Welcome to vendor locked-in world where you have willing-fully decided to become prisoners in exchange for few sweets that you dont really need.
I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
Let me think for a moment, what would happen if google does this to me...
[x] No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
[x] Modified ROM, no google on android
[x] No google cloud (Nextcloud is just fine, for virtualization I have bhyve. They are both just great)
[x] No applications bought from google play (If application doesnt provide "off google" licensing, I am not buying it - voting with my money)
[x] No content served by google (If I want to share video, I just upload it to my server. No annoyances about copyrights or anything else. It just works.)
[x] No data whatsoever stored in google ecosystem (actually actively fighting against them storing any information about me)
You don't have to run your server at home. You can also rent VPS from a large number of providers that have much better customer service than Google. And if you don't like your current provider, it's easy to switch.
Or just upload backups of your home server's disk to the VPS.
I know that it is possible, but think that ensuring correct backups can be difficult and that a VPS is actually quite pricy. (Especially if I want my data outside of a place which the NSA can touch, that is, no DigitalOcean or Azure.) Do you have tips for that?
We are talking about alternatives to Google services. They are very likely infiltrated by the NSA already. So using Google over small VPS providers will give your data to them far more likely. I doubt that the NSA has "everyone surveillance" contracts with every VPS provider out there, even ones in the US... they might only just send letters about individuals they are interested about. Every additional person who has to keep the secret makes exposure more risky.
Anyways, if you do distrust your VPS provider, you can just use it for encrypted backups, and then you'll only have to manage the key.
As for suggested alternatives to DO, there are plenty VPS providers in Europe. 1&1 or Hetzner come to mind. Maye they don't have DDoS protection, but you aren't trying to build a public website anyways.
I created that data, so it's mine by law. Or it is data that was never mine in the first place. Plus, my google data is stored in 3 places: Google, Dropbox and local system. If 2 of them fail, I still have the other.
As to who can access that data, well, that's a question for everybody isn't it? If I would run my own server on the internet that would also be the same question.
So yes, I'm pretty sure it's MY data. I'm also protected by EU laws.
Let me explain what happens when you buy a new smartphone (or use a new, cookie-less, browser profile) and connect it to Google because your old phone doesn't work anymore:
- Google detects the new phone as a suspicious device and locks your account until you can authenticate using your old phone.
- You can't authenticate using your old phone because it doesn't work anymore.
- You lose all your Google-connected data.
You don't need a house fire to fall victim to Google; merely dropping your phone will be more than enough.
There’s no need for lock-in though. I have almost all those benefits without google, the only difference is, that I need to install TitaniumBackup first before I can restore everything on my phone.
But unlike you, I don’t care if google locks me out.
Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
You might want to try this before you feel secure enough. My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her. I was lucky enough to have logged into it once in Safari of all things on my personal laptop. Google seemed to have placed a cookie to 'remember' the device. Otherwise her google account would have been gone forever.
I now disabled all the trusted device related settings. Sure it is less secure versus hackers, but getting completely locked out isn't a great prospect either.
> Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
Yes
> My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her
The first time, my phone bricked itself (you get what you pay for. Don't buy $30 smartphones). I have 2fa. I use both Authy (syncing) and WinAuth (local, with encrypted backups) to manage my secrets. Entering the code is enough to sign in.
The second time, I was moving from an old phone to a new phone; I turned off the old phone to remove the SD card before turning on the new one, and it worked fine without turning on the old one until after signing into accounts, when I needed to transfer data for some FOSS apps (termux, Fdroid, etc).
You can also benefit from the cloud while still avoid putting all your eggs in one basket.
A few years ago I was happy to have all my life on Google because it's was so integrated, but recently because of (1) privacy issues are (2) risks of being banned arbitrarily, I decided to reduce my exposure to Google.
So my email is Protonmail, my browser is Firefox and my search engine is Duckduckgo. I'm still looking for alternative for my calendar and files hosting. I might shell out a pro Dropbox account.
What might be harder is Android and Play Services. I don't like the iPhone, and I don't want to bother with de-googlized custom ROMs either.
You could compromise by using Auroa Store. At least you'd then have access to all the free Play store apps. Paid ones would still be a problem of course.
