I think I've seen some other projects but forgot to bookmark them (or maybe I did but forgot to tag the bookmark...). Sorry.
Added: sadly, all those projects are about software packaging with a single-click installers. I haven't ever seen a project that'd strive to have installation and configuration recipes written in some configuration management language using literate programming techniques, so the recipe would act not as a mere set of instructions to the machine, but - primarily - as an article to the user, explaining what's going on, why it's so and where to tweak the knobs. Like those "set up your own server" blog posts on steroids, and with a "not interested in details, just do this" button slapped at the top.
http://freedomboxfoundation.org/
Still very alpha, but promising.
Here are some decent software I use. Not all OSS, unfortunately, but they still let me posses my data.
- Subsonic (music) http://subsonic.org/
- OwnCloud (files) https://owncloud.org/
- BitSync (files, begrudgingly) http://www.bittorrent.com/
- Apple Server (webserver/VPN/SSH)
- Lots of nice blog/web serving software once you get the web stack up and running.
Email's rough. Photos are also rough between either thumbnailing/cacheing all your photos, or multi-second processing.
It's also much more expensive to roll your own. That said there is a nerd-cred factor that had me set up owncloud on my personal domain. It's definitely a nuisance though hosting your own stuff.
Google's services, at least, are written assuming they are running on a million machines inside of a Google datacenter, with all sorts of dependencies on the infrastructure; worse (for the purposes of converting them to easy-to-install packages), they are written assuming the existence of Google SREs.
Everyone else is in the same boat, with software meant to be run on a datacenter and not a MacMini. You'd really need to start over from scratch, and first with a platform that can run on one to a million machines, then rewriting everything to run on top of it.
It's not impossible, but it's a lot of work.
[1] Such a movement probably already exists, in which case you should join it.
Could you point out what in any of these services actually depends on the cloud?
Email runs perfectly fine on single servers (Gmail). Network file storage is a solved problem (Dropbox/Google Drive/YouTube/various photo buckets). What these things are missing are dynamic web 2.0 GUIs, not backends. And the GUI doesn't have anything to do with the cloud.
The cloud is a huge innovation, but it isn't an innovation that provides anything for us, it's an innovation for centralized businesses. The cloud has absolutely no value until you're trying to serve millions of users on one service. Federated systems like email are perfectly capable of handling everything that the cloud does for you and I.
We don't need the cloud.
I'd love to have a comparable platform that I could run from my closet, but that's still in the distance. For now, cloud services are usually the best way to minimize cost.
Now a Mac Mini isn't the most fearsome server, so you won't get extraordinary performance, but it should perform good enough for for 1-2 concurrent users.
This is what I'm running now:
- Files (Syncthing)
- Email (Mail Server + Thunderbird / Evolution)
- Chat (XMPP/Jabber + Weechat)
- VPN (OpenVPN)
- Blog (Ghost + Telescope)
- Etherpad (document creation / collaboration)
- Mumble (voice chat)
- Tor (privacy)
https://mailbox.org/en also provides a (very reasonably priced) hosted version of OX
For those times we're offline, it may be possible to spin up a temporary cloud instance which downloads everything back to us and dies once we reconnect.
The only question that remains, then, is backup.
Of course Google et al. are working tirelessly to make this not possible (see Hangouts, FB Messenger, etc... all once federated XMPP services, now closed-garden proprietary services).
Unfortunately, that is not (fully) possible. Consumer internet landlines traditionally have an upload speed that is 10x slower than the download speed. Hence you will never get the same performance as a data-center hosted solution.
And bandwidth, like HD space, is always increasing.
It can run OwnCloud, Docker etc and already has iOS/Android apps for photos, docs, notes, media streaming.
Fastmail offers everything I need, great mail client, calander, contacts, notes, great app for both Android and iOS
I also got my family accounts on Fastmail, we ended up creating a family account so we can share folders, calenders, contacts etc.
yes, it costs money, but I think its worth it.
*) I'm not affiliated with Fastmail in anyway, just think the service provided is great.
On the other hand, Fastmail is great as an IMAP provider.
The web GUI etc. are OK but there are still issues, for example with non-English characters in the search. 2FA is kind of strange too with its mix between your password and the 2FA token. And spam filtering is of course not comparable with Gmail in my experience (with Fastmail erring on the spam side and Gmail erring on the false positive side, I don't know which one is 'preferable'!).
