NITE.team

Discussion in 'Fan Projects' started by Day, Nov 15, 2016.

?

Would you like a NITE.team address?

  1. Forward (receive E-mails)

    18.8%
  2. Webmail (receive AND send E-mails)

    100.0%
  3. sFTP (upload files or make a website)

    50.0%
Multiple votes are allowed.
  1. Day

    Day Active Agent

    Hi, I am forum user Day, a "Network Administrator" kickstarter backer.
    I have bought the domain www.NITE.team
    With the blessings of Alice & Smith I am offering each and everyone of you an @NITE.team E-mail address that will last for as long as I live (which statistically will be for 40 more years)

    Reasons to get another E-mail address:
    • For RP and ARGs
      Giving you an E-maill address that you can give out worry free.
    • Enables you to easily filter and mark E-mails coming from the NITE team & TBW community
    • If this forum is hacked your E-mail address will not identify you or link to other forums or profiles
    • You can have multiple forum accounts without anyone being able to link them together (please don't abuse this beyond a single RP character)
    To limit my burden I will offer this in batches of 50. (current count: 5)
    If all 900 backers request one, I simply can not do it in one go.
    So If you want one, sure I will make one for you :)
    but it may take some time.

    if you want a sub-domain and FTP storage you can get that too.
    But as it is a service without fees, it may be a little slow.

    There are 3 services offered:
    (1) Forward
    The [email protected] will be forwarded to your email address (the one you send from or one you provide in the message to me)
    You can not send E-mails using this (you can use it as "reply-to" though)
    [This is very easy for me to do]

    (2) Webmail
    A webmail only you have the password for.
    (after you change it from the password I send you at http://mailboxes.nite.team you can create your own forwarding rules there too )
    With this you will have an [email protected] E-mail address that you can read and send from, as well as an IMAP if you prefer using client side software.
    [This takes me a bit of effort to set up]

    (3) sFTP
    Upload files or have a website at Example.NITE.team
    [This takes me even more effort to set up]


    Please include:
    address/name you want (only letters and numbers)
    The service(s) you would like: (1) Forward , (2) Webmail and/or (3) sFTP
    so it is clear what you wish.
    Messages without this information will not be processed, sorry.


    You can send it in a private forum message.
    I recommend encrypting the message if you include your private E-mail or any other information that you would not like the forum moderators to know


    Alternatively
    Send it in an E-mail to:
    [email protected] the domain mentioned above.
    It can also be found by searching for 0xF03AA7C6C4C36C15 at http://pool.sks-keyservers.net
    (KeyID=C4C36C15 Hash=49EC86AE2B10712F9D6E9E69E5A25CA4 Fingerprint=9A01 260F 2A32 D99B 0175 1B5B F03A A7C6 C4C3 6C15)
    or for mailvelope users: https://keys.mailvelope.com/pks/lookup?op=get&search=0xF03AA7C6C4C36C15

    Details:
    I do not get any money from this, so I will not offer support on how to set it up, please look at https://help.dreamhost.com for help and when I die the service is likely to die as well, my life expectancy is 40 more years.

    The servers are placed in USA, hosted at DreamHost
    There currently is no SSL certificate for the webmail.NITE.team
    (There is one for https://webmail.DreamHost.com though and they can be read from there)

    Hence I recommend you to use encryption:
    Please try out:
    https://www.mailvelope.com
    https://addons.mozilla.org/en-US/thunderbird/addon/enigmail

    Please submit your keys here:
    http://pool.sks-keyservers.net

    so that they will be featured on this list:
    http://pool.sks-keyservers.net/pks/lookup?search=NITE.team

    Don't do illegal stuff with this service :)
    I will not be able to read your E-mails or files, but I can close down and delete the account.
    Your account password can be reset and the host can read unencrypted files if they get an american court order.
    If you throw away your FTP or webmail password can reset it.
    If you throw away your encryption keys or password your stuff is lost forever (until quantum computers in 20 years may be able to decrypt it)

    Don't trust me.
    I am just a fellow fan
    Encrypt and you will have all the privacy you want.

    How to set up Mailvelope and Enigmail as well as a short description on how openPGP E-mail encryption works will be added in a forum post later.

    Have fun
    and remember to thank Alice & Smith for allowing this fan-driven E-mail and FTP service.
     
    Last edited: Nov 17, 2016
    Orion and Crazypedia like this.
  2. Day

    Day Active Agent

    Thank you to the people who have contacted me already.

    Some people have voted without contacting me though, so I would indeed like to hear from:
    I can not make an E-mail or FTP without knowing what name you would like.

