Projects Blog Music Files Forum About/Other

capsule losing contact_

Just a random blog

Check out the blog index, so you don't have to scroll that much.

The rss of this blog can be found here.

Basic Post About Privacy/Security Tools And Practices Because I'm Lazy

[feed|standalone]

Baseline privacy/security guide mainly for people that aren't interested in this kinda stuff. There are probably better resources out there...

Messaging

We all use messaging pretty often for online contact. You should probably be using something at least decent.

Use Signal. This is the absolute baseline. Just go to whatever app store and install it now. It is literally all the good parts of imessage and whatsapp. If you don't care about security or privacy at all still get it. There are people that you talk to that want to keep their private messages private. Respect that and use it, Signal is the same if not better than whatever you are using right now.
SMS is not encrypted on Android and Apple is evil.

If you are just a normal user, get it. Literally no reason not to, install it and see for yourself.

>>> SIGNAL <<<< /strong>

There are some things you should know if you care at all...

  • This is a centralized service meaning everything is connected to one server/network. Though everything is E2EE (unless sent as SMS, i.e sent to someone that doesn't use Signal) meaning the glowy boys can only (ideally) get encrypted data from Signal's servers.
  • Signal isn't the best service (has done some weird things and adamant on staying centralized). But it provides the best convenience and privacy and is a huge upgrade to all popular messengers.
  • Requires a phone number to sign up. I suggest just using a fake one.
  • There are forks out there worth a look for the people that care more about privacy/security too. Check out Molly and Session.

Other messaging

For the more privacy/security focused Signal isn't the best option. I would suggest checking out Federated and Peer to Peer options.

Here are some suggestions to get you started.

Federated (multiple independent servers).

Matrix (Element), is a good choice for something more on the convenience side. Platforms (IOS/Android/PC).

XMPP, this is one I would suggest more as it is more minimal. I've heard people suggest using Snopyta as a provider. Platforms (IOS/Android/PC).

Peer to Peer (directly connect).

Briar, haven't got to use this much because no one I know uses it. Thus, I can't say anything about it. So hit me up if you decide on this option (and know me).

Browsing

Browsing the internet with a browser is another very common activity. I strongly suggest you care about securing it.

As a disclaimer there is no best option here. By that I mean privacy is just not a priority for companies that make worthwhile browsers at the moment (with one kinda exception)... ugh.

My first suggestion would be Firefox. It offers the most options and can be configured to offer quite a good amount of privacy. Personally I suggest the Librewolf fork. It is what I use and all the good privacy/security settings are out of the box.

If you must use a Chromium based browser, please don't use Google Chrome. Brave is a better option for an experience exactly like Google Chrome but superior.

I also suggest you don't overlook TOR. The TOR browser is the best for private and secure browsing. It can be quite slow but I found I use it a lot on my phone where pretty much all my searching is just throwaway stuff and I'm not searching that often. Anyway it's worth giving a try.

I also strongly recommend checking out I2P and Freenet, both are really cool projects kinda like TOR.

The most important thing about internet browsing is compartmentalization. Really meaning just keeping things separate in this case. This can be done by using different browsing profiles (just type about:profiles in the search bar for firefox), different browsers, or different devices. For example keeping throwaway searches, shopping, school/work all separated using a mix of the aforementioned ways is a good idea. That way any tracking done on one compartment can't be tied with the other activities. How you separate this out is unique to your life. I suggest writing your common browsing uses out and then grouping them into what seems logical based on what data relatedness is shared between any given activity. I.e I wouldn't group my banking with watching Youtube or shopping.

Email

Don't use Gmail. Just don't. Okay.
Email is email. Gmail doesn't do anything special for you so you should at least use something private.

Some suggestions (though I suggest you do some research on what's best for you, here is what I recommend).

Friendly (easy, minimal knowledge required).

A little more effort required.

Advanced.

  • Self-host (I know you can do it! Or just support a friend who does self-host...)

Compartmentalization is another good idea to use for email accounts. Simple Login and AnonAddy are two services that can help with this. I also suggest looking into GPG encryption if you care about security/privacy with email, but remember metadata exists.

Also remember don't make accounts for everything you use if you can continue as Guest or use a temp mail (i.e something like this) go that route instead :).

