Take your stuff back, Part 2 of 2
Taking Your Stuff Back
In Part 1 of this miniseries on personal data privacy and security, I highlighted some data security threats the average person may now face online from those you should trust rather than just from “hackers” or obvious bad actors.
In this second part, I’ll focus on some actionable points you can consider and start making progress towards should you want to.
Taking back control of your data doesn’t need to be some massive and complicated undertaking.
You can always take a slow and progressive change towards controlling your own data:
1. Plug The Leaks
One of the first things we can do to combat your current lack of data control (and to guide the future of commercial data privacy), is to simply only use and pay for those services with practices that you agree with.
To do this, it helps to seek out and educate yourself about your privacy security and practices online.
TODO edu links incoming!
e.g. If you don’t like how Facebook, Reddit, TikTok or Google handle privacy practices or security of your data? Don’t pay them or just don’t use their services where possible.
And, keep in mind that if you’re not paying for the service directly, and you’re not contributing to it somehow like an open-source passion project…
Your involvement and data is sold to someone else as the payment.
By simply choosing alternatives to those services, such as giant social media companies or file storage systems, you can hit them where it hurts - their access to your information.
At the very least, you can plug the leaks by frequently reviewing the settings of the online services that you do need to keep and block the stuff you don’t need.
Separation of Services
Another key thing to consider with online services is the “not keeping all your eggs on one basket” approach.
Instead of relying on one company or account to provide all your services like the Apple, Google, or Microsoft ecosystems.
Diversify!
Pick reliable services that don’t feed data into each-other unnecessarily or try to do everything in one (who would have ever thought the unix philosophy would come in so handy).
Some suggestions that come to mind:
- 1Password rather than your browser/OS’s password solution (most likely controlled by Google via Chrome).
- Syncthing rather than Dropbox or Google Drive (or Resilio)
- Proton Mail rather than Gmail or Hotmail
- DuckDuckGo rather than Google Search (although Startpage may be best for most transitioning users)
- Mastodon (or any other federated social network)
- RSS rather than news and social feed sites.
Take the time to research the owners and the revenue sources of the services you use.
It’s a good idea to look for companies that make a healthy profit directly from the products they offer - otherwise they are making money some other way that may be against your best interests, or at the least unsustainable and therefore untrustworthy for your data in the long run.
Try FOSS (Free and Open-source) alternatives. They’re usually free or at-least financially sustainable thanks to the users who help build and provide the software. Be sure to contribute yourself too; either financially or with skills also if you really value these community efforts.
2. Backups
Firstly, “mirrors” (aka syncs) are not actually “backups”.
Syncing data from one place to another, like with Dropbox or even Syncthing, is not actually a safe backup of your data.
A sync It’s just a live identical copy of your data.
This means that if something happens to your data in the first device, like complete deletion or corruption, that deletion or corruption will sync or be copied into the second device too, therefore you’ll lose your data (therefore, not a backup).
Both Dropbox and Syncthing, do offer some sort of basic backup feature along with their syncing service, i.e. “file history” or “file versioning”. Essentially these features will keep a record of your old or changed files, which you can revert to should you need to.
More on file syncing in the “Do your own stuff” section below.
For a real and rock-solid reliable backup, you can follow the 3-2-1 backup strategy.
You can just do this manually. Buy a couple of Directly Attached Storage devices like a USB sick, External Hard Drive for HDD array like a dedicated RAID DAS device. Perhaps keep with one device/backup physically at home (onsite) and another at a friend’s or families house (offsite).
You could even use an encrypted cloud storage service like Backblaze Cloud Backup or even Backblaze B2 with rclone or Borg Backup with Borg Base for those more technical.
Yes B2 and Borg Base are still cloud services that you don’t control, but they’re built with your control in mind (client side encryption options).
And more importantly, keeping your own encrypted backups (away from their original context or service) is a great first step towards “taking your things back” from all the cloud service providers.
[!NOTE] Passwords and Encryption Keys When you start encrypting your data or backups, you’ll have some rather important passwords or even better, encryption keys. If you lose them, you cant access your unencrpyted data anymore. So be sure to have a good password management solution setup like 1Password, Bitwarden or even just paper in a physical vault.
You can’t be tied in to a service if you’re not worried about losing your data.
- https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
For those with plenty of money and not enough time, I highly recommend the Synology range of NAS devices.
You could end up spending over £900, but you’ll have a super easy-to-use and all-in-one solution for “taking your stuff back” with little technical hassle.
