On Taking Control Of My Data
In October 2019, I read Edward Snowden’s new book, Permanent Record. Although I have very little in common with him and certainly many fewer reasons to suspect or fear state-sponsored hacking and exfiltration, it nevertheless got me thinking about the sovereignty and privacy of my own data.
I have stored my data with various “cloud” providers for some time now. Initially, it was mainly to make it much easier to wipe and re-install my machine (which I used to do quite often back when I was running and testing all manner of software) without having to back-up and restore all my data each time. Over time, as I obtained more devices, it because more about having access to my data from any of these devices and keeping them in sync.
I used a variety of services for this. Over the years, I used OneDrive (as well as its predecessors FolderShare, Live Mesh and SkyDrive) as well as Apple’s iCloud Drive. As I switched from PCs to Macs and then to a hybrid, I moved my data to whatever service offered the best integrations at the time with the devices I was using. As well as simple file storage, I also used a number of services for email, calendars, contacts, notes and other data. These included (in roughly reverse order), Outlook.com, iCloud Mail (and its predecessors MobileMe and .Mac), Gmail, Hotmail, Yahoo and even my ISP’s own system. At various points, I also used redirecting services so that I could use my own domains for email.
Convenience at the expense of privacy
Many times each day, I, like many other people, trade privacy for convenience. Whether that’s paying for something using a card, using shop loyalty schemes or buying something online with a registered account, I’m leaving data trails to be used not only to target me with advertisements and track my actions, but also ready to be potentially abused, either internally or after it is leaked in an attack.
The same arguments, sometimes more so, can be applied to all the data I keep online with various providers. Gmail used to read the emails of free users to target advertisements. Private images stored in iCloud were made public. Some data is stored the USA where privacy protections are lax and a lot of organisations can gain access to your data with flimsy reasons. Sure, it is convenient for me to store my data with these providers, but even at these arguably high costs?
I have thought about these issues a number of times before and each time have tried to come up with an acceptable solution that is both convenient and private, but each time, convenience has ultimately won.
Taking control of my data
This time, after spending much longer thinking through the various options, I have come to the conclusion that I have to do something different. I can no longer use the lazy excuse of convenience while I keep willingly handing over more and more of my personal data to unaccountable companies based all around the world for them to monetise at my expense and without my permission.
Having briefly looked at ownCloud and Nextcloud on a number of previous occasions, and each time balked at the supposed steep learning curve and startup costs, I have decided that now is the time to embrace this alternative world and do my best to loosen the grip of the multinationals on my personal data. Taking control like this allows me to choose on my own terms how I store things, where they are stored and who they are shared with.
What I have changed
Looking through the list of accounts I have and where I store my data, I have made the following changes:
Moving my emails to Fastmail
I looked around a number of “privacy-enhancing” email providers and once had a short-lived account with Protonmail but could not come to terms with the interface. This time, based on recommendations, I have gone with Fastmail. I moved all my emails and accounts to a paid service with them. Paying for the service means they have less of an incentive to sell my personal data instead.
Moving my calendars and files to Nextcloud
Having been forked a while ago from ownCloud, Nextcloud is the current hotness in self-hosted cloud services. Running on a DigitalOcean machine with on-site and off-site backups, my Nextcloud instance hosts most of my data. This includes my calendar as well as files, photos, contacts, notes and to-dos. It also serves as my RSS reader.
All of these integrate well with my phone, where I use the Fiery Feeds app for news, 1Writer for notes, the Nextcloud app for files and photos and Apple’s built-in apps for contacts and to-dos. Most of these are synced using WebDAV, an open standard for data sync.
Moving password management to Buttercup
This is a bit of a wildcard, but I have used 1Password for quite a while and been very pleased with it. However, recently they have been moving to a subscription model and pushing their online sync service very hard. Although they boast great encryption and the inability to access user data, I decided that it wouldn’t make sense to move everything else to my own hosted services yet leave probably my most sensitive data on someone else’s cloud.
Since 1Password doesn’t have WebDAV syncing, I searched around for another app and stumbled upon Buttercup. It’s a little-known open source password manager, but the great thing is that there’s an app for every platform and it supports WebDAV syncing. I have set it up to store its data in my Nextcloud instance and the phone app uses WebDAV to connect to it. Unfortunately, the desktop apps aren’t as good with this syncing and I got a number of errors, but my workaround (which works very well) is to set up my Nextcloud as a WebDAV drive in the operating system itself (which also gives the benefit of being able to browse it easily) and then having Buttercup connect via this route.
What I have learnt
Hosting your own cloud service isn’t for everyone. Although we have come a long way in user friendliness and ease-of-use, I still cannot see a time anytime soon where many (or most) people will have their own personal cloud service running, hosting their own files and data. Given the situation with ownership of your own data that I have outlined above, it’s a real shame, and for most people, the incumbent companies will continue to trap them with low-cost or free services while making their real profits from these same people’s data.
However, for those of us who have the ability, I think it is incumbent upon us to not only take control of our own data, but also to assist others who wish to do the same. Only by doing this do we have any chance at all of loosening the grip of the data brokers on every aspect of our lives.