VPN

VPN's are advertized quite badly, really all they do is move your internet traffic to the VPN provider. All your ISP or the network you are connected to will see is you connecting to the VPN's servers. Though there is still legitimate use cases for one. But remember you are basically transferring your trust to another company.

I'm not really going to go through paid options here because I'm broke so I will assume you are too. If you want more data based ratings that includes paid options techlore has a nice chart.

Something real quick... Usually you don't want to go for a free vpn because it costs money to run a sever and if you're not paying them, your data is the payment.

ProtonVPN, by far the best for speed for the price of free. As far as my research tells me this is quite a privacy respecting company. I've used this vpn for a while now and it's nice.

RiseupVPN, slow but ultra private. Worth a look at.

Self-hosted (I use Wireguard), do it yourself or support a nerd you know. Really the only legit way of using a VPN. Though the other listed options are a close second.

Password Management

Want to use super secure passwords that you don't even have to remember? Use a password manager.
(some are better than others though...)

KeePassXC is my go to. It just keeps an encrypted file on your device. Give it a try you wont look back.
To sync with other devices you can use Syncthing (what I use!), rsync or a cloud based solution (I can really only suggest Nextcloud here.) Your KeePass file is encrypted so you're good even if someone gets their hands on it.

Bitwarden is the best cloud based one for users that find KeePassXC too much work (I suggest giving it a try though).

Know how to make secure passwords and make sure your database one is secure to the max. Using 2fac on everything you can is also good practice. OTP is the most secure method for 2fac so look for that.

Social Media/Videos

Well if you really want to use it. It's worth it to join the Fediverse.

I use Pleroma (Husky app on Android) and Pixelfed, both are great and better than their bloated counter parts. You won't get the usual crowd but it's important to move the usual crowd to better alternatives.

The fediverse basically works like email. Anyone can run a sever but they can all communicate. Because of this it's censorship resistant and gives you more choice and autonomy. You can also host your own instances no problem, making it even better for privacy!

For videos LBRY/Odysee is worth checking out. You may find people you already know from Youtube. Peertube is another really good alternative to the evil Youtube, and is part of the fediverse.

If you aren't a slave to the Youtube algorithm (I suggest you try to wean yourself off of it if you are...) you can use something like Invidous, RSS+MPV or NewPipe if you have Android.
(These services are a better than normal Youtube as they have no ads. In NewPipe's case you can watch Youtube videos in the background or in a widget which is a straight upgrade.)

Bonus Stuff

Your phone is a tracking box. Get a watch (F-91W or something), print recipes, and try not to rely on it that much.
(I get it though phones are nice and all. Check out custom roms like LinageOS or even better GrapheneOS. Your cell provider will still track you though.)

Don't use Discord. (Seriously, don't. Even just use it less, much less.)

Use cash to buy pre-paid credit cards to make private payments online. If you play guitar, even better, get one of those pick punchers; save the environment.

Try to use FOSS software wherever possible.

Personal Website > Instagram.

Avoid bluetooth as much as possible. It is very insecure and has had (and still has) many serious vulnerabilities. There are apps you can get that automatically turn it off after use (though some can be finicky).

For the more advanced users setting up Mac Randomization on portable devices and changing your DNS (set it on your router at home to save some time) to something thats not cloudflare or google is a very good idea!

If you are new to this stuff or just like visuals techlore has a good course. It is good for newbies or just people who are curious. For the cool kids out there and those who like to read, Extreme Privacy: What It Takes To Disappear by Michael Bazzell is a good one.

2021 May 05

Get Off Discord And Keep Your Friends.

[feed|standalone]

A guide to help someone who cares about privacy use Discord without really using Discord.

Intro

If you have gamer friends and you want to make the switch to a better platform it's likely all your attempts usually result in either an argument or just never work. I find that I'm usually able to get them to agree that a world where companies weren't evil would be a better place but usually it just ends with either: It's just a better service and it's worth the privacy loss or everyone else uses it...

With the common problem recognized we can move on to what you need:

  • A server (be it a VPS or hardware you own).
  • A domain.
  • A relationship with the admin of a discord sever (or your own server).

