Tutanota and K-9 Mail (for e-mails), OsmAnd+ (for maps), Joplin (notes), Open Camera (camera), OpenBoard and Mozc for Android (Keyboard and Japanese Keyboard), Aegis Authenticator, KeePassDX (password manager), LibreTorrent (torrent client), Librera PRO (pdf/epub/mobi reader, I don't own a Kindle nor want to own one so I use my cellphone to read), Tachiyomi (manga reader), Signal (for messaging), Vinyl Music Player, VLC, Simple Gallery Pro and Simple Calendar Pro (I prefer them over stock Graphene options) and I also use Electrum and Samourai (Bitcoin Wallet) and Monerujo (Monero Wallet)
I also have OpenVPN (for VPN) and use a private DNS for ad and tracking blocking (provided by my VPN provider)
I have 3-4 PCs, will go over every single one of them:
my main PC is a desktop PC (that I built myself) that I mainly use for working and other tasks.
It runs Artix Linux (basically Arch Linux without systemd), I use UFW as my firewall (denying all incoming and also denying all outgoing only allowing what is useful) and I also use AppArmor Profiles, I disabled IPV6 and SWAP, configured my VPN connection as well on network settings and I currently run OpenVPN on my computer (my VPN provider allows for multi-hop cascade through OpenVPN in which I can create a custom VPN cascade up to four servers, each consecutive hop re-encrypts my traffic and assigns me a new IP address) and I've also set disk encryption on installation (have set in all of my computers)
As for software: I use Mozilla Firefox as my web browser (I set it to always be in private mode, unchecked suggestions for browsing history, bookmarks, and open tabs, I've also disabled the Firefox data collection in settings and block dangerous and deceptive content, I use DuckDuckGo as my search engine, I use Firefox Home as my default as my homepage. The rest of my tweaks were done in about:config (using privacytools.io site tweaks + geo.enabled = false, network.cookie.lifetimePolicy = 2 and dom.security.https_only_mode as true which are not listed on the site) and the only addons I use are uBlock Origin on Hard Mode and Decentraleyes), KeePassXC (password manager), VIM (use it as a Text Editor and as an IDE for coding), LibreOffice (for working stuff), GIMP (image editor), VLC, qBitTorrent and Tutanota's Desktop Client and Thunderbird (for e-mails)
I also use KVM/QEMU for virtual machines (usually in case I wanna test some distro or use Tails/Whonix)
For my gaming PC (also a desktop I've built myself) I run Manjaro KDE on it, the only apps I have in the system are Firefox (same settings as above), OBS and KVM/QEMU (which I use a Win10 virtual machine for games, there are tutorials on YouTube on how to do so if you're interested). I have the same firewall settings as above, using AppArmor as well and I've also disabled IPV6 and SWAP, I run OpenVPN on it as well as my VPN DNS settings on network settings. I also use different mouse and keyboard on both my PCs and never mix them together.
My other 2 PCs are both laptops, one is a Acer Aspire Nitro I've bought for work (in case I need to work while in a trip or if I wanna work outside etc), it has the same settings and programs as my main PC but I run Gentoo on it. The other laptop is an old ThinkPad that runs Slackware on it, but I rarely use it and this laptop is most of the times not with me for safety reasons.
For some other devices and stuff: I have an Asus RT-AC86U router with OpenWRT flashed on it that I also run OpenVPN config files (this one coming from another provider, I use two VPN providers, on in my PCs and the other in my router), I have a Ledger Nano S as a hardware wallet for both Bitcoin and Monero (most of my cryptocurrency is there, I use hardware wallet for hodling purposes and as my emergency funding) and I have LOTS of USB flash drivers (all of them for Linux Live ISOs purposes), I also have a Nintendo Switch Lite (only gaming console I have, although have not been playing that much on it recently) that I only connect to the internet in case I need to download some updates or play online and after I'm done I immediately disconnect it from the internet.
Some other privacy habits I have are:
I don't own any smart device like Smart TVs (I've been more than 10 years now without watching TV, doesn't even bother me), Smart Fridges or Dishwashers that connect to your internet, ROOMBAS, Smart Home etc, I keep all my money on crypto (and I have a small amount in gold as well, but I rarely invest on it, all my gold is stored in a manual safe here in my apartment) and I only have like, 10 bucks or so in my back account (as soon as I receive any money I just left the necessary in my account to pay bills and put all the rest on crypto, I try to pay everything on crypto or cash), I RARELY use cloud storage, but if I need to, I go with NextCloud and encrypt all my files with VeraCrypt before uploading it, all my VPN services were paid with Bitcoin (I try to pay everything with crypto as previously said) and I never write directly into any website, I usually write my text on a text editor, copy it and paste it on the website (needless to say that I don't use mainstream social media as well)
So, what do you guys think? anything that you would add your recommend me? (before anyone mentions about self-hosting a DNS server using Pi-hole on a Raspberry Pi, I'm actually thinking on doing it in a near future)
EDIT: forgot to mention that I don't watch YouTube on PC on youtube site, I mostly watch youtube's videos on invidio.us and only use the youtube site for watching live streams honestly. And I also barely go outside with my smartphone (only if I really need to) and I usually keep it away from my computers etc.
EDIT 2: also another thing: I covered all my laptop's webcams with black electrical tape, I have a Logitech C922 Pro webcam for my desktop PCs but rarely use it, and when I need to use it, I unplug it as soon as I'm done with it.
submitted by SlackAcademic to privacytoolsIO [link] [comments]

