Tech and Security - Answers
Resist.ca runs all opensource software including:
- Operating System - Debian Linux
- System Organization - LDAP
- Web Administration - Apache with secure sockets layer
- Mailing Lists - Mailman
- Mail Handling - Postfix
- Webmail - Squirrelmail and Roundcube
- Databases - MYSQL
- Web Platforms - Drupal and WordPress
The Resist! Collective takes security on resist.ca and the other boxes it runs very seriously. To that end, we do not allow non-encrypted connections via ftp, telnet, pop or the http interface for mail or lists. We do allow ssh, scp, sftp, https and secured IMAP and POP connections. Essentially, we have shut off any mechanisms by which users could accidentally send plain text user names or passwords when logging in to check email or upload web pages. Most user's web sites do not use https for logins. You should not use a password on your unencrypted web site that you also use for you mail etcetera.
Resist! keeps no logs of user activity, no mail records, and no unnecessarily revealing system statistics. In the event that Resist! ever loses control of the resist.ca server (either physically or electronically), we will do everything in our power to let users know what has happened to their data, and to mitigate any negative effects
of such a loss of control.
In addition, we have system monitoring in place and plan to have a regular security audit procedure implemented to keep an eye out for potential problems including hardware or software failures and possible attacks.
The short answer is NO! ASSUME YOUR EMAIL IS LIKE A POSTCARD!
Although we try to provide as secure an environment as possible, as with any other service provider, unless you are very aware of security protocols, it is easy for you to send email to someone insecurely. For instance, if you send an email unencrypted to a user on gmail, hotmail, yahoo or just about anywhere off of the resist.ca machine, the contents of that mail could be read by someone with the desire to do so. This is because although resist.ca may be secure, the connection between resist.ca and most other servers is not secure. This is not a problem unique to resist.ca.
Information on virus's that may affect your resist.ca account is available here.
Where can I find more computer and general security information for activists?
If you want to know more about security and encryption, see security.resist.ca.
Why here of course!
Resist! uses opensource software in every possible instance and is committed to furthering opensource software development through contributing our thoughts and code to existing opensource projects.