I have been setting up a community activist Discourse install. Privacy is important, we are not terrorists or pedos or criminals, just citizens concerned and active - legally! - around environmental issues and so on, but our activity is the kind that can attract the attention of govs, corps and cops. The forum will be on a private root access VPS, and is reasonably secure in that respect, although 100% security is more or less an impossibility, I understand. And its pretty well all sucked-up these days anyway, as Ed Snowden amply demonstrated.
I need to establish my way forward with email. The email aspect seems to me to be a weaker link. We have to funnel user info through 1) whatever method we choose for our own mail server and 2) the email server of the users.
Yesterday I opened an account with Mailjet and was stopped in my tracks by a request for Passport/DrivingLicence/ID. I do not recall ever having been requested this on a non-financial-transaction service before. Needless to say, I did not like this, or supply it. Additionally, how do I know what Mailjet, or any other similar service, do with our user data? I will be installing iRedmail to have more control over this.
Our users will have email on a wide spectrum of email providers. I am considering how is our overall security affected by this?
I havent actually got an install going yet … so I might find out that solutions for this aspect are in the mix already …?
Does anyone have any thoughts around this? Thanks.