Editing Philosophy
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 6: | Line 6: | ||
We believe that people should keep control over their personal information. That means you have to pay for internet services with money instead of data. It also means you should choose wisely to whom you provide your data. |
We believe that people should keep control over their personal information. That means you have to pay for internet services with money instead of data. It also means you should choose wisely to whom you provide your data. |
||
| − | == Decentralization == |
+ | == Decentralization over centralization == |
| − | We are heading towards a global society in which a few companies manage the personal data of everyone. In such a situation, it is very easy for bad actors to cause damage. Data harvesting has already been use on a large scale to influence elections, for example in the [[Wikipedia:Facebook–Cambridge Analytica data scandal|Facebook–Cambridge Analytica data scandal]]. A lot more damage could be done if malicious hackers gain access to the data stored by these large companies; or if authoritarian governments demand access to it. |
+ | We are heading towards a global society in which a few companies manage the personal data of everyone. In such a situation, it is very easy for bad actors to cause damage. Data harvesting has already been use on a large scale to influence elections, for example in the [[Wikipedia:Facebook–Cambridge Analytica data scandal|Facebook–Cambridge Analytica data scandal]]. A lot more damage could be done if malicious hackers gain access to the data stored by these large companies; or if authoritarian governments start to demand access to it. |
| − | The more scattered data is, the healthier our societies. The best situation is |
+ | The more scattered data is, the healthier our societies. The best situation is where you are the only one with access to your data. However, such a thing is hard to arrange with many internet services like email and synchronization across your devices. Hence, we believe it is best to opt for a second-best situation, in which you share a server with a couple of people. In that case, only the server administrator and yourself have access to your data. Compare this to Google, where other companies and thousands of employees have access to your data. |
| − | |||
| − | == Open source software == |
||
| − | DLNET.ORG Cloud runs entirely on [[Wikipedia:Open-source software|open-source software]] (see also [[List of software]]). That means that everyone can check the source code and verify that there are no security and data leaks. It also means that we benefit from and contribute to the open source community, which develops the software that makes the DLNET.ORG Cloud possible. |
||
== Technical security principles == |
== Technical security principles == |
||
=== Being small === |
=== Being small === |
||
The most efficient way of avoiding hackers is by making the incentives for hackers as small as possible. The benefits, from the hacker's perspective, of hacking a small server are tiny. It is much more lucrative to go after large companies. |
The most efficient way of avoiding hackers is by making the incentives for hackers as small as possible. The benefits, from the hacker's perspective, of hacking a small server are tiny. It is much more lucrative to go after large companies. |
||
| − | |||
| − | (Unless of course, you are a high-profile target. In that case you should take additional measure like encrypting all your data.) |
||
=== Separation of user areas === |
=== Separation of user areas === |
||
| Line 24: | Line 19: | ||
=== Encryption when beneficial === |
=== Encryption when beneficial === |
||
| − | We use |
+ | We use encryption only when it actually provides security benefits. All communication from and to the server is encrypted with SSL. |
| − | There is nothing that beats true [[Wikipedia:End-to-end encryption|end-to-end encryption]]. But that is, in the case of email, impossible to offer as a provider. We encourage users to set up |
+ | There is nothing that beats true [[Wikipedia:End-to-end encryption|end-to-end encryption]]. But that is, in the case of email, impossible to offer as a provider. We encourage users to set up [[Wikipedia:Pretty Good Privacy|PGP]] themselves. We also encourage users to locally encrypt their files before uploading them to the DLNET.ORG Cloud. When open source file sharing software becomes available that offers encryption and decryption in the browser, we will make it available as soon as possible. |
