Every damn day I get emails

published: 2023-08-10


Lethe plans, Jett laughs.

I made a New Year's resolution this year that I was going to only publish one blog post a month this year at the top of the month. That way, no matter what grief men inflicted on me, I wouldn't feel the urge to write reactively and potentially make an ass of myself in the process. And then I finally moved into my own apartment, and I found, even though I have all the time in the world to do whatever I want whenever I want (instead of waiting for my parents to look the other way so I can slip out without an interrogation beforehand) I simply don't have the energy or the fucks necessary to write anything blog-wise. Plenty of poetry, though! Employee Recognizes that the Information is Unique and of Peculiar Value is coming along well. I still haven't decided if I'm publishing The Eschaton Eminence in five days or on November 14. And who knows when Ultrawhite will come out after that.

I got an email a few days ago asking me a long series of questions. I get the vibe that it was a copy-paste job sent out to lots of other tech bloggers, since some of the questions could have easily been answered by reading my damn blog first, but I answered it anyway. Hopefully republishing the interview here cuts down on the amount of emails I get in the future. I've left the typos and weird grammar of the original questions intact, so feel free to mentally insert [sic] wherever you feel necessary. The original GPG-signed response can be found here.


VeeChit,

Normally I don't respond to emails that sound like requests for interviews because they're invariably either an attempt to get me to dox myself or the person asking the questions doesn't like how blunt and direct I am with my responses and just calls me a bitch and tells me to kill myself. But today I'm feeling reckless, so fuck it, I'll take the bait just this once.

  1. What is the reason for your importance to security and privacy? Is it a personal interest or a need that must be paid attention to?

I assume by "your importance to security and privacy" you mean to ask why they are important to me, not how I am important to them. The answer is straightforward: growing up in a repressive household where writing innocuous poems online about being gay is worthy of being grounded and socially isolated from one's support networks and friends for several weeks at a time will turn a relatively outgoing woman into a paranoid and bitter one. The trauma of not knowing whether or not sharing my opinions and viewpoints on things will be met with violence at any given moment is a burden I have carried with me since adolescence and will likely carry for the rest of my life.

Even though I now live on my own and have far more control over my life than I did even a year ago, I still have a deep-seated psychological need to protect myself technologically against random device searches, spyware, and attempts at stalking through the Internet. I physically cannot bring myself to use any operating system that doesn't have full-disk encryption either baked into the operating system (any mainstream Linux distro) or can't be jimmy-rigged to have FDE (Windows via VeraCrypt), so even though Haiku fascinates me, I can't use it as anything other than a toy, a curiosity. All of my external USB drives are encrypted. I store my files in plaintext or free-as-in-freedom file formats whenever possible to ease the pain of potentially having to jump ship to a different operating system at a moment's notice. (Since, you know, I might have to use a different software suite there.) I use terminal programs whenever possible so I can replicate my Debian setup on every computer I own regardless of processing power, from my beefy gaming desktop to the ancient 32-bit tower I inherited from my great-grandmother. If I lose access to one device for some reason, whether a deliberate confiscation by a "well-meaning" family member or theft or simply the device dies and doesn't work anymore, I can be up and running on any other one I own within a few hours.

I am also increasingly paranoid of a potential shutdown or interruption of the Internet. Living for years in a house with a piss-poor connection that constantly drops out does that to you, I guess. I keep burned DVDs of the Debian installer in my personal archives because one DVD will let you set up a full Debian system with a pretty decent collection of software available for further installation without needing any Internet at all. As Debian is my Linux distro of choice, knowing I can bootstrap a new system (or a salvaged one) without an Internet connection brings me great peace of mind. I also only use software that can operate entirely without an Internet connection, such as Hydrus. I felt very smug that week in July when Twitter wouldn't let you see anything without logging in and the whole Internet was complaining about all the content on the birdsite they couldn't look at anymore and yet my local collection of funny images was completely unaffected.

  1. Considering the number of users of social networks and messengers such as WhatsApp - Telegram, does it matter if I use Signal or Matrix or PGP email?

