The usual argument for using "cloud" over managing your own files/data is that it's very hard to safely manage your own data without making mistakes (data loss, etc). However, this is an example of how companies like Google also make mistakes. Furthermore, when Google/FB makes a mistake (like leaking your private data) they do it at a global scale.
I offboarded myself from all of Google's services a while ago, but I also think "cloud" is dead, at least in the cases where the cloud service holds the encryption keys on my behalf. I don't trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.
> The only question is, is your cloud provider less likely to make mistakes with your data than you are?
No, the second question, which is a multiplier of the first, is how catastrophic the mistakes can be. Google _can_ accidentally do much worse things with your data, but it probably much less likely to make mistakes with it in the first place.
Other worst cases - you leave the firewall wide open, and some script kiddies steal the photos, replace them with kiddie porn and refer you to the police.
This is a risk regardless of where I store my data. If I have a machine with any local storage of any kind at all, then someone could break in and store stuff there.
So this is not a differentiator between storing your own data in the cloud and locally.
Exactly, the solution of the problem is to only give encrypted data to cloud companies. This way they cannot collect any additional information from your data.
Then their data is gone. Now you just have to figure out what's worse for you. Somebody else getting your data or losing your data and you know whether encryption is for you.
That’s a very dismissive attitude. If you want to make the world a better place, you have to accommodate the average user; One can’t say, “you’re not smart enough for our service.”
If you’re serious about the security of your data, you
need to know how to pick a password you will remember. There are things in this world that we ask of average people that are far more difficult. In 2020, picking and remembering a password should be table stakes at this point. It’s not 1997 anymore.
The key word there is “if.” Most people don’t care about the security because they’re unaware of the risks involved. Stories like this blow over in a week or two.
Most people don’t want to lose their stuff because they forget a password. That’s why unencrypted data and password resets are a thing.
What we as tech people should be doing is educating and helping those people. Set your family up with a NAS for local backup and have it mirror to, say, Backblaze. Set your parents/grandparents up with a password manager. Etc.
For most people, self hosting their own data isn’t even an option. For the subset of privacy concerned people who have the technological knowledge to self host, making mistakes with their data is not “orders of magnitude less likely”.
> For most people, self hosting their own data isn’t even an option.
I'm trying hard to invalidate this with PhotoStructure. My goal is to be installable and usable by even my least-computer-savvy family members.
Although there are desktop installers, users can move their library to a NAS, rPI, oDroid, NUC or a VM in the cloud--anything that can host 64-bit docker images--but only if they want to. Everything in your library works cross-platform because I didn't want to be tied down to any OS or hardware.
How are photos added to the library? I had a quick look through the PhotoStructure website and it looks interesting, but I haven't seen this answered. For me the appeal of Google Photos is that all my phone's photos get uploaded when I'm on wifi.
PS: There's an image that can't be loaded on the confirmation page when registering for email updates.
PhotoStructure imports files that are available to the device that it runs on: local files and anything mounted via a network filesystem (like AFS, NFS, or SMB/CIFS).
I use SyncThing or Resilio Sync to send my phone's photos and videos to my NAS. When I'm on vacation with limited bandwidth, I add a sync node on my laptop (which is connected to the hotel WiFi), so my phone syncs quickly to my laptop next to me, and then through the course of the day, the laptop syncs back home.
Although it's certainly more convenient to have everything wrapped into one app, I think there's an appeal to being able to choose the tool that works for you. (In other words: it's much less code I have to write and maintain--writing battery-efficient, stable background jobs on both iOS and Android are a PITA!)
> There's an image that can't be loaded on the confirmation page
Are you using ublock origin or a pihole? Those block most images coming from mailchimp.
I see, thanks! And yes, I agree on the app part. Which is where Google Photos' value lies for me as it is rock solid in that department.
I'm currently running both syncthing and Google Photos to store my photos. syncthing is great once it works, but it is definitely not something I would expect a family member to be able to set up.
In any case I'm very much looking forward to see where PhotoStructure is going. I've set up a reminder to give it a try.
