"Friends help you move. Real friends help you move bodies." - Dave Attell
myRL.net
Home Services Downloads About
Posted on 2015-09-16 by IceBear

In this and two following articles I'd like to take a look at three different areas of personal data storage, how I see a majority of people handling these three issues and what my personal theoretical approaches regarding them is. This is going to be purely about data storage and security, not transport security, which is another topic on its own.

The questions mainly are:

  • Where am I supposed to store my private data?
  • Is my data secure?
  • Who can access my data?
  • Is security based on trust or actual scientific security (encryption)?

First of all, the three distinctions of data storage I'd like to make, and also how I'm splitting the articles, are the following:

  • Email storage
  • Preference storage (application preferences, browser syncing, phone syncing etc.)
  • Personal data storage (photos, videos, documents, contacts, calendar, etc.)

Let's start with email storage. Where are your emails stored? The vast majority of Internet users have an email account with one of the big free email providers or they might have an account that is provided by their Internet Service Provider (ISP). Maybe you even use some shared web hosting somewhere which comes with shared email servers. Whichever of these is the case: your emails are effectively stored with a third party, an ISP that is not you.

Let me ask you this: where is your mail stored? And by mail I actually refer to physical mail: letters. Where are they received? Surely you have a mailbox at your home, or you might have a post-office (PO) box. Most likely you'll be receiving your mail at your mailbox in front of your house and then store it safely inside your home. Would you want your letters to be sent to a third-party that is sending you a copy but also storing all your letters within their own house? Probably not.

I believe we have a major misunderstanding how we are treating Email currently. We are giving away our email data to big companies that make a living with it (among with other services). Always keep in mind that you're most likely not the customer when using a free service, you might be the actual product. If events in the last years regarding the NSA and Edward Snowden have shown us anything, it's that our data stored at big ISPs is most likely easily accessible by governments.

Instead of using such a centralized infrastructure, we should be decentralizing Email in the same way our usual mail system works. When you go back looking at the development of email, it actually was meant to be exactly like that.

My suggestion for email therefore is this:

  • Get your own domain name to use for your email address. Be aware that public email providers like gmail.com, hotmail.com, etc. are the ones in charge of their domain names and can cancel them or your email address at any time. You should be the one in charge of your own domain name.
  • Run your own email server at home. While this might sound difficult, a lot of services and communities try to make this as easy as possible. Some examples would be iRedMail, Mail-in-a-BoxSynology Email Server and YunoHost. In case you've heard about or own a Raspberry Pi, there are two major projects making self-hosted services, including Email, on a Raspberry Pi as easy as possible: arkOS and FreedomBox.
  • Use a third-party email server only as a backup mail server. In case your Internet connection at home drops and your mail server is unreachable, configure a third-party email server as a backup, so your emails will be delivered regardless. In a best case scenario, you can set up a friend's home email server as your backup server and vice versa.
  • Use end-to-end encryption such as GPG to protect your emails even if someone else is able to access them.

This just a very brief overview of why I suggest hosting your own email server. There are lots of other things to consider and running an email server is by no means an easy task, I understand that.

As a concluding suggestion, I'd like to introduce the website PRISM Break which lists free and open alternatives for all kinds of proprietary and closed solutions. Specifically for mail servers: PRISM Break Mail Servers

In my next article I'll be taking a look at preference storage, where to save application preferences, what to do with browser syncing and phone syncing.

Article NSA parody logo cc by EFF. Article title in reference to "All your base are belong to us".

Posted on 2010-11-21 by IceBear

I got up the other day after a long night, not fearing anything being wrong, just the usual morning. Still a little sleepy I turned to my PC just to find this in my face: "Germany on high alert due to 'plot'"
I panicked. Immediately I called my local police station to report these weird looking Middle Easterns who moved in next door. They don't speak German, they don't look German, they just look like a big bomb waiting to explode to me. After what seemed to me the longest half hour of my life, a black van pulled in the driveway, men rushing to my neighbor's door with weapons drawn, kicking the door in. I hear screaming and loud noises. Five minutes later the men escorted these monsters out the door, into the van and tagged them with a yellow star. What a relief.

Oh no, wait. I think I got a little bit confused with history there. Anyhow.

So, I was relieved, lying back proudly in my chair thinking I did a fine service to my country when suddenly the men from the van rang my doorbell. They were probably going to thank me, or so I thought, so I opened the door just to suddenly have a gun in my face and get arrested. What for? The reason seems obvious enough, really. I'm a terrorist. Now that I think about it, it all makes sense. How could I, as a citizen of a democratic country, read articles by a terrorist network like Al Jazeera? What was I thinking? I must have been out of my mind. Of course the Stasi logged what I was doing on the Internet and acted appropriately.

OK, fine. While this might have been a work of fiction in some parts, just take a minute and think about what my point is.

Let me quote what the interior minister of Berlin, Ehrhart Körting, said:

"If we see something in our neighborhood, if suddenly three rather strange-looking people move in who try to keep out of sight and who only speak Arabic or another foreign language that we don't understand, then I think one should make sure the authorities know what is going on." - Ehrhart Körting (Spiegel article)

And with the findings of a "bomb" in Namibia that apparently was headed for Munich, Germany, I have reason to be scared, or do I?
Let's recap.
What appeared to be a "bomb" was found at the airport of Windhoek, Namibia. It was a suitcase which had:

"batteries that were attached with wires to a detonator and a ticking clock". - Bundeskriminalamt (BKA) statement

Later it turned out that this was just a "test". A testing device manufactured in the U.S. for usage at airports and other security areas, to see whether detectors and employees will detect the major threat this device eradiates. Have you seen the device? It's actually pretty funny:

X-RAY TEST OBJECT

It reads:

X-RAY TEST OBJECT NON-HAZARDOUS

and some info about the manufacturer (Larry Copello Inc.) below. On a funny but irrelevant side note, the wiring was apparently done by an 80-year old woman.

Question is, who planted this device? At the moment they're blaming it on a police officer in Namibia.
Whoever they're going to blame it on, let me see if I got this right:
You're telling me a device that appears to be a bomb was found at the airport of Windhoek, Namibia (which once was a German colony) and was supposed to head for Munich, Germany one day after Germany raised their "terrorist threat level" because they're fearing an attack. Really? They're still looking for the culprit?

The only real terrorist here is politics and that's about it.

Archived mirror, retrieved @ 2020-03-25
© myRL.net