Process Documentation (skip if you don't want to read about the boring buggy parts)
Attempt 1: Installing YunoHost on a plex server. Plex server was donated to me by a loved one, that already adds a touch of tenderness that makes me feel ready to take on something new.
This ended up working! I could not do it alone, I had to ask for help from 2 very technical people, one who who let me borrow their bootable USB drive (community sourcing yayy).
There were a lot of technical errors, namely figuring out how to reset the existing configuration on the plex server so I can uninstall the OS they have and install Debian 12
Thankfully, the YunoHost and setup instructions included information on how to install it using etcher. I installed etcher on the bootable drive, and installed Debian 12 and then installed YunoHost.
The installation process was pretty significantly long, and then when it was completed, I was informed that the server wouldn't be reachable from the public internet unless I set up some additional infra. Aw.
CUE TO NEXT FEW WEEKS' CLASSES — And turns out we handle how to set up tunneling to fix this issue.
I ended up asking my roommates if I could install the server but since our router is shared, and they didn't want to be exposed to random traffic, I was unable to use the plex server. Since my internet is shared I don't have executive decision making powers over whether I can host using it, which I guess I didn't think about ahead of time. So I ended up deciding to try to find a VPS (Virtual provisioning service?), much to my dismay. The whole point of all this, I thought, was to take matters into my own hands, but I guess my hands can only hold so much.
To handle this more ethically, I wanted to find a privacy-forward VPS. This meant I wanted to look at VPS providers in Europe — where GDPR (the European laws implemented to protect individual data and data governance) and data privacy are taken quite seriously, and fines for these companies are non-negligible. From working in tech, I know that some fines are just the cost of doing business for American tech companies, and they factor this into their projects and just try to make revenue elsewhere… ew.
"The only way to really protect your data on a VPS is end-to-end encryption."
Okay. I don't know how to do that yet.
I tried finding some European VPS companies for cheap but their login process was absolutely a nightmare. I had to call support to finish creating the account. Maybe if I had more capacity, I felt like I was drowning at the time.
Near the last few weeks of class, I finally obtained a job after a year+ of unemployment/instability. Priorities shifted and I decided to just create a Linode server. I ran out of digital ocean droplet credits in the past. Linode thankfully gives $100 in free hosting credits!! Yay. Unfortunately that means that I probably won't be able to keep this server running after 2 months of class. Or I can go back to trusty old plex server if I can find someone who'll let me connect it to their router.
THINGS TO BE AWARE OF WITH LINODE:
- "If you are doing shady stuff on your Linode instance, maybe setting it up as your own VPN server to go and do whatever, and your server attracted attention from law enforcement, you're probably well fucked: Linode totally can tap your connection on demand if they wanted to, or access your server
- (as a VPS provider, the VPS admin can log in as root on your machine without knowing the root password, the parent hypervisor has a shell command that can get right in and they can look around and reconfigure your software if they want. Source: have worked at a hosting company myself, needed to root into customer machines for tech support inquiries)."
- And Linode probably knows who you are, with your payment details on file and all. A benefit of going with a large VPN provider (hoping they don't keep logs) is that millions of users share the VPN so they have their work cut out for them.
- If you roll your own VPN on your own server, you're the only user of the server, your name is on the bills, and trying to jump thru money laundering hoops to make that not the case would put you in much greater jeopardy than whatever you're doing with your hand-rolled VPN server.
Created a Debian 12 linode. Forgot the admin password to the last one. Fuck. Had to create a new one. Decided to note down the password this time. I'm getting confused between the username/admin username/admin password/user password. Realizing I am in a frenzy, and need to slow down.
I'm able to access the website fine! Thank you Yunohost for the Let'sEncrypt free certificate.
Project Work
Now for the project, I've been interviewing around people in my organizing communities or organizing communities of loved ones to see what the Digital Needs there are.
One of my beloved community members I interviewed organizes for undocumented immigrants and at-risk adjacent populations in Atlanta. They mentioned that the lack of availability of resources in Spanish regarding knowing your rights, plus the physical isolation these communities experience is one of the major roadblocks to accessing care.
Another community member I interviewed has been part of direct actions and in organizing for immigrants, and has expressed a need for an anonymous way to gather information about border crossings, and which entry points are safe or not.
