Cloud Provider OVH Partial Outage after Fire

The French cloud provider OVH, one of the largest in Europe, experienced a fire in one of its data-centers in Strassbourg, France. As a consequence of this fire, the sites SBG2 has been destroyed, SBG-1 partially destroyed and SBG-3 and SBG-4 have been shut-down for now. Status per travaux.ovh.net on Morning March 11 was as follows:


The reason for the fire has not been established yet. OVH Cloud has released a statement yesterday describing the incident and the aftermath:

What does that mean for OVH customers? It likely depends on what kind of service they pay for and whether they have your own backups or not. At the very least it means some service interruption for a client.
In any case, if you don’t have a backup/disaster recovery strategy – this should be a reminder to you that you really need one.

NSA on Limiting Location Data Exposure

The National Security Agency has issued a document about how to mitigate security issues that may arise through use of “location services” and how to mitigate those risks.

Mobile devices determine location through any combination of Global Positioning System (GPS) and wireless signals (e.g., cellular, wireless (Wi-Fi®), or Bluetooth® (BT)). Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.

Key point: Turning off location services does not turn off GPS, and does not significantly reduce the risk of location exposure.
Also, location services is not synonymous with GPS. Even with GPS and cellular data unavailable, a mobile device can calculate location and apps and websites can use sensor data without requesting permission from the user.
And it’s not just your smartphone or tablet. This applies to fitness trackers, smart watches, smart medical devices and other smart and IoT devices as well.

The mitigation measures given by NSA would likely turn your mobile device into a useless brick, so they are unlikely to help the average user much. Still they are worth a read and some can be used by everyone. However, if you want to be sure, leave the device at home! Keep this in mind when an app promises anonymity or data privacy

The full document:

Why Contact Tracing Apps Are Not Anonymous

First a couple of definitions.

Track or trace? It depends, it means different things. From basic dictionary definitions, I paraphrase the following meanings:

to trace: follow the completed path backwards from its current point to where it began.

to track: follow the emerging path forwards from your starting point to wherever the thing currently is.

What is contact tracing in the context of epidemic outbreaks? According to WHO definition it is a “monitoring process” consisting of “3 basic steps”: Contact identification, contact listing and contact follow-up.
The full definition can be found here.

Continue reading “Why Contact Tracing Apps Are Not Anonymous”

FreeBSD Gateway to Access ProtonVPN

was playing around with different setups to connect several devices to ProtonVPN being aware of the limit of one or two devices with the Free and Basic ProtonVPN packages. The obvious way is to configure the VPN on your router/gateway. If you have one that allows for OpenVPN to be configured, you can do it there. Mine doesn’t so I had to find another way.

Note, this is not a tutorial, so it does not contain a complete list of steps to be performed. It’s intended to give you ideas how to go about doing this by sharing my experiences. The complete setup is, as they say, left as an exercise to the reader.

I was playing around with different setups to connect several devices to ProtonVPN being aware of the limit of one or two devices with the Free and Basic ProtonVPN packages. The obvious way is to configure the VPN on your router/gateway. If you have one that allows for OpenVPN to be configured, you can do it there. Mine doesn’t so I had to find another way.
I also didn’t want to rout all my traffic through the VPN, just basically be able to browse the web.

So I came up with the idea of installing a FreeBSD gateway with two network interfaces, one connected directly to the Internet over which I route the traffic to a ProtonVPN server or servers.

Of course, the machine is running PF firewall software with the appropriate rules, and name resolution happens with unbound which basically just forwards requests to public DNS servers. I am not going to describe either here, because you can use other software to do these task (e.g. use IPFW and hardcode public nameservers in the /etc/resolv.conf file).

Continue reading “FreeBSD Gateway to Access ProtonVPN”

To VPN or not to VPN

A Swiss VPN provider

I started researching VPN providers some time ago and gave ProtonVPN c closer look since they provide a free base service that isn’t too performant but good enough for testing and many daily activities. With their free offering, which is unlimited in duration, you have the choice of servers in three countries and can connect one device – which may be enough for your whole home network if you configure the VPN connection on your router. The router needs to support OpenVPN and all your traffic will go through a VPN connection, and that may not be what you want.

Also, some sites do block or restrict traffic that come from known VPN gateways, as they do with traffic coming from Tor exit nodes. They identify them as “sites with suspicious traffic” and ask you to do a Captcha every time. Some other sites provide a security warning if you suddenly log on from a different country.

Continue reading “To VPN or not to VPN”