mayvaneday/blog/2023/08/interview.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

VeeChit,

Normally I don't respond to emails that sound like requests for interviews 
because they're invariably either an attempt to get me to dox myself or the 
person asking the questions doesn't like how blunt and direct I am with my 
responses and just calls me a bitch and tells me to kill myself. But today I'm 
feeling reckless, so fuck it, I'll take the bait just this once.

> 1. What is the reason for your importance to security and privacy? Is it a 
personal interest or a need that must be paid attention to?

I assume by "your importance to security and privacy" you mean to ask why they 
are important to *me*, not how *I* am important to *them*. The answer is 
straightforward: growing up in a repressive household where writing innocuous 
poems online about being gay is worthy of being grounded and socially isolated 
from one's support networks and friends for several weeks at a time will turn a 
relatively outgoing woman into a paranoid and bitter one. The trauma of not 
knowing whether or not sharing my opinions and viewpoints on things will be met 
with violence at any given moment is a burden I have carried with me since 
adolescence and will likely carry for the rest of my life.

Even though I now live on my own and have far more control over my life than I 
did even a year ago, I still have a deep-seated psychological need to protect 
myself technologically against random device searches, spyware, and attempts at 
stalking through the Internet. I physically cannot bring myself to use any 
operating system that doesn't have full-disk encryption either baked into the 
operating system (any mainstream Linux distro) or can't be jimmy-rigged to have 
FDE (Windows via VeraCrypt), so even though Haiku fascinates me, I can't use it 
as anything other than a toy, a curiosity. All of my external USB drives are 
encrypted. I store my files in plaintext or free-as-in-freedom file formats 
whenever possible to ease the pain of potentially having to jump ship to a 
different operating system at a moment's notice. (Since, you know, I might have 
to use a different software suite there.) I use terminal programs whenever 
possible so I can replicate my Debian setup on every computer I own regardless 
of processing power, from my beefy gaming desktop to the ancient 32-bit tower I 
inherited from my great-grandmother. If I lose access to one device for some 
reason, whether a deliberate confiscation by a "well-meaning" family member or 
theft or simply the device dies and doesn't work anymore, I can be up and 
running on any other one I own within a few hours.

I am also increasingly paranoid of a potential shutdown or interruption of the 
Internet. Living for years in a house with a piss-poor connection that 
constantly drops out does that to you, I guess. I keep burned DVDs of the 
Debian installer in my personal archives because one DVD will let you set up a 
full Debian system with a pretty decent collection of software available for 
further installation without needing any Internet at all. As Debian is my Linux 
distro of choice, knowing I can bootstrap a new system (or a salvaged one) 
without an Internet connection brings me great peace of mind. I also only use 
software that can operate entirely without an Internet connection, such as 
Hydrus (https://github.com/hydrusnetwork/hydrus). I felt very smug that week in 
July when Twitter wouldn't let you see anything without logging in and the 
whole Internet was complaining about all the content on the birdsite they 
couldn't look at anymore and yet my local collection of funny images was 
completely unaffected.

> 2. Considering the number of users of social networks and messengers such as 
WhatsApp - Telegram, does it matter if I use Signal or Matrix or PGP email?

WhatsApp isn't used at all where I live. Telegram is only used by nutty 
conspiracy theorists. Everyone I know just uses plain SMS. I have more to say, 
but I hate repeating myself, so I'll just elaborate more in the next answer.

> 3. Why do people give the least importance to security and privacy? Is it 
because of lack of information or not caring about this issue? For example, 
most people do not use ad blockers, VPNs, open source software! Or they install 
any program on their phones and PCs

You have to understand that most people have more pressing and immediate issues 
in their life than the vague-to-them threat of corporate surveillance or vendor 
lock-in. If you ask some random person off the street what their top five 
concerns are right now, "privacy on the Internet" almost certainly isn't going 
to make the list. They're going to say things like "making rent" and "the 
rising cost of living" and "going bankrupt from a single medical bill". If 
they're the type to glance at the news every so often, they might also say 
"climate change" or "nuclear war".

