Tag: privacy

Use Gmail for just outgoing email and replies

For my own privacy, I avoid using free mail services like Gmail and instead run my own mail server (hosted at Brightbox, a very trustworthy cloud server provider here in the UK ;). I do use one or two other Google services which means I have a Google account which means I do actually have a Gmail address. I also have an Android phone and that has the Gmail app preinstalled… by this point you can surely see that I should give up any pretense of privacy, but I prefer clinging onto it’s remaining delicate threads. It provides an illusion of dignity otherwise missing from the Internet.

Anyway, so I happen to have a pretty convenient email account available to me when I’m mobile whether I want it or not. I don’t want to connect it to my own IMAP server, but I don’t want to start sending mail from a Gmail address as it will end up in people’s address books and they’ll start sending new mail there instead.

So I’ve found a compromise: I’ve configured my Gmail account to let me send email from my personal email address (and set up the associated SPF DNS records too). And I’ve configured by own mail server to forward back any *replies* to my Gmail address. So whilst I’m out and about, I can *send emails using Gmail if I need to and read any replies to that email*. But new email direct to my personal address is never seen by Google.

I use maildrop, so my filtering rules are in the mailfilter language:

if ( ( /^In-Reply-To: .*mail.gmail.com/ || /^References: .*mail.gmail.com/ ) && hasaddr("john@johnleach.co.uk") )
cc "!mygmailaddress+reply@gmail.com"

Any emails that are replies to Gmail emails and are to (or cc) my personal email, get forwarded on to Gmail (to an alias I can use to avoid any forwarding loops).

I could also check the Message-ID header for gmail.com to detect new incoming email that had originated from a Gmail account anyway – the logic there is that Google have already seen it, so my privacy has already been invaded; I may as well get something out of the bargain. Worth noting that replies to my replies to incoming email from Gmail will hit my reply forwarding rule anyway.

£5/month for your digitial civil liberties

The Open Rights Group are a UK based organisation fighting for our civil liberties in the digital age. DRM, e-voting, copyright term extensions, FOI, net neutrality, privacy, RIPA, creative commons etc.etc.etc.etc.etc. They’re like an English EFF.

They have a tiny staff and many other volunteers who are extremely dedicated to the cause and are working very hard for our freedoms.  They are funded entirely by donations which pays for the staff, an office and expenses of running campaigns and pestering politicians.  They’re currently hoping to push their income up so things are more sustainable.

So, please sign up and give them some money every month. Anything from £5 upwards would be super. If you use computers for pretty much anything, it will make your life better – or at least prevent it getting any worse.

Encrypted partitions with Ubuntu/Debian

I figured out how to set up an encrypted partition on Ubuntu the other day. There are a bunch of ways of doing it but I found this to be the simplest. It should work on Debian too, since all the relevant packages are Debian ones anyway. In my example I’m encrypting an LVM partition (logical volume), but it should work with any device, including removable USB keys (see end notes). UPDATE: This is broken in Edgy but I figured out a simple fix, see below.


Opt-out of centralised NHS records

The government are centralising our medical information onto something called the “NHS Spine”. So our entire NHS medical histories will be moved to this system opening it up to general access for millions more employees of:

  • various government agencies including the police and social workers
  • private investigators, media organisations and other commercial entities.

Well, you apparently have the legal right to opt out of this “data rape”:

In June 2005, FIPR developed an opt-out letter to send to the Secretary of State. People who sent this off have been fobbed off. We now recommend that you opt out via your GP. Ask your GP to enter into your record the code 93C3 (“refused consent for upload to national shared electronic record”). You can also ask for your address and phone number to be kept off the NHS internal directory, and for your hospital records also to not be uploaded to central systems: see here for details. We encourage you to opt out even if you have nothing to hide; if only people who do have something embarrassing in their records opt out, then doing so will carry a stigma.

Referrer Securer

Did you know that Firefox (and Epiphany) don’t send referrers when following a link from an SSL encrypted site? The target site cannot tell whether you clicked a link or typed the url in directly.

I don’t know about other browsers, but this seems like a sane behaviour.

ID cards to become law

Just a reminder that the UK National ID card threat has not gone away. The government is still planning to get this piece of police state legislation implemented. The whole scheme is going to cost an estimated £19 billion. That’s over £300 per card. And it won’t make us more secure. It won’t prevent the majority benefit fraud. The technology doesn’t even work. It seems to achieve nothing but invade our privacy and provide fat contracts to private technology firms.

The world is not a different place since 9/11. The “rules of the game” have not changed. Reject the ID card.

Read more at “Our World Our Say” and No2Id.

Please donate something to the “Our World Our Say” campaign against ID cards. They have various projects to raise awareness and are currently raising money for an advertising campaign.