Saidit.net — July 1, 2019 — Servers will move to Switzerland on July 3 at 2am US Central Time.

submitted by magnora7[A] from self.SaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (6 children)

Cool, thanks for answering, and that makes sense and sounds like a good plan. Having the data server in a not totally cooperative country makes it at least somewhat harder to search it without your consent/knowledge

For comparison here is how I’ve addressed the same problems with notabug.

None of the data in notabug’s database is private. The only private data on my servers is the password for the indexer, and losing that would not allow a breach of privacy, only a compromise of listing integrity from my indexer.

The db being public is necessary for the p2p replication model anyway so it’s a good fit, anything that is to be private will be encrypted. Currently this is only private keys for user accounts but in the future may include messaging and private groups.

I don’t log IPs, and currently run Cloudflare in front (so dont even see real IPs).

[–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (5 children)

Thanks for the comparative analysis with notabug, that's interesting.

We are considering putting our database in a torrent file and updating it monthly, as a cheap way to backup and store things publicly. But all the PMs and private subs are unencrypted, and some users may not like having those made public, so we may try to encrypt those before making the database public with a torrent system.

I don’t log IPs, and currently run Cloudflare in front (so dont even see real IPs).

We also run cloudflare in front. But we figured out a way to gather the original IPs, which are stored in the packet headers. D3rr wrote a little program to track those, so we can actually block specific IPs in cloudflare with their free software.

I like your p2p replication model, it's cool. Hearing the details about notabug is very interesting, as we've been kind of operating in the dark in some aspects, as not many people are building this type of website.

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (4 children)

The more paranoid would mention that using Cloudflare may negate the benefits of Swiss hosting.

They see all the traffic and could presumably store it. The use of Cloudflare is a commonly complaint among my privacy conscious users but the development/ops convenience it provides is hard to pass up.

[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Well if you ever come across an open source CloudFlare implementation, please pass it along. We have also gotten complaints about using it.

Edit: we also found out the hard way that CF does not give you rate limiting for free. So how much DDOS they really prevent is a big question mark for me.

[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Yeah it negates some of the potential benefits, but there are other benefits that will be realized when it comes to avoiding potential legal problems.

We're acting more from a legal protection angle, than a privacy angle, per se.

I agree cloudflare is just too dang convenient and good for what it is. We looked in to alternatives, and it's just not worth it as far as I could tell.

[–]burtzev 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Cloudflare is protecting the site from DDOSes, honestly it's suspect as hell that you'd try to talk mag out of using it... I'm sure you've noticed saidit has completely trounced nab in the Alexa ratings.

[–]go1dfish 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Not trying to talk anyone out of using anything. As I said, I still use it myself; just pointing out the ups and downs of different approaches.

Don't really care about Alexa rankings, I'm not out to sell ads or anything else on nab, I just want to build shit; ideally shit that doesn't require my continued involvement to sustain itself.