In a world where the cloud has breached our life, people no longer take privacy as a fundamental aspect. I have taken the road of the cloud myself for a few years. Eventually, the recent changes regarding how online content providers use our data. May it be Social Media platforms, Cloud-based Storage, Backup services, Email providers, and more has opened my eyes to the one thing people take for granted: Privacy.
Philosophically speaking, it's dead simple: "People prefer comfort over privacy." They instead prefer the sheep hoard mentality than know what really happens to their data. You give Facebook permission to use your Private photos, track you on a daily-hourly basis, know what food you like, when, and why. Google spies on everything you search, check and look for, amazon and eBay generate a human profile based on digital data - complete digital you without ever need to see you. Everything in the name of controlling your every decision making process.
I shall give some random quotes here just to let you re-remember that too:
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." ― Benjamin Franklin,
"Ultimately, saying that you don't care about privacy because you have nothing to hide is no different from saying you don't care about freedom of speech because you have nothing to say."― Edward Snowden
"Solitude sometimes is the best society." ― John Milton
"Data is the pollution problem of the information age, and protecting privacy is the environmental challenge." ― Bruce Schneier
So yeah, you probably get the point by now. But what does it means to break free? From who? There are many examples, of course, but let's focus on several "big" names:
Internet Service Providers
The list goes on, and there are many, many others, but it doesn't matter the idea here is fundamental; someone or "something" is tracking you, either from an advertisement standpoint, governmental standpoint, and other reasons.
I'll focus on the "Tracking & Advertisement" part, as the governmental part is way more complicated. To live anonymously is mostly impossible in most cases, and in extreme cases, you may need to reduce your exposure to zero, and that means to eliminate connected technology.
You are just another ID in the system. Aa entry in a giant database file sitting somewhere. Just another (complicated) MongoDB document file lying around in some server(s) sharded across the world with master-slave configuration - you get the point.
The big companies provide us "from the goodness of their hearts" free-services for us to use. Have you wondered why? And how exactly free-services even make money? the cost of paying for the servers, data storage, in/out bandwidth combines is so high that it's unthinkable how much money is poured monthly just on that alone. So yeah, free-services ARE NOT free.
We all know the financial model all of those companies follows:
Create a "free" service.
Attract users & build a user base.
Convince you to stay at any cost (family, friends, etc. already in)
Collect user data.
Sell / Target their data with advertisers.
Using these services violate your rights in the most basic form, but when you are signing to these services, you agree to their terms and conditions, making you their "puppet."
Each company uses a different strategy. But the fundamental "attract and sell" remains at the core of every company.
Let's take Facebook for example; when you request to download all the data that Facebook stored on you, you will get this list:
Holly smokes that a long list, isn't it? For using a free service, you would think that there would be no-information dtored at all (except maybe email as cleartext). If you check the location/ folder, you will see that they started to track your position from early 2015 (or even before). Isn't it a significant surveillance issue right there!
SO yeah, I love how people will go with this remark:
"I have nothing to hide. I don't care if Facebook tracks my every position, daily, hourly, or even knows what payment method I use and when. Let them build a profile version of me, just for the sake of advertisements."
For this, there are many responses; some would say:
"would you hand out your phone to someone and let him check whatever it wants?".
People have lost the comfort game. For what? Watching cat videos on youtube, Facebook, read and respond to "Fake" statuses people put online? Like and retweet useless random "texts" from online boards.
Now, I am not arguing that Social Media IS BAD! It truly has its function, and it does indeed do good to the world as much as it does evil. But it should never treat the user as a product from the start. WE ARE NOT products, yet you are. The human is but another monetary junction to the system. in response, and you keep watching cat videos, read random posts from "friends.". Respond to suggestions whose purpose is to steal your valuable time, keep on procrastinating and continue the monetary loop.
Whatever your decision may be regarding those systems of power, there are SOME alternatives... I will try to list them, but it's not a real solution - or a replacement. Yes, the system of powers trapped 95% of the users.
