I have a friend who is moving to a particularly "strict" Middle Eastern country to do some work. He is very worried about the government spying on him and has asked me for advice.

We decided his best route to keep things as "hidden" as possible include:

1. Buying a laptop with a keypad finderprint reader, and using the disk encryption system at all times. Only a valid fingerprint will enable bootup, decryption, unlock of screensaver, login, etc...

2. Getting a VPS or dedicated server and using only trusted admins.

3. Installing SSL on the mail server and then enabling "require SSL" on his mail client so only SSL connections will to send/receive mail to the computer.

4. Installing a proxy server on the VPS/dedicated and only surfing the web though that.

5. Requiring an SSL connection when connecting to the proxy server to surf.

6. Enabling the encryption option for his VoIP adapter.

I think that covers everything? Did we miss something?

The one I need help with is #4 (proxy server). I don't know anything about proxy server software, and would love some opinions/suggestions and advice on a decent package. (The server will be running cPanel on CentOS 4.x)

Oh ya.. his budget is $0. heh. :)

Thanks!

I can't edit the above post any more...

.. but thought I'd add that for the "proxy server" he wants to have something like "anonymizer" installed on the server.

I suppose if he can't have it on his own server, then he'd need to get a subscription to some proxy service like anonymizer?

what is the purpose of this thread when his budget is 0 ?

1: buying requires money

2: getting requires money

3: SSL cost money, unless u self signed

4: cost money

5: cost money

6: could be free

Use pgp keys for mail in addition to SSL. If he's running cPanel, easy to setup pgp keys.

Use pgp keys for mail in addition to SSL. If he's running cPanel, easy to setup pgp keys.

Its only useful if both sides of the conversation use pgp.

what is the purpose of this thread when his budget is 0 ?


I will be helping him purchase what he needs, if it's justified and it's the only way to get what he needs.

His budget is $0, but that doesn't mean he can't use "for pay" software if that's what is absolutely needed.

I simply put his budget is $0, so people don't recommend a $10k software package when something that costs $100 might do what he needs.

Either way, his budget is still $0.

Thanks.

Run everything through a VPN (say IPsec). Get a router that runs OpenWRT, install an IPsec tunnel on it, and have it route ALL traffic it receives through the tunnel. That would encrypt all computer and VoIP data. But you need something else at the end of the tunnel that will decrypt the traffic and route it where it needs to go. Kinda hard to do with $0 budget. At least get a VPS...

If he's only worried about government spying on his packets, I would suggest tunneling with TOR, that will encrypt all connections to and from computer. It's a bit slow, but cheaper then setting up your own dedicated server/vpn to tunnel through

Which also can be done easily by using putty. Installing OpenSSH on the server will make that possible (something that probably is installed on it by default)