Is PhotoStructure a web app, or something else? I looked through the website and signed up for the beta, it seems interesting and is going on my list of possible Google Photos replacements.
Only because you're thinking as "self-hosting" to be setting up a server, etc. Before cloud-connected security cameras, every cam system owner was "self-hosting", even if that mean the cameras just recording to a local box.
> I don't trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.
This is a very black and white way of looking at trust. Trust is earned, it can be broken, it can be rebuilt. All human relationships are built upon trust, and it is fallible just like anything else. To have trust is to create vulnerability. However, just as you mention, that vulnerability comes with an upside.
What you are saying is: because there is vulnerability in trust, you should trust no one.
Most direct human to human relationships don't come with a 40 page privacy policy and terms of use that they reserve the right to change on a dime. A rational stance is not to trust anyone that requires you to agree to a bunch of legalese without having a lawyer review it first.
I get an absolutely endless parade of other people's data to my gmail account. Doctors send me MRI scans. Bankers send me foreclosure notices. Airlines send me tickets. Undertakers send me condolences. The preponderance of evidence suggests that relying on individual vigilance on a large scale does not work as well as relying on the vigilance of large organizations.
I assume that this not because Google is midirecting email, but rather because your email address is quite close to that of others.
Mine is just my last name @gmail.com. It is a rather uncommon name, and I've met many others with that name, as I've accidentally received email intended for them.
> Mine is just my last name @gmail.com. It is a rather uncommon name
I'm in the same boat. And uncommon, but not rare. I've gotten emails intended for my brother. One time, I got a collector emailing about something with a rental car crash that I previously got confirmation email for. Recently, a Dutch woman discovered email and think she has my email address. It's amazing how many websites don't verify email addresses.
Some asshole bought a Lexus and entered my email address. I now get his loan statements and service reminders, on top of the advertising. They are all from noreply@, of course, and I would need to know the password to the account to unsubscribe. Sure I could reset it, but I'm not actually sure if it's legal?
What does “double-verified” even mean? Though, in case you were wondering, GDPR requires continued consent for companies to use your email address; they have to delete it if they don't keep getting permission to keep it.
"Verified double opt-in" is a term of art in the world of email. It means you provide your address to consent to emails and you confirm the address with a link sent via email.
Your comment is quite anecdotal I would dare to say, and anyway the scope of single individuals messing up is quite, quite smaller than the scope of $LARGE_COMPANY. Even if you sum all those individuals.
The potential impact of a large company screwing up is massive. The risk is lower.
I would assert that the probability of an individual overexposing their own data in any one year period is probably close to 75%.
In my neighborhood, 5-6 cars are broken into every week, because the owners don’t lock the doors. If a process that simple isn’t handled well, folks aren’t handling more complex/abstract processes.
"I get an absolutely endless parade of other people's data to my gmail account."
Same. Part of it is just incorrectly addressed emails sent to my primary address. The other flood of emails I receive is on a domain where I've got a catch-all, and I regularly receive emails intended for recipients on a similar domain.
My email is firstname.lastname@gmail.com. Both my first and last names are not super common, but off-late I'm seeing multiple people with the same combination when I google my name. I get bank statements from 3 different banks, job offers and even the occasional nude selfie - all intended for someone else. I have tried to reply, click on unsubscribe links - but nothing seems to work. It stops for a few days and it starts again.
I'm somewhere in-between your experience and the parent's. I've had 2-3 instances where it appears that someone put my email address on their account by accident, and I got their auto insurance claims, etc. There was no "click here to verify this is your address" email sent for those.
I also got a lot of email for a high school reunion where the school was named after someone who shares my name... And people routinely left off the numbers in the email address, ending up with mine.
The rest of the not-mine emails all look like phishing attempts to me, and not just mistakes made by some office worker.
I have firstname + two letters @gmail which rarely gets wrong email but then back from the nineties got firstnamelastname @ Hotmail.com which properly get at least one misdirected mail a month.
I, too, was a fan of Google Photos in the early days. But I've decided that privacy is more important than the convenience of its syncing feature. You never know how that data might come back and bite you in the future.