In the disabled community, we have a concept called "spoons". Spoons are like a 
measure of mental energy. Usually one gets a limited number of spoons each day 
to spend on daily activities like doing one's laundry or feeding oneself or 
tidying up the house... You get the point. (Hopefully.) The average person is 
using all their spoons on staying alive. If they come home from work exhausted 
and only have three spoons, they are going to spend those on making dinner and 
showering and maybe some mindless Netflix consumption before collapsing into 
bed. They're not going to be learning how to be a sysadmin and setting up a VPS 
to self-host things. To them, that is like a second *unpaid* job with little to 
no personal benefit. Maybe it would pad their resume out, but if they're not 
looking for a tech job, what's the point to them?

Think about the misogynistic stereotype of the "wine mom" who likes to scroll 
through Facebook and comment on cringy Minions memes and post unflattering 
group photos of her family members taken during holidays. To you and me, she 
might be hopelessly caught in the spiderweb of corporate algorithms sucking her 
dry for data to feed to advertisers. But to her, she is just socializing with 
the people in her life she loves. (Well, whichever ones are on Facebook, 
anyway.) In her eyes, she is doing nothing wrong, and people like you and me 
are trying to destroy her method of keeping in contact with far-flung family 
members and trying to force her to absorb the equivalent of a computer science 
degree in order to use a "fedi-what?" whose interfaces aren't nearly as flashy 
and whose denizens are nasty and brutish and not as easily shut out as 
exclusion from one's Facebook friend list would be.

"Normal" people don't care about privacy and security. They don't care if their 
tools are proprietary or spying on them or could go away at a moment's notice 
if the company behind them shuts down. They want to play games with their 
friends (Windows) and socialize (Discord and every mainstream social media 
site) and get help with their homework (Google search). "Normal" people are not 
swayed by appeals to ethics or morals when it comes to their technology. The 
most that letting them know their iPhone was made with Chinese slave labor will 
do is momentarily make them feel bad; they will not stop buying iPhones. If the 
privacy community wants to get "normal" people on board, they have to figure 
out how to overcome the apathy and make their alternatives more convenient and 
less expensive than what the "normal" people are already using.

I wrote a blog post a while back discussing many of these same ideas: 
https://mayvaneday.org/blog/2021/september/not-harmful.html

> 4. Do you think having a site and YouTube channel and teaching people can be 
useful? Or do people not care?

One of the questions further down in your email implies you want to start a 
site (and you haven't already) and you're going around asking people for advice 
on how to do that. Listen: you *have* to move beyond caring what other people 
think. Trends on the Internet these days are frequently outlived by the common 
housefly. If you base your entire online existence on being "useful" to others, 
you're going to spend the rest of your life pursuing ghosts with little to no 
reward. Chasing the dopamine of online validation is how we ended up with 
platforms like TikTok and the lunacy that goes on there. If you're going to put 
in the work to make a website, it has to be about something that interests 
*you*. The motivation has to come from inside, not outside. You don't know 
who's going to look at your site in the future, so you might as well have it 
cater to the only guaranteed audience: yourself.

When I'm looking for a tutorial for something online, I always skip the YouTube 
section at the top of the search engine results page or just put "-youtube" in 
the query. Videos are clunky, bandwidth-intensive, hard to search, and not 
easily updated. Don't bother making videos for YouTube unless you're mirroring 
them elsewhere, like on a personal PeerTube instance.

> 5. Has the content of your site ever helped someone who thanked you or even 
donated?

Literature? Sure, I get plenty of people emailing me out of the blue to praise 
my poetry.

Writing about tech? Usually it's people trying to get me to play unpaid tech 
support with unparseable grammar or the Lokinet devs harassing me once again 
because I said their software sucks. Or it's an email full of misogynistic 
slurs for the crime of being a woman on the Internet.

Nobody donates because I have no ways of donating listed on my site. Keeping 
everything non-commercial gives me a legal advantage because, if someone tries 
to argue copyright infringement or that I've done them some other damage, they 
have no evidence that I've seen any monetary profit from the activities in 
question. Plus then I don't have to deal with figuring out how to keep myself 
pseudonymous from donors while still being able to convert the pretend Internet 
money into something I can buy groceries with.

> 6. Why are you not a member of any social media such as Twitter - Instagram - 
Mastodon?

