Ask Slashdot: Keeping My Data Mine? (2015 Edition)

New submitter schklerg writes: Like many, I am tired of being the product of the corporate "cloud" overlords. To that end, I've got my own Linux server running Tiny Tiny RSS (RSS — Feedly replacement), OwnCloud (Storage / phone backup / Keepass sync / notes — Google Drive replacement), Coppermine Gallery (picture library), Dokuwiki (quick reference), and Shaarli (bookmarks manager — Foxmarks / Sync replacement). Crashplan lets me pick the keys for my backups, and the only thing Google Drive ever sees is a pgp encrypted file of various items. Next up is moving from gmail with iRedMail. Yes, the NSA may have it all anyway, but being under less corporate control is a nice feeling. What have you done to maintain control of your own data?

9 track tape

[Anonymous Coward]

Good luck on finding anyone who can read a 9 track tape...that's where I keep my data.

Re:

[Ravaldy]

Very practical!

Re:

[psyclone]

You could implement all the parts of iRedMail if you like, they're all Free Software.

Re: 9 track tape

[mnemotronic]

I have an old Craig 8-track with a bonus! Three Dog Night! Maybe we can hack something up, or just ignore parity.

Re:

[vtcodger]

The likelihood of a 9-track tape actually reading back was never very high. But you can make your backup even more secure by encrypting the data with an unknown random key prior to writing it.

Re:

[Ravaldy]

And they do the same to my NAS

Crashplan doesn't support reading for network locations unless you set it up as a VHD. How did you accomplish this? The VHD was an overhead I didn't want to deal with.

Re:

[SirSlud]

You can backup to other Crashplan clients.

Re:

[Ravaldy]

You're not getting my question. I've used Crashplan. You can't specify a network location as a location to backup. It's an administrative rights issue.

Re:

[Anonymous Coward]

Christ, it's "back up", not "backup". You back up your data to create a backup.

2015 Edition?

[SeaFox]

That's pretty optimistic. I'm sure we'll have a duplicate discussion about this before the end of the year.

Well duh

[Anonymous Coward]

I put the stuff on my hard drive.

Re:

[Anonymous Coward]

I put the stuff on my hard drive.

But you're still at the mercy of "teh Corporationz" who made the hard drive!
REAL Men don't use teh EVIL Korporate Overlord hardware, we manually encode the bits on pieces of bark, which comes from trees hand-planted from Heritage seedstock, watered from sekret underground aquifers, and fertilized with our own shit. Backdoor THAT at the factory, China/NSA/GCHQ/KGB, haHA!!!

Re:

[Anonymous Coward]

That's silly, real men need nothing but a needle, a microscope, a hex editor and a blank DVD.

I use GEOS on my Commodore 64

[Anonymous Coward]

and with my GPIB card, I can control my lab instruments too, and keep the data in GeoCalc spreadsheets.

"Cloud" that, bitches. I guess I could connect the RR-Net to the web somehow.

Nothing!

[moxsam]

What have you done to maintain control of your own data?

I did nothing and it worked. It's still all on my harddrives today. Cool, huh?

Re:

[pr0fessor]

Try going paperless and dataless... run from a live disc, no cloud, no hard drive, or storage media, and nothing to backup. There you go.

Re:

[celtic_hackr]

What have you done to maintain control of your own data?

I keep everything on my own fully encrypted harddrive. I use fully encrypted hdds to do backups. I have my own fully encrypted server hosted at a host provider on the backbone with email.

NSA may have all my mail as well, but I could go to encrypted mail send and receive if I wanted to. There is no need. If I needed to bypass NSA, I wouldn't be stupid enough to use my own equipment or networks.

I don't use insecure, or unverifiable, protocols and d

Re:

[Coren22]

How do you boot that fully encrypted cloud server? How do you keep the encryption keys out of the cloud provider's hands?

Re:

[randalware]

never lost a hard drive or had a whole system get corrupted (virus,trojan,etc) ?

you lead a charmed life.

as a professional system admin ( In a former life) your data is hovering above the /dev/null file.

learn about backups...

