I like what Umbrel[0] is doing. They're essentially expecting that just like computing was able to move from centralized mainframes to homes, servers are poised to make the same migration.
I think they really need to solve redundancy, though. If I'm to self-host anything important on a home server, I need to know I'll have some way to use it even if my home server fails, especially if I'm not at home when it happens.
I'd love to see some kind of system where I could partner up with other Umbrel users for backups/the ability to restore connectivity. If I knew that in an emergency, I could call my friend in town or my brother out of state and there was some procedure that would allow me to connect to an encrypted backup of what I'm needing, I would feel a lot better about taking responsibility for my own system.
I'm working on self-hosting my own "personal cloud" (NextCloud with a few other services), and I strongly debated just getting an Umbrel, but this is what kept me from doing so. Instead, I'm going the DIY route with two machines, one in my house and one at my parents', and we're each going to have data replicated across both machines and encrypted at rest.
If Umbrel offered this out of the box, I would probably just use that to save me the time.
The only viable solutions today are true self host or what they call self hosting as a service, by selecting a trusted provider. However all the big names in tech were trusted providers at some point of their history, so good luck with that.
So almost nobody in the US or Canada then... I get 800/20 for ~140/month, including the $30/month fee for "unlimited" data. My other choices are starlink or DSL which are a fraction of the bandwith or speed.
I self-host everything that's "home-only" at home but use syncthing, rsync and a few other thing to replicate important data to a mix of S3, backblaze, google drive and some PVs attached to a hosted k8s cluster.
It works well enough.
My solution to this is to partner up with a couple of good friends who also run their own servers. We all hold backups for each other.
Backups also seem like a mostly solved problem; there's plenty of software that can back up a server to your own cloud storage account.
I hope we'll eventually be able to use some of the key storage/backup solutions being developed mostly in the cryptocurrency sphere. Like, multiparty computation (MPC) is agnostic to the type of key being created, and some of the social recovery methods being tested could be applied to parts of the key. Being able to protect your key from loss but also from theft is a hard problem they're highly incentivized to solve (and other people are highly incentivized to test/break).
If you rent from an actual data center, you pay for a ton of stuff you don't really need for personal backups. If your home internet goes out and you can't access your personal cloud for a bit, it's likely not a big deal, so you don't need the level of redundancy that a data center gives you. On the flip side, the premium you pay for professionally hosted storage is enormous compared to buying a hard drive.
They could offer a service that backs up your local Umbrel server to their central servers. This would provide reassurance that your data is backed up, and give them a revenue stream.
The problem with this is Google in particular hates it. If they think you are using bots in this way they will ban you from all of their services. I have heard that. I don't know if it is true but don't want to risk it.
If you're self-hosting everything like the person above recommends, then the only services that they can ban you from are the services that show you ads, which sounds like a win.
First, it hides (most of) the ads making the internet more tolerable. Then it "opens" them in memory and clicks on ALL of them making your profile worthless.
The last time I pulled up my Google profile, it said I was a 18-99yo, both male and female, and was interested in EVERY topic they listed.
It works in both Brave and Chrome but isn't available in the Chrome Extension Store for some reason.. ;)
No it isn't great. It's stupid and dangerous. It does nothing to make your data "worthless". You're only giving data brokers and the people who use them more highly valuable data to use against you. Please see my comment here: https://news.ycombinator.com/item?id=39043547#39044239
Obviously it's because “An extension should have a single purpose that is clear to users…”[0]. Given how "questionable" the reason is, I can't really think of a better endorsement.
Also Google is the one footing the bill, so if anything it’s unethical to not be running this.
I host my own nextcloud since a few years.
I mostly use it as an alternative for google photos/icloud photos, basically backing up all the images from my smartphone.
Hosting the instance is one thing, but setting up the automatic upload on your phone is another thing.
The automatic photo upload feature in the official nextcloud app is most of the time broken and slow. And on iOS you need to keep the nextcloud app open and the screen unlocked, otherwise it won't upload.
That's why I use FolderSync on Android, but I don't think the average user wouldn't want to set this up and might even misconfigure it, which could just delete all images.
And Nextcloud itself is just very slow. With google photos you can just scroll through thousands of images and easily find the image you took 3 years ago.
If i do this in nextcloud, I already had the following stuff happen:
- Your browser freezes
- The Nextcloud server (php-fpm in my case) OOMs (it used around 15-20G of RAM)
(The OOMs also often happen when syncing with FolderSync.)