Because they all invariably hate women. Every single damn social media site has 
a culture where women and their opinions are only welcome if they're peddling 
pornography or parroting the party line of the patriarchy. No dissent is 
allowed. Even just the simple statement of "I'm a woman" is enough to get waves 
of harassment, sexual or otherwise, sent one's way, and the platforms rarely do 
anything about it because of the sheer volume of the abuse and "muh freeze 
peach". (Have you ever read the book *Haters* by Bailey Poland? You really 
should.) Even on a supposedly pro-woman platform like Ovarit, the misogyny 
hounds me: I mainly stayed in the circles about technology, and people 
frequently accused me of secretly being biologically male because I... knew 
more about tech than the average poster. VeeChit, does that sentiment make any 
sense to you? "Women are naturally incompetent at technology, so anyone who's a 
woman and likes computers is secretly a man"? Because it doesn't make a single 
damn shred of sense to me. Especially when coming from a group of 
self-proclaimed feminists.

> In your opinion, what is the difference between someone who is not a member 
of these networks and someone who uses these social networks?

A person who uses social media is just a person. A person who *doesn't* use 
social media is still just a person. If you want me to be like those alt-tech 
sites with Pepe frogs or Lain in the header who write thousands of words about 
how they're morally superior for not using social media, you're going to leave 
this email sorely disappointed.

The effect that a social media network has on you heavily depends on the social 
circles you interact with inside that network. There's a world of difference 
between the handful of Japanese fan artists that live in my RSS feed reader and 
your average "RATIOOOOOO" poster who still consumes "offensive" memes better 
left in 2016 and thinks unsolicited references to porn are the pinnacle of 
comedy. But both groups are on Twitter. I've had respectful interactions with 
people on Instagram the brief period I was on there, and I've had hate 
campaigns against me on the fediverse. Sure, Twitter has an algorithm that 
optimizes for making its users spend as much time as possible in the app, and 
most fediverse servers don't. But clowns will be clowns no matter what circus 
they're in.

In the same vein, I've met antisocial creeps who don't use social media but 
will still probably end up in a jail cell for hate crimes one day, and I've met 
perfectly well-adjusted individuals who like to scroll through their Facebook 
feed during their lunch break at work. Holding the reductive opinion of "social 
media users bad, non-users good" is unproductive and will just serve to make 
you feel isolated and resentful.

> 7. What is the main advantage of being anonymous on the Internet?

People can't hate-crime you if they don't know what slurs to use. Then again, 
if you never see any visible minorities on the Internet, if you never see any 
opinions that go outside the zeitgeist of the average "straight white 
middle-class American male"... it starts to feel like, if you don't fit the 
profile of that aforementioned average Internet user, there's no real place for 
you on the Internet. Either you have to pretend to be a member of a demographic 
who hates your guts - a sheep wearing wolf's skin to avoid being eaten - or you 
forgo your anonymity and risk being sexually harassed or having deepfakes made 
of you in pornographic situations or doxxed and have violence inflicted on you 
in real life.

But you specifically mentioned *advantage*, not *harm*. Assuming you're 
*actually* anonymous and not the kiddie's idea of anonymity - "I opened an 
incognito window so my daddy can't see my browsing history" - companies can't 
advertise to you as easily because their data's all muddled up. If you have a 
shared Whoogle (Google frontend) instance accessible over Tor and one person's 
searching for programming tips and one's looking up video game walkthroughs and 
one's doing price comparison on beauty products and one's doing research on an 
ancient historical event, what pre-defined slot, what archetype, is Google 
supposed to file any of them under? To Google, it looks like one singular 
discombobulated person. I might be in the United States, but the Whoogle 
instance might be in Brazil or some obscure European country. Have you ever 
tried to turn on a VPN and then rawdog a YouTube video? I get weird ads for 
products in Japan. I can't understand a single word of what's going on. The 
advertising fails.

> 8. According to your experience, what is the best and most secure VPN 
available that you recommend?

All VPNs are scams. Use Tor for the actually sensitive shit. There's nothing 
worth watching on streaming platforms, but if you disagree, I leech off of 
Riseup VPN for torrenting and I've yet to find a site that blocks me.

> 9. I am planning to start a site with Hugo, but I have no experience on the 
server side to set up the web server and security matters... Can you help or 
introduce a reference that you approve?

All CMSes are bloat. If you're running a hobbyist site and you feel like you 
need seventeen build pipelines just to output some static HTML and CSS, you 
seriously need to rethink the structure of your site. I've handwritten every 
single page of my site since I switched off of WordPress, and I've never had a 
problem.

> What web server do you recommend for clearnet and onion?

