Tag: cloud

My Personal Privacy Framework

Posted on by Dustin Fontaine

My Personal Privacy Framework

 

We live in a data-centric world, with constant services vying for our attention (or subscriptions). We know that data is being collected and given to various affiliates or government agencies, and it can be mind boggling to try to keep up with it all. Some people on the other hand, don’t care or are convinced they cannot do anything about it.

Now I’m not entirely naïve to think that you can be completely private without foregoing cell phones, TV, and everything else that modern civilization has to offer. You can however, take steps to control your data and more or less have a say on who sees what, if at all. This is a happy medium to me, and I’ve taken it upon myself to perform all the steps I outline in this post. You can take what you like or leave it be, whatever is good for you. I’m going to briefly mention each item and link so you may need to conduct your own research on these items to learn more about them.

Big Item: The Mobile Phone

If you have an Android or iPhone – which you likely do – you are already at significant risk. Google and Apple collect data about basically everything you do on your phone. You can however, obtain an Android phone without the Google services. This will require a lot of research beforehand and ultimately there are two wants: 1, a very active development community and 2, a vendor that actively maintains updates (which in turn, incentivizes the community). 

Typically I like to go for OnePlus phones, but I usually buy them used from Swappa. You can do some reading on your desired devices over at XDA to get an idea of how active the development is. You’ll then either want to flash one of the many roms you find there, or LineageOS. You can also opt for a Google Pixel (NOT VERIZON VARIANT), and install GrapheneOS.

At this point you’ll want the F-Droid Android store primarily but if there are certain proprietary apps you need to use, you can use Aurora Store to replace the Google Play Store – and you’ll likely want to install microG, which is an emulation of Google services. (Best to use the Magisk route then install the apk’s.

Of course there is still a certain amount of tracking just because you have to connect to cell towers in order to receive service and are subject to your agreement with that provider, so be aware of that. Of course if your ROM randomizes your MAC address that is one more thing to note.

Big Item: Email

Most big free providers (Google, Microsoft, Yahoo, AOL) will not encrypt your data and will likely read your emails to offer you advertisements *Ahem, Google*, but there are a few freemium options such as Protonmail and Tutanota that are zero-knowledge and have small mailbox sizes for free accounts you can try out. You can also use your own domain if you have one with their premium accounts so that is pretty cool. You can also self-host your own mail server.

One thing to note, business and enterprise Microsoft 365 are encrypted both in transit and at rest using Bitlocker – which TrueCrypt was retired in favor of. The cheapest option being M365 Business Basic at $6/month. It’s not entirely zero-knowledge, but it’s a happy “good enough” solution if you don’t want to build it.

Big Item: Cloud Storage

If you use the same big free provider for cloud that you do email, you’re subject to the same pitfalls. You can either self-host with Nextcloud or sync with Syncthing – or you can use a zero knowledge provider such as Sync or pCloud.

One thing to note, same as above, Onedrive for Business is encrypted in transit and at rest. Onedrive is included with most M365 plans.

Big Item: Password Manager

I’ve covered this in the past, but really if you don’t have one, get one. Don’t forget about delimiters in your logins  if the service supports it, and set up MFA

Other Items

Notes

Nextcloud has its own Notes app for basic notes and categorization. Joplin is a sync-able application that uses Markdown and supports nested folder structures. OneNote also makes a good contender and if you’re using Onedrive for Business it will be encrypted. 

Youtube

You can actually still use Youtube, just use a FOSS app like Newpipe or Skytube as your app of choice. Then on the PC, use container tabs or private browsing.  

Web Browser and Internet

Firefox, this is without a doubt the best – you can install the Container Tabs addon, which allows you to create containers to isolate cookies that various sites like to use to spy on your other activities. There is even one dedicated to Facebook. You could start by just categorizing things, not get too specific with every single website – banking, shopping, email, school are all good places to start. There is also always the option of private browsing. 

You might also consider a VPN, however there is much debate on what providers are actually trusted. Some educated recommendations would be Mullad, ProtonVPN, IVPN, and Private Internet Access.

Maps and Navigation

Okay you got me here. There are plenty of other navigation apps such as Magic Earth and OSMand. For actual navigation they do pretty well, but if you are looking for food in the area or any other random thing you’d typically use G Maps for – you’re best off opening a private window and just using that. Or you can temporarily install the Maps application if you really must. Using MicroG, navigation does work, just don’t ever update it or sign in, or save your home address, etc.

Chat and Social

Okay so, if you MUST use Facebook and other platforms, there are apps that limit how much data is being shared while still providing basic functionality in F-Droid. I myself use Frost, which does a good job of letting me do everything I need – though I don’t use the calls and video chat functions, and they don’t work on this app. There are other types of services as well such as Mastadon, but good luck getting everyone you know on it – and those you have yet to meet. You can also try getting people on Signal or Telegram.

