"The Net interprets censorship as damage and routes around it." - John Gilmore
myRL.net
Home Services Downloads About
Posted on 2015-09-16 by IceBear

In this and two following articles I'd like to take a look at three different areas of personal data storage, how I see a majority of people handling these three issues and what my personal theoretical approaches regarding them is. This is going to be purely about data storage and security, not transport security, which is another topic on its own.

The questions mainly are:

  • Where am I supposed to store my private data?
  • Is my data secure?
  • Who can access my data?
  • Is security based on trust or actual scientific security (encryption)?

First of all, the three distinctions of data storage I'd like to make, and also how I'm splitting the articles, are the following:

  • Email storage
  • Preference storage (application preferences, browser syncing, phone syncing etc.)
  • Personal data storage (photos, videos, documents, contacts, calendar, etc.)

Let's start with email storage. Where are your emails stored? The vast majority of Internet users have an email account with one of the big free email providers or they might have an account that is provided by their Internet Service Provider (ISP). Maybe you even use some shared web hosting somewhere which comes with shared email servers. Whichever of these is the case: your emails are effectively stored with a third party, an ISP that is not you.

Let me ask you this: where is your mail stored? And by mail I actually refer to physical mail: letters. Where are they received? Surely you have a mailbox at your home, or you might have a post-office (PO) box. Most likely you'll be receiving your mail at your mailbox in front of your house and then store it safely inside your home. Would you want your letters to be sent to a third-party that is sending you a copy but also storing all your letters within their own house? Probably not.

I believe we have a major misunderstanding how we are treating Email currently. We are giving away our email data to big companies that make a living with it (among with other services). Always keep in mind that you're most likely not the customer when using a free service, you might be the actual product. If events in the last years regarding the NSA and Edward Snowden have shown us anything, it's that our data stored at big ISPs is most likely easily accessible by governments.

Instead of using such a centralized infrastructure, we should be decentralizing Email in the same way our usual mail system works. When you go back looking at the development of email, it actually was meant to be exactly like that.

My suggestion for email therefore is this:

  • Get your own domain name to use for your email address. Be aware that public email providers like gmail.com, hotmail.com, etc. are the ones in charge of their domain names and can cancel them or your email address at any time. You should be the one in charge of your own domain name.
  • Run your own email server at home. While this might sound difficult, a lot of services and communities try to make this as easy as possible. Some examples would be iRedMail, Mail-in-a-BoxSynology Email Server and YunoHost. In case you've heard about or own a Raspberry Pi, there are two major projects making self-hosted services, including Email, on a Raspberry Pi as easy as possible: arkOS and FreedomBox.
  • Use a third-party email server only as a backup mail server. In case your Internet connection at home drops and your mail server is unreachable, configure a third-party email server as a backup, so your emails will be delivered regardless. In a best case scenario, you can set up a friend's home email server as your backup server and vice versa.
  • Use end-to-end encryption such as GPG to protect your emails even if someone else is able to access them.

This just a very brief overview of why I suggest hosting your own email server. There are lots of other things to consider and running an email server is by no means an easy task, I understand that.

As a concluding suggestion, I'd like to introduce the website PRISM Break which lists free and open alternatives for all kinds of proprietary and closed solutions. Specifically for mail servers: PRISM Break Mail Servers

In my next article I'll be taking a look at preference storage, where to save application preferences, what to do with browser syncing and phone syncing.

Article NSA parody logo cc by EFF. Article title in reference to "All your base are belong to us".

Archived mirror, retrieved @ 2020-03-25
© myRL.net