Re:

[Gr8Apes]

I've done nothing, because I haven't put anything in the cloud in the first place. The cloud is a stupid idea for things you want to keep yours and yours alone. I have multiple backups, both online and offline, including remote. Same as your former life, I learned valuable lessons without the pain. (We had weekly rotations of backup sets and sent 1 of 4 offsite, so every week we'd rotate our offsite copy. Yes, it seemed stupid at the time. It seemed less stupid when we got hit by a virus. It seemed a whole

Re:

[Buchenskjoll]

as a professional system admin ( In a former life) your data is hovering above the /dev/null file.

No, I use http://devnull-as-a-service.co... [devnull-as-a-service.com].

Re:

[war4peace]

Or so you think...
But seriously, I don't give a fuck that Google sees decent pictures of me and my family. Or reads the "A Steam product from your Wishlist is on sale" e-mails.
The whole setup in TFS has an eerie resemblance to the '80s radio setups emitting tinfoil theories from a van in the boonies, using a generator for power and being "off the grid".

Re:

[war4peace]

No, I don't, and I don't give a fuck either way.
Privacy has its threshold too. it's equally ridiculous to put up all your life publicly on Facebook, or to be afraid that "the Man" is looking up your asshole through a hidden camera while you take a shit.
When some average private individuals go to greater lengths to protect their data than the Secret Services, it's safe to say they're just a wee bit nuts.

Re: Nothing!

[mnemotronic]

I don't do anything either. the Chinese govt has all my info including SSN, driver's lic #, passport #, fingerprint info, job & residence history, plus criminal, drug and alcohol history. And rehab history. And relapse history. And re-rehab history. And ... you get the picture. Disk space will be a challenge.

a Synology NAS

[Racemaniac]

I bought a Synology NAS. I've got full control of my data, and sharing it in every possible way is extremely easy. They've got a ton of good packages you can use it with, so it's just installing the NAS, configuring your router, choosing which packages you want (ranging from just file browser in your browser, to a mediaplayer in your browser, to cloud like syncs, to every possible server you can imagine (vpn, web, svn, database, email, ....)) and all fully under your control :).
It may not be open source, but it does run linux :). so even if they don't give a package, you can get it on there yourself :).
I'm very happy i made the decision to buy it, they're not that cheap, but they work very well :). I was also considering rolling my own, but it's just not worth it imo.

Re:

[Racemaniac]

i meant not every app/package that comes along.
the kernel is open, but the rest is not

Re:

[bad-badtz-maru]

And what do you do when the NAS fails? A single NAS represents a single point of failure, unless you bought a spare enclosure.

Re:

[Dutch Gun]

You just buy a new enclosure at that point. The discs are still good, and you can migrate your data. And if you've got two brain cells to rub together, you're also backing up your most critical data remotely.

There are "single points of failure" all over the place in a home or small office. The vast majority only have a single router, a single internet connection, and a single source of power. Most homes probably only have a single computer. The only place you really don't want a single point of failure

Re:

[Antique Geekmeister]

> The discs are still good

Except when they are not, especially in a RAID enclosure where identical drives are suffering similar rates of use. Some of us encountered the "Deathstar" series of drives, the IBM Deskstar 75GXP.

Live disk arrays are also vulnerable to accidental "rm -rf /" errors. Off-line backup is critical to recovery from such accidents.

Re:

[bad-badtz-maru]

You buy a new enclosure _if_ one is still available. It's not like you can just slap the drives into any chassis, even inside the same brand. It's definitely an issue worth mentioning, especially considering the OP's zeal, since it's easy to mistakenly overestimate the reliability of data on a NAS.

Re:

[Dutch Gun]

Well, yes, there's some common sense that has to happen here. Naturally it has to be a compatible model (Synology has a chart). And how many times do we have to say it? "RAID is not a backup". It's for high availability and local redundancy, nothing more.

RAID is useful for when one of your drives inevitably craps out on you, and you can just swap it on the fly without any downtime. I actually have a Synology NAS as well, and I've replaced failing/questionable drives several times so far over the years.