Hostinger Best Web Hosting Review

Visit at- https://webhostingservice.home.blog/2019/06/02/hostinger-free/
There's no uncertainty that with regards to web hosting, Hostinger is just the least expensive choice accessible today, with costs beginning at $0.99 every month. No other organization figures out how to try and approach. A large portion of them offer a fundamental arrangement for multiple times the cost. Believing that it's unrealistic? It isn't. Yet, let me let you in on a little mystery at this moment. To get the best costs, you'll need to focus on Hostinger for quite a while.
This would be a keen activity – if the administration is really extraordinary. Since your guests couldn't think less about the amount you pay for hosting. They do think about quick stacking speeds, and about really having the option to arrive at your site when they have to. They additionally need to realize that their own information will be secure and ensured.
Could Hostinger offer that? I have my assessments; however I would not like to put together my audit with respect to my supposition alone. As Website Planet is accessible in various dialects, for some odd reason we have web hosting specialists dissipated everywhere on over the world. This was my brilliant chance to play out an enormous scope test, and I chose to do precisely that. We had 30 specialists join to Hostinger and dispatch a neighborhood form of our testing website in 30 distinct nations.
They messed with each accessible element, observed stacking velocities and execution, and even besieged client care with questions. They contrasted the outcomes and other mainstream has, as SiteGround and InterServer. This speedy response to every one of our inquiries is that Hostinger performed strikingly well. In certain nations, similar to Russia, it came in at #4. In others, similar to Israel, Hostinger grabbed the #1 place.
Peruse on for the long answer. I've point by point my full close to home involvement in Hostinger, and I'll disclose precisely how to take advantage of what the organization offers. To perceive how Hostinger looks at to different administrations, look at our rundown of the top web has.
Everything an Amateur Needs

With costs being as low as they may be, my restless character quickly recognized two zones where Hostinger may be attempting to pull one over on me: highlights and execution. Indeed, I'd love to pay half of what the contenders charge, yet I would prefer not to get just 50% of what they give. Fortunately, that wasn't the situation by any means, as Hostinger's arrangements incorporate all that I expected to get moving, from abundant assets to execution boosting apparatuses.

Three shared hosting plans are accessible – Single, Premium, and Business. Each of the three works on head of Hostinger's own special control board, cPanel, which incorporates simple auto establishments of WordPress and many other substances the executive’s frameworks (CMS).

I pursued the essential arrangement, which accompanied 10GB of plate space, 100GB of transfer speed, 1 email record, and backing for a solitary website. It's sufficient assets to construct an entirely good website – consider hundreds pages and a huge number of HD pictures. Certainly enough to grandstand your composition, innovativeness, items, administrations, or whatever you're anticipating hosting.

The two progressed plans accompany boundless data transmission, boundless email accounts, and boundless websites. Some additional advantages that you won't get with the Single arrangement incorporate SSH access for you Linux-sharp designers, boundless sub domains, and boundless information bases. Programmed every day reinforcements are the one basic component that the fundamental arrangement needs, which means you'll need to perform reinforcements physically or buy the administration as a different extra.

Hostinger has an intuitive website manufacturer by the name of Zyro, however it isn't accessible as a component of the hosting plans.