    There is the possibility of enabling CloudFlare(DOS protection) and RailGun(faster loading) for those wishing that for their websites, but then the website is required to have www in front:
    www.Example.NITE.team
    and can not be https://Example.NITE.team

    All websites (sFTP) will get a let's encrypt SSL certificate by the way.

    In order to show users that they are fan made pages,
    when we get closer to launch of the game there will come a requirement of featuring a specific design of favicon and an image on the website to show that they are fan pages and not official A&S pages.

    The design is not set yet.
    So be aware that the favicon may have to change and a discreet logo is needed somewhere on the page.

    It needs to be discrete to not be immersion breaking,
    yet clear so users are not in doubt.
    We do not want users posting their game or forum password on those sites believing it is official :)
     
    Orion likes this.
  3. JantsoP

    JantsoP Division 88 Manager

    Just a note. All the servers are located in USA via a 3rd party host (Dreamhost)
    Also nice sub-domains forum.nite.team, admin.nite.team etc
    Mail and FTP are there.
     
  4. Day

    Day Active Agent

    JantsoP I appreciate that you are trying to do the community a service by "exposing" this information to the community.
    But it kind of already is there in plain sight.
    The first post explicitly notes that:
    You can check the "edited" date to verify that it has not been changed.

    If you have any security concerns in the future you are very welcomed to message me.

    The same goes for others:
    Please let me know if there are any security issues that should be fixed,
    and please let me know privately, preferably by encrypted E-mail or forum message, so I can fix it before you post about it.
    Following Responsible Disclosure guidelines.

    To answer the stated concern:
    ..I do not consider it a major security concern that the primary data center is located in USA.
    If the tools I have recommended are used it is not an issue at all.
    Secret Court orders from FISA (which is the only security issue related to servers being placed in USA, as NSA also scrapes data from other countries) can not decrypt content.
    The most damage such an order can do is blocking delivery of E-mails or stopping distribution of data on the website.
    ..but you still need a court order for that.
    Other countries also have courts that enable authorities to close down illegal activity.


    ..Using a VPN (I recommend www.cryptostorm.is ) there won't even be an IP trace to your computer.
    and as you are using sFTP and not a browser, there is little to no way of getting a device fingerprint.


    ..Following the notion that "3rd" party makes it dangerous, I can also inform that:
    Harddisks, CPU, RAM, switches, SFPs (fiber converters), fiber cables and other hardware used for internet services are also made by 3rd parties.
    I did not make everything by hand in my basement.
    There may be Cisco and Huawei routers.
    ..but that is true for every CDN out there.


    So all in all I do not see a need to make posts "exposing" this as a service hosted in USA at a data center that I do not fully own myself.
    It is indeed, as documented in the very first post, hosted in USA at a DreamHost datacenter.
    And tools to increase privacy have been posted.

    I consider the stated theoretical security threat fully mitigated.
    As well as letting people know the physical location of the servers,
    for those who do not see a risk in a user created fan page for a game being hosted in USA.


    Thank you for taking the time to look into it JantsoP,
    but please read the whole post before posting next time.

    also just to be 100% sure:
    I have not given forum.nite.team or admin.nite.team that JantsoP mentions out to anyone.
    The sub domains I have made are for fans, using their username.
    Nothing has been made in order to impersonate this forum or other official Alice & Smith assets, nor will any be made without explicit permission.

    Should a sub-domain be used to impersonate official Alice & Smith assets I can easily close it down with a .htaccess / .htpasswd file that the sFTP user accounts I provide can not remove or change.
    (meaning that nothing is lost, I do not access their data, but the site requires a password to access)

    I apologize for the long post, but I take security concerns seriously.
    Please send me a private message or E-mail if you dear reader have any concerns or suggestions on how to increase the security and privacy of this fan project.

    Also thank you for reading all of this.
    You made it to the end.
    You deserve a good cup of coffee now.
     
    Orion likes this.
  5. Day

    Day Active Agent

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    UPDATE
    Cloudflare and SSL certificates will be mandatory from Monday November 28th.
    (this change will only affect The Mad Human)


    WHY cloudflare:
    • Email Address Obfuscation
    https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-

    • Browser Integrity Check
    https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-

    • Server-side Excludes
    Automatically hides specific content from suspicious visitors
    https://support.cloudflare.com/hc/en-us/articles/200170036-What-does-Server-Side-Excludes-SSE-do-

    • HTTP Strict Transport Security (HSTS)
    https://blog.cloudflare.com/enforce-web-policy-with-hypertext-strict-transport-security-hsts/

    • Authenticated Origin Pulls
    https://support.cloudflare.com/hc/en-us/articles/204899617

