
What's a good replacement for Google Apps in a NSA-poisoned post-cloud era? - josteink
These days, anyone who values their privacy are probably considering migrating away from US-based cloud-services... In an age of NSA masss-surveilance and service-providers getting hit with secret requests for information, it seems the only thing you can actually trust is open-source software you host yourself.&lt;p&gt;Does anyone have a good guide or experience moving from cloud-services like Google apps to a completely self-hosted open-source solution for email, contact-management and calendering? What about productivity tools?&lt;p&gt;Can you make all of this (more or less) seamlessly integrate with mobile-platforms?
======
calinet6
This does not exist yet, but I've been thinking about it for a long time. I
think we generally need to move away from a centralized cloud to a more
distributed cloud, where you can host your own applications on your own
server, encrypt and protect them as you like, and share them with whomever you
need via a secure API. You can imagine having a photo app, a social networking
app, video sharing apps, document apps, whatever people can build and deploy.

You'd need standards. Standard web service APIs, standard authentication,
standard privacy controls, standard database layer, standard encryption
between nodes. And that would take most of the effort off the individual apps
for handling all this. They'd just say "I have this chunk of data, and it's
accessible to these people" and if the everything checks out, the app can grab
it from whatever node it's on.

There needs to be this sort of operating-system-for-the-web on which people
can build distributed apps. Something like Diaspora is trying to be, but
without the limited social networking overtones. A platform where security,
privacy, distributed social networking, and sharing are the main concerns, and
the apps built on top of it more general.

It might be interesting. I've had this idea since about 2001 but never got
around to building something. Maybe it's the right time...

~~~
ErsatzVerkehr
Your idea sounds a lot like "the internet".

~~~
calinet6
You'd think that, but then, why doesn't it work this way?

It needs a bit more structure on top, a protocol that makes it easy to do
certain things in a standard way. Otherwise it's just clay and we're making
things that don't fit together real well. We need Legos instead.

------
saalweachter
1\. Use an email client with end-to-end encryption.

2\. Buy a notebook. They sell ones that have a calendar in the front and an
address book in the back.

3\. Use a stamp and an envelope. The USPO does not keep a record of all sent
or received packages. Public drop boxes are also widely available, PO boxes
which mask your identity from the sender, and third party mailboxes to mask
your identity from The Man. I mean, really, if you're going to send messages
to your mistress, girlfriend, lover, or wife, at least have the class to send
paper letters she can keep in a lockbox for her great-grandchildren to find
after she's dead.

~~~
QUFB
_The USPO does not keep a record of all sent or received packages._

I'm not sure that's true.

 _JUNE 7--A high-tech computer system that captures images of “every mail
piece that is processed” by the United State Postal Service was critical in
helping federal agents track the Texas woman arrested today for allegedly
sending ricin-tainted letters to President Barack Obama and New York City
Mayor Michael Bloomberg._

[http://www.thesmokinggun.com/documents/woman-arrested-for-
ob...](http://www.thesmokinggun.com/documents/woman-arrested-for-obama-
bloomberg-ricin-letters-687435)

~~~
saalweachter
Then I stand corrected! One of the memes floating around was that snail mail
was less tracked. I wonder if I assumed this applied to the metadata and
people were only ever referring to the contents.

~~~
calinet6
Less tracked, sure: I don't think they have the ability to see inside your
mail just yet.

~~~
gnosis
Even as far back as WW2 (and probably earlier), mail was being routinely
opened, inspected, resealed, and passed on its way.

The technology for doing this in a virtually undetectable fashion has been
around for a long time, and I'm sure it's far more advanced now. I very much
doubt that ordinary letters have to be opened to see their contents anymore.
It can probably be easily done using any number of scanning technologies.

The main problem for them is that it takes more time, effort, and money to do
this for snail mail than to just ask a company for a hard drive containing all
the emails and tweets of a few hundred million people.

On the other hand, a lot fewer people are using snail mail to communicate
these days. So total surveillance of the relatively small amount of snail mail
might just be done as a matter of course anyway.

Of course, there are some pesky laws presumably protecting the sanctity of
physical mail. But if you think spies have ever let the law stand in their
way, you live in a much rosier and prettier world than I do.

