Selfhosted

56957 readers

419 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Typing into the abyss - need a service (lemmy.world)

submitted 1 day ago* (last edited 1 day ago) by ehguyitsmebuddy@lemmy.world to c/selfhosted@lemmy.world

20 comments fedilink hide all child comments

Does it exist, some sort of encrypted journal-like app where I can type things which will be forever locked away? In my mind and in a place I can feel confident about, without a doubt.

Pen and paper requires burning afterwards, I don’t think I want to do this.

I know no opsec solution is perfect. I need some sort of outlet. I need some sort of solution.

I was thinking. Maybe, at least, some solution where even though access is non-negotiable, if somebody does get in, I can accept that the entity was already determined enough to end things.

Thanks.

Edit: I should I guess mention the obvious such as encryption and possibly authentication with a hardware security key. Any other features that might be out there I am hoping to hear about.

you are viewing a single comment's thread
view the rest of the comments

[–] ehguyitsmebuddy@lemmy.world 4 points 1 day ago (1 children)

Thank you. This is really insightful and something that I think might be a robust solution for me. I’ll research GPG more, I clearly need to.

[–] observantTrapezium@lemmy.ca 1 points 17 hours ago

The fundamental difference between GPG encryption and encrypted partition is that of asymmetric vs. symmetric encryption. Whether you mount encrypted storage or decrypt a file with GPG, there's some "effort" in putting in the passphrase and in both cases the system's keyring is briefly aware of it and the plaintext is saved to memory (volatile, unless you have encrypted swap or other edge cases).

Asymmetric encryption is not normally used for personal stuff but mostly to exchange material with one party holding the private key, and other having access to the public key (which is public). Of course you can act as both parties if you like. If you do, keep in mind:

Asymmetric encryption algorithms may be vulnerable to quantum computing attacks in the coming years. There are quantum-resistant algorithms, but to my understanding they are not necessarily quantum-proof and could potentially be broken in the more distant future.
If you do choose to use GPG, make sure that the plaintext never touches the disk, for example save it to /dev/shm before encryption.
You can also protect your private key with a passphrase.

Personally I use Joplin. On the clients it's secure because the database is saved on encrypted storage secured by my login phrase. On the server it's secure by Joplin encrypting the files saved to WebDAV storage. Is it 100% safe? Probably not, but probably good enough to stop all but a nation-state level actor.