How to write an app (that respects privacy and supports security)

Some difficult-to-meet requirements

  1. Be open source. Don't make users have to trust your black box. I don't want to have to trust you. I don't know you.
  2. Don't just release your in-house source code. Develop in public; practice outreach to OSS developers to loop in others; make distributed code reviews a standard practice.
  3. Be fully open source. Don't depend on proprietary vendors or use APIs that, for example, make sensitive user data open to systematic collection.
  4. If you must keep some of your server-side code private (it could happen), then hire a third party to do public, independent audits of security and user privacy issues. I don't want to take your word for it. The more often an audit is performed, the better.
  5. Don't use a business model based on selling or datamining user data. Prefer subscription, non-targeted ad, and other non-intrusive models. Maybe tokenize. Prove to your users that this is your business model, and go on the record loud and clear that it is.
  6. Have a clearly-worded privacy policy that (as much as possible) lacks vague language and is highly specific about exactly how user data is used. Make many clear positive assertions about what you do and don't do with user data, in various categories that users might worry about. Include a non-legalese gloss of both the main document and the latest updates.
  7. If you have a cloud app with any data that some users might reasonably want to be kept private (which is almost all cloud apps), store the data using zero-knowledge encryption or other similarly secure tech whenever possible.
  8. When private user data needs to be processed, do it client-side, not server-side, so that you don't need to see the data.
  9. Use strong, standard, end-to-end encryption for all user-to-user communication features.
  10. Obviously, follow best modern practices when it comes to user authentication. E.g., save hashes of user passwords.
  11. If you must make it easier for users to log in by using social media/OAuth logins, then at least give users the clear and prominent option of using their own password for your site. (I strongly advise users to use their own passwords, tracked with a modern, secure password manager. Social media logins are a backdoor for corporate surveillance.)
  12. Conspicuously distinguish between public and private data. Of course, sometimes users don't care about privacy; they want the widest possible exposure for a public post or profile. Just make it really, really clear what information is exposed to whom, and especially whenever anything is not 100% private (and kept that way through encryption).
  13. Support various kinds of two-factor authentication.
  14. Don't keep unnecessary logs of user/visitor data. Never use feckin' Google Analytics!
  15. Make it hard for governments to get user information out of you. The best way to respond to government information requests when you run a private service is with, "We do not have access to that information. It is never sent to or recorded on our servers, or if it is, it is done so in an encrypted format."
  16. Make your mailing lists and notifications opt-in, for the love of all that is holy.
  17. Don't force users to use your proprietary mobile app. Some of us like to use browser versions because we the user have more control and transparency about what the hell is going on.
  18. Speaking of transparency, be totally transparent to OSS devs and regular users alike about how your app works and allay any concerns they might have.
  19. Clarify where your management and developers live and where your offices are located. If we can't find out who you are, how can we trust anything you say about yourselves?
  20. All of the above goes double if you live in a country that is associated with hacking or a highly intrusive or totalitarian government, or if you have any other red flags that might make users worried about their privacy or security when using your app.

I've reviewed and installed a lot of software lately and have designed (if not coded) a lot over the years. As a consumer, this is the ideal I'm after. I'm not sure I know of many consumer web apps that satisfy all of these "requirements." But this is what we need if we want to respect privacy and help users with their security.

I might add more to this list as I think of more things. If you have additions you think I should make, please list them below.


How I got rid of Google calendar

It was about 2013 that my friend Terrence Yang told me I should be using Google Calendar, because everybody was using Google Calendar. So I did. And he was right: almost everyone else was using it, as far as I could tell. There was a period between approximately 2015 and 2017 when I was getting Gcal invites from all sorts of different people. You could just about assume that everyone was, indeed, using Gcal, and were happy to receive Gcal invites. I sent quite a few myself. For several years I was very impressed by the convenience of Gcal. Weren't we all?

But, as it became increasingly clear that Google simply doesn't care about my privacy, I grew less excited about its convenience. The fact that I could easily send an invite to someone else who probably also uses Gcal no longer seems so impressive.

Now, maybe it's just me, but in the last few years, the number of Gcal invites I received has dropped, and this is not been for lack of meetings. People just stopped sending me so many of them; I've frequently had to add meetings to my own calendar. But I found that it wasn't that hard. I had forgotten that it is pretty easy to do it yourself, even if you don't use Siri.

So, when I decided to lock down my cyber-life, I knew one thing I wanted to do was to stop using Gcal. Who really knows what Google does with this data? There were still people who sent me invites occasionally (I actually received one while writing this), but I didn't care about that; I could add the meeting info myself, or maybe make use of the .ics files that come with automatic meeting invitations.

