"No form of data or meta-data concerning the behavior of our customers or the contents of their filesystems, or even the customer data that we hold in our records for billing, will ever be divulged to any law enforcement officer or agency without order served directly by a US court having jurisdiction. "
and:
"No consumer or personal information about our customers of any kind will be divulged to any party for any reason."
However, in absence of this (I realize this is rare) your ISP should at the very least have a stated policy as to how they respond to warrants and "requests".
Turning off an entire block of IP space because some joker calls you on the phone is absolutely terrible. If you continue to do business with "serverloft" you deserve whatever you get.
I don't think FSOSA (free speech or stone age) had this (somewhat middle ground) scenario in mind, but it rhymes quite a bit.
Basically, you can't quash speech unless people can't access laptops and wireless cards. Period. You either go back to the stone age or accept arbitrary, free speech.
But in this case you don't even need to resort to some grassroots, duct-taped together community mesh network - you just need to get one or two abstractions away from the proper "Internet" and you're already there. Which is really great news, actually.
Sonos is the answer. The problem with all of the lower priced squeezebox-style systems is that they save money on components by not having the decoding hardware inside of them. That is the reason that even with a stock-standard samba share, you STILL need to install their "server software" on the system you store your music on.
In reality the "server software" is actually doing some or all of the transcoding of the music format because the units themselves don't have the horsepower to do it.
The sonos systems, OTOH, have the necessary horsepower, so you can just point them at your A/UX based fileserver (or whatever else you want to point them at) and say "just work".
I've had a 5-zone sonos system for 4+ years now and could not be happier.
I don't know how effective it would really be if push really came to shove, although it's difficult to imagine a court upholding a LEA coercing them to make public false statements... the point is, someone is pushing back.
"the information technologies that are the mainstay of modern society can become its weapons, as well"
is very similar to what is being said in the "Free Speech or Stone Age" meme that has sprung up:
"Once again, the standardization and interoperability of these protocols that so readily enables anonymous free speech are the same qualities that make them so valuable to commerce. You cannot restrict access to this functionality and continue to take part in modern commerce."
I shopped around for a few months for my offsite, online backups, and most providers were adjuncts of larger ISPs, and the backups were generally stored on larger, general purpose servers.
Usually this was in conjunction with all sorts of extra "services" tied to the backup. But the bottom line was, I was storing files on a server that was running imap and pop and PHP and all manner of other services and ports open, etc.
That's a mistake. The backup provider I use now (rsync.net) has three services running (I nmap my target regularly):
- ftp (I don't use it) - ssh - https
No php, no app servers, no mail servers, etc., and when I asked them, they confirmed that their ftpd is just plain old FreeBSD built-in.
Oh, and I encrypt the backups with duplicity, which is absolutely fantastic.
Duplicity is the right answer, as I have posted elsewhere, and we owe great thanks to John Kozubik and the rsync.net team for proposing, and sponsoring, the continued development of duplicity:
Prior to that bounty, duplicity had not been updated or worked on for a few years, and thanks to the claimant of that bounty, Ken Loafman, there is not only a new, stable version, but a responsive community working on the project.
I use it every day, and now consider it indispensible.
and because of the great work of Ken Loafman, there is a live and vibrant community of duplicity users and an up to date, stable version.
I personally use duplicity on my own server as well as on my remote rsync.net storage space.
BTW, this is not the first time that my provider, rsync.net, has gone out of their way to perform very useful, very pro-OSS work for the community... as I say every chance I get, this says it all:
Not only do I pay a small premium for this stance on their part, but I rave about thier product and support all the time. This business model _does sell_ and it breeds _more sales over time_. Business owners need to know this, and we as consumers need to vote with our dollars to ensure that they do.
there is a permanent maintainer dedicated to the project now. I don't use it for all of my data, because one of the main selling points of rsync.net was the ability to just connect and browse with any old sftp/scp based client - and that won't work if the files are all gibberish tarballs, but for my "important" data, I do use duplicity and point it at a special directory.
