Slashdot Mirror
Ask Slashdot: Keeping My Data Mine? (2015 Edition)
New submitter schklerg writes: Like many, I am tired of being the product of the corporate "cloud" overlords. To that end, I've got my own Linux server running Tiny Tiny RSS (RSS — Feedly replacement), OwnCloud (Storage / phone backup / Keepass sync / notes — Google Drive replacement), Coppermine Gallery (picture library), Dokuwiki (quick reference), and Shaarli (bookmarks manager — Foxmarks / Sync replacement). Crashplan lets me pick the keys for my backups, and the only thing Google Drive ever sees is a pgp encrypted file of various items. Next up is moving from gmail with iRedMail. Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling. What have you done to maintain control of your own data?
Good luck on finding anyone who can read a 9 track tape...that's where I keep my data.
I dont backup to any cloud service whatsoever. I backup to a local NAS and then use crashplan free to backup to an offsite NAS at my parents house in another city. And they do the same to my NAS. No data sitting somewhere I dont control.
That's pretty optimistic. I'm sure we'll have a duplicate discussion about this before the end of the year.
I put the stuff on my hard drive.
and with my GPIB card, I can control my lab instruments too, and keep the data in GeoCalc spreadsheets.
"Cloud" that, bitches. I guess I could connect the RR-Net to the web somehow.
What have you done to maintain control of your own data?
I did nothing and it worked. It's still all on my harddrives today. Cool, huh?
I bought a Synology NAS. I've got full control of my data, and sharing it in every possible way is extremely easy. They've got a ton of good packages you can use it with, so it's just installing the NAS, configuring your router, choosing which packages you want (ranging from just file browser in your browser, to a mediaplayer in your browser, to cloud like syncs, to every possible server you can imagine (vpn, web, svn, database, email, ....)) and all fully under your control :). :). so even if they don't give a package, you can get it on there yourself :). :). I was also considering rolling my own, but it's just not worth it imo.
It may not be open source, but it does run linux
I'm very happy i made the decision to buy it, they're not that cheap, but they work very well
Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling.
You can probably avoid NSA having the contents of your emails by using PGP to encrypt them (and being careful with your keys).
Many clients like Thunderbird offer plug-in or sometimes native PGP support for email, and there's an RFC for it and everything.
I no longer consider things like my name, address, social security number, ip address, bank acct number, etc to be "my data." The only things I still consider to be mine are my pictures, films, and music which I back to to external USB drives that I store in a fireproof safe. I leave the bulk of the security of my personal information up to my providers and try to use hard to crack passwords. If there is a leak (I'm sure there will be, if not already) and it affects my livelyhood, I will hold the company that compromised my data responsible. I don't believe that I have any assets that could be attacked that aren't covered by FDIC or identity theft protection, and none (other than title for my house/cars and my 401k/IRA) are worth more than what I can get back in small claims court, so I just don't worry about it.
I've moved from Python/C++ development on Linux to iOS development on a MacBook, but I've got the same setup as the Submitter.
However one thing I haven't found a replacement for, is online backup. I currently use BackBlaze, and it's soooooo damned stable, light-weight and easy to use... I wonder if there's self hosted alternative?
8 of 13 people found this answer helpful. Did you?
Gogs a self-hosted GitHub alternative written in Go
---------- ovidius naso
I just don't ever do anything on the internet. Ever. Crazy bad people live there.
I can "maintain control of my own data" while still using external services. All my data sits locally, and is backed up to multiple locations, but I also put plenty of it out there in the world. But Flickr or Tumblr or Facebook or whatever could go away tomorrow without me losing anything material.
I'm not sure what the whole "corporate overlord" thing is all about...either use the services or don't. I don't see either as a significant victory for good or evil.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
I had my own server, now a VM. $45 bucks a year. Does everything I want, and if I'm not happy with the provider I move it.
Backing up my data on a USB harddrive.
Seriously.. I don't put data on the web, in the cloud or anyplace I don't completely control and monitor unless it is absolutely necessary. IF it's necessary, it only goes encrypted. So here are my rules...
1. Don't put data on the net if you can help it. Avoid it at nearly costs.
2. When you *do* need/want to put data on the net, ENCRYPT it first, even if it's not sensitive.
3. NEVER put sensitive data on the net unless you have no other choices, then encrypted it using the best encryption possible.
