Community Activist Discourse Privacy and Email

I have been setting up a community activist Discourse install. Privacy is important, we are not terrorists or pedos or criminals, just citizens concerned and active - legally! - around environmental issues and so on, but our activity is the kind that can attract the attention of govs, corps and cops. The forum will be on a private root access VPS, and is reasonably secure in that respect, although 100% security is more or less an impossibility, I understand. And its pretty well all sucked-up these days anyway, as Ed Snowden amply demonstrated.

I need to establish my way forward with email. The email aspect seems to me to be a weaker link. We have to funnel user info through 1) whatever method we choose for our own mail server and 2) the email server of the users.

1. Yesterday I opened an account with Mailjet and was stopped in my tracks by a request for Passport/DrivingLicence/ID. I do not recall ever having been requested this on a non-financial-transaction service before. Needless to say, I did not like this, or supply it. Additionally, how do I know what Mailjet, or any other similar service, do with our user data? I will be installing iRedmail to have more control over this.

2. Our users will have email on a wide spectrum of email providers. I am considering how is our overall security affected by this?

I havent actually got an install going yet … so I might find out that solutions for this aspect are in the mix already …?

Does anyone have any thoughts around this? Thanks.

You can enable the setting private email, so emails have no text content and are used only as a notification of new content.

Epic

I thought it would be covered …

What about passwords etc on registration?

Thanks

Sorry, what do you mean by “what about passwords etc on registration?” … can you be more specific?

Passwords are hashed in the database, and providing you use HTTPS they are encrypted in transit. Users cannot use obvious weak passwords thanks to block common passwords, beyond that it’s really just down to how you configure min password length and password unique characters.

It’s also worth mentioning that we have comprehensive 2FA (two factor auth) support including both authentication smartphone apps, and hardware auth keys. This can also be enforced via site settings.

Thanks @codinghorror, Answered by Stephen
Thanks @Stephen, got it.
I’m really loving Discourse and its nto even installed yet.
iRedmail server installed and running …
Tomorrow Discourse.

Thanks all!

@codinghorror
2FA … Oh yeah?! … sensational …

Self-hosting email isn’t an easy task. Relaying email from a new domain can already be challenging, by running your own mail server you’re likely to get a crash-course in mail deliverability. Large hosted email providers won’t trust new domains or originating IPs initially, and the struggle is significantly harder if the previous owner of your IP did anything remotely inappropriate.

Depending on how much time you have to dedicate to this I would recommend you give the matter more thought.

Also realized I didn’t mention anonymous mode, encrypted personal messages and U2F support. Depending on your appetite for complexity / size of tinfoil hat discourse includes a lot of ways to protect both your site and your users.

Thanks @Stephen, I appreciate your taking the time and all …

Ok, yes, I haven’t run a mailserver before (tried once a few years back and give up) and had not considered your points there. I’ll give it some thought. Perhaps now that ired is installed and running, and has successfully delivered my test mail so far, I might give it a good test drive. My scores on www.mail-tester are improving as I work on it.

Those further privacy features sound excellent. I have a tinfoil hat which I wear when appropriate I would personally employ the security features extensively … but the site users are not all so techy and a balance will have to be found, of course.

Warm wishes,
Kai.