------
moreentropy
I'm in the process of moving more stuff to a self hosted server right now.
Sadly, this is almost impossible if you're not a seasoned sysadmin or willing
to learn a lot.

My setup looks like this:

Mail: Postfix/Dovecot/Roundcube

Setting up a Mail server is the hardest part i think. It's essential to
implement measures against spam and abuse. In my setup, this includes: \- Get
a valid certificate for your mail host and enable opportunistic TLS for SMTP
and SMTPD. \- Implement DKIM and SPF (and DMARC,
[http://dmarc.org/](http://dmarc.org/)) \- Use Blacklists: policyd-weight, but
look out for changes to public RBL services \- Reject Spam in the SMTP session
using Milters, never bounce SPAM. \- Use spamass-milter and clamav-milter to
Filter unwanted stuff. \- Use
[http://sanesecurity.com/](http://sanesecurity.com/) ClamAV signatures, in
Debian use the clamav-unofficial-sigs package

Instant Messaging:

[http://prosody.im/](http://prosody.im/) is a breeze to configure and it just
works.

Telephony / Video calls:

Repro is a secure and simple SIP proxy:
[http://www.resiprocate.org/About_Repro](http://www.resiprocate.org/About_Repro)

But: Resist the urge to install a VoIP PBX like Asterisk and connect it to
your phone line & the internet. It _will_ most likely be hacked and abused.

Security:

I've set up a self-signed CA using XCA
([http://xca.sourceforge.net/](http://xca.sourceforge.net/)). With a client
certificate on a smart card which i embedded into a USB token
([http://www.gemalto.com/products/usb_shell_token_v2/](http://www.gemalto.com/products/usb_shell_token_v2/)),
i can run around and plug this USB token in random machines and instantly have
my client certificate available in Chrome. This is especially nice if you
(like me) don't trust PHP software like the Roundcube Webmailer.

~~~
daemon13
Can you point to some good tutorials for starting with XCA?

The home ([http://xca.sourceforge.net/](http://xca.sourceforge.net/)) is quite
overwhelming.

~~~
moreentropy
I don't get most of the stuff myself. PKIs _are_ overwhelming. There are
thousands of flags you can set when creating a certificate it's not funny
anymore. I did a lot of trial and error until i had a VPN using my
certificates running successfully (that's what i needed the CA for in the
first place).

Maybe look for CA stuff in general or some TinyCA tutorial. I've used TinyCA,
it's exactly the same complexity as XCA, although I like XCA's UI better.

------
motters
I've been running my own web services for the last three years.

For email I use exim/dovecot/roundcube and am also experimentally using
Bitmessage

For social networking I use Friendica, and eventually I'll be on the Red
Matrix.

For dropbox type functionality I either just use plain old ssh or Owncloud.
Owncloud also includes a lot of other stuff such as photos and calendar.

For blogging I use Flatpress. It just works.

From a security point of view conventional email remains a problem. It's not
yet possible to function in the modern world without email, and trying to
persuade even quite technical people to use PGP/GPG routinely has been very
unsuccessful, since it's just too inconvenient for most people.

I've never used Google apps to any extent since I don't have much need to
collaboratively edit documents. But if I did then there probably are open
source systems out there which would do the job. Certainly if I was running a
business then I wouldn't even contemplate using Google apps, especially after
the recent NSA scandal.