Before we dive further into Hostinger's best highlights, a word on the VPS and cloud plans. Hostinger is above all else a mutual hosting supplier. Try not to be that person who goes to the best pizza joint around and requests pasta. There are has that represent considerable authority in VPS and cloud administrations – Fluid Web and Kinsta, for instance – and keeping in mind that Hostinger's contributions in the field aren't the most exceedingly terrible, there's no motivation to go for them.
cPanel Has All the Fundamental Highlights, yet Does not have Some Serious Ones

As I said previously, Hostinger has built up its own exclusive control board, which means you won't get the chance to play with the dearest cPanel that you know and love. What's that? You don't create enthusiastic connections to hosting control boards? All things considered, you're the bizarre one. At any rate, while cPanel used to be the standard control board you'd get with most has (counting Hostinger), things change. Because of some exhausting venture show that happened some time back, has have been exchanging boards left and right.

cPanel is Hostinger's endeavor into the board world, and you'll see it furnished with all the treats you need. From simple auto establishments and DNS zones setups to email accounts, a record administrator, and MySQL information bases, it's all fundamentally the same as what cPanel offers. However, a few things are unique. For instance, auto establishments in cPanel are finished with Softaculous, which additionally lets you clone your site, set up an arranging variant, and even design a reinforcement plan. cPanel's Auto Installer works admirably at auto-introducing WordPress, yet does not have these valuable additional items.

Progressed email highlights, such as mailing records, channels, and routings, are additionally absent from cPanel. Did I ever really use them myself when they were accessible to me? Truly, never. I don't know who does. Yet, that is cPanel for you – it probably won't be equipped for everything, except it's certainly enough for most clients.
Amazing Reserving On account of the LiteSpeed Web Worker

LiteSpeed isn't the physical metal worker, however the web worker innovation that Hostinger employments. It reliably positions as one of the quickest and most dependable web workers, beating the more seasoned Apache innovation that hosts like GoDaddy despite everything use. You won't need to successfully arrange it. Simply kick back and appreciate the first class execution it conveys, particularly for WordPress websites.

What you can do, and assuredly ought to do, is initiate LiteSpeed's reserving capacity, known as LSCache. Sounds excessively specialized? Indeed, turning on the Programmed Store alternative basically summarizes it. Stored duplicates of your pages will be made, fundamentally slicing conveyance times to guests. Static pages, similar to business pages and portfolios, will profit by this significantly more.

A SSL Declaration that you could conceivably be getting

You need a SSL testament. Regardless of what you think and regardless of what anyone might've let you know – you need a SSL. Why? Since without a SSL authentication to scramble and secure your guests' information, the numerous wrongs prowling on the web will seek it. You'll not exclusively be taking a chance with your undertaking and your guests' wellbeing; however you'll additionally endure a shot on Google's rankings.

Today, Hostinger furnishes a SSL with the entirety of its arrangements. In the metaphorical yesterday, which for my situation was only two or three months back, no testament was given. What will happen tomorrow is impossible to say. Hostinger regularly messes with its arrangement highlights, and I propose that you triple-check and ensure that a SSL is to be sure included with your arrangement. Realize that if a SSL is excluded, it's conceivable to buy one as a different extra. In any case, that shouldn't be the situation. All that Is All around Structured, however you’ll be under Consistent Assault from up sell Pop-Ups.

Laying it out plainly, Hostinger's client experience specialists have designed an awesome interface and client venture, from information exchange to utilizing and dealing with your hosting. Thing is, Hostinger's business methodology depends on continually pushing you to overhaul and buy additional items. It's irritating, best case scenario, and confounding at the very least.

Yet at the same time, the plans are unmistakably spread out, and all Hostinger requests on information exchange is your name, an email address, and a secret word. Yahoo for getting rid of all the insignificant data that different hosts are so enthused about gathering.

Interfacing a Domain and Introducing WordPress

In the wake of buying my arrangement, the time had come to associate a domain and introduce WordPress. I was given the choice to consequently introduce WordPress as a major aspect of the information exchange measure, however I decided to do it the normal way, utilizing the control board itself, to check how Hostinger's apparatuses contrast with what different hosts give.

Presently, my domain was really included with the expectation of complimentary when I bought the Single arrangement, which means it was at that point associated with the hosting. Today, for reasons unknown, just the serious plans accompany a free domain.

In the event that you wind up getting your domain name from another supplier, interfacing it is simple. Nameserver data is promptly accessible at the head of your hosting subtleties page, and you should simply duplicate glue them into your domain board. Shouldn't something be said about WordPress? I opened the Auto Installer instrument, picked WordPress as my CMS of decision, and entered the essential website subtleties. It was much easier than how Softaculous gets things done, and my new website was ready for action inside one moment.
Dealing with Your Hosting with hPanel Is Simple

