diff --git a/content/about.md b/content/about.md index 167a655..ac5612f 100644 --- a/content/about.md +++ b/content/about.md @@ -4,19 +4,17 @@ title: About Me ## Overview -My name is Sam Al-Sapti. I'm a 6th semester Software Development B.Sc. -student at the IT-University of Copenhagen. My main interests are -backend development, DevOps, DevSecOps, IT security, open-source and -Linux. +My name is Sam Al-Sapti. I'm a 6th semester Software Development B.Sc. student +at the IT-University of Copenhagen. My main interests are backend development, +DevOps, DevSecOps, IT security, open-source and Linux. -Furthermore, I'm an advocate for online privacy, I'm against attention -economy and surveillance capitalism, I'm a big supporter of the Free -Software movement, I'm a digital minimalist, and I'm a member of -[data.coop](https://data.coop) (I'm also one of the system -administrators). Also, you won't find me on -[Facebook](https://fsf.org/fb) or any other social media platform -(except for [LinkedIn](https://www.linkedin.com/in/sam-a-dev/), but -that's not really a social media platform). +Furthermore, I'm an advocate for online privacy, I'm against attention economy +and surveillance capitalism, I'm a big supporter of the Free Software movement, +I'm a digital minimalist, and I'm a member of [data.coop](https://data.coop) +(I'm also one of the system administrators). Also, you won't find me on +[Facebook](https://fsf.org/fb) or any other social media platform (except for +[LinkedIn](https://www.linkedin.com/in/sam-a-dev/), but that's not really a +social media platform). ## My skills @@ -41,17 +39,16 @@ Some technologies and tech concepts I'm familiar with are: I host some online services that you're welcome to use free of charge. -* [Lingva](https://translate.sapti.me) +- [Lingva](https://translate.sapti.me) ([onion service](http://22qfd63ax4zt5arctpfh62kvjekap7yrdfzwq5kv5jvhew5hcpq6vgyd.onion)) - - An alternative way of accessing Google Translate without being - tracked. -* [SearXNG](https://search.sapti.me) + An alternative way of accessing Google Translate without being tracked. +- [SearXNG](https://search.sapti.me) ([onion service](http://gbat2pbpg7ys3fi3pbp64667tt5x66mg45xok35bxdw7v55brm7a27yd.onion)) - - A metasearch engine that gets its results from other search engines - while protecting your privacy. -* [An SMP server](smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion) - - A server used by [SimpleX Chat](https://simplex.chat) - to relay messages between users. Server address: + A metasearch engine that gets its results from other search engines while + protecting your privacy. +- [An SMP server](smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion) - + A server used by [SimpleX Chat](https://simplex.chat) to relay messages + between users. Server address: ```txt smp://PUDVvQiNbsYG6gXYC2-GYUIQnNICi3BoxKGDKWX55uM=@smp01.simplex.sapti.me,pcexmrs4eod35vdvidq47jce7mnsfm26j27anttoy4zprc25pulkcfyd.onion ``` @@ -59,8 +56,8 @@ I host some online services that you're welcome to use free of charge. ## Want to know more? Feel free to contact me if you want to know more about me. As I'll be -completing my bachelor's degree this summer, I'm currently on the -lookout for a full-time job. As such, if you're a recruiter, you're more -than welcome to contact me as well. +completing my bachelor's degree this summer, I'm currently on the lookout for a +full-time job. As such, if you're a recruiter, you're more than welcome to +contact me as well. Find my contact information [here]({{< relref "contact.md" >}}). diff --git a/content/contact.md b/content/contact.md index 759a357..b25326a 100644 --- a/content/contact.md +++ b/content/contact.md @@ -40,7 +40,7 @@ matrix_sessions: ## Signal I use Signal for messaging as well. If you have my number, feel free to message -me there. If not, you can get it by contacting me via one of the above contact +me there. If not, you can get it by contacting me via one of the other contact methods. ## SimpleX Chat diff --git a/content/keys.md b/content/keys.md index 37c2696..c3b75ef 100644 --- a/content/keys.md +++ b/content/keys.md @@ -20,8 +20,7 @@ sub ed25519/0x899C7CF4B526656F 2022-05-28 [A] [expires: 2023-05-18] Key fingerprint = FA9B 317E D1D3 4906 46CC D154 899C 7CF4 B526 656F ``` -You can download it [here](/pgp.asc), via WKD or from your preferred -keyserver. +You can download it [here](/pgp.asc), via WKD or from your preferred keyserver.