Let's list some services and their alternatives (yet, sometimes not the best, open-source or private, so choose wisely):
Facebook -> MeWe / Mastodon / Diaspora / Memo.cash
Google Search -> DuckDuckGo / Qwant / Peekier
Twitter -> Parler / Noise.Cash (mostly noise though)
Whatsapp -> Signal / Telegram / Wire
Google Drive / OneDrive / iCloud / DropBox -> SpiderOak / Synology / ProtonDrive
LastPass -> BitWarden (or self hosted version)
Instagram -> PixelFed / Textile
Gmail / Outlook / Yahoo! / Apple / Hotmail -> ProtonMail / Tutanota / Mailfence
S3 / iDrive / Azure / Google Cloud -> Backblaze / Crashplan
Reddit -> Quora / Slashdot
YouTube -> lbry.tv / odysee.com / Bitchute.com / Vimeo / DailyMotion
Netflix -> Plex
NordVPN -> ProtonVPN
AWS / Azure / Google Cloud: Private NAS
BitTorrent <-> Usenet (Use VPN & SSL either way)
2FA -> LastPass / Yubikey
Nothing is perfect, but it's up to you to choose which services you want to KEEP, which ones to MIGRATE, and which one to DELETE.
I tend to either MIGRATE to the most private ones or DELETE the service, never to come back.
There's a saying in the crypto world: "not your keys, not your coin."
So in the privacy world, the equivalent is: "not your server, not your data."
The first thing we need to do is first build/get/buy a private server. It can be a big one, medium one, a small one, whatever you can get, as long as it has the amount of data you plan on needing.
Owning the data is the first step towards taking control of your digital life. You CAN share data if u wish (Pics, files, etc.) as Disk Managers includes DropBox software as well. But you have more control over everything that way. (share online? Use time-based links with passwords, for example, or encrypt them and share them. The sky is the limit).
Be the master of your data first!
Note: I am using Synology. Therefore most of the steps are more Synology oriented. I'm sure QNAP has the same sort of setup.
If you're building one, follow any online video tutorial which shows what chase one needs, how many drives, bay, memory, motherboard, cooling, etc.
Usually best to choose from Synology or QNAP.
Both companies give a wide range of setups to choose from, and it all depends on what you are going to do with it.
Media Server (720+, 920+, 1520+, etc.)
Data & Virtual Machines (1621+, 1621xs, 1820+, DS1019+)
Media Servers are usually equipped with Hardware Decoding CPUs, while Data/VM servers come with more memory, no HW decoding CPUs and a higher core count and boost clock.
Quick Note: For those who are looking to work on a NAS (Network Attached Storage), it's good to know that most media server types NASs, do no include PCIe expansion slots, So that means you cannot install a 10-GBit network adapter and talk over 10Gbit connection directly. So pick wisely: HW Transcoding or 10-GBit. Some high-end models Might include it in the future.
For a full list, click here.
Minimum 8GB (VMs are hungry)
It's best to have at least 16-32TB as a start for a Media server and 16TB for a data server.
Optional, mostly for data fetching (Works best with 10GBit connection for when editors directly work on a nas).
DIY Server: Unraid (59-129$ For basic/plus/plus)
Buying Server: Synology DSM or QNAP's disk manager
Raid-5 / Raid 6
SHR / SHR 2 (Synology specific NAS servers)
Note: some like Raid 1+0
After acquiring a NAS / building one and the Raid/SHR system is initialized with a btrfs file system (and a volume is ready), we try to secure our box:
Disable Admin account
Enable account protection,
Enable firewall settings: Disable all ports except DSM / Plex / SSH (if needed), allow local IP range, enable the same country only if you want to access remotely from a phone/different network
Setup long password,
Enable 2FA support,
Disable default shared folders,
Buy a Domain
Buy an SSL certificate for the domain & install the SSL certificate on the NAS (or use Let's Encrypt free service for the SSL)
Point your domain (A Record) to your NAS Public IP to use HTTPS when connecting. and set up a bash script to update your register every 30mins with the public IP (A record)
Backup with HyperBackup to a local connected USB Drive (uses deltas, every one day)
Backup to Backblaze B2 with HyperBackup (uses deltas)
Setup Synology Drive Server and install Drive on a remote machine (it will set up to pull changes from the NAs on a specific folder) and then back it up with Backblaze Personal Server
Create shared folders (disable home users) for data/plex.
