It has of course been some time since I have written here on the blog so I thought I should probably update everyone on what I’ve been working on in the past two months.
Bleu bug fixes
Recently new updates have been rolled out to Bleu in order to fix large bugs which inhibited it from working properly. Among the most significant, users had no option to create spaces, even though this is a basic functionality of the app. Now, there are multiple ways in which a user can create a new space. Available are public spaces, which can be joined by anyone or through request approval; along with private spaces, which are hidden from the directory and only available to those whom you personally invite.
Additionally, I have added some spaces myself which I felt may spark interest in the community. I, of course, don’t intend to remain the owner of these spaces, and am willing to transfer ownership to individuals fit to coordinate those communities.
CYGO Cloud & CYGO Talk for Android
I have been working on testing CYGO Cloud on mobile through the Nextcloud and Nextcloud Talk clients for mobile. Soon, links to these and information about how to manage and access CYGO Cloud from mobile will be available.
In the meantime, please note that we still need an individual to make a new desktop client for CYGO Cloud, preferably that runs on all major desktop operating systems.
We’ve updated our Terms of Service
As of today, September 17, 2020 our Terms of Service has been updated to officially prohibit any users from within the People’s Republic of China from accessing CYGO Network. Of course, we will be implementing software to make this more effective.
I’m not a Chinese citizen, how does this affect me?
You’ll notice that the network is faster, more reliable, and that there are considerably less spammers utilizing our offerings. It will also prevent the spread of any Chinese Commnist Party propaganda through our social network, Bleu.
I’m a Chinese citizen, what now?
Tianenmen square massacre 1989. Please remove your commie self.
That’s all for now, but stay tuned for more updates and announcements within the coming weeks! If you’ve any questions, please email me at email@example.com, post on the official CYGO Network Bleu space, or message me (@humbletyrant) on Telegram.
Many of you who have looked at our Contributors page, specifically the entry for me, you may have noticed a mention of something called “Linux”. Some of you may have even wondered what this “Linux” thing is, and probably didn’t get a good, straight answer. Well guess what I’m here to do?
To understand what Linux is, we need to understand what an operating system is first.
Operating Systems (OSs) are the system your computer uses to provide a graphical interface, install and use apps, manage files and memory, and basically anything else. Some well known OSs are Windows, MacOS, iOS, and Android. Each of these handles files, memory, and applications in a different way. Think of OSs as a person’s personality: many people may have similar personalities, despite speaking different languages or having different skills. But, those skills may influence them and how they interact with the world, just like how an app can change a computer and how it interacts with you, your hardware, or the internet.
UNIX-based systems can be split further into two sub-families: BSD-based and Linux-based. UNIX was an operating system developed by AT&T at Bell Labs back in 1971. It presented a number of revolutionary concepts to computing, such as pipelines and file descriptors. Unfortunately, UNIX was proprietary, meaning you could not obtain the source code, modify it to do as you pleased, and had to pay for a license to use it.
BSD-based operating systems, like MacOS and iOS, are based off an open-sourced fork of UNIX, known as BSD (BSD stands for Berkeley Software Distribution. BSD was developed at UC Berkeley, hence it’s name). True BSD systems strive to adhere to the UNIX philosophy and provide an open-source implementation of the original UNIX operating system. However, you can find BSD-based OSs that diverge from this norm, such as MacOS and iOS. Many in the BSD and Linux communities do not consider these true BSD-based operating systems because of how many changes have been made to the source code. As such, many consider these more of a distant cousin to BSD-based OSs than a close relative.
Linux-based OSs, also referred to as GNU/Linux or GNU+Linux, are operating systems that use the Linux kernel (the kernel is essentially the beating heart of your OS. Going back to the personality analogy, it’s like the basic capabilities all people have when they are born: basically useless on it’s own. But once you build on top of it you can do a lot more and make a full personality). Linux was created in 1991 by a Finnish student named Linus Torvalds. He took what he saw in BSD and similar OSs, and made his own rendition. He posted it online, as open-sourced code at the encouragement of his friends, and from there it exploded. Today, the Linux kernel has had over 10,000 contributors and is one of the leading competitors to Windows.