But I couldn't just quit Gcal. It is a cloud-based service that makes it so easy to sync data across my devices; I need my phone and my laptop and my desktop to have all the same calendar data available all the time. But I decided I didn't want that data in the cloud—or rather, not in the public cloud. A few weeks ago, I set up a NAS, i.e., my own private cloud. The NAS vendor makes awesome software, including calendar software. I knew it was only a matter of time before I switched from Gcal, drawing data from Google servers, to Synology Calendar, drawing data from my own private NAS.

Recently, I made the plunge. Here's what I did.

  1. Exported all my data from Gcal. Not hard. The data is exported in the standard .ics format, which any calendar app should be able to use.
  2. Imported my data into Synology Calendar, stored locally on my own machine. The data doesn't make any round trips to Synology servers, by the way. Why would it? It's my own server!
  3. Set up CalDAV on the NAS. CalDAV (an extension of the WebDAV protocol) is a calendar data protocol. So basically what this means is that I enabled the NAS to act as a server for the calendar data, i.e., so it can be edited by all my devices, and maybe most importantly, by my phone. This was maybe the most technically difficult part, but still not hard.
  4. Set up the Apple Calendar app (which doesn't send data to Apple, the privacy hounds on the privacy subreddit assured me; I checked) to get and send data from and to the NAS via the CalDAV protocol. In practical terms, this basically just meant putting in a server address, a username, and a password in the right places on my phone. Easy peasy.
  5. There was one person who depended on the fact that I was using Gcal, who made lots of appointments for me. I knew I was going to have to get her started using the NAS system. So I gave her detailed instructions (this took the longest out of everything), which must have been good because she had everything hooked up in 10 minutes.
  6. We did some testing to ensure that everything worked correctly on all devices, data was syncing, invites and alerts were being sent, etc.
  7. Finally, I deleted all my calendar data from Google servers. Yes, I stuck the knife in and twisted it in the heart of Gcal. So satisfying.

"But," you say, "surely the new system surely can't work as well as Gcal. You sacrifice convenience for privacy. I wouldn't want to do that."

Au contraire, dear reader, it works just as well as Gcal. I have pretty high standards and skills when it comes to software use. I'm quite happy with what I have. For one thing, I haven't switched apps on my iPhone. (I looked for an open source calendar app for the iPhone that supports CalDAV; I couldn't find one.) The data there looks and acts exactly the same as it did before.

Also, the Synology Calendar app for my browser is every bit as fully-functioned as Google's calendar app. Yes, I can have multiple calendars, e.g., one for work and one for personal stuff. Yes, I can make and send invites, and when someone accepts an invitation, my calendar shows that (we checked this out). Yes, optional alert emails are available. Yes, the UX of the Synology Calendar browser app is absolutely fine—no worse than Google's. In some ways, maybe better. Yes, get this, if I want Siri to make appointments for me, it will do so. (Of course, that means sending a sound file to Apple servers with private info about a meeting, which maybe I'd rather not do.)

So, are you jealous? My set-up does everything Gcal does, and it is 100% Google-free and runs on my own machines as well.

I know I'm privileged by having money, time, and technical sophistication to set up my own NAS to do this sort of thing. But you don't have to be rich, and you don't have to be a programmer or system administrator. For a NAS like I have, you just have to spend about as much money as you would on a new desktop, make configuring it your hobby for a while, and be a "power user," which I'm guessing most of the readers of this blog are. Or you know some geek you could impose on, or maybe you could hire someone.

The point is, probably, you, too, could escape the clutches of Google (or at least Google Calendar).

Here are the Google products I once did but no longer depend on: Search, Chrome, Gmail, Docs (for my personal documents; colleagues still use this so I have no choice in their case), Drive, Maps, News, Analytics (yes, I finally removed all traces of Analytics from this blog), Translate, ReCaptcha—and now, Calendar.

My de-Googlification task list now has only two more entries, I reckon:

  1. Delete all my contacts/address book info. I could probably do that right now, but I want to make sure I do it right. Synology has yet another WebDAV tool that enables me to sync my contacts via my browser. I don't want to delete my Google contacts until after I've set that up.
  2. Actually delete my gmail account. (I can do that without deleting my Google account.) I'm pretty sure there's nothing stopping me from doing this now, apart from transferring my contact info.

The one Google product that I'm not sure I'll be able to give up is YouTube. My channel has got almost 8000 followers and a lot of kids depend on that content. And I'm thinking of starting an interview series. Besides, insofar as my colleagues expect me to keep using Google Docs, I can't simply delete the account for good. I'm still trying to persuade them to install a NAS.


How I securely sync my passwords (and why you should, too)

With a uber-geeky bonus: How I synced my Enpass passwords over my Synology NAS using WebDAV

You need a password manager that syncs

Let's begin with what I hope will be a useful review.