For example: just last month I discovered they can't reliably handle calendar events sent from outlook (you know, that tiny calendar server that no business uses). This made a phone screen a huge hassle to schedule. Somehow a meeting request sent as 3pm PDT / 2200 greenwich got loaded into my fastmail calendar as 2pm pdt/10pm bst. It's just flaky.
If you care about opsec, there are many reasons why you would want to use google services: e.g. a hostile actor will have an extremely hard time stealing your emails from Gmail while there's a might higher chance you fucked up a config on your self-hosted setup. Usually, as always, it comes down to smart compartmentalization and using the right tool for the job.
Personally, the ethical perspective is a much stronger reason why to stray away from data behemoths like Google and Facebook. First of all I believe the "usefullness" of many of these services is over-exaggerated: Facebook noawadays is more of a brainwashing service to expose you to "content" that does nothing more than dull your mind and keep you mindlessly scrolling and endless stream of irrelevant advertisements. But even if this isn't the case for all online services, some come at a price I am personally not willing to pay.
We are entering an era of digital slavery where our entire lives are managed by data monopolies that are bound by no rules other than those they create for themselves. I don't care how convenient these commercial services are, if the price is giving up the sovereignty of my data, and the core liberties of my human existence. I make a conscious choice to not be part of this system, and we will all have to face this choice sooner or later.
For more on this topic, I highly suggest Aral Balkan's talk from re:publica this year [1].
These companies don't have billions of users because they produce nothing of value.
If that value exchange doesn't work for you, just stop using it. But these strange posts about "slavery" and "liberties" just seem out of place. It's a corporation, like any other. What are you expecting?
Many corporations produce lots of value that is based on corrupt moral values: from companies doing arms sales in third-world countries (i.e. profiting from destruction and death in impoverished areas of the globe) to corporations selling animals parts as products (i.e. profiting from the ownership and abuse of sentient beings).
I'm not directly comparing Google to other truly evil corporations, but I will damn right call out ethically and morally flawed business models when I see them.
Regarding ethics: There is nothing ethically flawed about what Google is doing. They aren't selling arms or abusing animals so where does this line get crossed for you? They are in it for profit and can provide many of these services for free through advertising. Necessarily this requires an exchange of your general data profile for all the utility of their tools. If you pay them directly, then the privacy rules are different (as it works with many such corporations).
And you might not like to hear this perspective - but many really don't care. People share data about themselves at an exponential rate because the experience of sharing and the utility of the companies outweighs other concerns.
But you are perfectly free to go do your own thing. There's no secret Google police out to get you. You are not revealing some big conspiracy here, it's a well-understood exchange and many are just fine with it and many like you aren't. And it's all ok.
It's not up to you to judge what that value is and whether you think it's good for them.
Well, they are options. If one judges every alternative that might include the tiniest bit of inconvenience as "not an option", any try would be hopeless.
In fact, I would argue Android is the easiest Google product to replace, because it has a perfectly polished competitor like iOS.
I was playing with an idea of an "off-Google email delivery" for Gmail recipients. Basically they would get a short note saying that a reply to your email is available, please pick it up [here], with a link leading to a TLS'd page on a non-Google server. The same page would offer them an option of replying to the conversation right there if there's a need to do that.
I'm pretty sure this would piss the hell off some Gmail users, but that'd be exactly the point - to make them at least stop and consider that not everyone's a fan of passing all their communications through Google.
Is there anything like this out there?
However the recipient should know the password to see and reply to the email.
I switched from google search to duckduckgo. I still hit an occasional search on google but that's a percentile of the searches they got from me before that decision.
I host my own mail server. Yes I still have that gmail account for stuff that are not important enough to migrate and look it up from time to time but the majority of my personal email traffic now goes through my own server. They still get some of my mail if the recipient is a gmail account but guess what? It's not all of my mail.
I don't host files on Dropbox or the Google drive. I have my own owncloud server on the same box as the mail server.
I host my own jabber server for real time chat - mostly with my wife as a lot of people no longer use anything except google/facebook chats. I talk on IRC with tech friends/work, jabber for personal stuff and once in a blue moon I open up that g+ chat to check if someone wanted something from me.
I do my backups on tarsnap, feels great.
I run Linux for my work machine and OpenBSD for my private machine.
I do have an Android phone but I essentially stopped carrying it with me everywhere. I hate being a slave of the phone, no longer have a mobile data plan and I take the phone with me only when I really need to be reached.