@@ -37,30 +36,29 @@ keyserver. - Change expiry for subkeys or the master key itself - Sign other keys - My private master key is only ever accessed on an airgapped machine, - with no internet or wireless communication capabilities (all wireless - components physically removed), no camera or microphone and no - persistent storage. This airgapped machine is booted with the latest - version of [Tails OS](https://tails.boum.org). The master key is - protected by a long and secure passphrase and stored on an encrypted - storage medium, which itself is stored in a safe place. + My private master key is only ever accessed on an airgapped machine, with no + internet or wireless communication capabilities (all wireless components + physically removed), no camera or microphone and no persistent storage. This + airgapped machine is booted with the latest version of [Tails + OS](https://tails.boum.org). The master key is protected by a long and secure + passphrase and stored on an encrypted storage medium, which itself is stored + in a safe place. ### Subkeys - My subkeys are stored on an OpenPGP smartcard for daily use. The - smartcard makes sure that the local machine never has direct access to - the keys. It is protected by a pin-code and requires a physical touch - on every cryptographic operation. + My subkeys are stored on an OpenPGP smartcard for daily use. The smartcard + makes sure that the local machine never has direct access to the keys. It is + protected by a pin-code and requires a physical touch on every cryptographic + operation. ### Revocation and expiry - I usually set my master key to be valid for 2 years at a time. I will - always extend it at least 1 week prior to the expiry date. The same - goes for my subkeys, which are set to be valid for 6 months at a time. + I usually set my master key to be valid for 2 years at a time. I will always + extend it before the expiry date. The same goes for my subkeys, which are set + to be valid for 6 months at a time. - If my keys are ever compromised, I have a revocation certificate, - stored in a safe place, that I will publish to this website and - various keyservers. + If my keys are ever compromised, I have a revocation certificate, stored in a + safe place, that I will publish to this website and various keyservers.
@@ -76,58 +74,54 @@ keyserver. #### Level 0: Generic verification (`sig`/`0x10`) - This certification level is used if I have somehow verified that you - are in control of the email address(es) of the UID(s) to be signed. - No assertions are made about your identity. + This certification level is used if I have somehow verified that you are in + control of the email address(es) of the UID(s) to be signed. No assertions + are made about your identity. #### Level 1: No verification (`sig1`/`0x11`) - This certification level is used when I have not safely verified you - as the keyholder, but I merely _believe_ that you own the key in - question. + This certification level is used when I have not safely verified you as the + keyholder, but I merely *believe* that you own the key in question. #### Level 2: Casual verification (`sig2`/`0x12`) - This certification level is used when I have verified your identity - with at least one form of photo ID (government-issued or equally - secure), that your identity matches that of the UID(s) to be signed, - and that you are in control of the email address(es) of the UID(s) to - be signed. + This certification level is used when I have verified your identity with at + least one form of photo ID (government-issued or equally secure), that your + identity matches that of the UID(s) to be signed, and that you are in control + of the email address(es) of the UID(s) to be signed. #### Level 3: Extensive verification (`sig3`/`0x13`) - This certification level is used when I am _absolutely sure_ that you - are in fact the keyholder. This means that either you are someone I - know personally and trust, or that someone I ultimately trust have - notified me that you want a signature and have given me your key - fingerprint in a secure manner. + This certification level is used when I am *absolutely sure* that you are in + fact the keyholder. This means that either you are someone I know personally + and trust, or that someone I ultimately trust have notified me that you want + a signature and have given me your key fingerprint in a secure manner. ### Signing process The signing process consists of 2 steps: - 1) Verification will take place either in person or over video call. - If we meet in person, you will give me a physical copy of your key - fingerprint. If verification takes place over video call, you will - give me your key fingerprint verbally. - 2) You will have to send me your public key from the email address - associated with one of the UIDs to be signed. The email has to be - signed. I will then sign the key and send it back to the same - email address in encrypted form. + 1) Verification will take place either in person or over video call. If we + meet in person, you will give me a physical copy of your key fingerprint. If + verification takes place over video call, you will give me your key + fingerprint verbally. + 2) You will have to send me your public key from the email address associated + with one of the UIDs to be signed. The email has to be signed. I will then + sign the key and send it back to the same email address in encrypted form. ## SSH key -If you need to give me shell access to your server or similar, please -use the following public SSH key: +If you need to give me shell access to your server or similar, please use the +following public SSH key: ```txt sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti ``` -If your SSH server does not support