You should be using a password manager. What's that, and why? A password manager simply holds all your passwords and makes them easily available to you. You need one because (a) you need to have strong passwords, or else your web accounts (which can contain really sensitive info) can be easily cracked; (b) passwords, to be strong, must be different on every site and very complex (and so hard to memorize); (c) you can't possibly memorize that many strong passwords; (d) copying and pasting passwords from some plain-text repository, let alone typing them in, is a pain nobody needs.

Password managers solve all these problems for you. They (a) check that your passwords are strong; (b) make it super-easy to generate strong new ones; (c) make them all available if you simply memorize one strong password; (d) auto-fill your passwords in forms on all your devices.

But in our multi-device lives, there's yet another problem: you need to sync your passwords across your desktop, laptop, and mobile devices. It's a royal pain, isn't it? Of course it is. How do you do it? Well, let's talk about some suboptimal solutions, to help explain why I went to some rather great lengths.

You could shuffle a document back and forth between devices, e.g., by email or a messenging app. But that's a royal pain.

If you're more clever, then you'll have a single document that is accessible using all devices. For example, maybe you keep yours in a Google Doc. That would be a bad idea, because Google employees could easily see your passwords, and if anybody else got a hold of the document, they can just make a copy and you'd be none the wiser. You really need an app, not a document.

This is why password managers apps work on computers as well as handheld devices, on multiple platforms. The one I use, Enpass, is open source software (UPDATE: oops, no it’s not: https://discussion.enpass.io/index.php?/topic/210-open-source/) that works on pretty much every consumer platform. But how do the passwords get synced? Each instance of the app, on your different devices, has its own copy of your password data. Well, the even cleverer solution then is to sync your passwords "in the cloud." The password manager software company will hold your passwords for you, as a service, on their servers. That's "the cloud" in action. Then, if you're on your desktop PC and you update your password manager with a new password, the change is quickly reflected on your phone, where you can use it quite easily. Neat!

Your password manager should use zero-knowledge encryption for syncing, at least

Here's the thing. The cloud is kinda evil. I know that's a cranky sort of thing to say, but I'm getting old and therefore I'm permitted to say cranky things.

I am only slightly joking. The evilness of the cloud is actually rather well demonstrated by the situation with password managers.

Suppose your passwords are sent, via an encrypted connection, to the company's servers. Suppose they're even encrypted there, making it especially difficult for anyone to hack your password collection. But you still have to trust two things: the honesty of the password management software company, and their own security practices, which ensure that external forces cannot hack into their (encrypted) database.

There's a very cool bit of tech you can look for in password managers that solves the latter problem very handily: zero-knowledge encryption. Basically, the company stores a completely encrypted copy of your passwords on their servers. They couldn't read it even if they wanted to, because they don't have the key to unlock it. Only you can unlock the data file, because only you have the key. Neat, huh?

(It's called "zero-knowledge," obviously, because the company doesn't know anything about the information stored on their servers. They know it belongs to your account, but that's it. All cloud services should use zero-knowledge encryption, but very few do. Ask yourself why they don't.)

Now, this is probably adequate security for most people. But it's not good enough for me. I don't want the password manager company to touch my passwords. They're very valuable, right? You still have to trust the company; there's all sorts of things that could go awry, or they could intentionally update the software in a way that would undo the encryption. (Or maybe just for select users that the government asks to spy on. If I lived in China or Saudi Arabia or were a spy or government whistleblower, I'd worry a lot about this.)

Use FOSS and self-host, if you want to be an uber-geek

One of the great things about FOSS (that's geek-speak for "free, open source software") is that nobody has ultimate control over it, because anybody can fork it, i.e., make their own copy and take development in a different direction. That's because the license specifically permits that, and the development happens all out in the open. If the project is big enough, then there are at least several (sometimes, hundreds of) developers looking at new code being checked in. If somebody checks in something that's dangerous or privacy-violating, the FOSS developers (a notoriously privacy-jealous bunch) will put a stop to that noise in short order.

So if you want to use zero-knowledge encryption in your password manager, great, but make sure the software is FOSS, because then it becomes even harder for people to play tricks with the software.

You know what would be even better, though? If you never have to transfer your encrypted password file to somebody else's server in the first place. In other words, host it your own damn self.

But how, you ask? Well, there aren't very many solutions that are available to the non-geeky. In fact, I'm fairly sure all of the self-hosting solutions push the needle fairly high on the geekometer.

If you want to self-host and you want your password database to be accessible to all your devices, regardless of where you are, what does that mean you have? A server. There are a couple ways to set up your own server.

One is to use your desktop computer (or even an old laptop) and plan on leaving it on all the time. You could install NextCloud on the machine, which transforms it into a server. Like, wow, that's cool. If you're a geek. But because geeky things are now cool, that's just cool, period.