I am also self-hosting using the excellent yunohost.org it allows me to painlessly maintain my email and nextcloud instance.
To solve the issue you mentioned (disaster recovery), I am using rsync.net borg service.
Another 'trick' I do which considerably help is to use my gandi.net free email accounts as secondary MX and relay for my emails:
- I bought my domain through gandi, I get 5 free emails account
- I put gandi mail as secondary mx and I mirror the important email account as gandi mail accounts. For example, if my email is [email protected], I create a gandi mail account for this address
- I run fetchmail on my server to fetch mails from gandi
- I setup a specific email account for relay (eg. [email protected]), and I configure my postfix to relay emails through gandi using this account
That way, if my server is unreachable, all emails are delivered to gandi and I can access them through gandi webmail. When everything works fine, most emails (99+% in my experience) go through the primary MX (my server). In case some are delivered to gandi or when my server is back up, fetchmail will just get them back locally.
This 'trick' helped me in numerous occasions, esp. when moving from a location to another, but it should also helped in case my house burns down.
The relay part alleviates most delivery issues: I used to have a lot of rejection (ISP MX rejecting residential IPs) or spam classification (gmail I hate you). I no longer does.
TOTP being an open standard doesn't really help, though, if the only place you have the key for a given site is Google's authenticator.
You need to actively take advantage of it being an open standard.
There are a few ways you can do this.
1. When you set up TOTP for a site, scan that QR code or enter the text version of the code in two different TOTP authenticator apps.
You might even consider scanning the code on different devices, too.
2. You can save the QR code or text version of the code, so that you can set up another authenticator app later if you lose access to the one(s) you scanned the code in originally.
Only consider this approach if you are confident you can protect the saves code, such as with strong encryption.
3. Many sites will give you one or more one-time codes that can be used to bypass TOTP. These are meant to allow you to get in so you can set up a new TOTP authenticator if you lose access to your current authenticator.
As with #2, you need to be confident that you can securely store these codes if you want to safely use this approach.
For #2, I recommend both saving both the QR code and the text version of the code. You can get command line tools that do TOTP, such as oathtool [1]. Having the text version of the code will make it easier to use such tools, which might come in handy if your phone gets lost or destroyed and you need to generate TOTP codes before you can get a new phone.
Use Authy if you're into online synced services, use WinAuth otherwise (local, encrypted. No longer in development, but still works, and depends on windows for encryption; supports encrypted backups)
> I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
> Let me think for a moment, what would happen if google does this to me...
> {lots of stuff that is impossible for the average person}
If you're making the same comments to those who "don't listen" then I can see why. Honestly this comes off more as a gloat post than pragmatic suggestions. And this is coming from someone who used to run all of the above.
The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be Particularly so considering how old the technology is -- you'd think there would be a GitLab-like solution that is a single package for all the components but no, the end user is left working out what MTA to select, then there is choices between the DB backend, user authentication, POP3 vs IMAP, and possible a web server and web site code itself (if you want web mail as well as POP / IMAP). And that's before you get as far as SSL, login attacks (eg fail2ban), spam protection, setting up your DNS records in the exact combination to protect yourself from being identified as spam and then finally creating your user accounts. And even after all of that, you're still likely to find that Google and Microsoft just assume you to be spam because you're not running on a known trusted service. It's ridiculously hard to get right and that's before you've concerned yourself with the weekly upkeep (security updates, application updates, back ups, etc). There's a reason a great many skilled sysadmins -- including myself -- have given up bothering to run their own mail server. It's easier to trust $COMPANY and make regular backups in case of emergency than it is to run the process in reverse.
...and that's just email. Running your own cloud is also problematic -- not as difficult as email but it is still a considerable hassle and still out of the question for the average Joe.
About the first part of your post, actually there is a single package for all the components: mailu does that in the form of a set of docker images. I've also heard about iRedMail but I don't know it. For the rest of your comment you're right, after launching mailu you still have to configure the DNS and deal with some providers still thinking you're a spammer. But at least you can avoid the painful traditional setup which requires to install multiple pieces of software and configure them to make them talk each other, and mailu also helps you with DNS by telling you which value you should put to have dkim working (and maybe also something else that I'm not recalling right now). Personally the problem that stopped me from having my own mail server was the difficulty to have a reverse PTR record configured for your vps. I was trying to get it with an Oracle Cloud server, but after a rather time consuming process of trying to gather information about this, I found out that Oracle didn't offer the option to have a reverse PTR record.
