Securing (and ensuring the privacy of) your digital life is, let’s just say, a bit of a challenge.
In the previous five articles in this series, I’ve talked about the need for a secure base platform, usage of Tor, email and instant messaging. And we’ve barely scratched the surface.
Now, let’s turn our attention to file storage, specifically cloud file storage.
Dropbox, Google Drive, Amazon S3, Apple iCloud, Microsoft OneDrive—odds are, you’ve used at least one of those services to store your files (pictures, work documents, music, etc.). Being able to toss these files into an online repository is undeniably handy.
Seldom-used files taking up space on your local drive? Toss it in the cloud! Need to collaborate with a co-worker on a document? Into the cloud! Simply want to have access to some of your files from any device? Up you go, it’s cloud time!
Now seems like a good time to mention a proverb as old as time itself:
“There is no cloud, it’s just someone else’s computer.”
Is that an oversimplification of what “The Cloud” really is? Sure. But only a little. The fact of the matter is when you upload a file to a “cloud service” (such as Dropbox) you’re really just uploading to a server (or a group of servers).
Why is that worth mentioning here?
--------------------------------------
Follow Bryan Lunduke’s quest to make his digital life as private and secure as possible:
- Part 1: Making my life private and secure
- Part 2: To ensure security and privacy, open-source software is required
- Part 3: If privacy is paramount, Linux and Torare key
- Part 4: Securing your email
- Part 5: Secure and private instant messaging
- Part 6: Secure and private online file storage
- Part 7: How to limit data collection from city cameras
--------------------------------------
Because a server is just another word for “a computer that serves up some data.” And in the case of companies that provide a cloud storage service (Dropbox, Google Drive, etc.), that means there are some potential problems to bear in mind:
- You don’t have full access to the server that stores your files.
- You have no say over the security of the server.
- Multiple people (likely) have root/admin access to that server, and those are (likely) people you don’t know.
- If that service is used by many other people, that makes that service a bigger target for someone looking to get a lot of bang for their “time I spent hacking” buck.
- The larger services are also (likely) going to be watched far more closely by government agencies.
- You can’t ensure the server runs only open source and free software (so that it can be properly defended against backdoors and the like). It’s not your computer. It’s someone else’s.
In short, by utilizing a large, cloud storage service, you give up control and security (possibly) while making your data part of a larger target for those looking to gain access to it. It is, all things being equal, less private and less secure.
[I should be clear: That doesn’t mean all large, cloud services are less private/secure than all personally run servers. But, at least conceptually, this is true.]
The best options for secure data storage
So, what do we do about this? Obviously we need a way to store our own personal (and work) data that will provide a bit better privacy and security. But how? There are a few options that provide various levels of improved privacy.
1. Keep data local
The first options is just don’t use those kinds of services.
I know. That’s crazy talk. But humanity lasted for at least a handful of years without a cloud file storage service. Heck, most of modern computing existing without such things. And we all survived just fine.
External, encrypted hard drives. Encrypted flash drives. Stored in a secure location. Those aren’t quite as versatile as putting everything “in the cloud,” but they’re definitely much more private and secure.
2. scp/sftp
If you’d rather not go back to the old days of backing up and distributing your files on physical media, there’s always the option of simply having a basic Linux server. (You can get dedicated Linux servers, that you have full root access to, for pretty reasonable prices nowadays. Or you can run one yourself in your home using an older desktop/laptop/raspbery pi/etc.) that you copy files to using scp or sftp.
It’s old school, but it works. And it’s secure (assuming your server is fairly secure).
What’s more, you can use this system to create your own backup scripts. Of course, that assumes you have a) the experience to do so and b) the interest/time to do so.
3. SpiderOak
If you prefer to use a service that’s fully administered by someone else but still has an increased level of privacy, there is SpiderOak.
SpiderOak is a lot like the other cloud storage services out there, but with one big difference: All of the data is encrypted and stored in a way that nobody can access it (including the SpiderOak team) except you.
Conceptually, that is fantastic. It doesn’t fix 100 percent of the concerns of using a well-known cloud service, but it does improve things dramatically.
4. NextCloud/ownCloud
If you want to have all the bells and whistles of using a big cloud storage service, but want be able to run your own server using 100 percent open-source and free software, there’s Nextcloud (and ownCloud).
[Nextcloud is a fork of ownCloud. Both provide, at this point, nearly identical functionality with a key difference being that ownCloud provides some closed-source components here and there, whereas Nextcloud is entirely open source.]
Both are incredibly easy to set up and will provide you with a simple (and, if you set things up on your server right, fairly secure) way to sync your files using a desktop/mobile application and access them from a web interface.
What do I recommend?
I’m hesitant to formally make a recommendation here. But I will tell you what I do.
I use NextCloud running on a dedicated (but fairly low power) server that I administer myself. That gives me as much control as possible over my files, though it does leave a lot of security up to me to ensure. My Nextcloud server, luckily, is fairly simple (very few services running, everything encrypted, all communication over HTTPS), but this does mean I need to be on top of any necessary security patches.
If that’s not your cup of tea, then using a service such as SpiderOak (or one of the Nextcloud/ownCloud providers) may be the right choice for you.