Now onto the actual guide. This guide will be split into three parts: Text, Voice, Stream. This guide will cover self-hostable/FOSS services for these categories as well as bridging those services to Discord.

I will mainly cover what I personally use to do this on my own server...

Text

Service

Personally on my server I use Matrix. A set up guide can be found here.

Matrix is pretty easy to set up and you just have to set it up normally. Try to take care about setting it up properly/securely and do as many performance tweaks as you feel comfortable implementing.

That being said Matrix is kinda bloated and takes up a crazy amount of ram. The reason I still use Matrix is because it's more normie friendly. With time I hope it becomes more light-weight as well as a genuine contender to Discord. Other than the performance I actually don't have any other major reasons to dislike it. It's still the closest project to actually convince Discord users to switch in my opinion, and that's my main priority. For text you can also use XMPP which is a lot better although for more hardcore users. I use Prosody on my server and it's pretty awesome. I know you can also bridge XMPP chat to Discord, but I have no experience with that.

Bridging

For bridging to Discord you will need a Discord account to make bots needed to link the servers. I suggest you make a separate (if you already have Discord) and properly OPSEC created account to make your bots.

For bridging Matrix to Discord I use Half-Shot's Matrix Discord Bridge (here). There is also another one that puppets your own Discord account. Tying you Discord account to your Matrix one.

I use Half-Shot's because for privacy reasons I want to limit the amount of relation from Discord to the bridge. This bridge just keeps it all through a single Discord bot.

Before installing the bridge I set up a user for it. Something like:

sudo useradd -m matrixdb

I then cloned the repository to the home directory of the new user and followed the README on the github page.

The README also goes through how to make a discord bot.

NOTICE: I've set this bridge up twice and both times at some stage there was an error. From my memory I think after the bot is added there's a space somewhere in the discord-registration.yaml that causes the program to fail. So just check that over that when testing an npm start.

Once you add a _matrix webhook to a room it can be found in matrix with a string in the form #_discord_guildid_channelid:matrix.example.xyz with guildid and channelid replaced by that found in Discord. A quick way can be achieved once you've already bridged one channel to the matrix by having someone #channel_name the other channels you want to add on Discord and then clicking on the bridged link in Matrix (you still need the webhook).

After finding the room I highly suggest you do this:

Admin yourself on every room by running: npm run adminme -- -m '!AbcdefghijklmnopqR:example.com' -u '@Alice:example.com' -p '100'. The '!' string is the internal ID found in the advanced settings of the room on Matrix.

DO NOT ENCRYPT THE ROOM IT WILL FUCK UP THE WHOLE ROOM AND MAKE THE ROOM UNUSABLE FOREVER!

Then set the room to invite only and make sure it's taken off the public directory and is unsearchable. That way I can keep the Matrix server open to randos but still keep the Discord private if I wanted to.

I also suggest setting it up as a service:


[Service]
WorkingDirectory=/home/matrixdb/matrix-appservice-discord
ExecStart=/usr/local/bin/npm start
Restart=always
StandardOutput=syslog
StandardError=syslog
User=matrixdb
Group=matrixdb

[Install]
WantedBy=multi-user.target

Then just enable and start the service.

With that hopefully everything worked and you can now talk to your friends without using Discord!

Voice

Service

For my server I use Mumble. A guide for setting it up can be found here

Setting up the service is pretty straight forward. You make a SuperUser password on install and then you allow the default port through your firewall.

There is some config that has to be done in the /etc/mumble-server.ini:

allowping=True
opusthreshold=0

I also did obfuscate=True, logdays=-1 and set a password.

Adding ssl cert and key is also suggested what I did for that was make a sub-domain mumble.example.xyz then generated a key using certbot --nginx and then copied the symbolic links in /etc/letsencrypt/live/mumble.example.xyz/ to another folder and allowed permissions to mumble-server. Then added the paths to the .ini file.

Bridging

To bridge voice I used Stieneee's Mumble Discord Bridge. It's new but gets the job done!. Find it here.

It starts out the exact same as the matrix bridge make a discord bot, make a new user, clone the repo.

Then follow the README on the github page and generate a command specific to your server.