Synology NAS’s can be setup independently from online accounts, and they can handle your backup (real backups, using snapshots and “Btrfs” and off-site copies) your online services data and even self-host services for you (more on self-hosting later).
For those with more time than money, or questionable homelab passions, you can build some great DIY backup systems.
A DIY NAS or even a DAS with a mini-computer like a Raspberry Pi controlling it.
At the end of the day, just get started backing up. A snapshot of your data on an external HDD will do to start. And once you’re used to taking backups, then you can work out what you want to invest in.
3. Start doing your own stuff
Web Browsing
This is one of the most import parts in securing your data.
The software you use to browse the internet is still the most important part of the puzzle.
Sadly, most of the web browsers out there are based on the underlying web engine built by Google and used in Google Chrome.
While some browsers go to great lengths to “degoogle” the underlying web engine, but it’s still fundamental controlled by an organisation whose sole purpose it to collect and sell your data.
The best option is still Firefox by Mozilla. Although it’s not without own internal controversy, they’re orders of magnitude better than Google Chrome (or derivatives) or Microsoft Edge.
You can even harden your web experience with Firefox from the already very good default tracking blockers and safety features by installing an ad-blocker with a good reputation such as uBlock Origin by Raymond Hill.
For those people who are extra concerned about web-browser privacy there are even more private browsers such as Librewolf (an extra hardened Firefox derivative) or Tor Browser (a hardened and traffic tunnelled Firefox derivative) but both of these sacrifice the average user’s experience for added security.
Don’t forget to bookmark your commonly used sites.
It faster and more convenient than searching for the same old sites over and over again in a search engine that may be collecting your activities.
It’s also a great backup just in case your most loved sites are removed from search engines or pushed down the results into oblivion by ads or search engine manipulation.
Entertainment & Media Consumption
Taking control of your entertainment and media consumption may be a bit ask for some people, but it comes with a couple of helpful side benefits like controlling or reducing the amount of media you consume and naturally increasing the quality of the stuff you do consume.
There once was a golden era for owning digital media but having the flexibility that physical media like DVD’s, CD’s or vinyl cant provide. In the good old “iPod and MP3 player era” you could buy, download, keep offline and consume movies and music as you like.
Nowadays, we just rent access to media on the cloud and the majority of places to actually purchase digital media have gone, but there are still a few options. You can still download and own digital music from certain legit sites like HDtracks or even with free digital downloads from buying moderns vinyl records.
Then there’s ripping. If you have a home-server or Synology etc. You can often rip physical movies and music from discs like CD’s and Blueray DVD’s into digital formats and service it to yourself like a personal Netflix or Spotify.
Take a look at Jellyfin for videos and Navidrome with Symfonium android app for music.
Communication
In the online world we currently live in, email our main online identity rather than a communication system.
If someone has access or control of your emails, they control your identity.
Your email typically allows access to all of your online accounts via password resets and often contain extremely sensitive information like purchases, travel plans, and legal documents as attachments and confirmation emails.
(Do you have an email backup?)
So far, the most top-notch and secure email provider I’ve come across is Proton Mail. It’s got all the functionality most people would need and it’s very secure.
If a fully client-side encrypted email service provider that’s a step too far for you (although I’m not sure why it would be, it’s a hardly noticeable implementation). I’d at least recommend having a “private” email account from your website/hosting provider with a proven track record.
Just get away from Microsoft, Google or Yahoo for your mail services.
Mythic Beasts seems to be a good shout for this sort of thing (it’s also a real company without VS’s or hidden motives).
Using an offline email client like the newly revamped Thunderbird is a great option to connect to your email service provider as it’ll keep a copy of all our information locally, which you can then backup and own yourself.
FYI Proton Mail has the Bridge app to connect through to Thunderbird securely.
I don’t recommend self-hosting your own email server. It’s an old and nightmarish protocol without built in security or authenticity and so it’s a world of pain for self-hosters.
The webs email system often relies on service provider reputation, although the situation is certainly improving with the addition of PGP and DKIM, SPF, DMARC etc, but we’re still a way from being a sensible system to self-host.
Naturally I’d also recommend instant messaging with Signal messenger on iOS and Android. And, although WhatsApp claims a similar privacy and encryption of your data, it cannot be proven and is owned by a sketchy company; Meta (Facebook). On the other hand, the technology in Signal can be tested and is secure.