I expect that readers here are more than capable of doing all the above, but
sadly the average internet user is still going to remain stuck in the
surveillance state with few other options to turn to.

~~~
igravious
I've been thinking about this in light of recent events. I was going to blog
about it but I'll jot down my thoughts here.

At the moment we have companies making all sorts of set-top boxes, games
consoles and media boxes which come in all sorts of shapes and sizes. It seems
to me that we can rely on corporations to build user friendly devices for us
to consume media.

What we (as citizens) rather than as consumers need is a comms box or a social
box or whatever it gets called. Some mentioned "personal data box" on here or
words to that effect.

We want (I'm going out on a limb to speak for other around here) secure,
federated and private communications: chat communication (instant messaging),
mail communication (email), audio communication (voice over ip), video
communication (video over ip). Also we'd ideally like our digital social
interactions kept secure, federated and private. Finally secure and private
online storage of documents would be nice if only for convenience. And to top
it all off what would be super-delicious would be a workable single sign-on
thingy for the internet age. Please, pretty please? We only have to solve this
once. We're at the threshold of the digital age, future generations will thank
us for solving these problems when the issues cam e to a head (as they are
now).

What is needed for all this is _open federated protocols_. And the
corporations that flog proprietary offerings have to embrace these protocols.
As far as I can see we have those protocols for email (smtp+tls+...?), for
voice over ip (sip), chat (jabber?), social (open soical?), online document
storage (?), single sign on (openid?)

We need all this in a box that people can just connect to the net via their
router using wifi or whatever. We need it to be peer to peer so that large
portions of it cannot be bought out and centralized after the fact. We need to
shout loudly when companies roll back on support of open protocols.

We need this in a box. My personal social comms box. I dunno. It seems like a
huge but vital need. But we only need to get it right once. We can't trust
those in power not to abuse this tech, there will always be an erosion of
checks and balances so we need to build a technical solution while we struggle
for better social and legal norms.

Who's with me?

~~~
visarga
Totally agree. The bad thing about blowing the cover of NSA is that now they
don't need to pussy around to keep the secret. They'll be much more brazen.

The good thing is that now we have momentum to change how we communicate. If
we don't, we'll lose this train. We have had research in anonymity going on
since 2000 but people haven't been motivated enough to adopt them en masse.

~~~
igravious
Yes indeed. We must use the energy created by this debacle to push forward
with change. Of course, those who do will be said to be in league with the
traitors and terrorists.

I should given an honorable mention Freedom Box in my previous post:
[http://freedomboxfoundation.org/](http://freedomboxfoundation.org/)

------
amirmc
Part of the problem is that there aren't enough people building such things.
We've all had the luxury of a 'free' offering, which can understandably stifle
progression of alternatives.

There are other challenges too. Decentralised services are probably the way
forward but that creates a new set of problems around identity, communication
and connectivity (things that are easier when everything just 'dials home').
User experience and design are also something that would have to be considered
for such products before most people would/could switch. Keychain management
will also be important to ensure security. Think of it like vaccines, where
you need to have a certain proportion of the population inoculated before you
can benefit from herd immunity [1].

If you're interested in a google-alternative that would deal with mail,
contacts and calendars then get in touch with me (email in profile). There are
a few of us who'll be building something and we'll need feedback.

Despite all of the above, I'm pretty sure that Hotmail is still the biggest
hosted email provider, followed by Yahoo and then Gmail. I can't remember
where/when I heard this though.

[1]
[http://en.wikipedia.org/wiki/Herd_immunity](http://en.wikipedia.org/wiki/Herd_immunity)

------
danso
If you're concerned that the NSA will catch you in their dragnet...why are you
using cloud-services at all?

To sync data with your mobile device? But doesn't the NSA already record all
mobile transmissions? What difference to the NSA intercept program does it
make if the data comes from Google Apps or your own open-source platform?

Would you still rely on cloud services for collaborative apps? Well, besides
the issue of whether or not the NSA is catching all data packets sent through
the fiber...you still have the weak point of any one of your collaborators
receiving and transmitting information insecurely.

So if the NSA is a main concern for you, why are you storing portable data in
anything else but a large flash memory key that you can use for any of your
devices on the road?

~~~
josteink
The nsa only collects information I send them over the internet via us-based
services. I live outside the US.

~~~
gnosis
I don't know what gave you this impression.

The NSA are interested in any and all sources of information, and probably
collect just as much or more of it from foreign sources than domestic ones.

Yes, the recent media hoopla has been over the NSA collecting information on
Americans in America. But that does not mean that the NSA is limited to
collecting information in America. Quite the contrary. Historically, they have
been more about collecting foreign intelligence abroad (ie. spying on the rest
of the world).

This reminds me of a quote: "You have a choice: you can live under US domestic
policy or US foreign policy". If you think you're safe or exempt under either
of them, you might have some surprises in store for you.