I definitely wouldn't recommend it as a google photos alternative.
I'm not complaining as I didn't pay a penny for nextcloud itself (only the cost for the dedicated server I rent). And I still use it, as there is no better alternative.
But for the "mass" there is no convenient and comparable alternative to the "surveillance capitalism" services.
Nextcloud is good enough for me, as its the only viabke option, but IMO it doesn't cut it for leaving the other services at scale.
For calendar & contacts sync I use Radicale. Syncthing with a regular shared folder + camera folder + screenshots folder combined with Radicale covers everything that I used Nextcloud for.
However this is all on your devices, there's no web interface to access your files from other devices.
My camera devices are set to send only and while my receving devices are a tight knit send/receive group they're all set to the advanced option of "ignore deletes".
Makes it a bit of a pain to delete the file off of 3 servers, but now my laptop and my smartphone don't sync with each other and someone can't delete media off of my portable device in an attempt to destroy it if it's already been synced.
I tried Syncthing and it worked really well and it was fast. But I definitely want to have a webui, like Nextcloud, that's why this is sadly not an alternative for me.
(Though I use syncthing now for other stuff, where I don't need web access)
If your primary device is Android, please check out Ente[1].
We are an E2EE alternative to Google Photos. We had launched on HN[2] a while ago, and have been working towards feature parity. We aren't "there" yet, but hope to soon be.
If you've any feedback, please share it with vishnu@ente.io, I'd be grateful!
[1]: https://ente.io
Either way, will definitely be keeping an eye on your app, it seems ducking cool ;)
Have you tried https://apps.nextcloud.com/apps/memories - it solves all of my issues with photo management in nextcloud. (Together with the recognise app) I don't see why they haven't replaced the default photos app with this already...
I think improving the photos experience would have the biggest impact on home users, but nextcloud certainly seems to be chasing the enterprise/gov market in the EU? I'm not complaining!
But it is still worse compared to google photos/icloud photos/etc.
The issues I described above also happened with memories.
I think improving performance and memory usage in their webdav implementation would, by far, have the biggest impact.
Nextcloud is a fork of Owncloud, and Owncloud did the right thing to move away from php for the webdav implementation, though they are now rewriting it once again, which I don't really like, as they store the files and all information in some binary format.
Re: Escaping Capitalism
I've encountered the communal experience which feels magical, like "everything is made out of love." Here's the thing about that. Scale matters. Alignment of incentives matter. The communal experience is going to start breaking down at around 450 members or so.
The old Inca empire was an example of a large scale political organization which apparently worked. However, it also seems likely this also involved the killing of those who didn't cooperate.
Perhaps superintelligent AI will enable an alternative to Capitalism, as envisioned in Ian M. Bank's Culture books?
Maybe it's just me, but I think that'd be awesome! The limiting factor is power efficiency and battery tech. Of course maintenance would be a problem, but not with fault tolerant clustering designs. And there's the ecological issues of tossing hardware into the ocean, but at least there's no need for a cooling system...
How would this help? If the server software is actually trustworthy and the connection to it is e2ee then it really doesn't matter where it runs. And if it isn't, this kind of setup protects whoever owns it more than whoever rents space on it.
Then again, I don't subscribe to the notion of capitalist realism. Aside from the exported violence used to impose and sustain it, the model is flimsy and constantly in crisis.
Even if we had fully-automated systems providing plentify food and water, we'd need some ssytem, likely capitalism, to distribute still-scarce luxuries (e.g. beachfront property)
And if we had total post-scarcity (effectively infinite energy and Star Trek style energy-to-matter replicators), we'd just be fighting over scarce land as everyone fills up all the space with replicated junk.
If you compare agriculture 1000 years ago with agriculture today, we're already in post scarcity. I suspect the game theoretic mechanisms will keep it going for awhile yet.
When I look at the things I self-host it's mostly media (beets/navidrome/jellyfin/etc) and privacy/longevity-focused alternatives (photoprism/miniflux)
Only a few (huginn/archivebox/rmfakecloud/llamacpp) are for general usefulness, but the applications are pretty tech-heavy and not for the average person.
I wonder what applications would knock the socks off a non-technical person.