As for offsite backups in general, I trumpet this service as loudly and as often as I can - it surprises me that the FOSS (and privacy/crypto) communities do not talk more about rsync.net - they do things the right way.
You won't ever be able to pick up the phone and talk to someone at google, and you certainly won't have a totally open, standards-based filesystem.
Digital safe deposit box - offsite backup service
on
Coppola Loses All His Data
·
· Score: 2, Insightful
Although slightly more expensive (don't waste your time on the "free unlimited storage" media sites), a digital safe-deposit box in the form of an offsite backup service is a lot easier than driving to the bank.
I have a cron job that fires off an rsync command every night - destination is my rsync.net offsite filesystem where I keep 7 days of snapshots of all of my data.
and as I have been a customer of their parent co-location company, JohnCompanies, for _seven_ years now, I feel very good about their longevity and commitment to customers.
Not everyone took this practice lying down, you know...
There are good people in the business community that pushed back, and probably put themselves out on a limb to do so. The rsync.net warrant canary is, by far, my favorite example:
I am also a customer of rsync.net, and will be so forever. The cost is higher (although at the top end of their quantity discounts, its not ridiculous) and it is worth it, without question.
The bottom line is, I don't want people using my personal information, I don't want them parsing my data and usage patterns, and I don't want them bowing down to law enforcement as a matter of course. I just want a plain old unix filesystem that I can do whatever I want with, and a phone number to talk to a real person when I need to.
In addition to a stated policy of "No data or meta-data concerning the behavior of our customers or filesystem contents will ever be divulged to any law enforcement agency without order served directly by a US court having jurisdiction. All such orders will be reported to our entire customer base."
In essence, Verizon says that there cannot be a law (or a contract) denying true statements of fact to third (or first) parties... which is in essence what the warrant canary (and items like it) attempt.
It's a bit in reverse, though, since Verizon is sending information to the government, whereas the warrant canary sends information outwards to customers and the public... but they both seem to be based on the same argument...
Spread the word - truecrypt volumes can be rsync'd
on
TrueCrypt 4.3 Released
·
· Score: 2, Informative
Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.
Just be sure to read about the --checksum option. I personally keep all of my most sensitive files in a single, 4 GB truecrypt volume that I rsync nightly to my offsite backup at rsync.net. They are NOT affiliated with the actual rsync project, but I can't speak highly enough about them. This, and especially this are what sold me over strongspace and exavault.
Slashdot Mirror
My storage provider maintains a warrant canary:
http://www.rsync.net/resources/notices/canary.txt ... and since my account is in Zurich, I check the local copy there.
A technical footnote - I use duplicity for encrypted backups on my (personal) rsync.net filesystem:
http://duplicity.nongnu.org/
There's been some rumbling about Tahoe-LAFS integration, which is mildly interesting...
I've had personal and business accounts at rsync.net going back over 5 years.
It's simple, it's straightforward, and it works out of the box with everything I use.
Oh, and there's this:
http://www.rsync.net/resources/notices/canary.txt
It's not the cheapest offering, but my employers' account @ 2TB is around 28 cents/GB, per month.
http://www.rsync.net/resources/notices/tos.html
I especially like:
"No form of data or meta-data concerning the behavior of our customers or the contents of their filesystems, or
even the customer data that we hold in our records for billing, will ever be divulged to any law enforcement
officer or agency without order served directly by a US court having jurisdiction. "
and:
"No consumer or personal information about our customers of any kind will be divulged to any party for any reason."
I would like to do business with ISPs that have Warrant Canaries:
http://en.wikipedia.org/wiki/Warrant_canary
Like my offsite backup provider maintains:
http://www.rsync.net/resources/notices/canary.txt
However, in absence of this (I realize this is rare) your ISP should at the very least have a stated policy as to how they respond to warrants and "requests".
Turning off an entire block of IP space because some joker calls you on the phone is absolutely terrible. If you continue to do business with "serverloft" you deserve whatever you get.
I don't think FSOSA (free speech or stone age) had this (somewhat middle ground) scenario in mind, but it rhymes quite a bit.
Basically, you can't quash speech unless people can't access laptops and wireless cards. Period. You either go back to the stone age or accept arbitrary, free speech.