Re:a Synology NAS

[ColdWetDog]

You think those packages that open your Synology box to the web are safe?

http://www.secureworks.com/res... [secureworks.com]
http://forum.synology.com/enu/... [synology.com]

And others. I like Synology stuff, I use it. But opening anything up to the Internet isn't safe. You may have full control of your data, but so does somebody else.

Re:

[cant_get_a_good_nick]

They Audit your NAS to find all its secrets... then use them against it if it ever leaves the "church"

Re:

[Anrego]

Only works if everyone else plays along. The problem with securing email has never been a lack of means but a lack of popularity.

Re:

[vtcodger]

Many, many years ago my boss was in Washington DC doing some intensive marketing and I was in San Diego trying to keep his operation on track. Since the stuff he needed was proprietary, we tried encrypting our messages (on DARPANET as I recall) for a while. That lasted about three days. Technically, it worked fine. Pragmatically, it was a monumental PITA.

Re:

[mlts]

The ironic thing is that encrypted messaging isn't hard. I always use a S/MIME certificate (even if I have to renew it myself), because my outgoing E-mail stands out because it is always signed, and if someone else has a S/MIME cert, email gets automatically encrypted between the two parties.

S/MIME isn't as secure as PGP because of the weakness with a CA, but it provides both data-in-flight protection as well as data-at-rest... "good enough" protection for a lot of tasks.

Of course, the problem is getting p

Changed my paradigm

[sdguero]

I no longer consider things like my name, address, social security number, ip address, bank acct number, etc to be "my data." The only things I still consider to be mine are my pictures, films, and music which I back to to external USB drives that I store in a fireproof safe. I leave the bulk of the security of my personal information up to my providers and try to use hard to crack passwords. If there is a leak (I'm sure there will be, if not already) and it affects my livelyhood, I will hold the company that compromised my data responsible. I don't believe that I have any assets that could be attacked that aren't covered by FDIC or identity theft protection, and none (other than title for my house/cars and my 401k/IRA) are worth more than what I can get back in small claims court, so I just don't worry about it.

Re:

[wyHunter]

Then you don't have any data at all.

Re:Changed my paradigm

[bwcbwc]

Just how do you plan to hold the companies responsible? It's almost 100% certain that the EULA waives your right to remedy in court in favor of binding arbitration. Even if you bring a lawyer to the arbitration hearing, the rules of discovery and other items are different.

Re:

[reanjr]

Oh, a sensible security policy. Weird... don't see those very often. Most seem split into either the "internetz secure!?! IDK, LOL!" camp or the "my data must be secured from the NSA" camp.

Re:

[phantomfive]

Like the NSA gives a shit about your data... Unless you are doing some really bad shit.

Or you're the girlfriend of an NSA employee. Or you're a senator who's been critical of the NSA policies.

Seriously, the NSA has shown that it's not trustworthy. We don't even need another whistleblower to show us that, it's out there in the open.

Same setup for MacBook, except for online backups

[cerberusss]

I've moved from Python/C++ development on Linux to iOS development on a MacBook, but I've got the same setup as the Submitter.

However one thing I haven't found a replacement for, is online backup. I currently use BackBlaze, and it's soooooo damned stable, light-weight and easy to use... I wonder if there's self hosted alternative?

Re:

[dotancohen]

I currently use BackBlaze, and it's soooooo damned stable, light-weight and easy to use... I wonder if there's self hosted alternative?

BackBlaze stores your private key on their servers:
https://www.backblaze.com/back... [backblaze.com]

That doesn't seem very private to me. In fact, when you want to restore your data, the data is decrypted on the BackBlaze server, then zipped and the zip file is sent with the unencrypted files. You can add a passphrase to the private key, but again this passphrase needs to be entered into the BackBlaze website so that the files can be decrypted on the server. They promise not to store the passphrase. I love promises.

Re:

[sparky81]

I think that was his point - that he hadn't found an easy self-hosted alternative. Do you have one?

Re:

[dotancohen]

Sure, but it's a bit more involved to use:
https://aws.amazon.com/glacier... [amazon.com]

Let me quote something from that page:

$0.007 per GB

And of course I encrypt the files locally before uploading them. My private key remains private, and I have it backed up as well on physical media in disparate locations, not online.

