fsebugoutzone.org:9999

       Post B1TBDCedVPn5qlhUe0 by katzenmann@c3d2.social
 (DIR) More posts by katzenmann@c3d2.social
 (DIR) Post #B1TBD3OLwaPz7f0rVw by katzenmann@c3d2.social
       2025-12-21T09:51:31Z
       
       0 likes, 0 repeats
       
       Hmm. I just realized that I have all my mails laying around unencryped on a VPS. Someone could just joink the virtual hard drive and get access to all my communications.That&#39;s not great. Is there any open-source solution to encrypt that data at rest?I&#39;m imagining something like a service that encrypts all incoming mail with my PGP public key. Because I would really like to have something like that for my sanity.#selfhosting #email #nixos #vps
       
 (DIR) Post #B1TBD4I0bewBuH3JGS by lyyn@mastodon.ml
       2025-12-21T09:57:17Z
       
       0 likes, 0 repeats
       
       @katzenmann While you can probably somehow encrypt it at rest, what a VPS company can do is just monitor changes in RAM. So the only solution is proper E2EE so the messages never get decrypted on the server, even in RAM.
       
 (DIR) Post #B1TBDCedVPn5qlhUe0 by katzenmann@c3d2.social
       2025-12-21T09:53:36Z
       
       0 likes, 0 repeats
       
       I know ProtonMail does this well but their solution is proprietary. It&#39;s sad to see that no one has been working on better email protocols that allow for end-to-end or even just data at rest encryption.But email got centralized in the hands of a few big corporations so nobody really cares which is annoying.
       
 (DIR) Post #B1TC6bY0egVUyw1CiG by katzenmann@c3d2.social
       2025-12-21T10:07:22Z
       
       0 likes, 0 repeats
       
       @lyyn That&#39;s why my idea was to encrypt all emails using my PGP public key on the server before storage.That way only files encrypted with my public key are on the server and they can&#39;t be read by the server itself.
       
 (DIR) Post #B1TDEuPuU14Nm6kmlk by lyyn@mastodon.ml
       2025-12-21T10:20:05Z
       
       0 likes, 0 repeats
       
       @katzenmann But te plaintext emails will be in the ram of the server for a short while. So can be read by hosting anyway.
       
 (DIR) Post #B1TKEj7TBb2uPpzLlY by ponygol@chaos.social
       2025-12-21T11:38:26Z
       
       0 likes, 0 repeats
       
       @lyyn @katzenmann At this point it becomes a question of threat model.1) VPS Provider continuously monitors and intercepts the mails while they are still in cleartext.2) VPS Provider won&#39;t monitor on its own but might be required to cooperate with a legal request.If you assume 1), this method won&#39;t help and using a VPS is probably generally a bad idea. If you assume 2), it will at least not disclose data up to that point.