Change default HTTP / HTTPS ports and redirect HTTP to HTTPS always.
Disable Apple discovery services.
Use the latest TLS/SSL versions to mitigate known attacks on old browsers.
Install Plex Media Server, buy Plex Pass lifetime, and setup all the movies/music/tv folders.
Port forwarding 443/80 to XXXX changed ports of DSM.
Port forwarding external XXXX port of plex to XXXX internal plex port.
Enable Snapshots to protect against ransomware.
Once everything ready, you are in control of your data. Install the Synology Drive app on your phone. Log-in with your credentials/domain, and start upload photos/videos directly to your box.
Some services will let you install their open-source software straight on your NAS and use it as its backbone. Such example is a password manager Bitwarden, which will allow you to host their backend on a virtual machine (Docker) and store all the passwords in it instead of using their servers.
If you want to run your web service/website, make sure to change apache/Nginx ports and enable port forwarding. And set up the necessary steps to have it up and running (Docker, Kubernetes, etc.)
One overlooked item missing from a server array is a UPS. It's imperative to have your system up and running on blackouts.
Follow the guide here.
Usually, APC/EATON brands are the best bet. Synology includes drivers for them already for automatic shutdown.
Yes, this is cost-effective. Owning your private server will cost money (however, the build form factor you selected).
DIY Server: 200-800$ (with a lovely Nvidia GFX card for HW transcoding)
Buy: 400-2000$ (not including memory, PCIe 10gbit network card, NVMe for caching)
NAS Specific HDDs: 99-500$ (depends on the size of TB selected and brand).
10gbit Network Card: 99$ (ASUS XG-C100C 10G) for PC (Optional)
10gbit Network Card: 140$ (Synology 10Gb Ethernet Adapter 1 RJ45) for NAS (Optional)
UPS: 100-1000$ depends on VA and brand.
Delete all accounts is the most challenging part as it is cutting the cords between you and the NORM. Being away from what EVERYONE is using and become the odd-ball.
Privacy requires a new mindset. It is your fundamental right to have a private life, and most definitely a digital one.
Neutralising your digital footprint (especially the retro-active one) is probably impossible, but it doesn't mean you can't change the active online digital footprint.
I can't tell anyone what to do, how to do it, and why. All I know is that you don't want your data to be spread around without your consent (see Whatsapp, for example, they are now-soon forcing users to accept their new terms - comply with our data sharing or delete your account).
Companies are now more aggressive than ever. I would not give them any more private data. Whether it's images of myself, my wife, kids, family, or friends. I advise to use private communication messaging, encrypted email, use PGP for file encryption, HDD BitLocker/Synology encryption on your NAS or private HDDs, use encrypted Backup solutions and share data with a password and time-based limits (direct friends/family)
NAS: Synology 1621xs+ 8GB 4xTB
Messaging: Signal / Telegram (specific people, not groups or bots)
Backup: Backblaze with encryption ey (AES256)
Online Media: YouTube (i kept this one)
Social Media: Twitter / Noise.Cash / Reddit (rest deleted)
Media Consumption: Plex (Private Tv/Movies served from NAS)
2FA: LastPass / Yubikey
Storage: Synology Drive (NAS)
YouTube (I do pay to remove ads, and yeah, it sucks, and google still tracks, but I do follow lots of content there that is useful for my education)
You can go rouge and delete all. The idea is to take digital content into your own hands and minimize the footprint—especially the "Active Tracking" part of the equation.
Hope you had a great read!