But why should you care? You run a Windows computer, and an Android phone. You don’t run Linux.
Oh, yes you do.
If you go on your Android phone into the Settings, and go to About Phone > Software Information, you will see a kernel version listed. It may even say “Linux Kernel Version”. This is Linux. Android is a Linux-based OS (these are often refered to as ‘distros’, however due to Android’s lack of several standard utilities found in Linux distros for desktop and server systems, many do not refer to Android as a “distro”). You use Linux on a daily basis, because developers found it a good fit for Android’s needs for security, stability, and performance.
But wait, you actually use MacOS and iOS. Silly me. You don’t have Android anywhere in your house! But what about that Google Smart Speaker, or Alexa-enabled toothbrush? Yep. Those are running Linux too. Linux can run forever and not crash (assuming it’s not tampered with by a hacker or bad update), making it perfect for smart home devices, routers, and servers.
Wait. Servers you say? Aren’t websites stored on servers?
Yes, Jimmy. Yes they are. Most web servers (98% of all of them in fact, including CYGO, Swivro, and Drauger OS servers) run Linux due to not just the advantages listed above, but also because they are easy to manage and difficult to hack.
But it goes beyond even that.
The top 500 super computers in the world, all Raspberry Pi computers, the International Space Station, the Mars rover Curiosity, SpaceX’s rockets and Dragon capsules, Tesla’s cars, most mainframes, some Wi-Fi routers, the particle accelerators at CERN, and Chromebooks all run Linux in some form or another. I can guarantee that you interact with Linux in some form every day, and you may never even realize it.
Okay. So it’s essentially running the world. Why do you care?
Because it’s coming for your computer too.
Linux performs better than Windows and MacOS in many settings, has less resource usage, is infinity more customizable than almost anything else out there, is easier to to install and uninstall software on, and is easier to develop software for. And as a cherry on top of that beautiful cake, it also has less tracking and telemetry than Windows does (usually. Looking at you Android.) meaning it respects your privacy. And the good news keeps coming because Linux is also more secure than MacOS, which is in itself more secure than Windows.
Linux Mint is a Linux distro aimed at new Linux users coming from Windows. It makes getting used to Linux easy, has a welcoming community, and works decently well on most hardware.
Linux Mint has 3 versions: Cinnamon, MATE, and Xfce. Use the Xfce version on lower-end hardware. Use Cinnamon on just about anything else. If Cinnamon feels slow on your system, but you don’t think your system is all that low-end, try MATE.
Zorin OS is a distro similar to Linux Mint, in that it strives to be easy to use for new users coming from Windows. However, it differs in 3 important ways:
1. Zorin OS is better designed for 2-in-1 and tablet-convertable laptops due to it's larger and more dynamic interface.
2. Zorin OS looks more like Windows 8 or Windows 10, while Linux Mint looks more like Windows Vista or Windows 7.
3. Zorin OS uses slightly more system resources than Linux Mint.
Overall, if you have a new computer or a 2-in-1, but still want that Windows-like desktop layout, Zorin OS is a good choice.
Ubuntu is the most popular Linux distro available. It’s desktop, while more unique, is usable on 2-in-1s, tablet-convertibles, laptops, and desktops. It has a huge, vibrant community, and support for it is easy to find. In fact, most support found for Ubuntu also works for the other distros listed here for the most part, since they are based on Ubuntu.
Ubuntu is also the distro recommended for gaming on Linux by Valve, the company behind Steam, CS:GO, Half-Life, Left 4 Dead, and more.
If none of the other distros really makes you feel at home, or you really just want a unique desktop layout to wow your friends, Ubuntu is the way to go. This entire blog post was written on Ubuntu!
As you can might be able to tell, Linux puts an emphasis on choice. It’s YOUR choice what distro you run. It’s YOUR choice how your computer looks and works. It’s YOUR choice if your computer runs Linux at all!
At the end of the day, trying Linux isn’t a bad idea. And, if you don’t like it, that’s fine. But, come back and try it again a couple years later, because Linux development works at a rapid pace. So if you have hardware or software issues, in a couple years time the issues should either be easier to fix or already be fixed for you!