Another is to use a NAS, or some other dedicated server, i.e., a computer that is specifically set up to talk to other computers over your LAN (local-area network; your home or office network) and over a WAN (wide-area network; here, the Internet).

Bonus: How I set up my Enpass passwords to sync over my Synology NAS using WebDAV

I ended up choosing a NAS over installing NextCloud on my desktop. I further chose a Synology NAS. This evening I finally decided to sit down and start hosting my passwords on my NAS. How?

I'm not going to give you all the steps in detail.

(1) You need to get an SSL certificate for your server, i.e., the thing that allows you to use https: and not just http:. Why? Because you'll be using WebDAV to update information on your NAS, and WebDAV (being an Internet protocol) needs to be made more secure by encryption. While your data should be encrypted by your password manager, another layer of encryption is important. So get this done. By the way, Synology comes with a self-signed certificate, which will make Enpass complain. You'll have to check a box saying that you want to ignore this complaint. But you shouldn't do that.

By the way, if you don't have a permanent URL for your NAS (for this, you'll have to use DDNS), you'll have to solve that problem first. You can't use an IP address.

2. Set up a WebDAV server on your NAS. In other words, a server process on your server device. WebDAV, as Everipedia puts it, "is an extension of...HTTP that allows clients to perform remote Web content authoring operations." In other words, it allows software to update data files remotely, if the software is given permission and the data files are set up to be updated using the protocol.

On my Synology device, the steps I followed are these (great tutorial here):

  • Install the WebDAV Server package, located in the Package Center.
  • Open the WebDAV Server interface, enable both HTTP and HTTPS, and assign them the ports 5005 and 5006, respectively.
  • Create a 'webdav' user (see the above-linked tutorial for important details; make sure you get the permissions stuff right).
  • Create a 'webdav' group as well (ditto).
  • Create a 'webdav' or 'upload' (or whatever) folder. You'll specifically need to grant read/write permissions to the 'webdav' user for that folder.
  • To confirm that your new webdav user can use the folder, drop a picture, say kitten.jpg, into the webdav folder. Then go to https://your.nas.address:5006/webdav/kitten.jpg. Note: use https, not http, use the '5006' port number, and use the name for the directory you created before. If, when you try to pull that address up in a browser and you're prompted to log in, groovy, you're halfway there. Then put in your webdav user credentials (not your admin credentials), and you should be able to see the picture. If you can, coooooool. Again, the above-linked tutorial has other things you can try to confirm your connection.
  • Next, open Enpass (or another password manager that supports WebDAV). In Enpass, go under the gear menu > Vaults > Primary (or whatever you want to sync via the NAS). Then you'll be able to choose from a number of sync options. Choose "WebDAV". You'll next have to put in your 'webdav' user authentication info, and for the address, you'll want to use the address given above. I further made an Enpass directory inside that, and tacked that onto the end of the URL, so I got something like this: https://your.nas.address:5006/webdav/Enpass/. This is important to get right. Then press "Connect" try it out. With luck, you'll be connected.
  • To test that things are syncing, open a copy of the password manager on a different device and repeat the previous step. Make a small change in one copy, press the sync button/icon in the upper left (which has changed to a "server" icon, which I thought was a nice touch), go to the other copy, press the sync button there too (because you're impatient), and then see if the change is reflected in the second copy. If it is, you're done.

That's how I got it to work. And now...all my password info (and a lot of other data) is out of the public cloud, in a private cloud consisting just of my family's devices. Pretty freaking awesome.


The NAS revolution: Get your data out of the cloud

It turns out the cloud is kind of evil. We blithely put all our data online, right in the hands of giant corporations (and by extension, hackers and governments) who only too happily control, sell, datamine, steal, and spy on it. But you can take control of your data. Now. Here's how.

When most people hear "the cloud," if they have any inkling of what it means, they think of Dropbox, Google Drive, and other file storage and synchronization services of that sort. But if you're hip to the scene, "the cloud" extends to any service that manages your personal data online. The emphasis is on personal data. The cloud, rather than a device of yours, stores data like your calendar (as hosted by, say, Google Calendar) and contacts (as hosted by, say, Apple's iCloud) as well.