I have an iPhone but I don't use iCloud's backup or sync feature either, I just store my photos locally. I backup my iPhone to my iMac, and I backup my iMac to my Synology NAS in my closet. I try to keep my private data private.
One of the favorite features I have of the Plex Server, is that the Plex app will automatically back up photos on your phone to your Plex server, which can run on Synology as well (mine's on an ODroid HC connected up to a multi-TB drive with backup drive).
As someone for whom this was a bridge too far, thanks for the information. This is a useful alternative to pull it local and still get the syncing that was the reason I let Google photos mostly do as it pleased after I got a Pixel.
I've submitted a feature request to the Photos app team for syncing to a network share as an alternative to iCloud. The Files app recently got network share support so here's to fingers crossed that Photos can get it too.
Edit: I want Photos app to have this feature. Other apps can do it on iOS but they have to play location services shenanigans to get it to work in the background and I don't do that. The Photos app has special abilities.
Fastmail for mail, and I use git for most document-type storage. If I absolutely need a spreadsheet, I just use Apple's Numbers which is mostly crap, but good enough.
Another vote for Fastmail. They also have a very simple one-button import option for your gmail emails. The web UI is fast and simple. I love it. I tried ProtonMail, but there are numerous drawbacks because of full E2E (Must use their email clients on mobile, web client on web and bridge on desktop. Migration from ProtonMail requires to use their beta software. Full text search doesn’t exist - yet).
Fastmail is good but I bet the Australian government is vacuuming up everything you send/receive. I’m considering ProtonMail again now that there is calendar
I use Restic Backup to backup to a supported object storage and now setting up another provider (or VPS which will be slightly tricky) via Borg Backup (for the same data). The most important of that (~1GB) gets backed up to Tarsnap too. And once copy gets backed up to my local hard disk.
Once a while if I have to share any photos with some friends I send them an iCloud link and then remove the photos once they have either downloaded or seen.
I know there's a risk of losing the data if I forget/misplace the key(s) and my hard disk dies (at the same time) but then I could forget my Google credentials too, or worse still (with a higher probability) I could get locked out of my Google A/c and I don't know any Googler, neither do I have too many Twitter followers.
It's been worth it and once setup it's been running smoothly for over a year (across 2 laptop changes/data migration).
For consumer products, the cloud makes perfect sense. Scaling, performance and orchestration make it a perfect fit. And who cares about the few things that fall into wrong hands here and there...
Our business, on the other hand, works closely with government agencies, insurance companies and similar institutions, and the cloud is an absolute no-go. All sensitive data on-premise on the intranet. No need for change.
I believe many people are not aware yet, that things in the cloud cannot be controlled, or they consciously accepted that. Many companies won't take this risk.
I would like to say that Nextcloud, while it is not trvial to set up, is very very good at helping you set up the server securely. They additionally have a way to testing your server to make sure you did set it up, and helps you to correct issues.
I would love to see Nextcloud create a "time machine" type box, where it runs both as your router and as a "home cloud" service. That way it would be much easier to configure it as a public facing service.
The only problem is that the server is written in PHP, which has had a history of bad RCE bugs (and an RCE bug in this context means all your personal data is accessible). In addition, NextCloud has had several pretty bad bugs related to authentication (such as bypassing 2FA, by pressing "cancel").
Don't get me wrong, I still use NextCloud, but you can only access my instance through a VPN (or by being on my home network where my server runs). I would suggest that everyone else does the same if you're hosting your own data.
I have been using it for 4 years, and I recall one in the past year, but Nextcloud was loud and clear on making sure you had to upgrade. It was even nicer with auto updating on Debian, I didn't have to do anything to get my server patched (I just went in to confirm it was patched).
[1] shows 143 code execution CVEs in the past 20 years. Now, to be fair, this site has been known to misclassify bugs in the past and it's likely that most of those bugs don't apply to NextCloud or weren't even RCEs.