I’ve been running Linux on all my personal machines for the past 6 years, and while I admit there have been hiccups along the way, most of those where my own fault.
Just make sure not to run sudo rm -rf /* if you value your data.
CloudFlare DNS (220.127.116.11) claims to be a public DNS resolver which claims, according to their website;
“We will never log your IP address (the way other companies identify you). And we’re not just saying that. We’ve retained a big 4 accounting firm to audit our assertions about our systems annually to ensure that we’re doing what we say. Frankly, we don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.”
Interestingly enough, CloudFlare entered into a research agreement with APINC, the organization which owns the 18.104.22.168 IP range. According to APINC, the statements regarding CloudFlare DNS, it’s privacy, and anonymity on its official website are simply false.
“We will be destroying all “raw” DNS data as soon as we have performed statistical analysis on the data flow. We will not be compiling any form of profiles of activity that could be used to identify individuals,”
The fact that they have “raw” DNS data, containing personally-identifiable information such as IP addresses (since, after all, IPs are the focus of their research) doesn’t merely imply that they collect it, but it is a direct claim stating that they DO in fact collect said information; otherwise it wouldn’t be in their possession to perform “statistical analysis”.
But that’s not even the worst of what CloudFlare has done;
According to a source which I’ve had the good fortune to stumble upon; CloudFlare has protected websites owned by ISIS, the Taliban, and likely other terrorist groups as well. CloudFlare has not only proxied terrorist content, but according from an excerpt pulled from the New York Times, they have even provided their services to websites containing child pornography.
I’ll end this section with this peachy little quote from the CEO of CloudFlare:
“Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn’t think much about it until, in 2008, the Department of Homeland Security called and said, ‘Do you have any idea how valuable the data you have is?’ That started us thinking about how we could effectively deploy the data from Project Honey Pot, as well as other sources, in order to protect websites online. That turned into the initial impetus for CloudFlare.” – Matthew Prince
More fun little things regarding CloudFlare’s shady operations and past can be found here, this website was put together rather well and includes citations.
You can’t trust most public DNS servers.
DNS servers collect identifiable information with each query, so it’s difficult to find a public DNS server which truly doesn’t collect or retain this data. For our purposes here, I’m going to simply say that it isn’t truly possible to have the perfect solution with any 3rd party DNS provider. The only person who you can really trust with your own privacy is yourself; which brings me to the solution.
Unbound: A DNS server that runs on your local machine.
That’s right; a separate machine for a DNS server isn’t even necessary! You can run unbound directly on your workstation or laptop! According to Unbound’s website, it is compatible with both Microsoft Windows and Linux-based operating systems, among others including macOS and BSD derivatives.
The documentation made available here under the Manual Pages section will help you install Unbound and get started with it. It’s extremely simple to install on Windows using the executable installer or through your Linux distribution’s package manager.
It’s very easily installed on Windows
Once you have ran the executable to install the package, on Windows, only one change needs to be made regarding network settings in order for Unbound to essentially work out of the box!
Just go to Network and Internet Settings>Adapter Options, then right-click on your network interface, select properties, then double-click on “IPv4”.
Set your preferred DNS server to 127.0.0.1 (Your machine/localhost, where Unbound is running). Personally, I set my Alternate DNS to NixNet DNS, as I know the owner of the service and trust that he dumps his logs to /dev/null or purges them as needed to ensure user privacy as he shares much the same, if not stricter privacy standards than CYGO. Technically, the alternate DNS probably won’t even be used as long as Unbound is functional.
It’s a common situation – you want to look up something private on the internet that you would rather no one know about. You go to Google Chrome and open up an Incognito tab, finish your business, and close the window. None of your cookies or browsing data was saved, so you’re fine. Completely anonymous, right? Well, nothing could be further from the truth.
How Our Browsing Data is Harvested
To begin, we need to understand just how much data we share online without even realizing it, starting from our browser. When we type a search into Google, our browser shares the operating system of the device, type of browser, system language, installed browser fonts, time zone, screen size and color depth, browser extensions, your user agent string, among many other kinds of data. This data is not only shared with Google, but with any other trackers that may be embedded in the page. When all of this data is complied together, a tracker can then create a unique identity for your browser in a method known as browser fingerprinting. Combined with your public IP address, a completely accurate identifier can be made for you and the browser. This makes tracking cookies unnecessary, and thus deleting cookies in an attempt for privacy becomes completely useless.