I also made a service for this:


[Service]
WorkingDirectory=/home/mumbledb/mumble-discord-bridge
ExecStart=/home/mumbledb/mumble-discord-bridge/mumble-discord-bridge -discord-cid "CID" -discord-gid "GID" -discord-token "BOTTOKEN" -mumble-address "mumble.example.xyz" -discord-disable-text -mumble-channel "MUMBLECHANNEL" -mumble-certificate cert.pem -nice -mumble-password PASSWORD -mode auto
Restart=always
StandardOutput=syslog
StandardError=syslog
User=mumbledb
Group=mumbledb

[Install]
WantedBy=multi-user.target

You should now be able to join a voice channel without using discord!

As a warning though as of the writing of this Music bots are super loud so tell your friends not to torture your ears.

If you want someone to move you to another voice channel just have them run !mumble-discord auto then !mumble-discord link when they are in the voice channel they want you to join in.

Streaming

Streaming can't be bridged but you can always use other services. I personally use Metastream for streaming web-based content, pretty much the only use I give the Brave browser. It works pretty well and works for a movie night when streaming movies off sketchy streaming sites and youtube stuff. Syncplay is another alternative and is self-hostable, it's okay for youtube and works for downloaded files as well... but all users have to download the file before it can be watched making it fail for a movie night.

As for streaming games and other content all you got is OBS plus Self-hosted streaming server or Peertube/LBRY.

Of course this stuff is not as good as Discord streaming (streaming tends to be quite behind on most other services) but it doesn't work on Linux anyway. You also can't watch your friends if they are streaming but to me that's not much of a loss. Although I can see why it could be a deal breaker (though trying to convince them to use other means is worth a shot).

There's no way yet as far as I know to bridge video but to me that's quite minor, and I'm sure if your nerdy enough to set all this up yourself you don't really care for it either.

Conclusion

Hopefully now you can use Discord much less if at all. I've been running this set up for a while now and I barley ever use Discord now. It's been worth it for me so I hope it is for you! Now you can be more private while slowly moving your friends over and hey, if they are too stubborn no problem.

2021 Apr 24

Website update

[feed|standalone]

Updated my website to added a bunch of pages. This will be pretty much how it looks for a while now. I am planning on adding tags to the planetary ring transmission but that will take a little bit. What I will probably do for that is when I make a new post it will have something like id="midwestemo mathrock electronic fav". I'll have the program then look in an index of know tags and if it can't find one an new html page is added and the music post is cloned on that page and it will me accessable in planetary ring transmission tag list or something like that.

Anyway check out the new stuff! Here are some things I added:

  • Git server with stagit as a front end. Real happy with how it looks.
  • Files page I used fancyindex for this (took a while to find). Basically it generates a front end for an auto index and then you can style it.
  • Project library Made a project library for projects I dont work on much or are finished (though lots of my work is unfinished :c). I can update it real easy with another bash script I made.
  • A bunch of other pages Well just take a look around yourself! I plan on sharing this website to more people so had to make it look all good.

Some other stuff:

Since I did all this work with niche software I plan to make blog posts and maybe videos if I have time of how to add these to your sites. Hopefully I can get around to making matrix and other selfhosting tutorials too even just for my memory.

I would like to make some more maybe personal/general thoughts posts as well. But it's up in the air. Also I got some music posts on the backburner as well always wanted to do article style ramblings on Pretend or BLA at some point.

School will take up most of my time this season but hopefully I can grind out the backend before things get up to speed so I can just make content when I have the time.

2020 Sep 18

Backend for blog is done!

[feed|standalone]

Well it is done. I can now make blog posts quickly and easily from the command line! I use an edited version of lukes blog script to make posts simply. It is basically a bash script that appends/removes html code. I really want my site to stay on the minimalist side so a version of this script was perfect for my needs. I use the same bash script system for my music posts too. My plan for this blog is just mainly to be tutorials and other updates related to what I am interested in (also to keep me productive). Also I will probably talk about some music indepth if I have the time on here too. The main goal for this website though it to make it fun to browse, so I will be adding random fun pages in the future. Subscribe to the rss to keep updated on my happenings.

The name is a straight rip from one of Dusters albums but hey it fits the website theme so whatever.

2020 Aug 13

back to homebase -->