- ISP's need to give a permanent IP's and more upload bandwidth in "regular", low-cost internet plans or at least a "self-hoster" addition
- There needs to be a protocol standard to communicate with home routers for auto-configuring the network in a safe way to be able to access services and applications on certain devices outside of the local network. I don't think it currently is possible in a robust enough way
With those two things I can imagine dedicated appliances that are accessible enough for non-technical users. But the experience has to be as seamless as video game consoles in order to reach "the masses"
For access, i feel something UX-friendly powered by wireguard could do the trick. My own use is to just flip the "connect to my home server" button in wireguard and then I have access to everything. I leave it on most of the time but still have to toggle it if things get weird. Seems like that ought to be able to be wrapped in something prettier.
I def think a "box you set up" is the right way to do it.
Sneakernet meets the fediverse: https://funkwhale.audio
Time to hoist the jolly roger and plunder the high seas, friend
That's why projects that claim to "pollute" your browsing history like RuinMyHistory, noiszy, adnauseam, and TrackMeNot are not only pointless but also dangerous.
The data being collected about you will always be used against you, no matter if it is accurate or not. If your browser randomly browses to webpages that gets "this person is a muslim" or "this person is gay" added to your dossier it doesn't matter if it's true or not, when your next would-be employer or would-be landlord who hates muslims or gay people uses a data broker for "background checking" and sees that, you're not getting the job/apartment. They won't tell you why, you'll just be rejected/ghosted.
If you're a 40 year old man, but your browser add-on convinces a data broker that you're a 34 year old woman seeking an abortion, that data can still cause you end up the target of a lawsuit in Texas and it will take a non-zero amount of time and money to clear that up.
If someone in your zip code kills someone using a certain type of plant, or household cleaner/chemical, or medication and your add-on has been browsing sites about that thing, you can end up on the police's suspect list.
If you only make $30,000 a year but your add-on searches for yachts and expensive jewelry often enough to convince a data broker that you've got tons of money then it doesn't matter that the data is wrong, the next time you try to book a hotel or order something online you can still be charged a lot more than you would have been charged otherwise.
Handing extra fake data to people whose only goal is to use data against you is just handing them more ammunition. It doesn't matter if it's "garbage" to you, it's still something they can and will eventually use against you. You cannot know what will prejudice someone against you. The more data is in your dossier, the more opportunity there is that you'll meet the right (or wrong) criteria.
No data broker is going to look over your dossier and see that there's inconsistencies and go "Damn it! This genius has ruined my data! Now I have to throw all this data away as it is now worthless!" They aren't even going to look over your dossier. They're going to get paid to hand over a list of people flagged as being 'X' and your name/address/identity will show up along with everyone else flagged as being 'X' even if your name gets pulled up again when someone else pays that same data broker for 'Y' which is the opposite of 'X'. The data broker gets paid either way.
Targeted ads exist. People find them “creepy,” which implies that they are targeted based on factual data. Therefore, we know that data brokers are taking the more expensive route and collecting factual data (or striving to). They would not do this without a profit motive. Perhaps their data are being compared with a competitor’s to enforce quality… we don’t really know. But we know that they value the quality of their data because their customers do. Consequently, it must be the case that deliberately polluting their data devalues their product and erodes their business model over time.
> If you're a 40 year old man, but your browser add-on convinces a data broker that you're a 34 year old woman seeking an abortion, that data can still cause you end up the target of a lawsuit in Texas and it will take a non-zero amount of time and money to clear that up.
It will make the data broker look bad when the prosecutor finds out that they fabricated my abortion. It might be annoying and stressful for me but I'm sure I'll get through it. It seems like I would have the same response to everything except the illegal discrimination as mentioned. If this is the result of me running the extension, I only see upsides.
Knowing an SSN (US Social Security Number) was used like a password by banks and all kinds of organizations, but not anymore. Things change, albeit slowly, when society acknowledges mistakes. All of your examples rely on the data buyer trusting its accuracy. If enough people pollute the data, then it'll have no value. The data brokers won't be able to sell it because society will know that its garbage.
It’s clear and obvious that they do. If the data was made up, they wouldn’t be able to serve effective ads.
> If you're a 40 year old man, but your browser add-on convinces a data broker that you're a 34 year old woman seeking an abortion, that data can still cause you end up the target of a lawsuit in Texas and it will take a non-zero amount of time and money to clear that up
This situation would absolutely never happen, and I think it’s blatant fear mongering.
Realistically, you have to be very tech-savvy to properly avoid tracking, and pretty much avoid any modern social life. That already excludes most of the people in this world. And I, for sure, don't want to live a bunker-basement family life, with no outside fun. In the end, I'm not sure how to solve it, and probably making it worse with my pessimism. But is this actually a winnable battle?