FIDO2-protected SSH keys, use this -fallback key instead: +If your SSH server does not support FIDO2-protected SSH keys, use this fallback +key instead: ```txt ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332 diff --git a/content/posts/why-i-switched-from-proton-mail.md b/content/posts/why-i-switched-from-proton-mail.md index b30742e..a57aa2b 100644 --- a/content/posts/why-i-switched-from-proton-mail.md +++ b/content/posts/why-i-switched-from-proton-mail.md @@ -13,95 +13,90 @@ tags: series: [] --- -I wanted to write this blog post (and by the way, this is my first) to -shed some light on my recent choice of email provider. You see, Proton -Mail is a great email service, and I've used them for years, but it just -doesn't fit my needs anymore. This is due to a number of reasons, but -it's primarily due to some issues with external PGP handling (I'll talk -more about this later on) and their recent change of direction. +I wanted to write this blog post (and by the way, this is my first) to shed +some light on my recent choice of email provider. You see, Proton Mail is a +great email service, and I've used them for years, but it just doesn't fit my +needs anymore. This is due to a number of reasons, but it's primarily due to +some issues with external PGP handling (I'll talk more about this later on) and +their recent change of direction. ## Centralization and Proton's new direction -One of the main reasons I chose to switch, is the new direction Proton -is going in. Recently, they've revamped all of their products and their -website, to make it more clear that both Proton Mail, Proton VPN, Proton -Calendar and Proton Drive is under the same family/suite (notice how -there's a space now in their product names, that's one of the changes). -All of this is great for many reasons, now it actually feels like an -alternative all-in-one solution to something like Google's, and I'm sure -this will benefit them in the long run and appeal to more people. A lot -of people like these kinds of ecosystems, because it usually increases -ease of use and convenience. In fact, this change now allows Proton to -better integrate their products together. For example, you can now -easily send large attachments via email, by letting Proton Mail -automatically upload the file to Proton Drive and send a share link in -the email, instead of attaching it in the email itself. All of the -changes are outlined in -[this article](https://proton.me/news/updated-proton) by Proton's CEO, -Andy Yen. +One of the main reasons I chose to switch, is the new direction Proton is going +in. Recently, they've revamped all of their products and their website, to make +it more clear that both Proton Mail, Proton VPN, Proton Calendar and Proton +Drive is under the same family/suite (notice how there's a space now in their +product names, that's one of the changes). All of this is great for many +reasons, now it actually feels like an alternative all-in-one solution to +something like Google's, and I'm sure this will benefit them in the long run +and appeal to more people. A lot of people like these kinds of ecosystems, +because it usually increases ease of use and convenience. In fact, this change +now allows Proton to better integrate their products together. For example, you +can now easily send large attachments via email, by letting Proton Mail +automatically upload the file to Proton Drive and send a share link in the +email, instead of attaching it in the email itself. All of the changes are +outlined in [this article](https://proton.me/news/updated-proton) by Proton's +CEO, Andy Yen. -Personally though, this does not appeal to me. I'm not a fan of -ecosystems and having all my eggs in one basket, and I'm a huge fan of -self-hosting. You see, I'm a big proponent of decentralization. One -aspect of decentralization is to not have everything in one place, when -you don't control that place. For example, I wouldn't have both my -email, calendar, contacts and cloud storage with Google, and neither -would I with Proton. Instead, I self-host my cloud storage, calendar, -contacts, to-do lists, and notes with the help of -[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way, -even though it's all in one place, I'm the one in control of the server -hosting it and what happens with it. +Personally though, this does not appeal to me. I'm not a fan of ecosystems and +having all my eggs in one basket, and I'm a huge fan of self-hosting. You see, +I'm a big proponent of decentralization. One aspect of decentralization is to +not have everything in one place, when you don't control that place. For +example, I wouldn't have both my email, calendar, contacts and cloud storage +with Google, and neither would I with Proton. Instead, I self-host my cloud +storage, calendar, contacts, to-do lists, and notes with the help of +[Nextcloud](https://nextcloud.com) at home on a Raspberry Pi. This way, even +though it's all in one place, I'm the one in control of the server hosting it +and what happens with it. -I can definitely see why Proton chose to go in this direction, and