4. REMOVE any and all data on the net you have no more need for right away.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
If you really want to keep your data yours, you better be on top of all software updates. i.e. ownCloud has had 24 CVEs this year alone.
Thank you for this post schklerg, I was looking at replacing my Synology NAS with something that can do more and your post gave me lots of information in that direction.
FYI, the reason I am replacing the Synology is that it doesn't have enough processor power to run Plex, and keeps crashing under load. It isn't a bad product, just not enough horsepower for my needs.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Use a VPN with high encryption always, if you don't want 'unauthorized' backups being done of your data by certain 3 letter agencies.
I just have a script that does a lot of meaningless searches on random words and visits random web sites. Good luck separating the real ones from the fake ones, bitches!
Biggest thing is I don't use "the cloud" or social media web sites. Never have, never will. All of my data stays on my own computers, all of which run Linux. All of my data is backed up on USB hard drives (one of which is stored off-site at a highly secure location) and USB flash drives. I am the only one that has access to these hard drives, flash drives, and my computers. I have installed privacy badger, noscript, and an adblocker in my web browser. I do not have a tablet, and my phone is a "dumb" phone that only makes phone calls and does texts. I do not give my correct name (or any other info) to any web sites.
I have been doing things this way for many years (since the days of BBSs before the internet was available to most people). I have always been a very private person, and protect my privacy as much as I can.
Simply run ENCFS (Fuse4Win/Fuse/Dokan) and OneDrive.
Share all you want with encryption.
Get a NAS; run that (but keep it behind a VPN (dd-wrt) with L2TP or OpenVPN). (keep in mind IoT / NAS applicances can /and have been compromised when cloud facing (that is why you use a VPN!). Also use a Radius server (also hostable on a spare old router (or the NAS).
All these server things you list, are unnecessary , you already have most likely a spare router, use that for RADIUS, use DD-WRT for VPNing in. Use NAS (Synology or FreeNAS or something) NEVER cloud facing, (VPN in!). Never host anything with EXTERNAL access to the cloud (except your VPN tunnel).
- Piwigo for photos, because Digikam supports direct uploads to Piwigo.
- Kolab for Email/Calendar/Contacts, because it support ActiveSync and thus iOS and Android support syncing out of the box. Also Kolab is pretty awsome.
- Seafile for cloud file syncing, because it is a lot faster than Owncloud
Please keep in mind that I recommend Owncloud as well, because it is a lot easier to install and maintain. You only need webspace. No one in their right mind should really be operating a personal email server in 2015. This is what Google Apps is for. If you earn minimum wage or above, anything you pay for Google Apps will be a lot less than the time you spent on maintaining an email server. I also use Keepass and sync the file.
- Firefox Sync is open source and uses client side encryption. So why bother with Shaarli? Maybe because Firefox only just now came back to the iOS platform? Note: Chrome/Chromium is nice, but not really for me. For several reasons. This is a thread about keeping your data to yourself, so Chrome goes out the window anyways. Then we have the repeating issue with the extensions
http://labs.detectify.com/post...
which applies to Chromium as well. And then there was the quality/packaging issue on Debian. Among other stuff. So why bother? I use Chromium frequently. Just not as my primary browser.
I currently use BackBlaze, and it's soooooo damned stable, light-weight and easy to use... I wonder if there's self hosted alternative?
BackBlaze stores your private key on their servers:
https://www.backblaze.com/back...
That doesn't seem very private to me. In fact, when you want to restore your data, the data is decrypted on the BackBlaze server, then zipped and the zip file is sent with the unencrypted files. You can add a passphrase to the private key, but again this passphrase needs to be entered into the BackBlaze website so that the files can be decrypted on the server. They promise not to store the passphrase. I love promises.
It is dangerous to be right when the government is wrong.
Next up is moving from gmail with iRedMail. Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling.
So here's free advertisement for a questionable software package that may in fact compromise your system upon installation (nobody knows and nobody's telling, as usual, until it's too late). You're still just as vulnerable to the government but you can be a hippie too and alienate yourself from most of the world's economy! Do it because it feels good!
Was stupid easy to setup on a Ubuntu VM. Only problem encountered was in the free GUI version there is no way through the GUI to set a domain wide catchall email address. I was able to do that with a SQL command after searching for it though.. Sorry I don't have the link handy.