Once a tracker has created a unique fingerprint for your browser, any search or web activity you make is tied to you, regardless of whether you are using Incognito mode or not. This can be done across multiple web sites, as trackers exist virtually everywhere on the internet. These trackers then use the information they collect to form a profile about you based on your browsing habits, and use or sell that information to show you targeted ads.
It’s not just your daily internet browsing habits either. Google Maps catalogues every place you have ever been if you have shared your location with them for some reason. Facebook Messenger listens in on your calls. Your Spotify music data is sold to Google and Amazon. All of these invasions of privacy are done with the same goal in mind – to collect as much information on you as possible to form an accurate profile. If you have ever used the internet, you have been tracked.
Why do they do this? Simple. Because it is profitable. In these modern times, our data is more profitable than oil. Its no wonder how Facebook, Google, or Amazon became such tech giants – they exploited their users’ privacy.
“Well so what if they have some data on me? Why should I care?”
You should care in the same way that you would if someone put a camera in your bathroom. Google does not need to know your music taste or what kind of porn you watch in order to show you ads. You turn on Incognito mode to hide your browsing habits from other people, but you are okay to share it with a billion-dollar company?
Furthermore, this level of fingerprinting makes it very possible for people with less-than-great intentions to monitor people’s browsing habits in response to certain stimuli. To illustrate an example, a controversial news article can be displayed, and based on the search history after seeing it, the user’s reaction can be monitored. They can then use this data to further understand how to manipulate the opinions of the people.
“So how can I stop this fingerprinting from happening?”
The first step is to never use Google products or social media, as their number-one function is to gather data. Use DuckDuckGo to search the web, a privacy-oriented search engine that does not track or fingerprint users. For email and cloud storage, CYGO Network offers its own alternatives to Google.
For the next level of online anonymity, use the Tor browser. It has a slower connection speed when browsing the web, but the trade-off is near-complete privacy. Advanced users can also install a Virtual Machine and run the Tails operating system, an OS designed for internet anonymity.
“But I’m too stupid and lazy to figure out how to do all that.”
I can’t help you there.
In this online world, it is extremely difficult to avoid being tracked entirely, especially if you wish to use services like Amazon or YouTube. It is still important, however, to know that it is going on, and that there are resources available to individuals who care about their online fingerprint. What big tech companies are doing right now is borderline illegal; the extent to which our data is harvested is shocking and cannot be covered in just one article. This has to stop, as it infringes on our natural right to privacy, so sand your digital fingerprints.
MySQL and SQLite are pretty much the worlds most popular database systems out there on the internet. There are some pros and cons of each of these systems, and there are some differences.
Size: MySQL – 600MB SQLite – 250kb
MySQL – You can create users with different permissions. SQLite – You cannot manage users
These of course are not all of its differences. SQLite does not provide network access, MySQL Does. SQLite is serverless, and requires no configuration setup, whereas MySQL Does. MySQL Can handle high traffic sites whereas SQLite has a limit. MySQL is definitely not as portable as SQLite.
If you want to use one of these databases, and can’t decide which one to use, If you are hosting or developing a heavyweight app that you expect to eventually get a lot of traffic and lots of queries will happen via database, use MySQL.
If you don’t want to use a lot of storage, and your app is lightweight and will not get a lot of traffic, or is private, use SQLite.
Both of these databases are excellent in their own ways. You can download SQLite by clicking here, and you can download MySQL by clicking here.
We’ve been working out the logistics of fixing our issue with storage and the XFS file system partitions which were being used on our server. Yesterday, when I shut down the server in order to re-size a few disk partitions, I was met by some roadblocks and was rather unsure how to proceed. As it was an urgent matter, and I wanted to get things back online and avoid any such future downtime, I asked Thomas, our Linux desktop systems developer for some assistance regarding the issue. As he is very knowledgeable regarding this subject, namely from his work on Drauger OS (if you don’t know what that is, you should check it out, it’s a really innovative project), we were able to get everything back up and running within approximately 80 minutes.