However it's hardly unheard of for PHP to have RCEs. Usually the RCEs are in programs written in PHP, but PHP itself is hardly blameless. For comparison, Python has had 5-10 code execution CVEs in the past 10 years.
And again, I'm not bashing PHP or NextCloud here. I would probably also firewall NextCloud if it was written in Python. The only thing protecting your data from being public is a single service that you are running and gated by a basic login form -- I personally feel much safer with it behind a WireGuard VPN.
Google introduces a different set of risks and failure modes. It may shut down the service you are relying on. It may lock you out of your account for confusing reasons.
Which isn't to say that you shouldn't use it, just that you are exposing yourself to different risks, and you should take steps to mitigate those risks. Primarily by duplicating your data other places.
I used Fastmail until they randomly deleted a large chunk of my emails and the support followup was abysmal (one email a day around 4am EST) with no ability to recover, explanation or apology on their part.
It was the push I needed to set up a Mailinabox instance. It was a breeze to install and has been working great since I spun it up four months ago.
Emails were deleted August 23rd, across a wide variety of folders, all at the same millisecond (when I later pointed this out and how difficult it would be for me to do this accidentally, they did not comment).
Noticed on October 4th. I'd noticed some emails weren't turning up in searches but I chalked it up to my bad memory until there was one I knew for a fact should have been there. It was Oct 22nd by the time we got to any sort of conclusion, which was basically "there's nothing we can do for stuff that far back but I'll try to restore any recently deleted emails we can find". Getting details/logs/info from their support, even after they escalated to a higher level, was like pulling teeth.
They restored a bunch of things I'd actually deleted but they were all stuck in Draft mode, took till Oct 31st for them to sort-of fix that mess.
I set up the Mailinabox somewhere in that period. I still have my fastmail account because I wanted some overlap to test the MIAB before committing, and I'm getting ready to fully pull the plug before my next billing cycle.
It was a good lesson in setting up regular backups and not trusting any provider. I found Fastmail great to use until that experience, and I could see them being useful as a relay to send through trusted servers, but not worth my money to deal with the terrible support.
This is really unfortunate. I've been using Fastmail alongside Gmail and thought about switching over completely to the former at some point, just haven't come around to doing so yet. I'm glad you shared these details -- always good to know how organizations respond when things don't go as planned, as opposed to what's stated in their marketing materials.
Where are you hosting Mailinabox? I've always wanted to use it instead of gmail/fastmail but all I find are the generic use DigitalOcean, etc tutorials and I'm wondering what somebody actually using it has it set up with, what are the specs? Thanks in advance!
I had an extra Linode instance (Nanode 1GB: 1 CPU, 25GB Storage, 1GB RAM) laying around that I'd previously tried to manually set up a mailserver on. So I just reset it to the OS/version Mailinabox specifies, ran the install script and followed the rest of the instructions (https://mailinabox.email/guide.html)
It really doesn't need much, and the guide is very complete. Took me a Thursday evening plus some waiting for DNS propagation.
Not OP, but I use Mailbox.org. They have a neat feature where you can give them one or more PGP public keys and they encrypt the bodies of all plaintext emails to those keys. It's not perfect (you're still trusting them to not be compromised) but it means even if your account gets taken over, your email history remains private.
Didn't Australia like pass a bill or something that compels corporations like Fastmail to give the government any and all encrypted communications if they ask?
This is one of those stories that had no relevance in actuality, yet gets brought up in nearly every single mention of Fastmail: The bill applied to a requirement for backdoors/the ability to decrypt data. Fastmail was never E2E encrypted in the first place (like Gmail, Outlook, and most other major mail providers), and hence, Fastmail was always required to comply with lawful requests for your data.
It’s always relevant because the world has a good idea how the Australia treats data privacy and security. Their elected officials are shooting their tech sector in the gut
It seems from another world when I see people paying with money for products. I don't know why, maybe because I'm very cheap, but I'd never do this when I can pay with my data.
I offboarded myself from all of Google's services a while ago, but I also think "cloud" is dead, at least in the cases where the cloud service holds the encryption keys on my behalf. I don't trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.