All my data is stored on a RAID10 (primary) and RAID1 (secondary) server using SeaFile (open source, seafile.com). I run my own web (https) and email (TLS) servers and firewalls, and if I'm not on the local network I work via a VPN back to the home site (TunnelBlick is my client of choice), including rules on Little Snitch that prevent any network traffic whatsoever until the VPN is established. Local machines use encrypted filesystems. For discreet browsing I run a private obfuscated TOR bridge. I digitally sign all of my email with PGP but sadly most of my contacts do not encrypt. For passwords it's 1Password with very long random phrases (not strings) for each site.
All of my hardware is hand-built from parts and runs up-to-date versions of Linux. I keep a TAILS USB stick in my bag in case there’s an issue connecting to my VPN or some other reason I can’t be sure of my status.
I feel like I could still do more, especially with op-sec, but I have some comfort that none of my files are on anything but servers that I have complete control over.
With all of that I still assume that most of what I do online is still susceptible to surveillance.
4 hard drives. Two operating in RAID1 in a Linux file server (CIFS.) 1 external hard drive which weekly automated backups are sent to. 1 external hard drive which is manually mirrored from the other external once every few months and stored in a safe place.
RAID1 lost a drive a couple months ago, no biggy, just replaced it, didn't lose a thing. The super sensitive irreplaceables (my source code primarily) are kept in a TrueCrypt volume on my AWS server. Just extra insurance against house burning to the ground or something.
I don't really care for all the fancy junk. I just use CIFS behind firewalls/over VPN's to shuffle files around as needed. Keep it simple, stupid!
Just wait for the NSA to stand up their own Cloud services (probably in their Utah data center) and let them host/store everything for you. Then you can kick back and stop worrying if they've got copies of all your data. As a bonus they handle all your backup needs too.
(I mean, if you've got nothing to hide ... and all that.)
It must have been something you assimilated. . . .
Crashplan allows you to host on your own environments, or peer with a friend and exchange diskspace for encrypted backups. You can even seed backups via removable disks to get a large backup hosted quickly.
I run an instance of Sandstorm, which is software you can install on a Linux server that lets you run other apps. Some features:
* One-click installs of any of 47 apps, like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).
* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.
* Security sandboxing of the apps against each other and away from the Internet, so malicious apps can't leak your data back to the app's author.
* A way to "share" an instance of any app, like on Google Docs.
* Total open source-ness.
Admittedly, I'm one of its authors too. So feel free to take this with a grain of salt. But I do use it every single day.
Also if your friends don't want to self-host, but want to use the same apps as you, the Sandstorm.io company runs a hosting service.
|/usr/games/fortune
Isn't this question basically just "What software (as opposed to services) do you use?" Seriously, it generalizes that far up.
I self-host and encrypt where possible. For other things, I use providers as trustworthy as I can find.
Email privacy is a tough problem, but a solvable one. I'm working on a project that will give me gmail-like convenience without entrusting my data to Google, and might eventually grow automated/transparent encryption capabilities. It's going to be a while before it's usable, though; nobody is paying me to work on it, so it doesn't get enough of my time. (The mailpile project overlaps some of my goals in this area, and might be worth a look to anyone interested in the topic.)
A Facebook replacement is another tough one, perhaps even tougher than email, but I believe it's also solvable.
Please keep asking questions like this, and sharing what you discover. The more of us we have thinking about these problems, the more likely we are to work out their solutions.
I think that was his point - that he hadn't found an easy self-hosted alternative. Do you have one?
I don't have a Data Mine to keep.
Isn't this more of an issue for entities like Google? They're the ones whose Data Mine is jeopardized by the kinds of rules adopted in the EU.
Only big companies and organizations have Data Mines.
.. than there is a convenient solution:
http://www.nsa-cloud.com/
Running all of that stuff is fun when you have the time, but frankly is a huge pain in the ass in the long run. Eventually you will shave that neckbeard right off and start using Gmail again, probably without any Slashdot article...
They have these things called "Hard Drives" and they can "Store Data" and even made into a "Raid" that can help "Preserve Data".
I have to go look up how much I owe Dr. Evil for the use of the quotes but expecting the online storage to be private is like wishing that an ice cube will protect you from a nuke.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
Since my desktop destroyed itself, my MacBook (well, a MBP... but who really cares) is doing desktop duty, and I'm also doing some OS X and iOS stuff until my next job starts.
Here is what I do for backups:
1: I have a Time Capsule that uses an encrypted sparse bundle disk image for stashing the Mac's goodies. I wish Apple would use two 2.5" drives in a RAID 1 config, but it just has a single enterprise-grade 3.5" drive. Great for "oh shit" bare metal backups.