Re:

[Thumper_SVX]

This. I do this too using S3CMD. You can upload to S3 more easily than Glacier... so far a command-line based Glacier client is sorely lacking. Still, I upload to S3 and then have my S3 data set to archive to Glacier after 24 hours which it does automatically. That means the only files that are in S3 are the most recently changed or new.

Like you I have a script that locally encrypts with my own private key before upload. That private key I keep in my Owncloud.

Re:

[dotancohen]

Like you I have a script that locally encrypts with my own private key before upload. That private key I keep in my Owncloud.

I would love to see your script, if you don't mind sharing. Mine is "in development" i.e. I still prefer to do it all manually which means that backups do not happen as often as they should.

Re:

[Thumper_SVX]

Drop me an email. This user name at nodecaf dot net. I'll be more than happy to share the script with you :)

Re:

[ls671]

rsync over ssh. The backup server initiate the connection. Use the backup dir option in rsync for incremental backups and a script to gzip the incremental backups.

Re:

[Paco103]

Crashplan allows you to host on your own environments, or peer with a friend and exchange diskspace for encrypted backups. You can even seed backups via removable disks to get a large backup hosted quickly.

Re:

[cerberusss]

I don't really like Crashplan. It's this humongous Java app which sucks CPU. But I agree it's probably the only practical and easy way to go about it.

An open source self-hosted GitHub alternative

[ovidus naso]

Gogs [github.com] a self-hosted GitHub alternative written in Go

no internet

[Anonymous Coward]

I just don't ever do anything on the internet. Ever. Crazy bad people live there.

Not sure I understand the question...

[radish]

I can "maintain control of my own data" while still using external services. All my data sits locally, and is backed up to multiple locations, but I also put plenty of it out there in the world. But Flickr or Tumblr or Facebook or whatever could go away tomorrow without me losing anything material.

I'm not sure what the whole "corporate overlord" thing is all about...either use the services or don't. I don't see either as a significant victory for good or evil.

Re:

[bluefoxlucid]

People are paranoid that someone is watching their kitten pictures while rubbing their hands together and laughing evilly.

My own VM

[Lorens]

I had my own server, now a VM. $45 bucks a year. Does everything I want, and if I'm not happy with the provider I move it.

I have done this....

[Brostenen]

Backing up my data on a USB harddrive.

Re:

[Brostenen]

I allways use USB harddrives, and I never ever let them be powered on, when they are not in need. So I still have my old 3.5# 250gb PATA based drive in my closet. It is used for backing up edited/changed and new stuff, once every month. Yeah... Those new 2.5# laptop SATA based usb-powered drives are crap. The old WD drives that Ellements were based on, are great. Even my old 20mb drive in my Unisys 80286 computer is still working flawlesley (it's a MFM-drive). Not planning to back that up, and it shall run

What data?

[bobbied]

Seriously.. I don't put data on the web, in the cloud or anyplace I don't completely control and monitor unless it is absolutely necessary. IF it's necessary, it only goes encrypted. So here are my rules...

1. Don't put data on the net if you can help it. Avoid it at nearly costs.

2. When you *do* need/want to put data on the net, ENCRYPT it first, even if it's not sensitive.

3. NEVER put sensitive data on the net unless you have no other choices, then encrypted it using the best encryption possible.

4. REMO

Re:

[Blaskowicz]

You have put data on the net in clear, I've found it and here is the proof :

Seriously.. I don't put data on the web, in the cloud or anyplace I don't completely control and monitor unless it is absolutely necessary. IF it's necessary, it only goes encrypted. So here are my rules...

1. Don't put data on the net if you can help it. Avoid it at nearly costs.

2. When you *do* need/want to put data on the net, ENCRYPT it first, even if it's not sensitive.

3. NEVER put sensitive data on the net unless you have no other choices, then encrypted it using the best encryption possible.

4. REMOVE any and all data on the net you have no more need for right away.

--
Don't be a pessimist. It wouldn't work anyway...
Reply to This

Update Software

[Luthair]

If you really want to keep your data yours, you better be on top of all software updates. i.e. ownCloud has had 24 CVEs this year alone.