If you're a typical plugged-in Internet user, "the cloud" in general manages a stunning amount of your data:

  • Document storage and sync: this includes all the files you might have put in Dropbox, Google Drive, Google Documents, iCloud, Box, Amazon Drive, or Microsoft's OneDrive.
  • Email: Gmail is the 800-pound gorilla, of course.
  • Calendar: Google Calendar and iCloud storage dominate here.
  • Contacts and address books: Google, Microsoft, and iCloud.
  • Online photos: Instagram, Facebook, Google Photos, Flickr, iCloud, and Dropbox all have cloud solutions for sharing your pictures with friends and family.
  • Home video: Facebook and YouTube are probably the main ways we have of storing and sharing our videos with family and friends. There are other options, of course.
  • Movies/TV shows: If you paid for commercially-produced videos that you own the digital rights to, they're in the cloud. This is the direction Apple, Amazon, and YouTube, for example, want you to move in.
  • Notes: Your phone's note-taking app, etc.: iCloud, Evernote, OneNote. The home of your note data is in the cloud, not on your machine.
  • Password apps: Your browser's password saving + sync feature uses the cloud, as do Dashlane, LastPass, 1Password, Enpass, etc.
  • Bookmarks: Your browser (Chrome, Firefox, others) probably syncs your bookmarks for you; the bookmark data is in the cloud.
  • Chat: Yes, chat isn't just a social media type of app. It's also a cloud app for use by private consumers dealing in small groups or one-on-one. If you're like me, you have private chats not just with random strangers, but also with family and friends. Insofar as this data can be presumed to be highly private, it's also "in the cloud" and not just "online."
  • Your blog: If you used to host your own blog, but now write for Medium, Quora, Blogger, Tumblr, WordPress.com, or some other blogging platform, then your blog is now "in the cloud," hosted alongside a zillion other blogs. That goes for web hosting in general, too.
  • Code hosting platforms: If you check your code in on Github or Gitlab, or run it on Digital Ocean or Heroku, your code is in the cloud.

Look at that list, and consider: an amazing amount of our computing is out of our immediate control.

There are two perfectly good reasons for this. First, we own multiple devices and we need to share and sync data among them. We also want to be able to share data with friends and family more easily. But, because this involves networking, it is a much more technically difficult problem for programmers to solve than simply writing desktop software. Since networking and sharing are already done via the Internet, it just makes sense for sharing and syncing services to be coordinated by Internet companies.

Second, simply letting centralized corporate services handle this data coordination is terribly convenient—that's hard to deny.

The necessity of sharing our data, coupled the undeniable convenience of the cloud, sure make it look like the cloud is going nowhere. I mean, what are you going to do, host your own calendar, home videos, and chat apps? How will you sync the data? That's a non-starter for non-technical people. Why not just let the professionals handle it?

But it so happens that, now, you can host your own stuff. How? I'll explain. But first, let's talk a bit about why you might want to host your own stuff.


We are increasingly suspicious of various cloud services, and we should be. It's not just Facebook selling your private chats with Netflix and Spotify, or Medium dictating what you can write in your blog, or Google datamining student data in the cloud—to take a few rather random examples. The events of the last couple years have brought home to many of us some truths we simply didn't want to believe.

What kind of truths?

The vast majority of the cloud services listed above are run by for-profit businesses who naturally place their profits above your interests.

Your data, for them, is an asset. Many cloud companies crucially depend on the ability to exploit data assets. They will sell your data if they can. If they can't, they'll datamine it and sell information about you.

You agreed to that.

You are, like it or not, a participant in many large, standarized systems. Therefore, even though you simply want to use a basic service, if you don't play by their rules, they can control or even block you. Moreover, you probably can't customize the service too much for your own uses. The service providers make the choices for you. You have to go with the flow.

Search and subpoena laws, censorship laws, and government regulations apply to corporations that do not apply to you, the individual. That means information you put in corporate clouds is under the watchful gaze not just of those corporations but also of governments. If you're lucky, you live in a country that respects privacy and free speech even when your data is on a corporate server. But don't count on it.

The reason so many violations of your privacy (something most of us should be a lot more hardcore about) have come to light is that so much of our data is in the cloud now, and a lot of people in business just don't care very much about your privacy. When will Google start using zero-knowledge encryption for all your data that they store? Never. They want access to your data. They need access to your data. It's their business.

Sorry, but them's the facts.

What can we possibly do? Are we at their mercy? Should we, perhaps, trust governments—who also want access to all your data, for your safety—to monitor, regulate, and improve the situation?

But you can take back your data. Now. And if this is news to you, let me admit to you that it was news to me a few months ago when I first heard about it: you can install and manage your very own personal cloud for every single one of the cloud services listed above. And it's not expensive. And it's not that hard to do.

I know it sounds bizarre. It is bizarre, but it's true.


A NAS, or network-attached storage device, was once thought of mainly as a hard drive (or several) attached to your network. But as NAS vendors began selling devices with their own operating systems and Internet connections, the term was repurposed to mean your very own turn-key server. Turn it on, put your stuff on it, and you can access your personal data from anywhere.