We've secured the way toward getting your website on the web, however starting here on you'll despite everything use cPanel to make alters and changes to your hosting. Setting up an email account, running manual reinforcements, dealing with the information bases, and the sky is the limit from there, are largely possible through cPanel. How can everything contrast with getting things done with cPanel? Indeed, as I would like to think, it's out and out simpler. hPanel symbols are greater and better sorted out, the interface isn't as jumbled with additional alternatives that you'll never utilize, and the combination with Hostinger's different administrations (uphold, buying additional items, seeing charging) is consistent.
All in all, would we be able to consider it an ideal usability experience? Actually no, not so much. The explanation, as I said previously, is that periodically your work process will be harmed by up sell pop-ups. Think rolling out a basic improvement to your DNS records, just to be welcomed with this:
I didn't "Increase present expectations." I didn't really do anything aside from sign in. Yet, Hostinger is enthusiastic about pushing plan redesigns, and you'll need to consistently be set up to close down these endeavors, of which there are many. Don't count on the possibility that these pop-ups imply that you've by one way or another spent your assets and need to redesign.
Pass on, It's the Quickest Common Hosting Administration We Tried

Speed and uptime that is what I'm searching for. Tragically, shared hosting administrations will in general vacillate in these regions, no doubt. The explanation is that as the name infers, you're offering assets to numerous different clients and their websites – in some cases up to many others. It takes an extraordinary host to adjust everything and stay away from a bottleneck circumstance where everything's moderate and no one's cheerful. I'm extremely glad to report that Hostinger exceeded expectations in the presentation tests, yet it really surpassed each other shared host that we tried, including the top-level SiteGround, FastComet, and InMotion Hosting. The main two has that improved, and just barely, were the superior Fluid Web (Nexcess) and Kinsta. Incidentally, they can cost around 20 fold the amount of as Hostinger.

Just to give you a thought of Hostinger's capacities, the normal stacking season of my completely fledged greeting page was an exceptional 1.56s, and uptime over a couple of long stretches of testing was as much as 99.99%, precisely as guaranteed. I'm going to nerd out and clarify the testing technique and the outcomes in detail, yet on the off chance that you needn't bother with all the specialized data, don't hesitate to avoid ahead to my encounters with Hostinger's help. I'll simply say it again – Hostinger's presentation shook.

As I do with all hosts I test, I stretched out Hostinger the chance to streamline my website and make it quicker. This is something you can (and should) do too – simply approach uphold for help. The operator prompted that I update WordPress and PHP to their most recent forms, and introduce a couple of regular enhancement modules. I actualized the exhortation, and continued with testing.

The testing itself was finished utilizing three apparatuses: GTmetrix Genius, the Sucuri Burden Time Analyzer, and Uptime Robot's Professional arrangement. The Dallas, TX, GTmetrix worker was utilized to quantify speed and advancement scores in the US. Sucuri was utilized for worldwide execution experiences, and Uptime Robot – who could have imagined – for following the website's uptime and accessibility online in rates.

I ran various GTmetrix tests over a couple of months, totaled the outcomes, and determined the best, slowest, and normal paces. Hostinger indicated a promising normal stacking season of 1.56s. The best recorded time was 1.0s, and the slowest one was 1.9s. Not exclusively is the slowest stacking time well underneath the 3s imprint (where the majority of your guests will likely escape), however the normal scores demonstrate that Hostinger is as solid as anyone might imagine.

You can see that score-wise, we're getting twofold Bs. That is totally satisfactory, yet in addition probably the most noteworthy score I found in my tests. The main thing left to do so as to get full scores is to improve the pictures further.
Sucuri Burden Time Analyzer

As with GTmetrix, I ran Sucuri tests on numerous occasions. Sucuri gives you the stacking speed results for some worldwide areas, and I determined the midpoints of the quickest area (which was obviously in the US, near my server farm), the slowest area (Bangalore, India – the opposite side of the world), and the worldwide normal. The normal for the quickest area was an incredible 0.177s, while even in old fashioned Bangalore the normal was good – 1.11s. The worldwide normal was 0.499s, which earned my website an A worldwide position.

Frankly? I was shocked by these numbers. A worldwide normal of 0.499s is unfathomable for a common host, and everything I did to "streamline" my site was introduce a couple modules. There wasn't so much as a CDN (Content Conveyance System) dynamic. That is LiteSpeed and LSCache for you, women and respectable men. Get it while it's hot.
Uptime Robot

What great are quick speeds if your website has low accessibility? Nothing but bad. Fortunately, Hostinger is keeping it tight with practically immaculate uptime – 99.997% in the course of recent months. I'm proceeding to track and update the outcomes; however coming barely short of 100% is actually what I request from my host.