~~~
coopdog
But they can only get massive pipes of data via legally compelling a company,
which means they need to either have a footprint in the USA or US employees
willing to betray their company for their government.

I'd imagine using zero days to crack into foreign companies would only be for
the most specific of information, making them theoretically safer from general
abuse.

~~~
gnosis
_" they can only get massive pipes of data via legally compelling a company"_

No. They could simply ask for the data, without any compulsion. Most companies
are only too happy to help, and will bend right over -- especially after
whoever the boogieman of the day is has appeared on the news lately. They
wouldn't want to be seen as not doing thier utmost to help fight the good
fight.

Compulsion is the second easiest and second most legal way. This way is also
politically, legally and psychologically desirable for them, because they
would like to push the envelope of what is considered legitimate surveillance.

Apart from asking and compelling companies, they could just tap the fiber, or
use other direct and indirect methods of surveillance. This is really what
they do best, and what their original and primary mission has always been:
mostly to spy on foreign governments and their agents. After all, the NSA
isn't going to get very far asking or trying to compel China to give them a
tap in to their data centers. So they'll have to find some other way to do it.
And if you think they're going to have a hard time doing it in their own back
yard as compared to a hostile country, you might want to reconsider.

------
mseebach
If you're e-mailing people on the public internet, you're leaking your
contacts and patterns of correspondence anyway, even if you're using end-to-
end encryption. Even if you're outside the US, it's near impossible to ensure
your traffic won't cross through US controlled infrastructure at some point.

That said, Zimbra does all of what you're after, it's "freemium" open source
(meaning that it's a commercial product with a free community edition) and it
was fairly easy to deal with last time I set it up 4-5 years ago, presumably
it's better now.

------
justinschuh
Ignoring the dubious baseline assumption that your data really is at risk of
exposure, why do you think what you're proposing would make you safer rather
than put you at more risk? You still need to actually home your servers
somewhere, which means a colo or VPS that is subject to the exact same laws.
Do you expect the providers of those services to have the capability to fight
such requests better than Google, given that Google has a full time legal team
dedicated to doing so? What about the basic security of the provider itself?
Do you really expect that to be anywhere near the level of what Google
provides on its own systems? To top it all off, there's the maintenance and
securing of whatever you're actually running, which requires significant
expertise and takes quite a bit of time if you don't want your box popped and
turned into a zombie host (which is what is most likely to happen).

I've actually done what you're proposing for several years, and I wouldn't
recommend it to anyone. And I'm a well respected security professional with
the right background who knows all the tricks I'm supposed to do. It was still
a huge pain and time sink, which meant I often let patches and updates slide
more than I should. The real cherry on top is that all the three different
colo/VPS providers I've used were hacked at one point or another, causing
disclosure of my personal data and significant outages of my ability to
communicate.

My point here is that you're not being honest with yourself if you really
think you can manage this as a side project better than the full-time teams at
Google do. If you want to pick another provider of email, etc, then
investigate carefully and find one you're happy with. But I'd strongly
discouraging running your own services.

~~~
ef4
> You still need to actually home your servers somewhere, which means a colo
> or VPS that is subject to the exact same laws.

Nobody is going to dispute that a colo box is still vulnerable to targeted
surveillance. But targeted surveillance is not really the issue of the day.

From the NSA's perspective, the expected value of obtaining your data is very
small, but they'll bother doing it anyway when the cost is even smaller. Big
centralized providers are very cost-effective targets. A sea of tiny servers
operated by hundreds of different data centers, hosting heterogeneous
applications, monitored by hundreds of different individuals and organizations
are really not cost effective to surveil in bulk.

