privacy.rst 4.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. Privacy manifesto
  2. =================
  3. Why?
  4. ----
  5. As of the 7th of February 2016 in Poland the *surveillance law* became effective. Keeping in mind privacy of mine, my family’s, my friends’, and acquaintances’, and answering in advance the question (I’ve heard for real) “How to contact you when you’re not on Facebook?”, I herby publish a list of means anybody concerned about their privacy may contact me with the use of.
  6. And no, I’m not on Facebook.
  7. Email
  8. -----
  9. Email is the main communication means used by me. Maybe it’s because nobody around seems to care to use anything else.
  10. **…@protonmail.ch** ``94F3 D05E A1CB 7EB9 6BAC 4FBF 2442 E277 76E0 A578``
  11. It’s my private email address provided by guys from Switzerland. The contact form on this website sends a PGP encrypted mail to that address. You can use it if You don’t know how to contact me.
  12. **…@student.put.poznan.pl** ``F6DE 8FF8 003C 5CDE 7E58 324B A315 493A 5453 2E5B``
  13. I don’t trust this service at all so if You want any privacy use explicit encryption. Use only if emails concern university life.
  14. IM
  15. ---
  16. - `Tox <https://tox.chat>`_ (text/audio/video)
  17. - `Riot <https://riot.im>`_ (text/audio/video)
  18. - `Ring <https://ring.cx>`_ (text/audio/video)
  19. - XMPP (text) …@disroot.org
  20. - `Keybase <https://keybase.io>`_ (text)
  21. - `Cyph <https://cyph.com>`_ (text/audio/video)
  22. - `Silence <https://silence.im>`_ (SMS/MMS)
  23. Mind that:
  24. - Using Silence only content is encrypted. As mobile phone network operators gather all metadata, telephony will be switched off in states of higher surveillance.
  25. - Cyph doesn’t require registration nor downloading anything. It’s perfect if You’re not registered on any of the remaining; just send a link and we’re good to go.
  26. A note why XYZ is not there
  27. ---------------------------
  28. Signal
  29. ~~~~~~
  30. Firstly, to contact me You need my phone number, which I’m unwilling to give away. Secondly, Signal creators keep `the whole graph who’s-with-who <https://whispersystems.org/blog/contact-discovery/>`_. It’s also inconvenient—it can be used only on a mobile phone, i.e. desktop app requires Electron, which is `huge <https://josephg.com/blog/electron-is-flash-for-the-desktop/>`_ (as it’s the whole of Chromium), and has `licensing issues <https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser>`_. Moreover Signal developers `are against federation <https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165>`_.
  31. If You’re still not sure about this: `further reading <https://drewdevault.com/2018/08/08/Signal.html>`_.
  32. Wire
  33. ~~~~
  34. Wire requires proprietary Google Cloud Messaging which completely undemines encryption (and, of course, is unethical). It used to be gratis for personal use (although it did use freemium businness plan); now it’s unclear. Despite the fact that all code is free, federation is not supported nor planned.
  35. XYZ (inclusion policy)
  36. ~~~~~~~~~~~~~~~~~~~~~~
  37. If You find a nice chat/messaging app and want to reccomend to/chat with me, it must satisfy the following conditions:
  38. - must be free software,
  39. - must be end-to-end encrypted,
  40. - must be accessible (i.e. I must be able to download it outside Google Play Store or other proprietary shops, or build it from source code; it would be perfect it it were in F-Droid),
  41. - must collect as little data as possible.
  42. That is the miminum. It would be nice if it supported federation and had a CLI client.
  43. “Hey! Wait…
  44. -----------
  45. …you don’t provide us with any ID.” No, I don’t. Above all, I don’t want bots to harvest my email and send me spam. Secondly, it’s not that You don’t trust me, but how could You trust me. You can meet me in person and ask for it, You can send me a message using the contact form (it’s encrypted with my PGP key). People I know personally know my IDs, my email address is attached to my PGP key—You don’t have to be a cracker to find it. So, invite me to Your key signing party, or something…