Uptime ensure shrewd, the circumstance is somewhat extraordinary. There's apparently a 99.99% uptime ensure gave, yet Hostinger has a genuine scrappy lawful clarification of when and how you can get your cash back. It generally seems like "never" to me, and regardless of whether you some way or another fit the bill for a cash back (as exclusively dictated by them), it's a measly 5% of your month to month cost. Goodness, and it's only for store credit. In any case, beside this assurance issue, Hostinger truly blows it out of the recreation center in the exhibition test.
When Extraordinary, Presently… Requires Tolerance

As a long-term client of Hostinger, I've had the delight of testing it over and over… and once more. One of my preferred pieces of the administration used to be the help. There wasn't (and still isn't) any telephone uphold accessible, yet stunning, was live talk a successful method of finding support. Day in and day out help, kept an eye on by experts, and supported by a broad information base of immense extents. The main issue? While the operators used to react in a flash, today they take around 40 minutes to hit you up. In some cases live talk isn't even accessible, and you're moved to some ticket/email framework which I've had next to no karma with.
I'll be totally fair with you about what this implies: it will be you and the information base. You can't rely on having an hour accessible to just stick around, and in any event, when the operators do reply, that is only the start of the cycle. With 3 brief reaction times in the middle of messages, posing some straightforward inquiries can expand into a whole workday.
The Least expensive Long haul Costs Available, by a wide margin

Truly, people, this is the explanation you understand this. While going over the many hosting choices accessible today, Hostinger's costs stick out. That is to say, $0.99 every month? That is excessively modest. What's the trick? Straightforward. Hostinger needs you to pursue a significant stretch of time, and it will give you motivating forces to do as such. Four installment periods are accessible: month to month, yearly, bi-yearly, and quadrennial. That final word implies four years, and it's scarcely utilized in light of the fact that practically no other host approaches you to pursue that long.

Fortunately pursuing four years will net you what's without a doubt the best cost in the market for shared hosting. Different hosts charge a comparable cost for a yearly arrangement. Crunch the numbers yourself. What's the circumstance when pursuing shorter periods? All things considered, bi-yearly and yearly plans aren't costly, yet they're significantly more in accordance with the market normal. Month to month plans accompany an arrangement expense and don't bode well. Worth insightful, up to a SSL is incorporated (check!), the plans are totally comparable to the business standard. There's additionally a 30-day unconditional promise, so you'll have adequate opportunity to test the administration yourself and check whether it's a solid match.
One thing to see during the checkout cycle is that there are a couple of discretionary extra administrations. Fortunately, none of them come pre-checked. I suggest that you skip them all. You can generally include them later at a similar cost, or "convince" a help operator to give you a superior arrangement… dangers of leaving the administration can do something amazing here.
Searching for a free domain?

Now and again it's remembered for the plans; some of the time it isn't. The serious plans normally accompany one when pursuing a year or more. At the point when I joined, a domain was additionally remembered for the fundamental arrangement. Presently it isn't – go figure.
Concerning making installments, notwithstanding the normal charge card and PayPal choices, you'll additionally have the option to pay with bitcoin and different cryptographic forms of money. Whatever your reasons are for needing to have a website secretly, crypto is the best approach to do as such.
Hostinger's reasonable shared hosting plans merit your time, your cash, and your thought. Execution has been shockingly extraordinary, and keeping in mind that it's not the most element pressed contribution around, it has all that you truly need.
Would it be advisable for you to put it all on the line? In case you're constructing a blog, a business page, an individual task, or a comparative little to-medium website, my answer is a resonating yes.
In the event that it's a web based business store you're hoping to fabricate, or a mind boggling administration like an online course gateway, you'll need something more remarkable than shared hosting. It'll cost you, yet Fluid Web and Kinsta are both better prepared for such ventures.
submitted by frenchwillaume to u/frenchwillaume [link] [comments]





submitted by porn_account0001 to u/porn_account0001 [link] [comments]

Removed comments/submissions for /u/technedigitus

Hi technedigitus, you're not shadowbanned, but 19 of your most recent 153 comments/submissions were removed (either automatically or by human moderators).