WhatsApp isn't used at all where I live. Telegram is only used by nutty conspiracy theorists. Everyone I know just uses plain SMS. I have more to say, but I hate repeating myself, so I'll just elaborate more in the next answer.

  1. Why do people give the least importance to security and privacy? Is it because of lack of information or not caring about this issue? For example, most people do not use ad blockers, VPNs, open source software! Or they install any program on their phones and PCs

You have to understand that most people have more pressing and immediate issues in their life than the vague-to-them threat of corporate surveillance or vendor lock-in. If you ask some random person off the street what their top five concerns are right now, "privacy on the Internet" almost certainly isn't going to make the list. They're going to say things like "making rent" and "the rising cost of living" and "going bankrupt from a single medical bill". If they're the type to glance at the news every so often, they might also say "climate change" or "nuclear war".

In the disabled community, we have a concept called "spoons". Spoons are like a measure of mental energy. Usually one gets a limited number of spoons each day to spend on daily activities like doing one's laundry or feeding oneself or tidying up the house... You get the point. (Hopefully.) The average person is using all their spoons on staying alive. If they come home from work exhausted and only have three spoons, they are going to spend those on making dinner and showering and maybe some mindless Netflix consumption before collapsing into bed. They're not going to be learning how to be a sysadmin and setting up a VPS to self-host things. To them, that is like a second unpaid job with little to no personal benefit. Maybe it would pad their resume out, but if they're not looking for a tech job, what's the point to them?

Think about the misogynistic stereotype of the "wine mom" who likes to scroll through Facebook and comment on cringy Minions memes and post unflattering group photos of her family members taken during holidays. To you and me, she might be hopelessly caught in the spiderweb of corporate algorithms sucking her dry for data to feed to advertisers. But to her, she is just socializing with the people in her life she loves. (Well, whichever ones are on Facebook, anyway.) In her eyes, she is doing nothing wrong, and people like you and me are trying to destroy her method of keeping in contact with far-flung family members and trying to force her to absorb the equivalent of a computer science degree in order to use a "fedi-what?" whose interfaces aren't nearly as flashy and whose denizens are nasty and brutish and not as easily shut out as exclusion from one's Facebook friend list would be.

"Normal" people don't care about privacy and security. They don't care if their tools are proprietary or spying on them or could go away at a moment's notice if the company behind them shuts down. They want to play games with their friends (Windows) and socialize (Discord and every mainstream social media site) and get help with their homework (Google search). "Normal" people are not swayed by appeals to ethics or morals when it comes to their technology. The most that letting them know their iPhone was made with Chinese slave labor will do is momentarily make them feel bad; they will not stop buying iPhones. If the privacy community wants to get "normal" people on board, they have to figure out how to overcome the apathy and make their alternatives more convenient and less expensive than what the "normal" people are already using.

I wrote a blog post a while back discussing many of these same ideas, if you're interested.

  1. Do you think having a site and YouTube channel and teaching people can be useful? Or do people not care?

One of the questions further down in your email implies you want to start a site (and you haven't already) and you're going around asking people for advice on how to do that. Listen: you have to move beyond caring what other people think. Trends on the Internet these days are frequently outlived by the common housefly. If you base your entire online existence on being "useful" to others, you're going to spend the rest of your life pursuing ghosts with little to no reward. Chasing the dopamine of online validation is how we ended up with platforms like TikTok and the lunacy that goes on there. If you're going to put in the work to make a website, it has to be about something that interests you. The motivation has to come from inside, not outside. You don't know who's going to look at your site in the future, so you might as well have it cater to the only guaranteed audience: yourself.

When I'm looking for a tutorial for something online, I always skip the YouTube section at the top of the search engine results page or just put "-youtube" in the query. Videos are clunky, bandwidth-intensive, hard to search, and not easily updated. Don't bother making videos for YouTube unless you're mirroring them elsewhere, like on a personal PeerTube instance.

  1. Has the content of your site ever helped someone who thanked you or even donated?

Literature? Sure, I get plenty of people emailing me out of the blue to praise my poetry.