I -fully support them. But they should also expect, and I'm sure they did, -that some of their customers wouldn't want this change of direction. I -have nothing against Proton as a company, but having my digital life -centralized with one company is just not my cup of tea. +I can definitely see why Proton chose to go in this direction, and I fully +support them. But they should also expect, and I'm sure they did, that some of +their customers wouldn't want this change of direction. I have nothing against +Proton as a company, but having my digital life centralized with one company is +just not my cup of tea. ## The way Proton Mail handles PGP -Proton Mail offers zero-access encryption of your inbox, meaning all of -your emails are encrypted, and only you have access to read them after -unlocking them with your password. Behind the scenes, this works by each -customer having a PGP key pair stored on their servers, with the private -key being encrypted by the customer's password. This means that not even -Proton themselves can read your emails, and this is great for privacy. +Proton Mail offers zero-access encryption of your inbox, meaning all of your +emails are encrypted, and only you have access to read them after unlocking +them with your password. Behind the scenes, this works by each customer having +a PGP key pair stored on their servers, with the private key being encrypted by +the customer's password. This means that not even Proton themselves can read +your emails, and this is great for privacy. -PGP has been a standard for email encryption for many years, and it's -widely used for sensitive communication via email. Proton has taken PGP -and integrated it into their email service, automatically providing -end-to-end encrypted emails between Proton Mail users (it also works -with other email providers, but it requires some setup by the -communicating parties). The thing is though, that you're not in control -of the private PGP key when using Proton Mail's PGP integration. Even -though it is encrypted on their servers, and only I can decrypt it, I -want to be in control of my private key myself. This also relates to the -centralization problem I described above. By using Proton Mail, I +PGP has been a standard for email encryption for many years, and it's widely +used for sensitive communication via email. Proton has taken PGP and integrated +it into their email service, automatically providing end-to-end encrypted +emails between Proton Mail users (it also works with other email providers, but +it requires some setup by the communicating parties). The thing is though, that +you're not in control of the private PGP key when using Proton Mail's PGP +integration. Even though it is encrypted on their servers, and only I can +decrypt it, I want to be in control of my private key myself. This also relates +to the centralization problem I described above. By using Proton Mail, I entrust my email security with a central entity. -This one is more on the technical side of things. I've had some not so -great experiences when trying to use my own PGP key on top of Proton -Mail's encryption. For example, my signatures wouldn't be recognized by -the recipient's email client, due to the second layer of encryption that -is Proton Mail's PGP integration. Because I want to use my own PGP key, -that I'm in control of myself, this doesn't work for me. +This one is more on the technical side of things. I've had some not so great +experiences when trying to use my own PGP key on top of Proton Mail's +encryption. For example, my signatures wouldn't be recognized by the +recipient's email client, due to the second layer of encryption that is Proton +Mail's PGP integration. Because I want to use my own PGP key, that I'm in +control of myself, this doesn't work for me. ## Conclusion -With all that said, I want to end this blog post by saying this: Don't -go ahead and delete your Proton account solely based on what I'm saying. -This is my own personal opinion. If you're someone who's not very -technical and/or are satisfied with what Proton is offering, then stay. -I'm not here to trash talk Proton and tell everyone to abandon them. I -think Proton offers some great privacy preserving services and their -line of products is perfectly suitable for a lot of people, and their -work is important in the privacy world. I'm just someone who's a bit -more technical than the average person, and because of that, Proton Mail -is just not a fit for me personally. For the average person, Proton is -fantastic, and I can only recommend them if you're wondering which +With all that said, I want to end this blog post by saying this: Don't go ahead +and delete your Proton account solely based on what I'm saying. This is my own +personal opinion. If you're someone who's not very technical and/or are +satisfied with what Proton is offering, then stay. I'm not here to trash talk +Proton and tell everyone to abandon them. I think Proton offers some great +privacy preserving services and their line of products is perfectly suitable +for a lot of people, and