    • Web Application Firewall
    https://www.cloudflare.com/waf/

    • DDoS Protection
    https://www.cloudflare.com/ddos/

    • CDN (Content Distribution Network)
    Mirror servers all over the Earth
    https://www.cloudflare.com/cdn/

    • Railgun
    Faster CDN
    https://www.cloudflare.com/website-optimization/railgun/

    • Polish & Mirage *[disables Steganography in images]
    Improves image load time
    https://blog.cloudflare.com/introducing-polish-automatic-image-optimizati/


    This is the first time making a website for many.
    Like giving people a plot of land, saying
    "you can get your own building materials"
    and expect them to make a safe, secure, warm and water proof house.

    Cloudflare helps in preventing a lot of mistakes from having a negative impact.

    If you write your E-mail address on the internet, a robot will grab it and put you on a spam list.
    So Cloudflare looks at your website, sees an E-mail address and obfuscates it so most robots will not be able to read it and outright removes it for known robots (Google etc.)

    Expected question:
    So Cloudflare acts as a MitM?

    Answer:
    Yes

    Just like the firewall and anti-virus you have installed on your computer,
    you trust them to look through all of your data to keep you secure.

    Cloudflare does the same.
    But just like your anti-virus and firewall it can not look into encrypted data.
    So if you want to keep something secret from the manufacturers of:
    Harddisks, Switches, Data-center, Cloudflare, your firewall, your Anti-virus software.
    Then encrypt the data.

    SSL (TLS) does protect against ISPs, your neighbor and other MitM attacks


    *If you use Steganography such as OpenPuff you can put your image in this location of your domain:
    [your_domain].nite.team/steg/
    That has Polish & Mirage turned off
    (plus cache is disabled aand there is extra protection against bots)
    https://support.cloudflare.com/hc/en-us/articles/200170076-What-does-I-m-Under-Attack-Mode-do-
    Note: Visitors to the site must have JavaScript and Cookies enabled to pass the interstitial page.

    Yes, putting images there will explicitly tell users that it is likely to have something hidden.
    But this is a game, so finding the hidden object is the goal.
    If you hide your secret too well, no one will find it.

    Alternatively use other formats for Steganography.
    Polish & Mirage only affect .jpg , .jpeg , .png , .gif , .img

    OpenPuff supports:
    Images (BMP, JPG, PCX, PNG, TGA)
    Audio support (AIFF, MP3, NEXT/SUN, WAV)
    Video support (3GP, MP4, MPG, VOB)
    Flash-Adobe support (FLV, SWF, PDF)
    -----BEGIN PGP SIGNATURE-----
    Version: Mailvelope v1.5.2
    Comment: https://www.mailvelope.com

    wsFcBAEBCAAQBQJYNuUtCRDwOqfGxMNsFQAAqxcP/3Xv/4Bvsrh9DdLIjtQN
    gYvVzKR6ffVBwNFqvkGsVoEXuldDa/sdsq39ZbbNEeGY0uK9rs6pLh91uNDc
    rFx/0ejauGy4BVP2GBdqMhc1B+2roCsreZiLD/2BOrt159mt1icVMzCdTBK4
    IeA6m2G2cRFeUgNE3eHq9kQFRJwYFFjEOC6IBGQh2j/tNMTZ5L/ociFRClB4
    GaoI5vm981TDh6c5o1D4cKs/MhZwX3s6h0pmiFFjDuU9ne+gsQFZi9dyM13P
    ESk2kpAWzjiacKVzljXxuPyk08uHfu9qHD4dl5u7CAlzpjw/khPbqfdHT+bA
    naiBEV6GwY43Ykl3k1GhNjY51oCJgJH+qFueLaDU43eM8bMnIyuHfwDGX6Te
    HXi21tKLzr+U1kBRcKMsCdTTLZdgyrDwxQ24BlH+fh5z/n6A7oJ0BnS//4fY
    LLbCRB4yniOeYKcu0+toPmp9pSRNKsUl4xDT47PND7PiOqgiAvNahhD6OTcJ
    JII451hEFKOIl6mcakcESzGrEYFAnKKEh6aLzB9VpMt9zPiMmg9QH1fkd6vl
    TcnzzRv08IQKdD4IFfnzmoK+knm/WOzGzf9VJ9djFyQxJ/ZbD3HXBl/gMctB
    7dz2o/cZ103aDX5YtwcZaDFMverEbQVNhsWLrYmlqocWnY4faiHWmnR+gTv1
    t14C
    =USzz
    -----END PGP SIGNATURE-----
     
    Orion and themadhuman like this.

Share This Page