PRISM Break: Cloud Storage
Cloud storage is great. You can save files on the internet and access them from all your internet connected devices. It also gives you the possibility to create external backups of all your important files: Even if everything you own get lost in, say, a catastrophic house fire, your important documents, family photos and other digital valuables are safely stored someplace else. Great stuff.
The problem with cloud storage, however, is that you lose all control of your files. The cloud provider can easily access everything, look at your photos and read your documents. The files can also be shared with others by the cloud provider without your knowledge and consent. If you are a bit computer savvy, you can prevent this by encrypt everything you save in the cloud, but as far as I know, none of the popular cloud storage providers make this an easy process. In addition to the hassle of encryption, you have to make sure you have your private key stored somewhere safe, because if that is also lost in the mentioned house fire, you will be unable to access your files.
Up until a few weeks ago, I used two cloud services myself: Google Drive for external backups of important documents, photos and other files that I wanted easy access to across all my devices, and Amazon S3 to create backups of www.vegard.net and other sites hosted on the VBOX. Technically, both services work great. But in terms of privacy, they are rubbish. The files are not encrypted and are just sitting ducks, available to everyone with access, for instance some Google and Amazon employees. Google is planning an encryption project that will make sure your files are saved encrypted on Google Drive, but in practice this doesn’t really have any effect: Since the files are encrypted by the cloud provider, in this case Google, they can just as easily decrypt the files and have a look at them anyway.
So is cloud storage that respects and protects your privacy impossible? No, it’s not.
But it does take quite a bit of work, unfortunately, and the biggest challenge is the external backups. You have to physically store your files somewhere that’s not your own apartment or house. A possible solution is to backup your files to an external hard drive and store it at a safe location, for instance at a friend’s house. But moving external hard drives around isn’t very convenient and requires a lot of manual labor. What if you instead could take the external hard drive and connect it to the internet at your friend’s house? Given that your friend’s Internet Service Provider (ISP) allow inbound connections, you could now have an external hard drive that’s accessible from all your connected devices. What you need is called Network Attached Storage, or NAS for short. A wide range of consumer versions of NAS devices have become available in the last few years. They’re a bit pricy, and most come without actual storage, so you have to buy hard drives as well, but since the NAS device will be used to backup important files, it is, at least in my opinion, a cost you should take - if you lose all your files, no money in the world can bring them back.
After quite a lot of research, I ended up buying a NETGEAR ReadyNAS 102, a 2 drive bay NAS unit. I also bought two Western Digital 2TB drives, which is more than enough for my backup needs in the foreseeable future. Basic installation of the ReadyNAS was easy; NETGEAR has made the process very user friendly - simply pop in the drives, connect the NAS to your router, power it on and you’re pretty much good to go. The ReadyNAS 102 comes with a wide range of built in features and services, everything from rsync and FTP support, to NETGEAR’s own ReadyDROP, which will give you a Dropbox-like service on your own NAS device.
With the ReadyNAS, I have now started the transition from Google Drive and Amazon S3. I’m not finished yet, but I’m about half way there. The ReadyNAS, now named vNAS, has been installed at my parents-in-law’s place, where it has a permanent, albeit slow, internet connection. I’ve moved all my files away from Google Drive to my own, private cloud installed on the vNAS. My Android cell phone and every computer I use are now synchronizing files with vNAS instead of Google Drive, and I have deleted everything I had stored on Google Drive. Deleting the files from Google Drive was a peculiar thing. Even though there are no files left, Google still reports that I’m using well over 8GB of storage. So either the files aren’t actually deleted, or the usage reports just takes a while to update. Either way, I assume that my files are still somewhere in the Google Drive cloud, where they will stay forever - even though they appear deleted. The files on the VBOX are still being backup up to Amazon S3, but these files will also be backed up to vNAS in the not-so-distant-future.
How I went about configuring all this is something I’ll discuss in a future entry. It wasn’t straight forward and it was time consuming. But absolute worth it. I could have saved some time by using the ReadyNAS out of the box, but I have a few needs that it didn’t cover, which will be discussed lated. But if you don’t have any special backup needs, you can use the ReadyNAS out of the box. If your budget allows it, I’d recommend that you go ahead and buy a NETGEAR ReadyNAS 102 - or a similar device from another manufacturer if you prefer that - and start using it right away. As it is now, this seems to be the only way you can be sure your personal files are private and safe.
vegard at vegard dot netwith your input. You can also use any of the other points of contact listed on the About page.
What about running a VPS? As long as the whole thing is encrypted (like ubuntu offers you on a fresh install), uses SSL from certificates you’ve self-signed (make sure the master is on all your end-points) then even if Big Brother asks your VPS provider to hand over your data, everything is encrypted.
Some people are working on a Linux distro specifically for that purpose (also to be easy to install by the averge joe). It’s called arkOS.
I went to a talk about this by Toby Kurien, and he left his slides online: http://slides.house4hack.co.za/prism/
Tell me what you think :)
Affording you the opportunity to encrypt the whole disk on an LVM, for example.
I’ve read good reviews about them.
It looks like you're using Google's Chrome browser, which records everything you do on the internet. Personally identifiable and sensitive information about you is then sold to the highest bidder, making you a part of surveillance capitalism.
The Contra Chrome comic explains why this is bad, and why you should use another browser.