Writing about tech? Usually it's people trying to get me to play unpaid tech support with unparseable grammar or the Lokinet devs harassing me once again because I said their software sucks. Or it's an email full of misogynistic slurs for the crime of being a woman on the Internet.

Nobody donates because I have no ways of donating listed on my site. Keeping everything non-commercial gives me a legal advantage because, if someone tries to argue copyright infringement or that I've done them some other damage, they have no evidence that I've seen any monetary profit from the activities in question. Plus then I don't have to deal with figuring out how to keep myself pseudonymous from donors while still being able to convert the pretend Internet money into something I can buy groceries with.

  1. Why are you not a member of any social media such as Twitter - Instagram - Mastodon?

Because they all invariably hate women. Every single damn social media site has a culture where women and their opinions are only welcome if they're peddling pornography or parroting the party line of the patriarchy. No dissent is allowed. Even just the simple statement of "I'm a woman" is enough to get waves of harassment, sexual or otherwise, sent one's way, and the platforms rarely do anything about it because of the sheer volume of the abuse and "muh freeze peach". (Have you ever read the book Haters by Bailey Poland? You really should.) Even on a supposedly pro-woman platform like Ovarit, the misogyny hounds me: I mainly stayed in the circles about technology, and people frequently accused me of secretly being biologically male because I... knew more about tech than the average poster. VeeChit, does that sentiment make any sense to you? "Women are naturally incompetent at technology, so anyone who's a woman and likes computers is secretly a man"? Because it doesn't make a single damn shred of sense to me. Especially when coming from a group of self-proclaimed feminists.

  1. In your opinion, what is the difference between someone who is not a member of these networks and someone who uses these social networks?

A person who uses social media is just a person. A person who doesn't use social media is still just a person. If you want me to be like those alt-tech sites with Pepe frogs or Lain in the header who write thousands of words about how they're morally superior for not using social media, you're going to leave this email sorely disappointed.

The effect that a social media network has on you heavily depends on the social circles you interact with inside that network. There's a world of difference between the handful of Japanese fan artists that live in my RSS feed reader and your average "RATIOOOOOO" poster who still consumes "offensive" memes better left in 2016 and thinks unsolicited references to porn are the pinnacle of comedy. But both groups are on Twitter. I've had respectful interactions with people on Instagram the brief period I was on there, and I've had hate campaigns against me on the fediverse. Sure, Twitter has an algorithm that optimizes for making its users spend as much time as possible in the app, and most fediverse servers don't. But clowns will be clowns no matter what circus they're in.

In the same vein, I've met antisocial creeps who don't use social media but will still probably end up in a jail cell for hate crimes one day, and I've met perfectly well-adjusted individuals who like to scroll through their Facebook feed during their lunch break at work. Holding the reductive opinion of "social media users bad, non-users good" is unproductive and will just serve to make you feel isolated and resentful.

  1. What is the main advantage of being anonymous on the Internet?

People can't hate-crime you if they don't know what slurs to use. Then again, if you never see any visible minorities on the Internet, if you never see any opinions that go outside the zeitgeist of the average "straight white middle-class American male"... it starts to feel like, if you don't fit the profile of that aforementioned average Internet user, there's no real place for you on the Internet. Either you have to pretend to be a member of a demographic who hates your guts - a sheep wearing wolf's skin to avoid being eaten - or you forgo your anonymity and risk being sexually harassed or having deepfakes made of you in pornographic situations or doxxed and having violence inflicted on you in real life.

But you specifically mentioned advantage, not harm. Assuming you're actually anonymous and not the kiddie's idea of anonymity - "I opened an incognito window so my daddy can't see my browsing history" - companies can't advertise to you as easily because their data's all muddled up. If you have a shared Whoogle (Google frontend) instance accessible over Tor and one person's searching for programming tips and one's looking up video game walkthroughs and one's doing price comparison on beauty products and one's doing research on an ancient historical event, what pre-defined slot, what archetype, is Google supposed to file any of them under? To Google, it looks like one singular discombobulated person. I might be in the United States, but the Whoogle instance might be in Brazil or some obscure European country. Have you ever tried to turn on a VPN and then rawdog a YouTube video? I get weird ads for products in Japan. I can't understand a single word of what's going on. The advertising fails.