2: Public stuff goes to GitHub, such as some OS X specific applications.
3: For files and archives, I have a NAS (Synology or QNAP...) which serves are a file share, as well as a spot for zbackup repos. You can use obnam, ZPAQ, attic, bup, or borgbackup, but zbackup is simple, as it is used as part of a pipe, so I can use the operating system's tar command, pipe it to zbackup, and zbackup handles the deduplication (byte level with a rolling hash), as well as compression (lzma, same as xz.) It also has AES-128 encryption as well.
I have a cronjob which tars up my entire home directory and jams it into zbackup and onto the dual-drive, RAID-1 NAS. Since only deltas are saved, I can stuff 100 gigs into it, and have the repository grow by only a few megs.
4: For documents, I use Mozy with a keyfile.
5: The NAS dumps its contents nightly to an external drive, so if the NAS dies, I can mount the external drive on any Linux box as an ext4 filesystem, NFS share the repo, and be able to restore.
This provides me three levels of protection:
1: Complete, "oh shit" bare metal restore ability.
2: Long term storage of documents.
3: Ability to retrieve the documents from remote, with an encryption layer.
Of course, this system isn't perfect:
1: Malware doing a rm against everything will destroy everything but the data stuffed into GitHub and Mozy.
2: This system is not designed with LEOs as a factor. I use encryption, but that is to deter the skiddie who breaks into a cloud server, grabs a bunch of directories, tars them up, and stuffs them onto BitTorrent as an act of vandalism or extortion. Similar with local encryption. Where I live, meth is a big problem, so the encryption is good enough to keep the tweakers out of the data, limiting the damage to "just" a hardware theft.
I will be addressing weakness #1 via a "pull" backup mechanism with a higher end NAS (likely a Synology DS716+), installing zbackup directly on the NAS itself, and having it SSH into my machines, tar off data, and jam it into the repository. Since the keyfile would be inside an eCryptFS directory, if the NAS got stolen, all data on there would still be inaccessible.
One side note: Since I was forced to move to a Mac, backups have become a -lot- easier. Windows doesn't play well when saving off open files.
I'm not really keen on sharing my entire contacts list with the Chinese. Anybody have a suggestion for a business card scanner that doesn't call home with your contacts list?
Stop using cloud services?
https://aws.amazon.com/glacier...
Let me quote something from that page:
$0.007 per GB
And of course I encrypt the files locally before uploading them. My private key remains private, and I have it backed up as well on physical media in disparate locations, not online.
It is dangerous to be right when the government is wrong.
rsync over ssh. The backup server initiate the connection. Use the backup dir option in rsync for incremental backups and a script to gzip the incremental backups.
Everything I write is lies, read between the lines.
I don't really like Crashplan. It's this humongous Java app which sucks CPU. But I agree it's probably the only practical and easy way to go about it.
8 of 13 people found this answer helpful. Did you?
So, when are you from? 1346?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
This. I do this too using S3CMD. You can upload to S3 more easily than Glacier... so far a command-line based Glacier client is sorely lacking. Still, I upload to S3 and then have my S3 data set to archive to Glacier after 24 hours which it does automatically. That means the only files that are in S3 are the most recently changed or new.
Like you I have a script that locally encrypts with my own private key before upload. That private key I keep in my Owncloud.
While not a self-hosted alternative, tarsnap might be a better online solution:
http://www.tarsnap.com/
Jumping into the newest fad in data storage doesn't have much to do with the inquisition. I like the Japanese take on technology - approach it cautiously. In spite of the fact that they're the country with animated robots at hotel check-in desks, they don't use streaming video there at all! Blockbuster (e.g. Japan version) - is where they get ALL their movies. Why? Their cautiousness might carry with it the idea that what they watch is their business. I think they'd laugh at the Amercian jump-before-looking approach to the latest technology. They take their privacy seriously, even though they have the best internet bandwidth on the planet.
Like you I have a script that locally encrypts with my own private key before upload. That private key I keep in my Owncloud.
I would love to see your script, if you don't mind sharing. Mine is "in development" i.e. I still prefer to do it all manually which means that backups do not happen as often as they should.
It is dangerous to be right when the government is wrong.
Drop me an email. This user name at nodecaf dot net. I'll be more than happy to share the script with you :)