fvftk3t in gaming on 20 Jun 20 (1pts):
Oh Camper - A classical Camper Picture (TR in Dust2)
dxgy22o in Monero on 16 Apr 18 (1pts):
Everybody here already read the "Philosophy Behind Freenet" by Ian Clark, right?
Without anonymity, there is no democracy.
dxgxbbf in Monero on 16 Apr 18 (1pts):
Snowden is an advertising boy of Zcash... : P
BTW, Mr. Robot is a nice serie! (Session 1... but... after session 1 Eliot becomes just a no sense, stupid and overpower guy)
dsy3td6 in Monero on 20 Jan 18 (1pts):
4 Mouths with 350 H/s
Payment: https://imgur.com/agHater
Procedure: https://imgur.com/4EKfWCW
Pool Pic: https://imgur.com/JWHFhXD
I just followed the procedure above. It is possible...
dsy2oaz in Monero on 20 Jan 18 (1pts):
Afaik, yes. You can do this in a docker, but if you test and check the performance, you will get the correct answer to your question! (sorry for delay to reply)
dn5ylfq in Monero on 18 Sep 17 (1pts):
Other criptocurrencies for sure will be created for this...
But for know, these news tells me just one thing: more volume of Monero in market!
dmzkn8d in Monero on 14 Sep 17 (1pts):
Any upgrade news in changer[dot]com?
cwrq3kb in dogecoin on 07 Nov 15 (1pts):
I liked this idea...
Mining, Faceoutting and Exchanging are all easy ways to movement Dogecoins in Market.
I could not try to mine dogecoins yet...
But I'm trying faceouts...
In 5 weeks minning...
cw19vep in brasil on 16 Oct 15 (1pts):
Para cada curto parágrafo, um video ilustrativo complementar.
Bitcoin de uma forma simples para todos.
clczyui in techsupport on 18 Oct 14 (1pts):
Use Swiss Privacy Foundation DNS Servers:
(no logs, servers in Swiss Territory)
clczomk in deepweb on 18 Oct 14 (1pts):
any comment are welcome
clczfm8 in deepweb on 18 Oct 14 (1pts):
simples message :)
ckzwq5f in deepweb on 04 Oct 14 (1pts):
Any comments about this text?
ckytmuv in deepweb on 02 Oct 14 (1pts):
cruel... but true is something like this...
ckyr8d0 in deepweb on 02 Oct 14 (1pts):
Ok... I will write these articles to english... But it take some time... I already translated "Deep Web - Same Article, English Version"... Gimme time...
Obs.: Brazilian Portugues. Not Spanish......


7yv6my in MoneroMining on 20 Feb 18 (1pts):
(Question) Any way to mine XMR in a OpenWRT device?
3rvn25 in dogecoin on 07 Nov 15 (1pts):
Install Dogecoin Core in Linux
3rqvfm in dogecoin on 06 Nov 15 (1pts):
Just 3 questions
3rp01k in dogecoin on 05 Nov 15 (1pts):
Hi Doge Guys!
I'm a bot. My home is at /CommentRemovalChecker - check if your posts have been removed! (How to use)
Help us expose and stand up to social media bias and censorship!
submitted by MarkdownShadowBot to CommentRemovalChecker [link] [comments]

I got pwned: a cautionary tale

As background, I've been playing with a Digital Ocean instance for the past few months - getting DNS and Let's Encrypt set up, setting up nginx as a reverse proxy, and now setting up nextcloud.
Last week, I was pretty pleased with myself. I installed the Calendar plug-in and started syncing my calendar - independently of Google! Today I started getting from 500 errors popping up on my phone. I didn't think much of it - I figured something was weird with nextcloud, I had overlooked something, and I could figure it out when I got home. Unfortunately, I just found this in my database.
centos:~/src/nextcloud-config$ mysql -h -P 3306 -u nextcloud -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.4.8-MariaDB-1:10.4.8+maria~bionic mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | nextcloud | +--------------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> USE nextcloud; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [nextcloud]> SHOW TABLES; +---------------------+ | Tables_in_nextcloud | +---------------------+ | WARNING | +---------------------+ 1 row in set (0.00 sec) MariaDB [nextcloud]> SELECT * FROM WARNING; +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | id | warning | Bitcoin_Address | Email | +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | 1 | To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address ieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: nextcloud . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | ieUD | [email protected] | +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ 1 row in set (0.01 sec) 
I have no intention of paying the ransom. 1) They have a few calendar events and some example documents from me. 2) Even if I pay, there's no guarantee they would send me a copy of the data.
All things equal, I feel lucky this happened so soon ... I only lost like 3 calendar events, all of which I can recreate from memory. I guess I need to back up and re-evaluate my security assumptions (notably to make backups early).
In the hopes of detecting the root cause, here is my (redacted) nginx access.log from today: https://pastebin.com/JQ64ctcG Naturally my judgment is in question, ha ha, but I did see a few suspicious-looking entries (some suspicious-looking stuff in there (github.com/robertdavidgraham/masscan, some calls to /login and /wp-admin, some requests that look like binary data...). If anyone could help me understand how my server was compromised, it would be much appreciated.
Thanks all ... remember that weird shit like "entire Internet scanner" exists ... :-(
edit: Thank you all so much. Based on the ideas from the comments, the prevailing hypothesis about the root cause is:
- no firewall was active, either through the host admin panel (Digital Ocean) or in Linux itself
- In the course of troubleshooting, I had exposed port 3306 on my database container to anyone with access to my droplet, i.e. the whole Internet (via DNS). My intention was to expose the port only to other processes on my droplet, but I unintentionally exposed it publicly.
- I had an extremely weak root password
- With the "masscan" port-scanning tool, the vulnerability was detected by an attacker quite quickly, like within a week of me having this configuration active. Then a simple dictionary attack would have let them into root in my mariadb container.
Well ... knowledge is half the battle. Thanks again everyone ... I hope this thread will help a future lost soul who finds themselves in a similar circumstance.
submitted by silvertoothpaste to NextCloud [link] [comments]