  1. According to your experience, what is the best and most secure VPN available that you recommend?

All VPNs are scams. Use Tor for the actually sensitive shit. There's nothing worth watching on streaming platforms, but if you disagree, I leech off of Riseup VPN for torrenting and I've yet to find a site that blocks me.

  1. I am planning to start a site with Hugo, but I have no experience on the server side to set up the web server and security matters... Can you help or introduce a reference that you approve?

All CMSes are bloat. If you're running a hobbyist site and you feel like you need seventeen build pipelines just to output some static HTML and CSS, you seriously need to rethink the structure of your site. I've handwritten every single page of my site since I switched off of WordPress, and I've never had a problem.

  1. What web server do you recommend for clearnet and onion?

There is only one good web server in existence, and it's Caddy. Forget about copy-pasting incomprehensible configuration files to make nginx happy. Here's a perfectly functional Caddy site in only 5 lines of config:

mayvaneday.org {
	root * /var/www/mayvaneday/
	file_server
	encode gzip
}
				

With that, I get automatic TLS renewal, file compression, and HTTP-to-HTTPS redirection. No weird redirect blocks like with nginx.

Tor sites work the same. You just have to put http:// in front of the hostname so Caddy doesn't try to get a TLS certificate.

http://myonionhere.onion {
	root * /var/www/mysite/
	file_server
	encode gzip
}
				
  1. From which site should I buy a VPS - Domain, is it safe and accepts Crypto?

The only way you're going to be "safe" when publishing is if you use Hyphanet (formerly Freenet) for the whole thing. Otherwise you run the risk of at least one component of your setup failing: your VPS provider kicks you off on a whim, your domain provider revokes your domain, you self-host at home and the power or Internet goes out, you mess up your DNS records and your domain points to the wrong server...

If you stil insist on setting up a clearnet site, and your site is static HTML and CSS, you're better off using something like Codeberg Pages and then pointing a domain to it. My current domain registrar is Namesilo. I think they accept crypto, but I don't know for sure, and I don't really give a shit either way since I think all crypto is a scam.

  1. What do you think is the main advantage of using Ublock origin, Linux and free software?

It throws a wrench in the corporate advertising machine. I believe advertising is cognitive terrorism: companies are trying every trick in the book to force you to spend time and energy thinking about them and their products. Even if your sentiment on a product or the ad promoting it is bad, it's still worming its way somewhere into your brain. I can remember advertising jingles and theme songs from almost twenty years ago when I was still a toddler, long after the original marketing dollars were spent. Corporations want to live in your head rent-free. Why else would they make such annoying commercials on TV and streaming services? Why else would over two hundred billion dollars be spent every year (just counting the USA!) to compete for your finite time, attention, and neuron space? I'm at the point where I'm going to start committing acts of property damage. Have you ever seen those photos of European countries where billboards are banned along the highways? The gigantic swaths of pristine land unmarred by corporate signage? It feels like I'm on an alien planet.

This is another benefit of having an offline-first setup. Advertisers can't track me if my data's not going anywhere. They can't burrow their way into my system like the ads in Windows 10's start menu if my system has no way into it.

  1. In your opinion, which operating system do you recommend for security work? Whonix - Tails - Qubes OS

"Security", or "secure"? If I was going to test the security of something, I'd use Kali instead. Qubes is for when you don't trust your software. Tails is for when you don't trust your network. Whonix is for when you don't trust your ability to set up a secure environment and you just need a "good enough" solution.


Do you think the me from a year ago would laugh or cry if I told her that I have more fun vacuuming my living room floor than writing posts for this website? Maybe it's because a floor going from clean to dirty has more of a tangible improvement on my life. Maybe it's because the latter doesn't involve jumping all around the room with a weird noisy little contraption in hand. Maybe I'm just going insane from the sudden burst of independence. Who knows? I sure as hell don't.


CC BY-NC-SA 4.0 © Vane Vander