Another person I interviewed talked about highlighting mutual aid and helping resources flow to where they're needed. Social media create layers of difficulty with figuring out where immediate needs really are especially for people who aren't technically literate enough to know about crowdfunding sources, etc.
An interview with a regular art build participant also evoked some new ideas. With ICE agents stationed at various different subway stations, perhaps we can have a hosted app which allows people to snap photos and the app verifies the location and timestamp and uploads to the server so that peer listening devices can see where there are NYPD.
Emergency Info Vault
- Use case: Share secure drop points, legal aid numbers, bail fund contacts, etc.
- Safety-first: Use Shamir's Secret Sharing to store sensitive info accessible only if multiple organizers verify.
- Access control: Add passphrase-based reveal (client-side encryption — no data stored server-side).
Surveillance-Free Mapping Tool
- Use case: Share maps of safe routes, patrol zones, and non-policed areas.
- Privacy idea: Use Leaflet.js (Ukranian-made tech to document war crimes and accurate historical retelling of occupation) with offline tiles (e.g., OpenStreetMap export) — no Google Maps, no telemetry.
Event Flyer & Disinfo Alert Board
- Use case: Share real-time updates about upcoming direct actions or warnings about infiltrators/disinfo.
- Security angle: Static site with updates fetched via IPFS or appended to a signed JSON blob (verifiable authenticity).
Obfuscation / Anti-Doxing Tools
- Use case: Offer tools like image redaction, EXIF data scrubbing, and URL shorteners that strip metadata.
- Frontend tools: Embed LibreJS-compliant drag-and-drop tools (scrub $$ producing javascript)
Cue to next several weeks, all of these require deep thought and programmatic implementation. Seeing what is happening in the world around me had me paralyzed in fear. The fact that i was hosting on a borrowed cloud that could be traced back that can implicate people using the technology was worrisome. I'd have to really be on top of my privacy and security skills, which I'm still developing. I really want to push through but don't feel able to tolerate the most risk at the moment.
I'm trying to switch to something more doable for my own capacity, because STRESS KILLS
Let me pivot to the rise of loneliness — wrought by late-stage capitalism, exacerbated by the pandemic. I took this class to learn about hardware and networks since I'm more familiar with some of the software/user-facing side. What are communication protocols, how do servers work, how are we connected to one another digitally? I also love to basically live inside maker spaces — 3d printing, laser cutting, etching, engraving.
Thinking of QR code fatigue as a result of the pandemic. What do we usually use QR codes for? What if we do something that is a little bit more tactile so that there is an interaction and haptics (physical feedback for a digital action) involved?
What are some QR Code alternatives?
1. Near-field Communication (NFC)
2. SnapTags
3. Data Matrix
4. Radiofrequency identification (RFID).
As the name suggests, near-field communication is a short-range, wireless communication technology. NFC enables data exchange between two devices when they are near each other.
Examples of NFC tags:
"To scan an NFC tag, simply ==hold the back of your NFC-enabled smartphone (or the designated area on an iPhone or Android) close to the tag, without touching it, for a few seconds until you receive a notification or prompt==. "
Like opening the camera app and scanning a QR Code, NFC technology requires a smart device to be tapped against an NFC tag or card. All modern Android devices and iPhones with iOS 13 are compatible with NFC. "
NFC is widely used for contactless data exchange between mobile devices , smartwatches, and even contactless payments. They are widely integrated into smart wearables.
Let me go back to my trusty friend….
FEELINGS WHEEL
What if I programmed nfc tags to route to different etherpads I create with feeling breakdowns so that people are able to find anonymous communication spots?
I have the major feelings and some questions broken down about subfeelings..
One theory of trauma is that healing begins when others bear witness. Could this be a trauma-informed tool to aid loneliness?
https://lallithaa.nohost.me/connect/p/surprised
https://lallithaa.nohost.me/connect/p/bad
https://lallithaa.nohost.me/connect/p/fearful
https://lallithaa.nohost.me/connect/p/disgusted
https://lallithaa.nohost.me/connect/p/sad
https://lallithaa.nohost.me/connect/p/angry
Mini pc, 16 gb ram, until next time…. I would love to return to you to program, create trouble, and finish up that initial research I conducted at a time where things aren't so shaky.