NASes are easy to use, but "turn-key" is not quite right. No NAS on the market, that I know of, is as easy to start using as a regular computer is. Getting one up and running takes some time; there is, as they say, a learning curve. But "turn-key" does get the flavor of the most popular NAS brands. The NAS devices for sale by Synology and QNAP especially, and others to a lesser extent, are intended to make it easy to have your own server, or your own "cloud." In fact, Western Digital (WD) sells NASes under the brand name "My Cloud" and markets them as "personal clouds." There's a bit of challenge, but it's not that hard to set these things up (more details below).

The reason to get a NAS, for me—or to get any personal server—is to replace all the software that has moved to the cloud. In case you're skeptical, let me give you a rundown. While I'll be talking about the NAS I just installed for myself and my family, which happens to be from Synology, there's an equally well-reviewed NAS system available from QNAP, and for those who have more technical skill, NextCloud (perhaps on a FreeNAS machine you set up) does many of the same things.

Let's just go down the list I gave above.

  • Document storage and sync. I now have an app that can sync documents on at least eight of my family's devices. I can update the document on my desktop, and if I save it in the Synology's office format, I can edit it directly in the browser, with changes showing up for other users in real time, just like Google Docs. There are documents, spreadsheets, and slides. Chat with other user accounts on your NAS (for me, my family members) is available in every document. This is available everywhere, because it's truly in the cloud. It's just that it's your cloud.
  • Email: You can host your own email on a NAS, if you want to go to heroic lengths that I don't recommend. Like web hosting, this is something you probably should leave to the professionals, for now. I have a feeling this is going to change in coming years, though.
  • Calendar: There's a rather nice app for that.
  • Contacts and address books: It's not "turnkey" yet. But something is available.
  • Online photos: Synology's Moments app automatically syncs your pictures with your camera, identifies people (without sharing data with Synology), uses (stand-alone) sophisticated algorithms to put pictures into categories, etc. Again, the pictures are available for quick and easy download from anywhere, and you don't have to worry about Dropbox or Google or whatever snooping.
  • Home video: Ditto—Moments works fine for this, but so does Video Station. Easily share your home movies with grandma, right from your own machine.
  • Movies/TV shows: Rip all your DVDs and Blu-Rays, then stream them anywhere (to your phone, tablet, computer, or TV) with an interface that looks a lot like Netflix. No need to rely on Apple or Amazon to keep digital copies of your movies for you. Wouldn't you much rather own and serve your own copies? I know I would.
  • Notes: There's an app for that, both for browsers and for your phone.
  • Password apps: Use your NAS's WebDAV server to sync your password data on your own machine; WebDAV is something that Enpass, for example, supports.
  • Bookmarks: Synology and QNAP offer no solution yet, but Nextcloud (which can be run on both) does.
  • Chat: There's a pretty awesome app for that; it closely resembles Slack. There are decent clients for browser, desktop, and mobile, again just like Slack.
  • Your blog: NASes allow you to host blogs and simple websites using your choice of platforms, such as WordPress, Drupal, and Joomla. I'm not saying I recommend this, though; your machine would have to be pretty beefy to handle the traffic you want to get. Server hosting for your blog is another thing that's best left to the professionals. But it's pretty damn cool that you could use a NAS for this.
  • Code hosting platforms: Would you rather not check in your code publicly or on an external server at all? Want to keep it to yourself but continue to be able to share it with people and use Git? There's an app for that. You can also host more advanced websites with many popular programming languages (including Ruby, which I use).

A NAS (which, again, comes in many brands, not just the one I happened to buy) can do all that for you. It's pretty awesome.

But maybe this shouldn't be surprising. After all, a NAS is a fully-functional server, and web hosts now bundle all sorts of turn-key (that word again) software solutions and make it available to their clients. So if you go to GoDaddy or Inmotion Hosting or whatever, they offer all sorts of complex software available to install at the press of a button. Why not slap similar software bundles on a server and sell it to the ordinary consumer? That's what NASes do. (And again, for reasonably skilled IT professionals with time on their hands, they can more easily than ever create their own real servers, which are typically much more powerful and cheaper than NASes. With a proprietary NAS system like Synology, you pay a lot for integrated software, ease of use, and support.) Then just think: insofar as cloud services are, essentially, just putting formerly private data online in the context of a server someone else manages, as soon as consumer web servers became feasible, it makes total sense that you could move your data back to a server you manage.

What do we have to thank for this? The years of fantastic labor by programmers to build and refine all the necessary software layers and scaffolding needed to create something like a "turnkey" solution to running your own server, complete with multiple, ready-made software packages—even if you are nowhere near a professional server administrator.

Put even more simply, a NAS device gives you the power to take control of your own data in your own home. It used to be that we had to rely on the Apples, Googles, and Microsofts of the world in order to connect all the devices we own together, share data with friends, and get the use of common Internet services. With the advent of increasingly easy-to-use NASes, we don't have to. We can declare our independence from Big Tech.