But in this case you don't even need to resort to some grassroots, duct-taped together community mesh network - you just need to get one or two abstractions away from the proper "Internet" and you're already there. Which is really great news, actually.
Sonos is the answer. The problem with all of the lower priced squeezebox-style systems is that they save money on components by not having the decoding hardware inside of them. That is the reason that even with a stock-standard samba share, you STILL need to install their "server software" on the system you store your music on.
In reality the "server software" is actually doing some or all of the transcoding of the music format because the units themselves don't have the horsepower to do it.
The sonos systems, OTOH, have the necessary horsepower, so you can just point them at your A/UX based fileserver (or whatever else you want to point them at) and say "just work".
I've had a 5-zone sonos system for 4+ years now and could not be happier.
I guess they are technically not an ISP - they are my online/offsite backup provider ...
But they have maintained a "warrant canary" for years:
http://www.rsync.net/resources/notices/canary.txt
I don't know how effective it would really be if push really came to shove, although it's difficult to imagine a court upholding a LEA coercing them to make public false statements ... the point is, someone is pushing back.
The phrase:
"the information technologies that are the mainstay of modern society can become its weapons, as well"
is very similar to what is being said in the "Free Speech or Stone Age" meme that has sprung up:
"Once again, the standardization and interoperability of these protocols
that so readily enables anonymous free speech are the same qualities that
make them so valuable to commerce. You cannot restrict access to this
functionality and continue to take part in modern commerce."
http://blog.kozubik.com/john_kozubik/2009/06/free-speech-or-stone-age.html
(I recommend the entire article that is linked from the blog synopsis...)
I shopped around for a few months for my offsite, online backups, and most providers were adjuncts of larger ISPs, and the backups were generally stored on larger, general purpose servers.
Usually this was in conjunction with all sorts of extra "services" tied to the backup. But the bottom line was, I was storing files on a server that was running imap and pop and PHP and all manner of other services and ports open, etc.
That's a mistake. The backup provider I use now (rsync.net) has three services running (I nmap my target regularly):
- ftp (I don't use it)
- ssh
- https
No php, no app servers, no mail servers, etc., and when I asked them, they confirmed that their ftpd is just plain old FreeBSD built-in.
Oh, and I encrypt the backups with duplicity, which is absolutely fantastic.
http://www.rsync.net/resources/notices/2007cb.html
Prior to that bounty, duplicity had not been updated or worked on for a few years, and thanks to the claimant of that bounty, Ken Loafman, there is not only a new, stable version, but a responsive community working on the project.
I use it every day, and now consider it indispensible.
For several years the project languished without a real maintainer and without an up to date, stable version, but because of this bounty:
http://www.rsync.net/resources/notices/2007cb.html
and because of the great work of Ken Loafman, there is a live and vibrant community of duplicity users and an up to date, stable version.
I personally use duplicity on my own server as well as on my remote rsync.net storage space.
BTW, this is not the first time that my provider, rsync.net, has gone out of their way to perform very useful, very pro-OSS work for the community ... as I say every chance I get, this says it all:
http://www.rsync.net/resources/notices/canary.txt
My backup/storage provider doesn't.
This pretty much says it all:
http://www.rsync.net/philosophy.html
especially the "warrant canary", which is why I am essentially a lifetime customer of their organization and recommend them at any opportunity:
http://www.rsync.net/resources/notices/canary.txt
I pay a (roughly) 20% premium price per gigabyte per month to have my offsite backups with a provider that gives me these things:
rsync.net corporate philosophy
rsync.net Warrant Canary
Not only do I pay a small premium for this stance on their part, but I rave about thier product and support all the time. This business model _does sell_ and it breeds _more sales over time_. Business owners need to know this, and we as consumers need to vote with our dollars to ensure that they do.
duplicity:
http://duplicity.nongnu.org/
is a mash-up of (lib)rsync, tar, and GPG. Plaintext, normal filesystem on your end, and a big bunch of gibberish tarfiles on the remote end.