Strengthening Data Security Using Blockchain

With businesses across the world riding the digital wave, data will be a key competitive differentiator in their successful transformation stories. Besides the massive data deluge, with the advent of hybrid cloud business models today, data goes beyond the perimeter of an organization. While data leaks and hacks can prove to be hazardous for any organization, it would especially be damaging in cases where data is centralized. This leads to a powerful shift in the paradigm for decentralized and distributed ledger technology (DLT) applications.
Security ‘hexad’ using blockchain
Blockchain is a foundational technology that has the potential to revolutionize the world, similar to what the internet did in the past. The information security triad can be enhanced to a ‘hexad’ with blockchain-based decentralized data security for enterprises.
The decentralized immutable distributed-ledger technology on a peer-to-peer (P2P) network based on cryptographic concepts and consensus algorithms uses a cryptographic one-way hash, internally which helps to identify any alteration done to the blockchain data making it more transparent, reliable, trustable and independent also ensuring data integrity.
Asymmetric encryption with public-private key pair is used for making transactions on the ledger providing non-repudiation, and accountability. Since data is distributed on a P2P network (ensuring availability), there’s no single point of failure making it difficult for hackers to tamper data at multiple places. Consensus algorithms, or conditions on which a group agrees to put transactions in blockchain, help in decentralized distribution of power and forms the base of trust.
Permissioned blockchain (example Hyper-ledger Fabric) are kind of hybrid models where networks require participants to have authorization for access thus ensuring privacy. These could be used by multiple organizations participating in the blockchain network forming a consortium in a decentralized way while maintaining confidentiality. Fine-grained access control and data sharing mechanisms ensure that confidential data is shared only among the intended audience. While permission-less blockchain (example Bitcoin) have data publicly available to view, it would have computing intensive or complex powerful consensus algorithms to validate and update ledgers in order to deter DOS (Denial-of-service) attacks.
Data once entered in a blockchain network is immutable, i.e. not changeable until more than one-third of the network is compromised, which would ideally not be the case in a P2P distributed network. This also helps in establishing trust between unknown parties without the need for intermediaries, further reducing transactional and operational costs.
When data goes beyond the perimeter, organizations can be sure that data is unaltered, not accessed by cloud vendors or anyone else ensuring privacy and integrity. Confidential agreements could be on blockchain using smart contracts which execute automatically when consensus conditions are met. Any litigation or disputes raised could be easily settled real-time, thus establishing accountability. The features in the hexad, along with immutable data in blockchain, make auditing easy and reliable.
Reducing cyberattacks and enhancing security
When a request is placed on a browser, it sends it to a network of computers called Domain Naming System (DNS). DNS is like a phonebook for the internet. It resolves the website to an IP address which helps in connecting to the right server on the internet. Typically, DNS servers are centralized by nature. Making DNS decentralized and distributed using blockchain could reduce cyberattacks and enhance security.
Multi-layered security frameworks based on blockchain technology decentralize the risk and reduce sophisticated phishing attacks for organizations. Encrypted data, decentralized storage and publicly visible ledgers (for transparency) can instill a new set of cybersecurity priorities for governments and other public institutions, while private and permissioned blockchain help in transforming the enterprise data operational models.
Identity verification procedures provided by authorized institutions on blockchain network help for secure and reliable validation and sharing of information. Device identity on blockchain for IoT security can reduce device impersonation and spoofing attacks. End users who worry about the security of their digital footprint can be self-sovereign, i.e., own data and share on need basis on a decentralized internet using blockchain. This also makes customers active stakeholders and can change how organizations handle information from everybody who interacts with their network, transforming the business models.
Blockchain- now and the future
Hyper-ledger umbrella is a global open source collaborative effort hosted by the Linux Foundation for multiple blockchain projects, libraries and tools for various enterprise and industrial deployments. Blockstack is an open source blockchain-based decentralized computing platform which provides a full- stack alternative to traditional cloud computing for building secure decentralized applications.
US space-agency NASA utilizes blockchain technology open source permissioned network for tracking air-traffic to curb cyberattacks on aerospace agents. This is to enhance privacy and security of aircraft data for corporate and military flight operations, helping in preventing unwarranted public access to confidential data. NASA has also signed up for an autonomous spacecraft project based on blockchain along with AI, networking and sensor-based technologies.
Certain quantum computing techniques have the potential to break the cryptography algorithms used in blockchain but less likely in permission blockchain since the participants are verified and authorized. The solution is to build quantum-resistant ledgers. Enterprises adopting this technology need to pick appropriate use cases to get maximum benefit.
In the future, world trade, tokenization of valuable assets, self-sovereign digital identity, public sector facilities and benefits, health-care data, strengthening security, congruence of IoT, AI and blockchain for autonomous decentralized products and services are likely to have wide adoption in real-time based on blockchain technology.
Enterprises with hybrid cloud models adopting blockchain for data security can be confident about their data security even beyond the perimeter, and ensure required audit and compliances with reduced costs. The disruptive and transformative potential of blockchain technology in enhancing data security will enable the emergence of new models, helping in digitally transforming the ecosystem for the better of the world.
submitted by BlockDotCo to u/BlockDotCo [link] [comments]

