Part 1: The “Why”
If you’re reading this, it’s very likely you have at least some idea as to what someone means when they use the phrases “metadata”, “Cambridge Analytica”, “Five Eyes”, and “Mass Surveillance”. The associations, connotations, related politics, and nuances should be fairly evident for everyone else, but for those that need a refresher:
The last decade-plus of news relating to leaks, breaches, and misuse of personal data by companies included under the FAANG banner (and many adjacent ones) are well-documented and easily understood. Their impacts are far-reaching and the depth of that same impact is still being ascertained (if not actively exploited by hostile independent and nation-state actors). Data breaches, disclosures of personally-identifiable information (PII) and Patient Health Information (PHI), monetization of “anonymized” personal data (such as search histories, browsing habits, purchase histories, etc.) — the list goes on.
The major reasons for escaping Alphabet’s ecosystem for me are fairly straightforward:
- I want total control over my data (and associated metadata)
- I want to de-monetize my personal data (and associated metadata)
- I want to prevent (or at least severely curtail) surveillance and tracking mechanisms
- I want to increase my technical competency by running/managing my own services
By engaging in the work of extricating myself (and my data) from Alphabet’s ecosystem, I’ve been better able to better understand and explain the inner-workings of the Internet and how to better explain it to others.
Part 2: The “What”
In thinking about how best to achieve these efforts, I began with creating an inventory of what exactly I needed from various services and how I could best meet my goals. My inventory largely boiled down to a fairly standard mix of consumer-level requirements:
- Sync and store files from my laptop and mobile device (photos, music, etc.)
- Secure email storage and access
- Remote calendar management (that doesn’t require a specific client to access) (also known as “CalDAV”)
- Contact management (also known as “CardDAV”)
I then sorted this into two specific problem domains: communications and data. Once I did that, I was able to fine-tune my search for solutions and turn my attention to the specific tasks that I needed to complete to make this happen.
Part 3: The “How”
Knowing that there are secure, encrypted, and overseas-based companies and products that provide email, calendar, and contacts, I decided that this would be the easier of the two halves of this effort. I’d initially identified a few providers, but based on recommendations from friends and security-conscious colleagues, it became clear that Fastmail was the runaway favorite. Combining encryption in-transit and at-rest, being based out of Australia (AU), and also boasting the most complete feature-set of any of the competitors I had evaluated up to that point, Fastmail became my primary solution.
Using Fastmail’s automatic migration tools (built into the account settings menu), I was switched-over to using Fastmail as my primary email service in less than 30 minutes. I’d expected to encounter trouble around exporting my data from Gmail (individual emails, contacts, calendars, etc.) and importing it, but the migration tools made that drop-dead simple. I found that all of my attachments had made the transition as well.
After making an export of my contacts and my calendars and moving those over to Fastmail’s CalDAV and CardDAV services, I found that I’d actually completed the most complicated part of the process.
Thankfully, cancelling my domain’s GSuite subscription also deleted all of my Google-related data. This ended-up saving me from having to hunt around for the “delete all of my data” button that seems to move around every few months or so (I can’t imagine why).
I was finally free from Google’s clutches. Now it was time to figure out how to make my data resilient, synchronous, and accessible.
I’d spent a significant amount of time in the prior couple of months checking out functionality of two “self-hosted cloud” software packages: OwnCloud and Nextcloud, but found that OwnCloud wasn’t as feature-rich or robust as I’d have liked. I ended-up checking out Nextcloud at the insistence of a few colleagues and friends who’d I’d described what I was intent on doing.
Taking into account that I’d need to have a dedicated server for this project, I made the decision to use my existing HP N40L Microserver that I’d been using for a Docker sandbox server at home for this part of the project. I made sure to max-out the memory of the server and to fill out the drive bays in a way that made some kind of sense. I kept the primary Linux operating system (Ubuntu 18.04 LTS in this case) and its associated logs and storage on a 240GB 2.5" SSD mounted directly to the case. In the removable drive bays, I created the following software RAID arrays (using
mdadm) out of the drives that I’d selected (2x 1TB drives, 2x 2TB drives):
- RAID 0 Array (Media) consisting of the 2x 1TB drives
- RAID 1 Array (Backup) consisting of the 2x 2TB drives
I won’t spend time explaining my methodology for this setup beyond stating that I have the means to replace a 1TB drive in fairly short order (less than 24 hours) and build a completely new RAID 0 array out of those two drives, and that the RAID 1 array is the destination for the
rnapshot backups I’d intended to create on an ongoing basis via
cron. Other people’s mileage or use-cases may vary wildly, so adjust as-necessary.
Part 4: The Execution (Assembling The Monster)
With a fresh install of Ubuntu 18.04 LTS and the aforementioned RAID arrays and their respective mount points created, I researched ways of installing the Nextcloud software. While attempting to use the Docker image to install and manage Nextcloud, I discovered that Ubuntu already had a built-in mechanism to install software called Snap packages. After struggling for several days trying to get Docker’s networking and host-volume management working, I checked out the Snap package.
All it took was typing
sudo snap install nextcloud and the Nextcloud package was installed. Configuration of the actual application was the most difficult part of this process, as it requires editing a
config.php file directly on-disk in the snap directory
/var/snap/nextcloud/current/nextcloud/config/config.php. I configured the
datadirectory directive to point to my preferred path and created the requisite data structure for it to access and restarted the Nextcloud Snap with
sudo snap restart nextcloud.
With most of the Nextcloud configuration complete, I configured my home router (an ASUS TM-AC1900 wireless router) to use the ASUS-maintained Dynamic DNS (DDNS) system. With that complete and the appropriate port-forwarding set-up to allow inbound access via SSH, HTTP, and HTTPS, I configured a CNAME on my personal domain to point to the Dynamic DNS entry that ASUS had created for me.
After learning a bit more about the LetsEncrypt and doing a bit of research, I’d found that generating a LetsEncrypt certificate and installing it for the Snap installation of Nextcloud was also simple:
sudo nextcloud.enable-https lets-encrypt.
With my transmission mechanism secured via TLS1.2, my data living on a speedy RAID 0 array, and the ability to access and sync from anywhere that I have an internet connection, I had one final problem to overcome: backups.
By installing the
rsnapshot package (
sudo apt install rsnapshot ) and configuring the
backup directives to back up the media directory that I’d created for Nextcloud, my data could now be mirrored to a two-disk RAID 1 mirror array on a schedule and, in the future, sent in an encrypted format to a remote object store (such as DigitalOcean’s “Spaces” product).
If you’ve read along this far, hopefully you’re giving serious consideration to escaping the Walled Garden (or Gardens) that you might find yourself living in. While it’s daunting and certainly more than a little technical, the skills (and confidence) you’ll gain along the way might give you more ideas and insight into just how to help improve this interconnected world that we live in.
Further resources can be found below. Good luck in your future escape attempts!
- Build your own Nextcloud device
- Have a Nextcloud instance hosted and managed for you
- Learn more about privacy issues impacting all Internet users from the Electronic Frontier Foundation
- Read more about surveillance, data collection, metadata, and privacy here and here