Re:

[d33tah]

And add some HTTP authentication so that you won't even be able to contact owncloud without entering password.

Thank you

[Coren22]

Thank you for this post schklerg, I was looking at replacing my Synology NAS with something that can do more and your post gave me lots of information in that direction.

FYI, the reason I am replacing the Synology is that it doesn't have enough processor power to run Plex, and keeps crashing under load. It isn't a bad product, just not enough horsepower for my needs.

Re:

[Voyager529]

There are a few options for you in this respect:

1.) Run the Plex server on another machine, and use a drive mapping to give the Plex server access to your media library. This is what I do, but for other reasons.
2.) FreeNAS. Plex, OwnCloud, and CrashPlan are all two-click-install plug-ins. TT-RSS is fairly simple to install in a jail and there are a handful of cut-and-paste tutorials for doing so. A friend of mine who's Unix savvy has successfully gotten Piwigo to work in a FreeNAS jail (IMO better than Copp

Re:

[SeaFox]

Have you looked into XPEnology?
It's basically Synology's software hacked to run on any PC hardware you want.
So you can keep your familiarity with the Synology interface and packages, and put them on a machine with horsepower you'll never see in Synology's product lineup.

Different applications

[Britz]

- Piwigo for photos, because Digikam supports direct uploads to Piwigo.

- Kolab for Email/Calendar/Contacts, because it support ActiveSync and thus iOS and Android support syncing out of the box. Also Kolab is pretty awsome.

- Seafile for cloud file syncing, because it is a lot faster than Owncloud

Please keep in mind that I recommend Owncloud as well, because it is a lot easier to install and maintain. You only need webspace. No one in their right mind should really be operating a personal email server in 2015. This is what Google Apps is for. If you earn minimum wage or above, anything you pay for Google Apps will be a lot less than the time you spent on maintaining an email server. I also use Keepass and sync the file.

- Firefox Sync is open source and uses client side encryption. So why bother with Shaarli? Maybe because Firefox only just now came back to the iOS platform? Note: Chrome/Chromium is nice, but not really for me. For several reasons. This is a thread about keeping your data to yourself, so Chrome goes out the window anyways. Then we have the repeating issue with the extensions

http://labs.detectify.com/post... [detectify.com]

which applies to Chromium as well. And then there was the quality/packaging issue on Debian. Among other stuff. So why bother? I use Chromium frequently. Just not as my primary browser.

Re:

[bluefoxlucid]

I like Google Drive, but OwnCloud is nice. I set it up in Docker in like 30 minutes with postgresql, redis, php-fpm, and nginx, living happily with other services (nginx connects to php5-fpm via socket and listens on a unix socket on another volume; the nginx unix socket volume is shared between all nginx containers, and the final container listens on HTTPS for a virtual host and just proxies back to the unix socket).

I've thought about hooking up OwnCloud to Google Drive (it does that) so I can use OwnC

Re:

[Britz]

I also set up DokuWiki myself recently. My webhoster Netcup is offering to update this application for their customers when they install it through their interface. In any subdirectory of my choice.

Re:

[Nkwe]

No one in their right mind should really be operating a personal email server in 2015. This is what Google Apps is for. If you earn minimum wage or above, anything you pay for Google Apps will be a lot less than the time you spent on maintaining an email server.

I disagree. True, it does cost you some time and you need certain skill sets to do it properly. You are purchasing benefits with that cost however, namely the comfort that no third party is accessing your already received and historically sent (archived) mail. In a legal discovery situation, you would know that there is legal action pending as you would have to be notified of a request to turn over old email; if your email is on someone else's server, you might never know. It may be true that for most peopl

Re:

[Anonymous Coward]

Why on Earth would you recommend gapps in a thread about keeping data to yourself?

Re:

[schklerg]

I'd forgotten about Kolab, I may go that way instead. I appreciate the answers!

CIFS and lots of redundancy

[duke_cheetah2003]

4 hard drives. Two operating in RAID1 in a Linux file server (CIFS.) 1 external hard drive which weekly automated backups are sent to. 1 external hard drive which is manually mirrored from the other external once every few months and stored in a safe place.