their work is important in the privacy world. I'm just +someone who's a bit more technical than the average person, and because of +that, Proton Mail is just not a fit for me personally. For the average person, +Proton is fantastic, and I can only recommend them if you're wondering which email, VPN, calendar or cloud storage provider to use. -You might be asking, what am I using now then? I'm now a happy customer -over at [mailbox.org](https://mailbox.org), and if you're like me, you -should totally check them out. If not, go ahead and keep your Proton -account (you have one, right?). +You might be asking, what am I using now then? I'm now a happy customer over at +[mailbox.org](https://mailbox.org), and if you're like me, you should totally +check them out. If not, go ahead and keep your Proton account (you have one, +right?). diff --git a/content/privacy.md b/content/privacy.md index 78b15af..d3d031a 100644 --- a/content/privacy.md +++ b/content/privacy.md @@ -13,36 +13,34 @@ This website and the free services are owned and hosted by Sam Al-Sapti. ## What data is collected -No data is collected about the site's visitors. The webserver's access -logs are discarded immediately, so the server doesn't persist any IP -addresses or other personally identifiable information. Moreover, if -you access this site over a VPN or Tor connection (`.onion` link -available at the bottom of the page), the site won't even be able to -learn your IP address in case of a compromise. +No data is collected about the site's visitors. The webserver's access logs are +discarded immediately, so the server doesn't persist any IP addresses or other +personally identifiable information. Moreover, if you access this site over a +VPN or Tor connection (`.onion` link available at the bottom of the page), the +site won't even be able to learn your IP address in case of a compromise. -Furthermore, the hosting provider of this site is -[Hetzner Online GmbH](https://www.hetzner.com/). According to their -privacy policy, they do not store any log data either. Please refer to -their privacy policy for further information. +Furthermore, the hosting provider of this site is [Hetzner Online +GmbH](https://www.hetzner.com/). According to their privacy policy, they do not +store any log data either. Please refer to their privacy policy for further +information. If you use my SearXNG instance however, the built-in limiter plugin will -collect your IP address in hashed form. Hashing is a one-way encryption -method that allows data to be encrypted, but not decrypted. This means -that the server does not learn your real IP address, but only a one-way -encrypted version of it so that it can detect IP addresses that behave -maliciously and rate limit connections from those. Furthermore, this -database of hashed IP addresses is stored in memory only, and is not -used for any other purpose than rate limiting. A single hashed IP -address is stored for a maximum of 10 minutes after the last request -from it. +collect your IP address in hashed form. Hashing is a one-way encryption method +that allows data to be encrypted, but not decrypted. This means that the server +does not learn your real IP address, but only a one-way encrypted version of it +so that it can detect IP addresses that behave maliciously and rate limit +connections from those. Furthermore, this database of hashed IP addresses is +stored in memory only, and is not used for any other purpose than rate +limiting. A single hashed IP address is stored for a maximum of 10 minutes +after the last request from it. ## Cookies -No cookies are used on this website. However, your browser's local -storage is used to save your color scheme preference if you ever change -it manually. SearXNG can optionally use cookies to store settings if you -choose to change them from the default. Your settings can alternatively -be stored in a custom URL instead. +No cookies are used on this website. However, your browser's local storage is +used to save your color scheme preference if you ever change it manually. +SearXNG can optionally use cookies to store settings if you choose to change +them from the default. Your settings can alternatively be stored in a custom +URL instead. ## Embedded third party content @@ -50,13 +48,12 @@ Currently no third party content is embedded on this site. ## Analytics -No analytics are used on this site. SearXNG measures aggregate -statistics on how upstream search engines perform, but this does not -include any user data. +No analytics are used on this site. SearXNG measures aggregate statistics on +how upstream search engines perform, but this does not include any user data. ## Changes to this privacy policy I reserve the right to update this privacy policy from time to time. I -constantly keep it up to date with the latest changes. If this policy -is changed substantially, I will put a clear notice on the front page -for at least 7 days. +constantly keep it up to date with the latest changes. If this policy is +changed substantially, I will put a clear notice on the front page for at least +7 days.