This means we can largely return to operating as usual
We will begin allowing the registration of new connectMail and CYGO Cloud accounts as we have the capacity for more users. Existing users will receive precedence over new users when it comes to needing storage quota extensions, and their quotas will be reset to what they were previously before we encountered our storage issue. As always, if you have any questions regarding this, you can always contact me via email at firstname.lastname@example.org, through our Discord presence, through my personal Discord (HumbleTyrant#7317), or through our Telegram group.
DDoS attacks have subsided (we hope)
As you know from our previous post, we’ve recently been faced with DDoS attacks, mainly from people within the United States. As we have faced these, measures have been put in place to help prevent them from affecting the network. We’ve added new layers of protection against DDoS, brute force, and general server-flooding attacks, as well as strengthened existing protections, on multiple layers. We are still continuing to monitor the situation closely in hopes that we can catch attacks whilst they are in progress and prevent any inconveniences which they could cause.
More posts in the CYGO contributor blog series coming soon!
I will be taking it upon myself to write a few more posts in the coming weeks. A few of our other team members; including Kasper, Ben, and Thomas will likely be making a few appearances during this blog series as well with their own publications. I am also planning on asking some of our other contributors if they wish to take part, as well as inviting guest bloggers from our partner organizations and community.
Recently, beginning on June 6, our main web server has been facing Denial of Service attacks lasting on average less than 10 minutes. We believe attackers are using network stress-testing tools which are used in the industry to test for vulnerabilities in order to attack and undermine our network.
Why are we being attacked?
All of the attacks which we have caught real-time have been based in the United States. We think we are either being attacked by disgruntled former team members of one of our partner organizations, or we are being targeted by politically left-leaning individuals who do not support our mission, the U.S. government, or the values established in the United States Constitution.
What are we doing to mitigate the issue?
Currently, we are now monitoring the server and our equipment very closely in order to identify any attacks as they start. We will then be immediately blacklisting any IP or network which is suspected of attacking or attempting to attack our network. Attacks identified and reported by our Denial of Service protection software will be reported to the attackers’ ISPs at the earliest convenience, and any attacks which shut down or degrade the network will be reported to the Federal Bureau of Investigation through their Internet Crime Complaint Center located at ic3.gov.
How does this all affect me?
I use CYGO’s free online services
Until we are able to fully contain and prevent these attacks in total, short downtime, up to approximately 6 minutes at times could be experienced. We are currently seeking the appropriate actions to take to fully prevent this.
I read the CYGO blog
You likely won’t be affected, and if you are, just check back in a few minutes.
I use Drauger OS
We provide the Drauger OS website, email, and support system. You may receive short downtime, up to approximately 6 minutes at times, as well as slightly delayed response via support and email. We are currently seeking the appropriate actions to take to fully prevent this.
That’s all for now. More updates will be posted as needed.
The first post in the CYGO contributor blog series.
What is TikTok?
According to Wikipedia, “TikTok is a Chinese video-sharing social networking service owned by ByteDance, a Beijing-based internet technology company founded in 2012 by Zhang Yiming. It is used to create short dance, lip-sync, comedy and talent videos.”
By that brief definition, TikTok is portrayed as a place for creators to express themselves, as well as something that could harbor an interesting and diverse community.
TikTok stifles true creativity and free expression.
TikTok is filled with unoriginal content. It is dominated by a majority of people recreating existing content including already popular mainstream soundtracks and such. It’s essentially a community of people beating dead horses. Considering the majority of its users recreate content; there is no true creative content shared through the platform.
It is also reasonable to assume that considering TikTok is a Chinese company (all Chinese companies are directly under the control of the Chinese government), that content posted on TikTok must conform to the ideals of the Chinese government, which can lead to user censorship, hence the loss of any sort of freedom of expression.
According to The Washington Post, last November a TikTok user located in New Jersey, Feroza Aziz, was suspended from the app after posting content which was openly anti-Chinese.
Leaked documentation from the company illustrates that they are making an attempt to censor content which is political or otherwise controversial in nature.
