Technical Questions And Answers
"When talking about RPI for hosting files, are you talking about setting it up as a web server for whenever you want to upload a file?"
I suggest you use the RPI server to be essentially a cloud-based file server. You can do that via SAMBA or (better) ssh/scp. Securing SAMBA is certainly a bit more complicated, as it is one of these strange commercial contraptions.
"Can you explain GNUpg in more detail? I had a look at the wiki page but still didn't understand it much; should GNUpg be used for whenever you send a message over the net?"
GNUpg or gpg is the free-open-source variant of PGP. Maybe you should first do some reading on Public-Key Cryptography. Essentially, it eliminates the need for securely transmitting a secret key from message destination to source. The destination will generate a private/public key pair and publish the public key. The sender will encrypt with the public key and only the destination can decrypt because only they have the secret key. That's highly counter-intuitive, but it actually works nicely ! Go to your local Linux user group and ask for help. Plus, there are FOSS GUIs for gpg, which might ease things a little.
"Instead of having an encrypted chat server running on RPI, what about Cryptocat for chat? (similiar idea to TOR)"
I don't know Cryptocat, but if you need to trust a third-party server, they can do Traffic Analysis more easily, as they only have to listen to the server to ferret out all relationships. And, how do they generate good session keys in Cryptocat ? Weak session keys are a major threat to any crypto system.
"Why do I need to use Raspberry PI to run my email server? For example, iF I was using claws mail, couldn't I just use that on Windows rather than on RPI?"
Yeah, you can use Windows as your server, but that will eat much more energy 24/7, which translates into a potentially unsustainable energy bill. Plus you get all the exploits of commercialware, which you can only inspect with a disassembler, not just a plain text editor.
"Will Tor make my internet privacy completely safe? I mean other than emails, I use duck duck go as my search engine, but should I be using RPI as a router/switch to help with my privacy or has TOR got it covered?"
Whenever you surf the internet, your IP gets logged in government collection systems and in private-sector collection systems (which are of course called "customer click analysis system" or something). Plus, they will lob dozens of cookies onto your computer. Even if you delete all cookies, sophisticated operators such as Google and Facebook can nail you down, especially when you log into facebook, google or hotmail. The government certainly has access to telecom records and can attach your real name to your IP address. TOR plus regular deletion of cookies will thwart all of that or at least make it massively more complicated. Of course they will float allegations that "we have already broken TOR, GNUpg and all that" to convince the faint-hearted to not take the effort. Even if there is some modest truth to that claim (I suspect they perform some sort of traffic analysis and correlation on TOR traffic - research papers are out there for everybody to see from government agencies), you will still protect yourself from those thousands of half-criminal non-government snooping agencies out there.
Biting the hand that feeds IT
