Digital independence in the age of the Big Five (How to cook up independent, secure servers for small groups and organizations)

From IFF Wiki
Jump to: navigation, search

Session Description

Small groups and organizations often rely on commercial services for their internal communications as well as for sharing files and managing their presence online. From email to instant messaging tools, cloud storage, website hosting, etc., it tends to be easier and cheaper to use commercial services than to hire a full-fledged technical staff to manage a server that is reliable and secure. At first sight, this choice may seem the most efficient, as big companies usually offer a well designed and fail-safe environment (and most of your friends are already using it). But whether these services are offered for free or sold, the price is not always what it seems, in terms of privacy or security. In the end, what counts for commercial companies is above all the shareholders’ interests, and the currency is more often than not their users privacy and habits. But good solutions to this problem are being developed. Based on configuration management software like Ansible and Puppet, they allow for servers to be installed and managed by people with basic system administration skills rather than by infallible experts, and nevertheless offer a good level of security both to the organization and the users. Most importantly they offer a degree of independence and privacy. During the session, the example of Caisleán (https://github.com/equalitie/Caislean/) will be user, but there are many such free an open source projects, for example LEAP (https://leap.se), the Puppet shared modules by several groups (https://gitlab.com/groups/shared-puppet-modules-group – with contributions by riseup.net, immerda.ch, sarava.org, and LEAP itself), Saravá’s https://padrao.fluxo.info/ and https://github.com/systemli/ by systemli.org. It would be interesting to start a discussion among different projects to see what is still missing in terms of best practices -- not necessarily only at a technical level, but also in terms of user experience, awareness of the local political contexts where these recipes may be used, end-user documentation and general issues arising with servers managed by smaller communities - and to start collaborating together.

Digital independence in the age of the Big Five (How to cook up independent, secure servers for small groups and organizations)
Presenter/s KheOps
Organization eQualit.ie
Bio/s In 2011, KheOps participated in uncovering mass electronic surveillance equipment in Syria and helped Syrians evade governmental censorship with an informal team on the Telecomix IRC. He has since been taking the fight for fundamental rights to a European level, notably helping La Quadrature du Net in their campaigns against ACTA, in favor of network neutrality and against recent French mass surveillance laws. KheOps believes in local, transparently-managed and community-run Internet access providers as a means to run respectful networks, and as such actively participates in FAImaison, a local non-profit access provider. He advocates cryptography, free and open source software and self-hosting through trainings and cryptoparties. He notably is a main developer of eQualit.ie’s self-hosting solution Caisleán. But his real job is cooking Breton galettes for his colleagues. KheOps is based in Nantes, France and works as Dev-Ops at eQualit.ie
Language English (or French)
Topics

Session Comments

Slides

Since uploads are disabled on this wiki, I reproduce quickly the 6 slides here.

Intro: "Avoiding Googledocs for an Internet freedom event's calendar (hosting your services yourself to protect your community)"

PGP key fingerprint:

D1F5 46E3 78CC FAB6 7B21 C79A BA5B 6E9F 53BB 2174

Problems

  • Not all organizations have a sysadmin
  • Sysadmins do not have infinite time and knowledge

Solutions?

Configuration manager based recipes

Other approaches

How to choose what fits best?

  • What criteria?
  • Organizations need to be accompanied?
  • Sysadmins "less" but still needed