TikTok actively mines user data.
According to CNET news, a class action lawsuit was filed in December 2019 against ByteDance/TikTok by a California resident.
The lawsuit alleges that user content, such as videos only saved as drafts rather than videos which are published; without any user consent.
California resident Misty Hong in her lawsuit also claimed that she installed TikTok on her device but did not create an account, yet some time later she discovered that the application had created one on her behalf without permission.
TikTok not only disrespects its users’ privacy, but could be a U.S. national security risk.
Videos published on TikTok often contain close-ups of its users faces. Considering the Chinese government has access to essentially all of the data on ByteDance’s Chinese servers, such videos could be used for surveillance purposes, or even worse, for facial recognition software and/or databases.
It poses such a risk to United States national security that the Defense Department has advised government employees to cease use of TikTok, which has prompted the U.S. military to ban the app from all government-owned devices.
You’re funding all of this.
When using TikTok, users are served advertisements which provide the company with its substantial revenue. By using the application, you are funding a corporation which is mining user data, using such user data to serve targeted ads, and likely in some way to benefit the Chinese government. If all users came together and deleted their TikTok accounts as well as the application from their devices, we could help to curb these issues to an extent.
Thanks for reading! I look forward to continuing this blog series in an effort to further aid our community and readers in taking control of their privacy.
I personally am planning to begin development on a project which will prove to be very useful to both new and existing users of CYGO. More details about what this project is will be coming soon when work begins. This will be another significant advancement for us over both Google and Microsoft if it is successful.
We’re having issues with storage
Currently we have identified issues with LVM partitioning on our main server. Some downtime in the coming week(s) should be expected as we attempt to solve this issue. Once this issue is solved, CYGO Cloud accounts will go back to normal, and new users will be accepted. We are also hoping to upgrade our storage capacity but that will depend on your help. We will attempt to provide updates on this issue as it is resolved, specific downtime information will be available in our Discord and Telegram communities, as well as by inquiry through Discord (HumbleTyrant#7317) or Telegram (@humbletyrant). During the downtime inquiry via email will not be possible.
A new blog series is set to start soon
Myself and a few other of our contributors have agreed to begin blogging about topics relating to online privacy, information security, online censorship, and the open source community. We are doing this in an effort to bring our community engaging and interesting content which they will hopefully find beneficial.
Within the past two months, CYGO has made many advancements which I am going to outline further in this post, which will give users a significantly-enhanced experience. As such, myself and the team have been very busy, working around the clock to keep our services available to everyone at top-notch quality.
Bleu is now considerably more stable
A plethora of frontend and backend issues with Bleu which have been persistent both before and some after the server move have been patched. This means that Bleu is more pleasing to they eye and considerably more likely to function as intended. Since it’s also now hosted on our own equipment, the previous long page load times are no longer an ailment and have been cut by more than half. Frontend updates and patches will continue to be applied as needed, any bug reports would be appreciated via email at email@example.com or via Discord to HumbleTyrant#7317.
CYGOfile is now known as CYGO Cloud
We’ve decided that a name change was appropriate, as CYGO Cloud is more than just a place to store your files on the go! CYGO Cloud is currently being expanded into a full suite of web productivity apps. Not only is it a place to store your files, but it can also be used to listen to music, conveniently take notes using markdown, create mind maps, check your email, as well as chat with friends and colleagues using instant messaging or video conferencing! We are continuing to roll out updates to the platform and further expansion is currently in planning and consideration.
We’ve updated our terms of service agreement
As further preventative measures to prevent misuse of our platforms, as well as to help combat theft of our logo from happening once more, our terms of service are now a bit more strict and comprehensive. If you haven’t already read the updated terms, I recommend that you take a look.
We are still in need of volunteers!
We’re unable to post weekly community updates as we have no one willing to aid in writing them. Additionally, our community has grown in the past few weeks, and with the promotion of Bleu, we will be in need of a larger team! If you are interested, please take a look at this page. If you would be interested in one of the listed positions, or think you could contribute in some other way, please contact us via email at firstname.lastname@example.org or contact me directly via Discord (HumbleTyrant#7317).