My Two Year Privacy Retrospective

Not ALL things Cloud should be trusted

Chris Funderburg

5 minute read

Security and Privacy in the age of surveillance

In early 2015 I started an experiment in leaving the public services “cloud” and going self-hosted for reasons of privacy and security. That year saw quite a few leaks about mass surveillance by both the US and UK governments and how much the big service providers were in collusion with them. I therefore set about exploring both how one might avoid three of the biggest companies on the internet: Google, Facebook, and Dropbox, and how hard it is to drop off the advertising grids.

What Went Well

Starting with ads, in the interest of full disclosure: I rarely if ever see them on the web. My Firefox browsers all have ad blockers (uBlock Origin) so they simply don’t get displayed. I also use Ghostery to block cookies, trackers, and other tools to spy on me. So how well this has worked is a bit of a mystery.

At the time, I began with Dropbox. I’d never heard of any particular security problem with Dropbox aside from some quiet murmurings on the about how it might have a gaping back door that various “agencies” could peek through. Who knows for sure? It certainly makes me feel better though because I assume my privacy is a little more intact. Moving to an alternative was a long process because I have some 9 gigabytes of files and they all had to be re-sync’d across my home laptops, work servers, and mobile devices. I decided to go with OwnCloud which gives me good encryption, a heap more space, and is free because I’m using my own servers to host it. Whilst, the data is effectively stored on my own server, everything else works exactly like Dropbox. This has worked really well these past years but lately I hear that Owncloud has been forked to a competing product called Nextcloud with more dedication to open source ideals. This might be a drop in replacement if they prove successful.

Google services on the other hand were HARD to get away from in some aspects. Going somewhere else for searches was simple. Microsoft Bing is just as evil as Google so I decided to try DuckDuckGo - which bills itself as “The Search Engine that Doesn’t Track You”. The results were good with that one and have only improved over these two years. It’s quite configurable, has an equivalent to images, and some neat features. The next level of complication comes at Maps, Translation, and Android. I simply can’t find any good equivalent for the first two - and I’m locked solidly into the last one with my phone. The hardest thing to fix by far was email. Gmail IS email to most folks nowadays. Extreme techie that I’m am there was only one perfect solution: Fully host my own mail server! That involved:

  • Configuring an Exim SMTP server to accept mail for on my vhost.
  • Repointing my domain MX records from Google Apps to my personal vhost.
  • Configuring a secure Dovecot IMAP server that way I can actually read said email.
  • Finding a good solution for spam and virus scanning. (I went with Amavis and SpamAssassin respectively, along with DNS Blackhole List checking)
  • Finding and configuring a web front-end because I’d rather not use any archaic desktop client. I went with RoundCube for this.
  • And encrypting the entirety of this from the disk it sits on to transport.

Whilst all of those have been successful and I have a rather neat and private mail system, no non-system-administrator could even dream of doing it. I’ll also need to support and maintain it.

What Could Have Gone Better

Facebook. At the time I was heavily playing with the newest social network site, Ello and on Facebook I tried removing most of the private information about myself, stopped “liking” things pointlessly, pulled out of many many groups, unliked everything I could, and even unfriended a huge group of people who didn’t interact. I found that this did two things: removed a great deal of pressure to relentlessly check FB every five minutes to avoid missing things, and it caused FB to erratically show me things it previously hadn’t. Why it did this is confusing. I’m assuming it was being starved of data and was trying different algorithms to draw my attention. If the algorithms were human I’d assume I was being punished! Inevitably, as Ello faded back into obscurity, I found myself slightly sucked back into the Facebook game, but I post a lot less than usual and still don’t give Facebook anything it doesn’t need to know.

In Summary

I’ve been pleased by the results so far and I’ll probably keep using what I’ve got. Aside from not using a smart phone or finding a better mapping site there’s not much more I can do outside of using Tor networks to browse or not using smartphones and the interwebs at all.

Possible Future Actions

  • Of old I host all these things on my own virutal server hosted in the Netherlands by Tilaa and they’ve been great. It might make sense though to move to proper Cloud hosting on AWS where I could encrypt disk volumes at a low level but this really would come down to a trust comparison between Tilaa and Amazon and investigation into which laws apply where.
comments powered by Disqus