But, you ask, doesn't all this rather awesome software power cost a lot of money? Well, entry-level NAS devices (like this from Synology and this from QNAP) cost less than $200, plus another $80 (say) each for a couple of hard drives. I'm not saying I recommend buying a cheap machine like this, any more than I would recommend buying a cheap laptop. But that might serve your purposes just fine. The point is that these machines are basically computers, so they cost about as much as a computer. The Synology NAS and three drives I got (with space for two more drives whenever I want), together with my fancy new router and modem, cost a little more than my new laptop. (By the way, if you have the time and technical chops to able to set up and maintain a web server with less support, it's easier than ever to do so, and for the same amount of money, you could get a machine that would be much faster and better than my NAS.)

"OK," you say, "maybe it's possible to set up. But how good could it be? I mean, you really think I'll be able to replace my family's Slack group with Synology's chat app? It must be inadequate. Or replace Google Docs with their Office app? That seems unlikely."

Before I saw the capabilities of the systems, that's what I thought, too. Then when I got my own, and started using it (several days ago), the proverbial scales fell from my eyes, and I'm a believer. This is surprisingly solid software. It might have been "bleeding edge" a few years ago, but it's excellent today. The functionality is all accessible via the browser, but there are also a few good desktop apps. It also comes with a lot of excellent iOS apps that you can use to access your NAS's functionality. So far I've installed the photo app (replaces whatever you used to upload your pix to permanent storage and gives you access to all of your pictures, not just the ones currently on your phone), the chat app, the drive app (which is a replacement for both Google Docs and Dropbox), the video app (which allows me to stream videos my boys are ripping from our DVD collection), the notes app (replaces iOS Notes), and the calendar app. So far, I don't see any advantages Slack has over the chat app (just for example). Their collaborative document editing app Synology (Office, installed when you install Drive) is excellent for basic editing, and it seems to be just as good as Google Docs.

"OK," you say, "maybe it's not that expensive, and maybe it's decent quality software. But isn't this a lot of work to install?"

Less than you might think. But it depends on what you mean by "a lot." It takes a few hours, maybe, to turn the thing on, network it with your devices, and get the first services up and running. You'll probably spend more time actually picking the thing out and upgrading your Internet speed as well as modem and router (which is something you'll need to do if you have old equipment). It takes more hours (depending on how much of the functionality of the thing you use) to get the full range of functionality set up—anywhere from ten minutes to several hours, depending on the app. Getting started with Synology's chat app is dead simple, for example, but importing all your pictures might take serious time. A lot of the time I've spent so far has been in migrating data from the Internet and my desktop and backup drives to the NAS.

So, sure, it takes a reasonable time investment. But it is so worth it.

"But," you say, "I'm not a terribly technical person. I can run all the software of the sort you mention if somebody has set it up for me in the cloud, but I can't imagine running my own server."

It's not that bad. Let's just say you need to be a "power user" if you want to do it all yourself. If you have ever set up your own WordPress website, or installed Linux, or registered and pointed a domain name (without help), or done basic programming, then you're up to the task of installing one of these devices without too much help. If you're just a regular computer user, but you have never done anything like that, then installing a NAS might be a bit beyond you. You still might be able to handle it, though.

In any case, I'll bet you know someone who could install one for you if you bought them dinner, or paid them a little. It's not a huge deal. It's not like "setting up your own web server." It's more like "setting up your own home network." It's easy enough for the local geeks to handle.

If you don't have access to a geek, you can hire one.Here's a service, Amazon does it more cheaply, probably Best Buy would do it, some of these guys could do it, etc.


In short, installing and running your own server is today approximately as difficult as computer installation was in 1985, or home networking in 1995, or home theater today. (As it happens, NASes are often purchased as a component in a home theater system.)

The low price and high value of NAS devices, together with their ease of installation, makes me think they're ready to take over the world. I for one am never going back to centralized cloud corporations. I hate them (yes, even Apple), and a growing number of people share my feelings: we absolutely despise the encroachments of those corporations on our privacy and liberty.

Many of us are looking for answers. Many are already doing the sorts of things I listed back in January in "How I'm locking down my cyber-life." In their responses to me there, a few people mentioned they were using their own cloud servers. (Those mentions are what first introduced me to NASes, so please keep up the excellent blog comments!) That struck me at first as being a little too hardcore. Having actually bought and installed a NAS, though, I don't think so. Getting your first NAS is like getting your first computer back in the 80s, or your first smartphone in the 00s. You might have had to wrap your mind around it. It causes a bit of trouble. It requires some getting used to. But probably, you'll forevermore have a computer and a smart phone.

The consumer potential of NAS devices strikes me as being potentially similar. Maybe it will become the sort of device that will seem indispensable in 10 or 20 years. I imagine a conversation with a future child, looking back at the cloud era of 2005-2025:

Child: "How could we ever choose to just give all our data to giant corporations? It was so insecure and allowed mass surveillance by government. Were people crazy?"