If you live in a high risk area (like Mexico), and are middle class or above, then you need to do some advanced stuff because cartels have access to things such as your live phone location data.
Ultimately you can't escape surveillance in the general sense. You have a face (probably) and face tracking is ubiquitous and continuous. Google, Bing, and so on crippled their reverse image search for faces, but that misrepresents how good it is.
It certainly does to me. I can't plug all of the data leaks to these companies, of course, but this isn't an all-or-nothing sort of thing. Reducing the amount of leaking is still valuable.
Personally I don’t consider privacy important enough to worry if the McDonald’s app harvests my data in exchange for the free coffee.
This is true, but I think that reducing participation in a dystopia isn't necessarily a bad thing.
Almost all my friends who use social media are aware the apps spy on them. They all have an anecdote like they were talking about X with their friend and when they scrolled Instagram/Tiktok an ad for X showed up, and they all say (unprompted) that it's creepy. When I suggest to them that maybe they should stop using Instagram etc, or at the very least use it on the website, to prevent this, the reaction invariably an excuse to keep using it. You can't tell these people to use Nextcloud or whatever over iCloud. They would never do it. The only thing that'd get them to switch is to offer more convenience/greater network events.
Benjamin Franklin's famous quote goes "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.". With tech, the same maxim applies, if you replace safety with convenience.
Or, to be more upfront: I simply don't think blaming individual people (and deciding whether they "deserve" whatever) is very fair or productive.
People who are willing to forsake some degree of convenience can be granted greater privacy by simply informing them.
People who are seeking convenience will always be giving up something else. In this domain, they're often giving up privacy.
A lot of people these days are essentially forced to seek convenience. They don't have the time or money to spare to do otherwise.
EDIT 'addicts' is indeed a strong word, but how else can I say "they feel bad when they don't turn on tracking"?
It then goes into self-hosted, but wait why don't you just pay someone to self-host for you?
Bad article.
Some companies sell their privacy policies as a feature. The issue is that a lot of customers don’t really care about that feature and there’s no strong regulation to protect them.
Another issue is that a lot of people simply don't believe what companies say in privacy policies, with some justification.
Things which matter to people:
- Do you like moderators in a foreign country being paid $2 an hour reviewing your personal photos?
- Do you agree that your personal messages to a friend can be retroactively edited if you sent something that was "disinformation"?
- Would you like files on your computer's personal hard drive copied in to a commercial cloud service and deleted locally because you accidentally mis-read or mis-read on a single pop-up message?
- Would you like to read advertisements and news articles when launching your favorite application?
- Would you like those ads and news articles to become more invasive over time based on which ones you looked at last time?
- Would you like the owners of the app store you purchased your favorite app from make more net profit from the sale than the developer who built it?
- Would you like your favorite app to run differently than it did yesterday, without choice or warning?
- Would you like your favorite app to no longer be usable or downloadable because development ceased?
Even someone who broadcasts their personal life publicly, with strong signals of their wealth and where they will be to rob or kidnap them, will have issues with things in this list.
The provider of such a machine could also provide technical assistance in the form of: - DNS / domain registration - Host OS Updates - Encrypted cloud backups - Specialized router/firewalls to make it even easier to expose on the internet safely - Accessories like media archival equipment - Hardware upgrade kits
I mean really just https://oxide.computer/ but for consumers.
In our case it's not something we're pursuing near-term because well, part of the whole thesis is based on scale, so doing what we're doing but only for that doesn't make sense right now and we need to focus on the product we do have rather than developing additional products.
Technology minded individuals keep looking for a technical solution to this problem. I'm hesitant that a technical solution exists.
Unfortunately, I also don't expect Congress to promptly pass new legislation that competently addresses the problem. (I am more optimistic about the efforts by the EU and individual US states.)
Certainly, privacy incidents can occur due to mishandling of sensitive information (i.e., secrets, identifiers). Addressing these are a no-brainer and something that technology can and should address.
I interpret the article as addressing a second kind of privacy issue that isn't due to mishandling. Instead, it's part of the profit model for many major tech companies: advertising. In this case, the privacy issue isn't a mishandling, it's by design and explicitly disclosed in the Terms of Service.
(I can't say which one is a bigger issue at large, but I believe policy is needed to address the second issue).
I agree. It's Conway's Law on a national scale. In our advanced capitalist society, most governance is done by corporate hegemons (finance, insurance, real estate, marketing, etc), sometimes using the de jure government as a proxy. Our digital organization reflects exactly that!