(I agree with the rest of your post -- doing it yourself is a major pain, and
no side-project is going to do a great job.)

~~~
justinschuh
I don't know why you think this. Requests for the contents of communications
are warrants (or effectively such). They're narrow enough that they target
individuals, and it doesn't matter where the data is homed. There's certainly
an argument to pick a provider outside the US if you're specifically concerned
about US policy (although I'm dubious of that argument), but then you still
have to investigate the provider's policies and the applicable laws in
whatever jurisdiction you choose.

------
coopdog
It doesn't quite answer the question but I've been thinking something like
Open Stack could be the future. You write your cloud apps for open stack, then
the user can select where they deploy it, be it in a family/community set of
open stack compatible servers, corporate servers or some trusted local open
stack service.

------
gnosis
This is a great question, but you should bear in mind that there's almost
always going to be a tradeoff between security/privacy/anonymity and
convenience.

Encypting your email and having to deal with key managment issues, and hosting
your own email server is going to be more of a hassle than just using someone
else's "free" cloud-based service.

Setting up and managing your own services is going to be a burden and a time
sink, even if you have the skills, knowledge, and copious free time to do it
all.

The question becomes: how much is your privacy and security worth to you?
Unfortunately, for most people the answer is "not that much". Nevermind that
most of them don't have the knowledge or skills to set up and manage their own
services even if they valued their security and privacy enough to sacrifice so
much time and effort to it.

The problems are magnified when you consider that most applications are not
built with security, privacy, or anonymity in mind. And when you have to use
these applications to interact with other people (most of which probably won't
be nearly as security or privacy conscious as you are), you're going to have
an uphill battle to protect your own privacy. For instance, good luck getting
your computer illiterate parents, friends, colleagues, and bosses to properly
use GPG to encrypt their emails to you.

This doesn't even begin to address the issues of privacy and security in the
"real world" as opposed to the digital one, nor of the digital footprints you
leave as you consume online information and media, and interact with others on
various forums.

The end result is that online privacy and security are largely becoming the
mainstay of the super-paranoid technological elite and the ultra-rich, who can
afford to hire security teams to take care of their privacy for them, and of
the technological outcast, who (willingly or unwillingly) manages to avoid
using the net at all.

~~~
danso
I think you've approached the question in the right way. There is no such
thing as security without a tradeoff...everyone who's ever traveled through an
airport knows that. The cloud is useful because it's so easy to share things
-- and that "leakiness" makes it inherently unsafe.

The NSA had its own easy-access problem lately...Snowden reportedly snuck data
out using USB drives, something that was purportedly banned after a 2008 virus
incident...and yet, some sysop apparently thought it'd be a good idea to let a
few USB ports survive, because the things are so damned useful. And now look
at what that wrought the NSA.

It's not just inconvenience that you have to put up when going for security,
it's the risk that the inconvenience will cause you to enact blind spots to
ease your day...and easing inconvenience was exactly the reason why people use
cloud services (and USB keys) in the first place.

I'm not trying to espouse fatalism (i.e. everyone just give up their data to
the G-men). Just pointing out that what the OP wants is basically a unicorn.

~~~
Zigurd
> _There is no such thing as security without a tradeoff_

The original implementation of Skype was convenient and secure.

~~~
gnosis
Skype was "secure", for some limited definition of the term.

It was secure if you trust a closed-source program made by a company that
could be decrypting your communication because they've got your keys, or that
could have put any number of backdoors in the program.

And it's secure if you don't consider the possibility of doing traffic
analysis, or the fact that most people are identifiable by their IP addresses,
etc.

If you lower your standards enough, I guess anything could be considered
"secure".

~~~
Zigurd
Starting with closed-source clients, yeah, Skype had limitations w.r.t
security and trust. OTOH, I don't recall a successful attack on Skype.

My comment was more directed toward the fact that ephemeral keys and P2P can
be secure _and_ convenient for real-time communication.

~~~
danso
However, the trade off is that whoever you want to communicate with has to
have that same client (Skype or anything)...no big deal, you say? just have
everyone use it?...well, once a service gets that much penetration, a company
will own the popular implementation, and then you're back to square one.

------
josteink
As for mobile platforms, iOS is obviously not a trust-worthy solution. Android
is OK, but has issues by being run by Google and core services provided
through them.

I'd love for a third viable option to pop up, but for the same reasons as iOS,
Windows Phone is out. FirefoxOS seems not quite ready at this point, and until
proven otherwise I will consider Tizen vaporware.

That pretty much leaves us with Android. While _owned_ by Google is at least
open-source. If you go super-paranoid you _can_ always make/get builds not
integrating with Google's services in any way.

