Header image source: https://unsplash.com/@mkjr_
Disclaimer
There are no wrong or right tools. These posts are aimed at providing my research on certain tools and explaining my thinking and personal concern with cloud services. Hopefully someone taking a similar path may find these useful and avoid some of the pain I hit along the way.
Why?
"My fundamental belief is the cloud is not secure enough to store my most personal data, or to put it another way: I wouldn't store anything on the cloud I wouldn't want public"
In 2020 I stumbled across a tweet:
I'm a big Google Photos user in-fact a big Google Suite user and though I wasn't directly affected this leak made me feel like my data was incredibly vulnerable. This served as a wake up call that while my data was in the cloud I was only one leak or hack away from disaster. My browsing history, personal photos, email, messages etc.. are all stored on a third party company's computers outside of my own protection.
A lot of arguments against cloud tools focus on privacy "Do you really want x combing through all your private data to serve you ads". But actually it's the security aspect that scares me more.
Google hire some of the best engineers in the world and still leaked photos of its users. This is not because of a lack of skill or attention to detail it's because complex systems are hard to maintain/update and mistakes happen, even the best engineers are human. Every day our data sits in the cloud we are reliant on engineers not making mistakes with our data or a disgruntled employee with access not leaking it. My fundamental belief is the cloud is not secure enough to store my most personal data, or to put it another way: I wouldn't store anything on the cloud I wouldn't want public
Why This Journey Will be Hard?
The cloud is incredibly convenient and accepting that is the start of the journey. When I buy a new phone/laptop/tv I don't think about how to get my photos on it they are there already. Every photo I've taken since 2010, even accidental shots of the floor are all available in one place whenever I want to view them.
Remember how disheartening it was to backup your work manually to a usb drive only to forget to eject it and end up with corrupt files? Remember when you couldn't search your photos and files by content? There is no going back to the mid 00's no matter how much you like the gelled up hair, not once you've experienced automated cloud backups and powerful search.
My Strategy - The Dumb Cloud
First of all I don't want to run my own hardware. So this means I will always be dependant on the cloud to some extent. But as long as data is encrypted before being stored on the cloud I'm happy, what I am trying to get to is the dumb cloud where the cloud is essentially just a remote hard drive for encrypted data.
Ok so there is a long road ahead, I plan to take my data back in a rough order of how personal I think it is:
- Messaging (Currently using fb messenger, WhatsApp)
- Browsing history (Currently using chrome)
- Photos / Files (Currently using google photos, google drive, dropbox)
- Email (Currently using Gmail)
- Notes (Currently using google keep) ... I'll think of more later but the above would be a great start.
For each I am willing to take a minor compromise on usability but emphasis on minor. My ideal world would be services as or more convenient than I have now but where no third party can access the data (a big ask).
My Solution Categories
In terms of security/privacy I view these options in term of best to worst and an appropriate emoji to summarise my feelings on each:
😃 - Data is never sent to the cloud at all (probably unfeasible but let's see)
😀 - Data is stored on the cloud but encrypted with a key held by me and the tool used for encryption is open source and therefore auditable by the community.
🙁 - Data is stored on the cloud but encrypted with a key held by me and the tool used for encryption is closed source.
💩 - Data is not encrypted before being stored on the cloud
You may think there is a lot of nuance in some of these tiers. I.E. a data driven company is arguable less trust worthy than an open source storage provider. As my focus is security not privacy I am treating these as the same.
Where possible I will stick to categories 1 & 2. Ok strap as we hit the first stop on our journey: messaging.
Top comments (0)