You don't have to run your server at home. You can also rent VPS from a large number of providers that have much better customer service than Google. And if you don't like your current provider, it's easy to switch.
Or just upload backups of your home server's disk to the VPS.
I know that it is possible, but think that ensuring correct backups can be difficult and that a VPS is actually quite pricy. (Especially if I want my data outside of a place which the NSA can touch, that is, no DigitalOcean or Azure.) Do you have tips for that?
We are talking about alternatives to Google services. They are very likely infiltrated by the NSA already. So using Google over small VPS providers will give your data to them far more likely. I doubt that the NSA has "everyone surveillance" contracts with every VPS provider out there, even ones in the US... they might only just send letters about individuals they are interested about. Every additional person who has to keep the secret makes exposure more risky.
Anyways, if you do distrust your VPS provider, you can just use it for encrypted backups, and then you'll only have to manage the key.
As for suggested alternatives to DO, there are plenty VPS providers in Europe. 1&1 or Hetzner come to mind. Maye they don't have DDoS protection, but you aren't trying to build a public website anyways.
I created that data, so it's mine by law. Or it is data that was never mine in the first place. Plus, my google data is stored in 3 places: Google, Dropbox and local system. If 2 of them fail, I still have the other.
As to who can access that data, well, that's a question for everybody isn't it? If I would run my own server on the internet that would also be the same question.
So yes, I'm pretty sure it's MY data. I'm also protected by EU laws.
Let me explain what happens when you buy a new smartphone (or use a new, cookie-less, browser profile) and connect it to Google because your old phone doesn't work anymore:
- Google detects the new phone as a suspicious device and locks your account until you can authenticate using your old phone.
- You can't authenticate using your old phone because it doesn't work anymore.
- You lose all your Google-connected data.
You don't need a house fire to fall victim to Google; merely dropping your phone will be more than enough.
There’s no need for lock-in though. I have almost all those benefits without google, the only difference is, that I need to install TitaniumBackup first before I can restore everything on my phone.
But unlike you, I don’t care if google locks me out.
Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
You might want to try this before you feel secure enough. My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her. I was lucky enough to have logged into it once in Safari of all things on my personal laptop. Google seemed to have placed a cookie to 'remember' the device. Otherwise her google account would have been gone forever.
I now disabled all the trusted device related settings. Sure it is less secure versus hackers, but getting completely locked out isn't a great prospect either.
> Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
Yes
> My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her
The first time, my phone bricked itself (you get what you pay for. Don't buy $30 smartphones). I have 2fa. I use both Authy (syncing) and WinAuth (local, with encrypted backups) to manage my secrets. Entering the code is enough to sign in.
The second time, I was moving from an old phone to a new phone; I turned off the old phone to remove the SD card before turning on the new one, and it worked fine without turning on the old one until after signing into accounts, when I needed to transfer data for some FOSS apps (termux, Fdroid, etc).
You can also benefit from the cloud while still avoid putting all your eggs in one basket.
A few years ago I was happy to have all my life on Google because it's was so integrated, but recently because of (1) privacy issues are (2) risks of being banned arbitrarily, I decided to reduce my exposure to Google.
So my email is Protonmail, my browser is Firefox and my search engine is Duckduckgo. I'm still looking for alternative for my calendar and files hosting. I might shell out a pro Dropbox account.
What might be harder is Android and Play Services. I don't like the iPhone, and I don't want to bother with de-googlized custom ROMs either.
You could compromise by using Auroa Store. At least you'd then have access to all the free Play store apps. Paid ones would still be a problem of course.
I am also self-hosting using the excellent yunohost.org it allows me to painlessly maintain my email and nextcloud instance.
To solve the issue you mentioned (disaster recovery), I am using rsync.net borg service.
Another 'trick' I do which considerably help is to use my gandi.net free email accounts as secondary MX and relay for my emails:
- I bought my domain through gandi, I get 5 free emails account
- I put gandi mail as secondary mx and I mirror the important email account as gandi mail accounts. For example, if my email is abc@example.com, I create a gandi mail account for this address
- I run fetchmail on my server to fetch mails from gandi
- I setup a specific email account for relay (eg. postmaster@example.com), and I configure my postfix to relay emails through gandi using this account
That way, if my server is unreachable, all emails are delivered to gandi and I can access them through gandi webmail. When everything works fine, most emails (99+% in my experience) go through the primary MX (my server). In case some are delivered to gandi or when my server is back up, fetchmail will just get them back locally.
This 'trick' helped me in numerous occasions, esp. when moving from a location to another, but it should also helped in case my house burns down.
The relay part alleviates most delivery issues: I used to have a lot of rejection (ISP MX rejecting residential IPs) or spam classification (gmail I hate you). I no longer does.
TOTP being an open standard doesn't really help, though, if the only place you have the key for a given site is Google's authenticator.
You need to actively take advantage of it being an open standard.
There are a few ways you can do this.
1. When you set up TOTP for a site, scan that QR code or enter the text version of the code in two different TOTP authenticator apps.
You might even consider scanning the code on different devices, too.
2. You can save the QR code or text version of the code, so that you can set up another authenticator app later if you lose access to the one(s) you scanned the code in originally.
Only consider this approach if you are confident you can protect the saves code, such as with strong encryption.
3. Many sites will give you one or more one-time codes that can be used to bypass TOTP. These are meant to allow you to get in so you can set up a new TOTP authenticator if you lose access to your current authenticator.
As with #2, you need to be confident that you can securely store these codes if you want to safely use this approach.
For #2, I recommend both saving both the QR code and the text version of the code. You can get command line tools that do TOTP, such as oathtool [1]. Having the text version of the code will make it easier to use such tools, which might come in handy if your phone gets lost or destroyed and you need to generate TOTP codes before you can get a new phone.
Use Authy if you're into online synced services, use WinAuth otherwise (local, encrypted. No longer in development, but still works, and depends on windows for encryption; supports encrypted backups)
- I buy another laptop and install Linux.
- I connect my Google, Dropbox (which contains google backups) and Github, and they contain all data I own.
- I buy a new smartphone and connect it to Google
Simple as that. And my house doesn't need to burn down for this, when I buy a new laptop or smartphone I do the same.
Plus, all my email, documents, source code is accessible from anywhere, for when I don't have my hardware with me but have access to another device.
Everything has benefits and drawbacks, my approach definitely has drawbacks, but running your own server at home also has drawbacks.