Conclusion

So that for the most part is how I live my life. Feel free to ask me of any specifics that are not covered here or if you are considering a service in particular (I may or may not have referral links).

I’m also going to plug two more sites for further reading:

Privacy Tools website

Awesome Privacy List

 

 

 

 

File Encryption And The Cloud

Posted on by Dustin Fontaine

File Encryption And The Cloud

 

Before I get too far, let me just elaborate a little bit on what encryption is.

Think of a regular, everyday safe. You put your important documents or other items in it, then lock it. Now only someone that knows the combination (or has the key) can open it. File (and disk) encryption works pretty much the same way, you would encapsulate your data into a single file, or array of files that all have names something along the lines of cneu2382865j24 and nobody knows what that is and can’t access it if they don’t have the password to it.

Now I am assuming you, like many other people in this world want at least some resemblance of privacy, especially on your data. This can include anything from important legal evidence to honeymoon photos. Just things you don’t want others to see in general. The problem is, if you choose the cloud to  back up your data , you are in a conundrum. Ed Snowden mentions in his book that they really do look at all those pictures you send to your sweetheart. So how do you keep your data safe from prying eyes?

Switch Cloud Providers

The first option is to use what’s called a Zero Knowledge cloud provider. These providers encrypt your data by default meaning that garbled name you saw earlier is what they see on their end. You log in via your password, which opens the content to you over a secure connection. You can still share and upload and use apps on your various devices the same way you normally would.

Some providers

Encrypt Your Files With Existing Cloud

The next option is to encrypt your files then put them in the cloud. Now there are a few benefits and drawbacks to this approach and I want to make sure I cover them here. Bear in mind, this is a way to securely store the file, like you lock it away until you need it, not something that is frequently accessed.

A great upside is you get to use the same cloud provider you already pay for. This is huge if you already use a larger part of the service like Office 365 and want to still get use out of your 1TB storage on OneDrive. Even if you use a free service – if your data is small enough you can still store it.

The biggest downside is you don’t manipulate the data in your cloud provider though this is expected by design, if you share a link they get that same jumbled mess of a name and can’t do anything with it – unless of course you share your password with the recipient. You will also need to be on a platform that can access it, which I will cover in the instructions portion of this post below.

Another thing to be aware of is your storage limits. If you have a paid plan that gives you 1TB of data and you let it expire to a 5GB free plan, and your vault is say, 15GB, you will run into issues trying to sync it. Be sure to set your vault to a reasonable size.

I’m Sold! How Do I Do It?

I’m someone who likes to make things as universal as possible, portable even. I try to think of ways that a calamity might occur in which I am unable to use a service or product in the future, such as a company closing down or other scenario. I picked Veracrypt because it’s Open Source, so even if the maintainer shuts down, you’ll still be able to find it on some public archive site.

So now, download Veracrypt . Again, just to be forward thinking, save a copy of the installer somewhere ( also replace the most updated copy when your software updates). There are install options for Windows, Mac and Linux so you can share your data between just about anyone on any desktop platform.

I’ve set up the following folders to work with as an example, just imagine My Cloud to be the embodiment of whatever cloud storage you use, and adjust your settings to that folder.

Now you want to install Veracrypt, I’ve gone through this process myself and for basic storage purposes, you can leave all the default values and hit Next.

Once you open the software, you will create your volume, which you an think of as kind of a digital equivalent to a jump drive or external hard drive. It’s portable and you can carry it wherever you want – digitally that is. Again, these default values are perfectly fine for our purpose. During this process, you will want to pick a location for your volume, browse to your cloud folder and give it a name. Use the default encryption options, these are fine.

The next few screens are important though. You will create the size of your volume. This will be dependent on your size of your data, and you will want to be aware of your cloud storage limit. I’m making the example volume 10MB. Then set your password or passphrase (you are using a  password manager  right?).

 

Create Your Volume

(Slideshow)

Next be sure to actually mount your volume (this is akin to the act of plugging in your USB drive), I picked letter V for Veracrypt but as long as it’s not already taken, you can pick any letter. Then the drive will show up and you can place your documents into it to save within the encrypted volume.

(Slideshow)

Don’t forget to dismount when done!

 

 

Backing Up Your Mobile Data

Posted on by Dustin Fontaine

Backing Up Your Mobile Data

 

You may have noticed that I didn’t include Mobile devices in my previous post. That is because I feel it deserves a post of its own, partially because the data is managed in ways that make this, well, not an easy task. Especially considering the fact that “offline backup” is not a term synonymous with the modern mobile ecosystem.