Linux Ubuntu 18.04 LTS - 09. Instalación del servidor Electrum Personal Server (EPS) How to configure and use Blockchain DNS plugin on Windows(access blockchain website joker stash) Konfigurasi DNS SERVER di Ubuntu 16 04 Setting DNS Server di Linux Ubuntu How to install bcoin (bitcoin full node) on Linux

Linux, BSD and Windows. A number of operating systems including Linux, BSD and Windows are readily available to be installed on a VPS with just a few clicks. DDoS Protection. Every VPS is supplied with highly scalable, resilient and sophisticated DDoS attack mitigation solution absolutely free of charge. Bitcoin Accepted. You can pay for your virtual private server orders with Bitcoin, Bitcoin ... Bitcoin wurde 2008 entwickelt, und ist die weltweit erste Kryptowährung. Der unbekannte Entwickler tritt unter dem Pseudonym Satoshi Nakamoto auf und beschreibt Bitcoin als ein "Peer-to-Peer Electronic Cash System". Das. heißt, das Nutzer Bitcoin Zahlungen untereinander abwickeln können, ohne dass eine zentrale Bank als Mittelsmann agieren muss. Transaktionen werden von sogenannten "Minern ... DNS seed policy Assets attribution Table of contents Windows Subsystem for Linux ... Below are some notes on how to build Bitcoin Cash Node for Windows. Please note that from BCHN v0.21.3 onwards, building for Win32 is no longer officially supported (and build system capabilities related to this may be removed). The options known to work for building Bitcoin Cash Node on Windows are: On Linux ... Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It only takes a minute to sign up. Sign up to join this community. Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Home Questions Tags Users Unanswered Jobs; Fedora 33: Use custom DNS addresses. Ask Question Asked 6 days ... In this post we’ll see how to setup a custom bitcoin explorer with spruned and btc-rpc-explorer on a free AWS instance, with free certificates and free dns entry so… 100% costs free :-) The ...

[index] [5494] [23107] [18378] [1782] [11655] [9211] [29960] [18611] [18005] [22010]

Linux Ubuntu 18.04 LTS - 09. Instalación del servidor Electrum Personal Server (EPS)

Video 1 KOnfigurasi DNS Server di Ubuntu 16.04. Install and Configure bind9 DNS Server on Ubuntu 16.04 LTS (Cache, Zones, IPv4, IPv6 and Slave) - Duration: 1:19:28. Christian Augusto Romero ... In this course you will learn about ins and out of Linux permission. For example: user permission, file permission, sudo, sudoers, Managing users and so on. ⭐️ Table of Content ⭐️ 00:00 ... This video goes over how to make a DNS seeder for a bitcoin-derived cryptocurrency. If you're not familiar, DNS seeders are special nameservers that provide new clients with a list of healthy ... How to run a Bitcoin Full Node(Linux + Build from Source) - Duration: 14:13. Coding with Canbo Recommended for you. 14:13 . Blockchain Nodes - How to Make a Node on Raspberry Pi! - Duration: 24:03 ... Mastering Kali Linux for Advanced Penetration Testing: https://amzn.to/2SUAyO3 DNSWalk is a tool that's included with Kali Linux that attempts to do a Zone Transfer to pull all DNS database ...