The remote end can be anything - it just needs to be accessible via plain-old scp/sftp (or ftp).
A new version of duplicity was just released and because of a bounty and ongoing funding provided by rsync.net:
http://www.rsync.net/resources/notices/2007cb.html
there is a permanent maintainer dedicated to the project now. I don't use it for all of my data, because one of the main selling points of rsync.net was the ability to just connect and browse with any old sftp/scp based client - and that won't work if the files are all gibberish tarballs, but for my "important" data, I do use duplicity and point it at a special directory.
... provider publishes a weekly statement indicating that no warrants (secret or otherwise) have been served on the hardware/premises, etc.
You can see it here:
http://www.rsync.net/resources/notices/canary.txt
As for offsite backups in general, I trumpet this service as loudly and as often as I can - it surprises me that the FOSS (and privacy/crypto) communities do not talk more about rsync.net - they do things the right way.
You won't ever be able to pick up the phone and talk to someone at google, and you certainly won't have a totally open, standards-based filesystem.
Although slightly more expensive (don't waste your time on the "free unlimited storage" media sites), a digital safe-deposit box in the form of an offsite backup service is a lot easier than driving to the bank.
I have a cron job that fires off an rsync command every night - destination is my rsync.net offsite filesystem where I keep 7 days of snapshots of all of my data.
Easy, cheap.
No fluff, no hype, just the best product and best service I have ever had, in any sphere.
If this doesn't convince you:
http://www.rsync.net/philosophy.html
this will:
http://www.rsync.net/resources/notices/canary.txt
and as I have been a customer of their parent co-location company, JohnCompanies, for _seven_ years now, I feel very good about their longevity and commitment to customers.
Not everyone took this practice lying down, you know ...
There are good people in the business community that pushed back, and probably put themselves out on a limb to do so. The rsync.net warrant canary is, by far, my favorite example:
http://www.rsync.net/resources/notices/canary.txt
I doubt it ever got tested, but the point is, it was there.
I am also a customer of rsync.net, and will be so forever. The cost is higher (although at the top end of their quantity discounts, its not ridiculous) and it is worth it, without question.
Does google or amazon give you this:
http://www.rsync.net/resources/notices/canary.txt
or even this:
http://www.rsync.net/philosophy.html
The bottom line is, I don't want people using my personal information, I don't want them parsing my data and usage patterns, and I don't want them bowing down to law enforcement as a matter of course. I just want a plain old unix filesystem that I can do whatever I want with, and a phone number to talk to a real person when I need to.
And I'll pay a lot for that.
http://duplicity.nongnu.org/
Read this again:
rsync.net warrant canary
If they are served with a secret warrant, they simply stop updating the warrant canary...
http://www.rsync.net/resources/notices/canary.txt
In addition to a stated policy of "No data or meta-data concerning the behavior of our customers or filesystem contents will ever be divulged to any law enforcement agency without order served directly by a US court having jurisdiction. All such orders will be reported to our entire customer base."
You should read their philosophy page.
This struck me, and reminded me of, the warrant canary that an offsite backup provider I do business with maintains:
... which is in essence what the warrant canary (and items like it) attempt.
... but they both seem to be based on the same argument...
http://www.rsync.net/resources/notices/canary.txt
In essence, Verizon says that there cannot be a law (or a contract) denying true statements of fact to third (or first) parties
It's a bit in reverse, though, since Verizon is sending information to the government, whereas the warrant canary sends information outwards to customers and the public
Or is the word rsunc ? Regardless, a lot of people do not realize that a truecrypt volume, although it is a single encrypted file, can be successfully kept up to date with the rsync tool. This is because the entire file is NOT reorganized every time it is unmounted. Therefore, if you only change a few files in a truecrypt volume, you can rsync it to a remote system in an efficient (changes only) manner.
Just be sure to read about the --checksum option. I personally keep all of my most sensitive files in a single, 4 GB truecrypt volume that I rsync nightly to my offsite backup at rsync.net. They are NOT affiliated with the actual rsync project, but I can't speak highly enough about them. This, and especially this are what sold me over strongspace and exavault.