Does Google know a lot about me? Yes. Are they still learning more from people I communicate with? Yes. The point is, they are getting less information. I already noticed a large quality drop in the accuracy of google searches/youtube recommendations for my account.
Side effect from all of this is that people in my close circle of friends tend to pick up some of the habits (duckduckgo & other small bits). You don't take down a giant with one stroke, you cut it up piece by piece.
You can use !s in duckduckgo to use startpage instead of duckduckgo, so you end up with google's results but avoid the privacy leak (so long as you trust ddg and sp).
> I don't host files on Dropbox or the Google drive. I have my own owncloud server on the same box as the mail server.
I prefer syncthing, and it's easier to stay on the local network. ownCloud has lots of features, but it's overkill if you only need a dropbox clone.
> I do have an Android phone but I essentially stopped carrying it with me everywhere. I hate being a slave of the phone, no longer have a mobile data plan and I take the phone with me only when I really need to be reached.
No longer have a mobile data plan either, that just means I read my emails and hn a bit less. Cyanogenmod seems to be a big improvement over plain Android privacy-wise.
> I already noticed a large quality drop in the accuracy of google searches/youtube recommendations for my account.
What do you need a google account for?
Also I don't know if companies are legally entitled to gather personal information based on ip addresses, but I use Tor Browser as my default browser so I don't feel threatened by that. On the whole the situation could easily improve if gmail actually had a proper competitor.
Actually, the reason Google search results are better is because they profile you and can relate the term to your usual searches. I doubt using sp would yield better results but no I didn't try.
> I prefer syncthing, and it's easier to stay on the local network. ownCloud has lots of features, but it's overkill if you only need a dropbox clone.
Thanks for mentioning syncthing. I don't remember why I crossed it off back then. Will give it a second look. Might be hard since ownnote got my wife off evernote so that's one big plus in favour of ownCloud.
> No longer have a mobile data plan either, that just means I read my emails and hn a bit less. Cyanogenmod seems to be a big improvement over plain Android privacy-wise.
The amount of work required to root the phone seems absurd to me. People say it's frictionless but all the materials I found on it so far didn't convince me yet to try. I might just be getting a dumb phone tbh as my next phone.
> What do you need a google account for?
Like I mentioned. Locked in by some people who refuse to use anything else. Partially work hangout chats included. Consider it a leftover that I log in from time to time to use a one off feature.
> Also I don't know if companies are legally entitled to gather personal information based on ip addresses, but I use Tor Browser as my default browser so I don't feel threatened by that. On the whole the situation could easily improve if gmail actually had a proper competitor.
There's a bigger problem. There are a few corporate players (apple, microsoft, google, facebook) which amount to almost all routed email. If they decide to drop email to your host you are essentially blocked from contacting them. They also don't play nice with spamd type daemons since they use an MX pool to deliver it. They could essentially kill all of us running home email servers in one go, that's why it's important for people to run their own. I hope someone won't look at a spreadsheet one day and say 'ok, it's now not a loss for us to ignore traffic from those guys/gals'. Think that won't happen? There was a time when you could use jabber to talk with people on google talk. Now there's no federation.
Don't get me wrong. The whole setup is both a burden & a liability as suddenly I am responsible for stuff that was done for me (security upgrades, proper configuration, monitoring, backups). That's the price I decided to pay for the ability to learn and control my own privacy. I may wake up to a hacked server - that's true. On the other hand I could wakeup to Google banning my account, then what?
I sometimes envy my friends who simply don't care because they don't know … and are happy as long as Gmail and iCloud are running.
Unfortunately, I am one person, and most don't care (http://boston.conman.org/2015/02/25.1).
After spending some time with ownCloud and pouring through it, I'll take the relatively superior safety, security, and privacy of Google. I encourage any doubters to examine the ownCloud source[1] and come to their own conclusions.
Migrate away from Google where you can, but do it in small steps with rational, informed decisions.
1. To head off the obvious response of "Then submit patches, make it better!": That's akin to walking into a home fraught by fire and mentioning the pictures could use a little dusting.
> I don't understand how you could possibly claim the Google Drive is in any way more secure than OwnCloud.
It depends on your threat model. Against the US? It's wise to assume it's game over, no matter what you do, here.
Foreign state actors? ownCloud is seriously pwnable. not quite so with Google services (unless that foreign gov't has an intelligence sharing agreement with Google)
Criminals? Again, ownCloud is seriously pwnable.