Between photos, contacts, calendars, and random items you’ve downloaded in between you may have trouble finding a reliable way to get everything in one go. To be honest the easiest way is to rely on the services that provide the experience – so Apple/Google or some other major service you might prefer (like some of the ones in my previous post). Of course most major cloud providers will have their own apps and they should have some sort of auto-upload function. The only caveat to this is (depending on the service) it’s only files – not app data or contacts, so you’ll likely need to rely on more apps to provide that functionality for your preferred service.

There are a few ways to get around having to use a service you may not quite trust with some of your data. Perhaps one the easiest is Syncthing . It does require you to have another target device that you use as a “server” but this can honestly just be your laptop. This app is installed both on your computer/server and your phone. It will then generate a unique ID that is entered on the device to be paired and you start setting up your folders. If you pair this with any number of backup/restore apps on the store, it should back up to your other device. Of course you’ll want to save your ID’s in a password manager.

The good news is, it adds your Camera folder by default.

For messages, your best bet would be one of the many SMS backup apps like this one for Android. You can then set the backup folder to sync via Syncthing. For Apple, it’s likely that your messages are going to be synced via iMessage, but if not – iTunes is probably going to be your best bet for an offline backup.

Two other choices for Android Backup include Fonedog and Migrate. Fonedog will take backups of your devices on your computer, and if you do not select encrypted backups, it will copy your photos and videos as they are. Contacts, calendar, etc are backed up in .info files but can be exported from the app. It is paid, but it does do a lot, and is probably worth it. You can select different components though if you only need the backup/restore.

(Slideshow)

The other option is Migrate, this is ONLY for rooted devices using a custom recovery. It creates a zip file for you to flash in recovery to restore your data. I like this because it’s 100% offline. It has a helper app you have to grant permission for it to function and it does give a warning to test uninstalling and restoring apps before you try wiping your phone. I thought that was nice.

I’ve tested this one out briefly and it seems to work as intended. The apps are backed up and contacts are in a .vcf file, though the sms and call logs are in .db files which can be opened using a database viewer.

Backing Up Your Data

Posted on by Dustin Fontaine

Backing Up Your Data

Whether it’s family photos, professional work or sensitive legal documents, everyone in the modern age has some amount of data that is precious to them. Not everyone is entirely informed on the best ways to preserve that data though. In previous endeavors, I’ve seen people come to tears that their computers drive had failed after storing the last five years of their childrens’ lives on their computers. The fact of the matter is, the materials in these machines are finite and you have to expect them to fail. There isn’t a set time-frame so the sooner you take action, the better off you’ll be.

In this article I’m going to discuss a few different options, considering there really isn’t a one-size-fits-all solution. The option (or options) you decide on will depend entirely on how precious the data is to you, and how much it will cost to maintain the integrity of the data. Also it should be noted that I’m targeting the consumer class here, larger organizations I expect to have much more complex backup solutions.

I’ll start off by mentioning the most common solution – external hard drives. There are a few things to be aware of when choosing to use external hard drives. First, they fail too. Just moving all your data to a drive will not keep it safe if that is the drive that fails. Second, natural disasters – they can be damaged or lost in a fire. A decent solution to this if you want to be completely offline is to purchase two drives, one that you use consistently, and one that you store in a safety deposit box and update maybe twice a month or whatever time-frame you deem reasonable. Obviously you would be subjected to rent on the box, see your local banks.

Another option would be your standard-issue cloud storage provider. I’m not going to go into this one too much because most users are aware of services like Dropbox. However, there are a few things to consider on this, first is your cost, you’ll be paying a subscription to get any reasonable amount of storage. Second is privacy. It’s one thing to nonchalantly recognize that everything you do is being tracked. It’s an entirely different thing to read a person’s first-hand testimonial to the practice. No matter your opinion on the subject – you need to be aware that anything you upload will be visible to someone.

There are a few services that boast privacy such as Tresorit and Sync . You can also opt for a backup software that you designate the file structure such as Spideroak or Sugarsync.

Luckily there is a happy median to these solutions. I personally use a software called Duplicati. This software has been around for quite a while and has a large community of contributors that help to improve it and fix bugs. One reason I recommend this software is it runs on all the major operating systems – it just runs in the background and you open up the interface in your favorite web browser. You can set it to run the backup job on a schedule, and best of all you can encrypt those backups in-transit to many types of cloud storage. And there you have it, cloud + privacy. Win/win. The most important thing here is to store your encryption passphrase in a password manager (you DO use one, don’t you) so that it’s safe because it’s a two-way street – without that passphrase you can’t access that data either.

If you have the technical know-how, you can build out a Nextcloud server (a cloud storage solution that YOU manage) in your own home for a reasonable price, I do this personally, and have Duplicati backing up to a cloud storage I use every six hours. This is more advanced and requires you to have your own hardware, but it’s also the best way to have your cloud be completely private.