Does anyone have any experience with making opens-source solutions for things
like email, calendering and contact-management integrate nicely with Android?

~~~
mtgx
Best would be to use a CyanogenMod ROM. I hear in the next version they plan
to introduce some extra privacy options:

[http://www.androidcentral.com/easy-privacy-may-be-coming-
soo...](http://www.androidcentral.com/easy-privacy-may-be-coming-soon-
cyanogenmod-incognito-mode)

Then TextSecure for SMS/chat, RedPhone for calling, and some other
alternatives you may find for other apps.

At least for now it might even help if you use services from small, unknown
companies, as opposed to services from the big ones, which are a given to be
the focus of NSA. But it may be a matter of time before they collect the data
(even if encrypted) from those, too, if they aren't already. It would also
help a bit to user services hosted in other countries.

~~~
ams6110
_It would also help a bit to user services hosted in other countries._

How so? At least in theory the constitution applies to US citizens and US
companies. With a foreign service you have no such claim. Historically the NSA
has always been concerned with communication into and out of the US, so if you
live the US and use foreign hosting you're essentially stepping right into
their spotlight.

Also you can guess that most other governments snoop as much if not more so
than the NSA does. It's just the nature of the beast.

------
magoon
It's possible for a company like Google or Yahoo to offer services without 1)
requiring that we identify ourselves; 2) profiling us; 3) keeping detailed
logs and data in a way that it can be mined and forklifted.

They just all choose not to.

------
gaetan
One solution is to host your own NAS. Synology e.g. provide for their NAS
multiple services that might replace some Google Apps: Mail server (Gmail),
CalDAV support (Google Calendar), Cloud Station (Google Drive/Dropbox), Photo
Station (Picasa), Audio Station (Google Play),… all these with VPN
connections. And you can easily install some productivity tools like CRM,
wiki, Wordpress, Zafara…

~~~
pknight
It doesn't come prepackaged with apache/php/mysql does it? I take it one would
have to install those. Tonido does most of these things, but there are some
limitations/complications when trying to install your own stuff I believe.

------
sandstrom
I considered switching to Fast Mail a while ago, but never got around to it.
It's owned by Opera Software, and hosted in Australia.

I'd prefer if it was hosted in Norway (Opera is a Norwegian software company),
but Australia feels like a better choice than the US (too me anyway, perhaps
others can chime in).

[https://www.fastmail.fm/](https://www.fastmail.fm/)

~~~
venus
Australia is a member of the UKUSA intelligence treaty, so you can assume your
mail there is under broadly the same scrutiny as in the USA, if not more so.

Frankly I wouldn't trust any commercially hosted mail service to be immune
from government monitoring no matter where it's hosted.

------
jaxbot
How about email in general? These days, one cannot simply host an SMTP server
out of their home, without it being automatically blocked by the big guys
(i.e. Gmail's servers block any non-approved sources, for spam reasons).

Of course, email in general isn't secure, and there's no way of knowing what
the recipient does with the message anyway, so this is a bit of a tricky
problem.

~~~
anizan
I know outlook.com wont block or more accurately auto assign mail to spam if
your domain has spf enabled.

Try this wizard for TXT record to assign to your DNS
[http://www.microsoft.com/mscorp/safety/content/technologies/...](http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/)

------
djim
You're assuming they are getting the data from Google. They are getting the
information from the internet backbone, not the service providers themselves.
Assume EVERYTHING on the internet is being recorded, regardless of service
provider. Setting up your own email solution does not even begin to solve the
problem.

------
seferphier
Related topic: [http://prism-break.org/](http://prism-break.org/)

Replace your workflow with open-source tools that aren't attached to
Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple.

------
forgotAgain
People seem very concerned about backdoors in Huawei equipment. Isn't it just
as likely that there are backdoors in US manufactured equipment. If there is
then there are two privacy solutions: end to end strong encryption, or become
a hermit.

------
firstprimate
I provide a service to manage a personal mail server. See
[http://appxecute.com](http://appxecute.com) for more details.

------
paul_f
A quick Google search turned up this:
[http://cipherdocs.com/](http://cipherdocs.com/)

------
awakeasleep
Between 8 and 14 sysadmins.