RAID1 lost a drive a couple months ago, no biggy, just replaced it, didn't lose a thing. The super sensitive irreplaceables (my source code primarily) are kept in a TrueCrypt volume on my AWS server. Just extra insurance against house burning to the

Easier solution.

[fahrbot-bot]

Just wait for the NSA to stand up their own Cloud services (probably in their Utah data center) and let them host/store everything for you. Then you can kick back and stop worrying if they've got copies of all your data. As a bonus they handle all your backup needs too.

(I mean, if you've got nothing to hide ... and all that.)

Sandstorm

[paulproteus]

I run an instance of Sandstorm [sandstorm.io], which is software you can install on a Linux server that lets you run other apps. Some features:

* One-click installs of any of 47 apps [sandstorm.io], like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).

* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.

* Security sandboxing of the apps against each other and away from the Internet, so malic

Re:

[schklerg]

Sandstorm looks nice. I'm going to test to see if it's worth it to migrate. I was really hoping to get more of this type of responses to the thread - ones which expose others to alternatives. Thanks.

Bit by Bit, and Designing My Own

[Foresto]

I self-host and encrypt where possible. For other things, I use providers as trustworthy as I can find.

Email privacy is a tough problem, but a solvable one. I'm working on a project that will give me gmail-like convenience without entrusting my data to Google, and might eventually grow automated/transparent encryption capabilities. It's going to be a while before it's usable, though; nobody is paying me to work on it, so it doesn't get enough of my time. (The mailpile [mailpile.is] project overlaps some of my goals in this area, and might be worth a look to anyone interested in the topic.)

A Facebook replacement is another tough one, perhaps even tougher than email, but I believe it's also solvable.

Please keep asking questions like this, and sharing what you discover. The more of us we have thinking about these problems, the more likely we are to work out their solutions.

Re:

[tomxor]

A Facebook replacement is another tough one, perhaps even tougher than email, but I believe it's also solvable.

Although i'm a little biased on this subject, i can't help but think that in 10 years time people will be scratching their heads trying to understand why facebook was so important to everyone - it feels like something that should be grown out of... i know people like to connect, but there has to be better ways (different ways) than facebook that have yet to be realised, and there is no reason why all your data and activity has to be mined by a single large corporation in the process.

I think emails is more u

Re:

[mlts]

A FB replacement wouldn't be too hard to do. In fact, we already had something that did everything FB did back in the 1980s and early 1990s... we had multiples... called AOL, CIS, Prodigy, and The Source.

If coding, it might be wise to code around having small social networks which are interconnected. Want to message someone on another network, or have a wall with content from a number of other providers? We have the Internet protocols for all of that, such as NNTP for store-and-forward bulk stuff (with a

I don't have a Data Mine.

[Bing Tsher E]

I don't have a Data Mine to keep.

Isn't this more of an issue for entities like Google? They're the ones whose Data Mine is jeopardized by the kinds of rules adopted in the EU.

Only big companies and organizations have Data Mines.

What have I done?

[ttucker]

Running all of that stuff is fun when you have the time, but frankly is a huge pain in the ass in the long run. Eventually you will shave that neckbeard right off and start using Gmail again, probably without any Slashdot article...

Re:

[cerberusss]

Running all of that stuff is fun when you have the time, but frankly is a huge pain in the ass in the long run

Well, it depends a bit on what your needs are. I too have a family and not a lot of spare time. For email, I use Google Apps. It's not worth it to me to spend the time on configuring spam protection on the level of Google. But file syncing is very, very easy. I got an ownCloud instance running in 30 minutes or so, plus another 30 minutes getting it to run over HTTPS. That's more than a year ago; haven't touched it since then, except for the occasional update.

A Suggestion?

[the_Bionic_lemming]

They have these things called "Hard Drives" and they can "Store Data" and even made into a "Raid" that can help "Preserve Data".

I have to go look up how much I owe Dr. Evil for the use of the quotes but expecting the online storage to be private is like wishing that an ice cube will protect you from a nuke.

Maybe...

[nnull]

Stop using cloud services?

Re:

[Behrooz Amoozad]

So, when are you from? 1346?