I'm a US citizen, so I'm primarily concerned with foreign and criminal actors (knowing that it's game over versus US intelligence), therefore ownCloud does not fit my threat model.
Have to agree with OP (who did audit the code as you suggest). PHP OwnCloud feels a bit like a janky duck taped mess. I'm always a bit surprised it works and it doesn't make me feel a whole lot more secure than using a provider like MS, Dropbox or Google. I just like running my own stuff which is why I use it.
The web interface of Seafile (https://github.com/haiwen/seafile) is written in Python/Django. The server is C, though.
As far as I know, most people who quit Google do it because they dislike Google mining their data, not because they don't think Google is secure.
Threat models and risks vary. SAAS offers aggregated data and appealing targets, though they may be well hardened. Much as I criticise Google, I find their claims of protecting data reasonably credible (not enough to be comfortable with it).
A distributed system with many known and unknown vulnerabilities and a readily determined network signature (nmap or similar) remains a bulk source. A determined adversary could scan all possible network space quite quickly and access data. With known targets -- monitoring your network traffic, knowing URLs or MXs -- they could target you directly.
NB: I haven't audited OwnClowd, nor am I particularly qualified to do so.
Special UI for storing private/public pairs in a browser (private key never leaves the PC) special javascript commands (assume some standard here) to invoke native windows which can not be controlled via js. sign, type message, encrypt. confirm this specific message is actually signed by specific person (pretty trivial in terms of coding and bulletproof UI, except for "public identity storage" part which exceptionally hard).
Looks like very simple htmlsomething standard could overturn all the state of modern web privacy.
[1] https://www.mailvelope.com/
[2] https://www.mailvelope.com/en/blog/gmx-and-web-de-launch-pgp
load scripts, css, images. show native window (clearly different than anything js can do) with that rich text editor inside. user types message in, system encrypts (and/or signs) the message. regular html page sees the result.
Obligatory warning: it's in an alpha state according to the readme, so you shouldn't use it yet for real.
I call BS on that.
What are the steps FB, Google, Apple etc have taken "in the right direction".
If anything it's only gonna get worse, what with expanding to the "Internet of Things" and such (not to mention future possible Google and Apple self-driving cars).
That sais, what I believe are the leaked documents, that haven't really been disputed and if anything were corroborated by tons of subsequent stories.
For the 'optimistic' stuff: Snowden doesn't have access to Google/Apple/FB etc, so what steps he says that they've taken since are the same stuff reported in the media that we too know.
And those steps are nothing to write home about. I see the same shit going on as usual -- only even more so.
(and if you are not in the usa, just assume it is realtime)
This is why everyone should probably have their own private email server locked down in their home. Postfix can be made pretty secure.
The problem is... it sucks. I'm doing this and - honestly - it's not very pleasant experience.
The dilemma is - either sell your soul to Google (Apple, Microsoft, whoever else) and surrender to their will for a glimpse of their proprietary innovations, or have to deal with basic (and somewhat ancient) technologies without much of support. Unless you hire a sysadmin to maintain that for you.
The thing is, popular services add some value, like smart email processing, reasonably-well maintained spam filtering, tagging emails (IMAP doesn't have this!) etc etc. It's all theoretically doable in DIY setups, of course, but entry barriers (time, knowledge) are huge, and in practice one'll likely to end up with only basic functionality that'd they'll end up eventually abandoning due to maintenance being a PITA.
</rant>
This, of course, requires that everyone use the hosted email client on that server, but it's worth remembering.
Personally, I (and everyone at rsync.net) just use (al)pine, so the hosted email client is very simple (and fast and efficient).
Or at least they log the ipv6 route within their own datacenter, or between datacenters.
So that is up for argument if it is traveling via their own intranet or "the internet".
(at least google uses AES TLS, yahoo still uses RC4)
I changed a lot of my habits since Snowden came out and I am perfectly happy with it.
Do you have anything that provides turn-by-turn navigation and live traffic?
I don't use coffee shops but if I did they'd only know about my coffee preferences and work patterns.
Google, however, with search, Gmail and Now alone knows everything about the lives of its users. And quite a lot about the lives of non-users with whom they communicate.
The more the likes of lavaboom, whiteout or proton mail sprout up from the ground, the more I feel it'd be simpler to teach K9 and GPG to `people' than having them switch over a new service that might or might not survive the next 6 months. At least for E-mail.
Email is supposedly a digital metaphor for snail mail. With snail mail, you receive a letter in your mailbox (which you check every other day), and you take the letter out, process it, and either store it somewhere safe or discard it (POP).