"The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be... "
This is the very crux of the problem. We need newer protocols so this is dead easy for anyone to do but I don't see it happening anytime soon. As Google and other Big Tech are on internet standards bodies they'd almost certainty oppose it as a more distributed internet would be bad if not ultimately devastating for their businesses.
Unfortunately, we naively let the Trojan horse into the internet years ago now we're paying a terrible penalty for our foolhardiness.
I'm in the process of Degoogling my life so I have installed GrapheneOS on my phone and use FDroid as an app store.
It works but I have the impression of living in the dark ages:
- I had to ask my contacts to install Signal on their phones, some just didn't follow up (we were having long conversations on WhatsApp the week before), some don't even see my messages. I receive much less messages than before, I'm left out of the cool conversations happening in WhatsApp groups).
- I thought Google's keyboard could use some improvements, but the AOSP one is much worse.
- I can't use my banking app, and their mobile web app doesn't work with KeepassDX so I have to manually enter my account infos each time.
- notifications are hit and miss. The reminder app that I found on FDroid didn't fire a reminder this morning. I had to get another Clock app, the AOSP one insisted to make an audible notification 1.5h before any alarm (it was silent on Google's).
- email clients: FairEmail is good but lacks ergonomy.K-9 mail is a joke. (I like to separate my email accounts in separate clients).
- the icons are ugly and I didn't find any way to change them.
All in all I'm not exactly living the dream right now. I don't use social medias (except YouTube on my desktop where I can block ads) I think I would have a much harder time if I had to use web apps to connect to social medias.
tbh not all people can run their own infrastructure (let alone manage/maintain it). I'm not sure about you but most non-techie people I know rely on online services to keep their data safe. some (maybe) have a USB drive to keep a copy.
talking about the setup I'm a bit more flexible in some regards to save bandwidth
Cloud/data storage/services
XCP-NG + NextCloud + 3TB NAS (24/7) -local
mail server+ Dynamic DNS on VPS (for mail - local sync)-online
a few small VM's for various services-local
Archiving/Backup:
40TB archive NAS for daily backups of all stuff that I keep online+offline including phones,tablets, etc
Video/Audio content:
local private copies + shared though youtube (as alternatives for content blocked on youtube I use RuTube or Youku)
Edit: Forgot about the off-site backup (different country 40TB NAS as offsite mirror)
I noticed a lots of people are doing this after they got a NAS. I think there is a business opportunity: NAS vendors can turn their NAS service to a platform that allows it's users to rent "apps" from the platform by paying a small amount of money every month or year. Most of the money goes to the app developers to support their development. When the developer updates the app, the NAS will then automatically download and apply the update.
There is no vendor lock-in as long as the user has the root control of the NAS device (Or at least get their data out of the machine). If the user decided to switch to another NAS vendor, they can simply migrate the data to the new machine.
Not the person you are responding to but for the HTML5 video tag to work how does server have to be set up? What are you serving the video over? What protocol are you using? New to this so curious about your implementation.
Not the person you were asking, but you can host it the same way you host the HTML file containing the <video> tag. Both files are served as static content by any web server you choose (eg nginx, Apache). You also get "streaming" for free because the browser will request the video file in portions instead of "the whole thing at the same time." Web servers support this out of the box.
I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
Let me think for a moment, what would happen if google does this to me...
[x] No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
[x] Modified ROM, no google on android
[x] No google cloud (Nextcloud is just fine, for virtualization I have bhyve. They are both just great)
[x] No applications bought from google play (If application doesnt provide "off google" licensing, I am not buying it - voting with my money)
[x] No content served by google (If I want to share video, I just upload it to my server. No annoyances about copyrights or anything else. It just works.)
[x] No data whatsoever stored in google ecosystem (actually actively fighting against them storing any information about me)
Hm, looks like - nothing?