There is only one good web server in existence, and it's Caddy. Forget about 
copy-pasting incomprehensible configuration files to make nginx happy. Here's a 
perfectly functional Caddy site in only 5 lines of config:

mayvaneday.org {
	root * /var/www/mayvaneday/
	file_server
	encode gzip
}

With that, I get automatic TLS renewal, file compression, and HTTP-to-HTTPS 
redirection. No weird redirect blocks like with nginx.

Tor sites work the same. You just have to put "http://" in front of the 
hostname so Caddy doesn't try to get a TLS certificate.

http://myonionhere.onion {
	root * /var/www/mysite/
	file_server
	encode gzip
}

> 10. From which site should I buy a VPS - Domain, is it safe and accepts 
Crypto?

The only way you're going to be "safe" when publishing is if you use Hyphanet 
(formerly Freenet) for the whole thing. Otherwise you run the risk of at least 
one component of your setup failing: your VPS provider kicks you off on a whim, 
your domain provider revokes your domain, you self-host at home and the power 
or Internet goes out, you mess up your DNS records and your domain points to 
the wrong server...

If you stil insist on setting up a clearnet site, and your site is static HTML 
and CSS, you're better off using something like Codeberg Pages 
(https://codeberg.page) and then pointing a domain to it. My current domain 
registrar is Namesilo. I *think* they accept crypto, but I don't know for sure, 
and I don't really give a shit either way since I think all crypto is a scam. 
(https://www.stephendiehl.com/blog/crypto-is-a-scam.html)

> 11. What do you think is the main advantage of using Ublock origin, Linux and 
free software?

It throws a wrench in the corporate advertising machine. I believe advertising 
is cognitive terrorism: companies are trying every trick in the book to force 
you to spend time and energy thinking about them and their products. Even if 
your sentiment on a product or the ad promoting it is bad, it's still worming 
its way somewhere into your brain. I can remember advertising jingles and theme 
songs from almost twenty years ago when I was still a toddler, *long* after the 
original marketing dollars were spent. Corporations want to live in your head 
rent-free. Why else would they make such annoying commercials on TV and 
streaming services? Why else would over two hundred *billion* dollars be spent 
every year (just counting the USA!) to compete for your finite time, attention, 
and neuron space? (https://www.statista.com/topics/979/advertising-in-the-us/) 
I'm at the point where I'm going to start committing acts of property damage. 
Have you ever seen those photos of European countries where billboards are 
banned along the highways? The gigantic swaths of pristine land unmarred by 
corporate signage? It feels like I'm on an alien planet.

This is another benefit of having an offline-first setup. Advertisers can't 
track me if my data's not going anywhere. They can't burrow their way into my 
system like the ads in Windows 10's start menu if my system has no way into it.

> 12. In your opinion, which operating system do you recommend for security 
work? Whonix - Tails - Qubes OS

"Security", or "secure"? If I was going to test the security of something, I'd 
use Kali instead. Qubes is for when you don't trust your software. Tails is for 
when you don't trust your network. Whonix is for when you don't trust your 
ability to set up a secure environment and you just need a "good enough" 
solution.

VeeChit, please tell me where you got this email address from and how you found 
my site because, judging from the fact you addressed me as "Vanevander" without 
the space and not as my actual name (Vane Vander), this smells a lot like a 
mass email you fired off to multiple webmasters without reading any part of my 
site first.

- - vclv
-----BEGIN PGP SIGNATURE-----

iQFOBAEBCgA4FiEEq2j4OrvQF4SeDEtjVj/VgT2D7rUFAmTT+A8aHHZhbmV2YW5k
ZXJAbWF5dmFuZWRheS5hcnQACgkQVj/VgT2D7rXnEgf9GQ8At0mbcp3f6N1FAMno
w+XDyF8eQQ0IHVnw542RN4Fx6aIp10b/hj2WTgSw2OHFfeljLvwk+NTadb6vR2R6
zgPjZHHusMZFBJWWaegf+SwDzeirmAtiVThru6yTnR22Cibn04qO2X949wo9UL3S
tdzWhIwMYiFe32sYuUFxxlQJRKEHjkshHed29YoyJ3lDU3M+nt7hVoeAaby/bzhV
9QtCjfcmf2l+AeXoymQylGv5pIRARy9m/ZsOQiTJEz2CC551R9sOvCWaQJiIHKhZ
1N4nFoLepaWyFwSSy8hJlvyDAUe9+heyJs1tXeA1UTXuYCZnaJaLnvk7YhRXJxOe
uw==
=vdGk
-----END PGP SIGNATURE-----