When you install Phosphorus Five, the basic assumption is as follows; “If you can lock your home, I can help you keep your privacy”. Basically, a violation to your privacy, when using P5, would imply somebody knocking down your door, and physically grabbing your Ubuntu Server laptop. If you have no idea what I am talking about, please read the following blog, and watch its associated YouTube videos.
However, this might in theory occur – As in somebody might actually knock down your door. If such a thing were to happen though, it is crucial that you’ve taken steps to prevent your server from snitching on your friends, whom you have given access to your personal home cloud system. And it is crucial that you have done this, before such a thing occurs.
This is actually quite easily done, by simply turning OFF all logging in Apache. Notice, I haven’t tested this myself, but there’s a recipe over at StackOverflow about how to do this. I will test it, and make sure the default installation for P5 does this automatically in my next release of P5.
You have the right to avoid logging, all your logs will be used against you, twisted and distorted, to criminalise you, and all of your friends, in a court of law! Do you understand these rights …?
Notice, there are additional steps you can do when installing your home cloud Linux machine to further reduce the risk of somebody having access to your data, even if an adversary were to gain physical access to your box. The most important step, obviously, is to make sure your disc is encrypted, and that you’re using an extremely secure password for your root account.
The 5th Amendment protects you! USE IT!
Roughly a decade ago, there was a case in the US, where a person suspected for a crime, refused to submit his password for his private PGP key to the authorities. The case went to the US Supreme Court, which concluded with that he couldn’t be forced to submitting his password, since it would violate his 5th Amendment rights. Hence, if you plea the 5th Amendment, nobody can demand you to submit your Linux server’s password – At least not in the US …
However, security is like condoms. If you’re gonna use them, better make sure you use at least 5! Hence, to be make sure you’re doing everything you can, to avoid snitching on your friends, also to the extent of that you were being tortured to submit your Linux root user’s password – It’s better to have taken steps up front to avoid anybody to get hold of data, that might compromise the security of you, and/or your friends. Hence, avoid logging!
Of course, there’s also the additional security step, which includes always having a hammer, no more than 2 feet away from your Linux box, and simply start physically smashing it, if an adversary starts knocking your door … 😉