It is revealing that the best form of digital identification for each person are (secret) profiles created+sold by digital surveillance companies, rather than a robust + transparent digital citizenship that is managed strictly by a public entity and the subject themself.
Some people react to the status quo by "running into the wilderness", either literally, or metaphorically by self-hosting everything. Either way, they often become digitally isolated and maintaining their personal kingdom becomes a lifelong task. It's not fixing the underlying societal dysfunction, just avoiding it.
Absolutely true. But as one of the people who do this, my response is: self-protection first. Then continue doing whatever you can do to make things better in the larger picture.
This is the way. As more and more ai is adopted, company and private data becomes more exposed. Businesses' intelligence getting stolen and shared with others is a no go for many rational business people. Self hosting is the way if you wish to keep your secrets. People too - you don't want your personal pictures, emails, and messages leaking into someone's prompt.
This seems to be becoming less and less of a drawback when compared to Google where exactly the same things can happen when people seem to get arbitrarily banned from their account with no recourse. Not to mention the recent push for passwordless keys that can be lost with the device.
Sounds like it would be better if anything because at least you have to pay for the data hosting, and so being encrypted there's no way for them to block you for entirely opaque policies or decide one day that their abuse heuristics don't like you any more.
In reality the primary friction to adoption with any of this entirely plausible tech is inertia. It's going to take something colossal fuck up to convince even a large minority to bother using non-free alternatives.
This is already a pretty common pattern in the cloud, just the same business entity owns all three. You basically need legislation that says business entities must interoperate with different data storage or key providers.
So you can subscribe to gmail from google and they store your data in Amazon or maybe EFF's data storage provider. You can then get fine-grained audit trail of how and when your data is accessed.
We can then come up with standard rules like maybe your data is only accessible without your end-user credential (i.e your computer+password) for law enforcement or limited operational activities described by the provider and approved by you(or your delegate).
Everything I rely on is local. No reliance on remote services or companion apps.
It is not like I haven't tried.
I tried apps. But I failed to become addicted.
I always end up accessing the endpoints from a laptop instead of a phone because it's easier and more flexible.
I find a UNIX-like OS I can modify, compile and control paired with full-size keyboard and display to be more versatile. I still use offline storage.
When it comes to the prognostication of so-called "tech" bloggers/journalists, "we" is not me.
There was a story yesterday on HN about a school that does not allow smartphones. It described a multi-day school trip where no phones could be brought. After a short time, the article suggested none of the students missed their phones.
This is how I see "services" and "companion apps". After a relatively short time without, people would forget about them.
Whereas I am not going to forget about a UNIX-like OS that I can control and jump on to some new trend where I cede control to someone else. I rely on being able to control the computers I own. Giving away control is not an appealing proposition. The people marketing these "solutions" are certainly not ceding away any control. Instead they are gaining it over other peoples' computers in spades.
An hour ago I walked into a Post Office somewhere in Scotland. I was immediately greeted with a screen hanging down from the ceiling.
Onn the left 75% portion of the screen a bunch of different camera feeds and on the right portion, running vertically - still photos of my face and other customers faces who were currently in the shop.
…And next to these still photos were things like:
Age: Middle aged male Emotion: … Glasses: No Etc.
I asked the shop keeper why they were showing this, and I was met with arguments like ‘these are everywhere’, ‘airports have them too’.
I replied that an airport is understandably doing this, due to being a terrorism threat. But this was a small Post Office in a tiny village town in the countryside. So like comparing apples to toilet paper.
I asked why the camera was trying to guess my emotion. To which I was replied to ‘if you are doing nothing wrong, you have nothing to worry about’.
Society has been so conditioned into the assumption that what we have today we will have tomorrow. Except in a world of potential Trumps, Xi Jinping, Putin and more… we are setting ourselves up for the complete unknown of tomorrow.
This 1984 Scotland is now a place I feel like the reason to live has been dwindled down to just pure existence. I don’t think I had ever felt quite like this before this trip to the Post Office today. Life doesn’t feel like ours anymore. It’s someone else’s. The people behind the surveillance and the conditioned people who normalise it.
Just because the technology exists, shouldn’t mean it needs to be used. When will people ever start respecting other’s privacy? And when will people ever give a damn about it.
If this is already where we’re at in 2024, where are we all going to be by 2030? Is life as full of the same point today than what it was 10 years ago. And will it be less full of point by 2030.
Edit: typos
An alternative more practical guide is Derek Siver's "Tech Independence" which as other's have noted has many dependencies.