Be sure to not backup your plain-text messages to Google Drive has WhatsApp suggest you do, as then anyone with access to your Google Drive can see all your messages ever.
If you do wish to back them up, plonk the files into your backup system as designed in step 2.
Notes & Organisation
Notion, Google Keep, Apple Notes etc are great tools for mind-dumps.
Taking notes is a great skill to master for life, but you don’t need to sacrifice your data or privacy to close ecosystems where you often can’t export your data.
After shopping around for many years I nearly settled on Standard Notes but decided I preferred the longevity and simplicity of standard text notes in Markdown format.
You can write them with any editor and there’s a lot out there. I’m currently using Obsidian and Syncthing across computers and phone.
File Syncing between Devices
A lot of our files are only in the cloud services these days, like Google Docs, attachments on your emails or Dropbox Online-only Files.
But having a copy of these as good old-fashioned offline files on your devices can’t be beaten for data security.
Syncthing is a great DIY (or bring your own cloud) alternative to Dropbox if you’re technically savvy enough to set it up as it doesn’t have an easy UX and has a non-trivial learning curve for most.
You could also give Proton Drive a go (it encrypts your data locally). At the time of writing I would say it’s still in a Beta-phase and not quite ready for general use just yet, and the desktop client does not currently support Linux.
If you’ve opted into the Synology NAS ecosystem for your backups, it can also act as a mini-server and provide all sorts of self-hosted services like file serving over a personal VPN or local network using SMB (Samba) and there are even some other Dropbox-like file synchronisation plugins from Synology too.
You can setup your own Linux home-server and setup a file sync system like Synology’s.
There’s a whole community of “home labs” and “self-hosters” to get you going.
Just make sure you trust yourself enough to maintain it, you have excellent backups, and that you trust the source of the various software you’re using.
Device OS (Operating System)
macOS used to be a pretty great operating system for most people with some great standards, but in recently years it’s become much more “microsofty”. And, with Microsoft Windows being absolutely horrible for data privacy - what are we left with?
Thankfully a much more mature and feature GNU/Linux based operating systems.
Ubuntu is a great starter distro and is absolutely rock solid on basically every device, but they’ve come under some criticism in recent year for more “microsofty” behaviours which are somewhat anti-consumer.
Although, again just like Firefox these criticisms pale in comparison to the state of Apple macOS or Microsoft Windows.
Otherwise, I’ve found Linux Mint to be a great and rock solid alternative.
Vanilla OS 2 is on the horizon, and although it’s pioneering some new styles of operating it looks like a great contender for a generalised operating system for most modern web-focused users.
Private Networking
You may have seen the countless adverts for “VPN” or Virtual Private Networks.
They almost seem to be advertised as a new catch-all sort of anti-virus, but this is not the case.
Usually, in the tech world - a virtual private network just connects computers together across real physical networks. If you’re looking for this very specific use case, I’d like to introduce you to “SDN” or Software Defined (Mesh) Networks like Zerotier.
What the adverts are talking about is more of a virtual ISP or internet service provider.
Essentially they pipe your device’s internet traffic though their internet connection rather than directly over whatever network/WiFi you’re actually using.
This can be beneficial for security when travelling and using untrustworthy Wifi/networks but otherwise does not protect you much in other circumstances by default.
All your doing is trusting the privacy of the VPN provider over your current internet connection, often not a wise move.
Although, that being said. These consumer VPN/virtual ISP providers often have helpful add on features such as more-private DNS servers and advert or malware blocking.
If you’d like to block adverts, malware etc on a per device or per network level with the added benefit of a more trustworthy DNS provider than your ISP without a VPN service provider. You can use Cloudflares filtered DNS servers:
1.0.0.2
and 1.1.1.2
More Self-hosting…
There’s a whole world of self-hosting and homelab adventures out there.
For better or for worse, you can replace pretty much any large scale online service with one you spin up yourself or once that you can handle offline or at least with more confidence.
Some self-hosted services make sense, like your backups and content consumption (more info on the fediverse and the powers of RSS soon).
Whereas others don’t make much sense, like email and mission-critical services like work systems or your passwords and identity management (think 1Password).
- https://www.reddit.com/r/selfhosted/
- https://www.reddit.com/r/homelab/
Comments & Questions
Reply by email to send in your thoughts.
Comments may be featured here unless you say otherwise. You can encrypt emails with PGP too, learn more about my email replies here.
PGP: 9ba2c5570aec2933970053e7967775cb1020ef23