That is how email used to work. At some point things changed so you no longer regularly clear your mailbox, but you just open the letter, read it, and put it back in (IMAP).
Actually, you no longer get the mail in the mailbox. You call the post office and ask them to read the letter to you (webmail).
Running your own server just shifts your trust from Google to DigitalOcean/Linode/AWS or your residential ISP (even less deserving).
I wish we would stop this navel-gazing about which providers to trust and FUCKING ADOPT GPG ALREADY. It's been, what, 15 years?
#!/bin/sh
# /etc/init.d/firewall
IPT="/sbin/iptables"
IPT6="/sbin/ip6tables"
# Block Google
$IPT -A INPUT -s 64.18.0.0/20 -j DROP
$IPT -A INPUT -s 64.233.160.0/19 -j DROP
$IPT -A INPUT -s 64.102.0.0/20 -j DROP
$IPT -A INPUT -s 66.249.80.0/20 -j DROP
$IPT -A INPUT -s 72.14.192.0/18 -j DROP
$IPT -A INPUT -s 74.125.0.0/16 -j DROP
$IPT -A INPUT -s 108.177.8.0/21 -j DROP
$IPT -A INPUT -s 173.194.0.0/16 -j DROP
$IPT -A INPUT -s 207.126.144.0/20 -j DROP
$IPT -A INPUT -s 209.85.128.0/17 -j DROP
$IPT -A INPUT -s 216.58.192.0/19 -j DROP
$IPT -A INPUT -s 216.239.32.0/19 -j DROP
$IPT -A OUTPUT -d 64.18.0.0/20 -j DROP
$IPT -A OUTPUT -d 64.233.160.0/19 -j DROP
$IPT -A OUTPUT -d 64.102.0.0/20 -j DROP
$IPT -A OUTPUT -d 66.249.80.0/20 -j DROP
$IPT -A OUTPUT -d 72.14.192.0/18 -j DROP
$IPT -A OUTPUT -d 74.125.0.0/16 -j DROP
$IPT -A OUTPUT -d 108.177.8.0/21 -j DROP
$IPT -A OUTPUT -d 173.194.0.0/16 -j DROP
$IPT -A OUTPUT -d 207.126.144.0/20 -j DROP
$IPT -A OUTPUT -d 209.85.128.0/17 -j DROP
$IPT -A OUTPUT -d 216.58.192.0/19 -j DROP
$IPT -A OUTPUT -d 216.239.32.0/19 -j DROP
$IPT6 -A INPUT -s 2001:4860:4000::/36 -j DROP
$IPT6 -A INPUT -s 2404:6800:4000::/36 -j DROP
$IPT6 -A INPUT -s 2607:f8b0:4000::/36 -j DROP
$IPT6 -A INPUT -s 2800:3f0:4000::/36 -j DROP
$IPT6 -A INPUT -s 2a00:1450:4000::/36 -j DROP
$IPT6 -A INPUT -s 2c0f:fb50:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2001:4860:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2404:6800:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2607:f8b0:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2800:3f0:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2a00:1450:4000::/36 -j DROP
$IPT6 -A OUTPUT -s 2c0f:fb50:4000::/36 -j DROP
I also use Orbot, Text Secure and Red Phone on my Mobile.
The problem that I have is that despite talking up these to my peers, no one uses the secure channels. Even friends that created Wickr accounts message me on Facebook.
If you are interested in switching away from Google, take a look at https://github.com/sovereign/sovereign
It is ansible playbook to setup most of the stuff you need daily (and extras on top) on own barebone dedicated/vp server. Super easy to get going. (not "Install" button like easy, but nowhere close to pains of setting up mail server, making sure antispam and dkim signing work, etc,etc,etc)
I've done it (completely Google free). It's actually very easy to do and the comment about inferior UX is indicative of someone who hasn't seriously spent any time researching alternatives.
This article is just the author attemtping to justify to himself his unwillingness to do without Google services.
That's fine, if you want to use Google services you should be able to. Just don't pretend like everyone else is having the same difficulty moving away from them to make yourself feel better.
echo "address=/.google.com/127.0.0.1" >> /etc/dnsmasq.conf
Note this cant be done with standard /etc/hosts blocking since the hosts file does not support blocking subdomains unless they are explicit.
A critical mass of google bot boycotters could help tip google search into becoming so blatantly commercial that opinion leaders might finally consider alternatives.