Thanks. Regarding this statement, I’m setting up a DNScrypt server and a private email server, if I use one or two local PC/Server/laptop or use any virtualization technologies locally to run both projects in one PC/Laptop/Server, all communication will pass through my local authority gateway, that can be one of these 14 eyes countries.
In case of private email server, all my emails will pass through the local authority gateways and as not all the email senders know how to use a highest grade PGP encryption, their communication will be exposed to local authority gateway. But I have the equipment encrypted in my house and the risk of network admin or datacenter technician accessing my files will eliminated in the cost of my communication inbound toward me will not be encrypted in case the email sender never uses the PGP with highest grade encryption. But my outbound emails will encrypted as I use a private VPS server that has proper encryption on to send my outbound emails. The only way to keep inbound emails that is not encrypted by PGP outside of local authority gateway, that as my knowledge, is to keep the VPS/Server outside of the threat model, in this case outside the 14 eyes. And this will enable the network admin, datacenter technician access to my encrypted files, e.g. LUKS, while server is running.
Thus non of these are my favorite and nor I’m able to select on on another?
How shall I address these?
Also if I run a local server to download all emails from remote private mail server instantly, can this totally prevent the network admin or datacenter technician’s attack to my emails? or even if I run a local server to download all emails, still datacenter technician or network admin can attack me by keeping a copy of all incoming emails or outgoing emails or both? As emails enter and exit the private mail server unencrypted, thus this is a possible threat/attack?
Regarding DNScrypt, if I run it locally on a local laptop/PC/Server, then as only my communication from and to the DNScrypt server is encrypted, the outbound queries of the DNS server of DNScrypt is inside the 14 eyes, thus this could be like using a non encrypted DNS server. The only way to eliminate this threat in this model, is to keep the DNScrypt server outside of the 14 eyes. But I’m not sure how to keep logs disabled for this server? As I believe dislike the private mail server, the DNScrypt server can be outside the 14 eyes on a VPS/Server and this will not expose me to network admin access or datacenter technician attacks, as if there is no logs, there is no threat?
Tnx and best of luck