Subj : fsxNet Feedback ("Privacy")
To   : Avon
From : Oli
Date : Fri May 14 2021 08:05 am

Avon wrote (2021-05-14):

 A> Security / Privacy
 A> ==================

 A> Binkp secure encryption for all hubs.

 A> Better privacy.

 A> SSH officially supported.

 A> SSH for specific echos.

 A> # More discussion needed around these points. It's only as strong as
 A> weakest link and echomail may not have been designed with privacy in
 A> mind. How best to enforce an echomail area only available via SSH?

What nobody mentioned was privacy regarding privacy laws and meta data. I know many (especially people from countries who don't have strict privacy regulations) argue that BBS are all private and stuff or privacy laws don't apply. Unfortunately or fortunately (depends on your point of view) this is not the case.

There are several aspects where the current practice in fsxNet and the BBSs connected to it are not compatible with the GDPR in the EU (General Data Protection Regulation) (I guess there are other countries with strict privacy laws that might apply too).

I see three ways to address it:

1) ignore it
2) refuse service to users from the EU (nodes, points, BBS users)
3) make fsxNet and BBSs adhere to the GDPR


Now we can jump directly to the discussion why BBSs are different and why there is no need to care about GDPR and stuff ... ;)



Regarding security and transport encryption (CRYPT / TLS / SSH): I wouldn't trust collaborative security measures that only try to encrypt the traffic. If you want private conversations that don't leak, you always can setup private feeds between nodes and points and crash netmail. Or use some kind of e2e encryption. Some sysop / BBS / web echomail will offer it unencrypted or feed it to the Google at some point. Encrypt everything (TLS / SSH) is still good practice.



 A> # We could choose to 'secure' the network using something like ZeroTier

I used ZeroTier and it's quite easy to setup and works, but I dislike the idea to use a commercial provider for the basic infrastructure. FTN is DIY.



 A> # We can offer echos and netmail but not privacy

In some countries you are not allowed to offer anything then.

---
 * Origin: . (21:3/102)

.