Greybeard: "Sort of, but you can't really blame us. During that time, the software for NASes wasn't developed well enough yet for ordinary people to run their own servers. But once a few companies started really nailing it, everybody started buying their own NASes, because it was easy. The people who kept using Gcal, Dropbox, Google Docs, Instagram, etc.—well, if you were as old as I am, you'd know what these are—those people started looking uncool. All the cool kids were serving their data themselves."

Child: "Like everybody does now?"

Greybeard: "Yes, like everybody does now."

That could happen. But is it realistic? Time will tell. Sure, it's possible that owning your own cloud server will forever be the domain of geeks. But an industry analysis from a year ago says we're moving in that direction:

The NAS market is witnessing an accelerated growth and is projected to register robust [20%] growth over the forecast timeline [to 2024] due to the rapidly increasing applications of Big Data analytics & data mining, increasing popularity of NAS solutions in home/consumer applications, and the growing adoption of cloud-based network attached storage solutions.
Global Market Insights, May 2018


In the struggle against privacy incursions, we have tools beyond NASes, of course. In fact, I see two other, concurrent trends that will allow us to fight back. There is the growing demand to own your own data and decentralize social media. (I was writing and speaking a lot about that in the last few months, but don't think I've dropped the issue.) And there is, of course, the massive, revolutionary impact of blockchain, the essential effect of which is to disintermediate economic relationships. Being all about encryption, the blockchain world holds out the promise of a new kind of secure, private, encrypted cloud computing.

Allow me to speculate about how the Internet might work in ten or twenty years.

Many of us (I imagine someone saying, a few decades hence) have installed a NAS or, if we're geekier, have a server rack at home. Pretty much all small businesses run their own NASes as well. From these devices, we serve most of the data that was formerly held by Google, Apple, Microsoft, etc. Many of us even run our own mail servers, both because it's more secure and because the software and industry standards have improved so much that it became feasible. Our blogs are also hosted at home; the shift came with NAS tools that made it dead simple to transfer data and settings from remote servers to our local one.

Of course, some of us hit the big time with our blogs and websites. But they are still run from home. This is not something we could possibly have imagined in 2010. At that time, no one even imagined the implications of distributed computing on the blockchain, of which EOS was an early supporter. Whenever we update our NAS, it communicates with various blockchain services using zero-knowledge encryption. This shares out our data (and, when we choose, the keys to unlock it) among many other users who participate in the same system; thus our NASes are constantly working, supporting the whole tech ecosystem. We have no way of knowing which encrypted Internet services are being worked on in this decentralized cloud, which is much more of a "cloud" than the early Dropbox ever was. In any event, if a blog of ours gets a lot more traffic than our NAS can handle, then if we have turned on blockchain integration, the traffic is assembled and served using many other machines—and we, of course, have to pay more into the system or else our users will experience bad old-fashioned server lag.

In a similar way, our social media data is served, and locked down, using our own NASes. The days of Facebook selling our private, proprietary data are long over; social media companies still have dossiers on you, but they aren't as thick, and they aren't informed by any private information.

Perhaps what really got the ball rolling was Edward Snowden in 2013 and others revealing that the NSA (and other government agencies) were listening in on pretty much everything you do online. Once Facebook repeatedly made it clear that they don't care one little bit about your privacy, and people started moving their social media data to their NASes, the usual suspects in government began to complain loudly that encryption prevented them from their mass surveillance. They didn't put it that way, of course, but that's what they were upset about. They really didn't like it when NAS companies made easy, turnkey drive encryption standard and started pushing and teaching two-factor authentication.

In any event, now that social media content is served from our NASes—with support from blockchain networks—your feed is constructed by pulling your data from literally all over, but incredibly fast, because requests can be fulfilled from many different machines, some of which are bound to be nearby.

There was a time when IoT (the Internet of Things) was regarded as not very viable, because people didn't want to buy objects that could be used to spy on them. NASes and the blockchain, again, changed all that. When open source NAS software came into existence proving that your IoT data was stored on your NAS and unlikely to leak out (or, no more than any other of your data), and that it was always routed using encryption, and when this data became possible to sell on the blockchain without compromising your personal security, the whole ecosystem just took off: that's when "secure, monetizable IoT data" became a thing. Even data from your car is routed through your NAS (not through the NSA) if everything is set up properly, so that the NSA and automobile manufacturers can't spy on you. Of course, in an emergency, your data is sent by the fastest (and less secure) route possible, but you always get a notice in that case.

In a lot of ways, the Internet is the same as it was in the 1990s and 2000s. But most websites store your information encrypted in the blockchain, and they know they have to interact via blockchain services if they want to do work on it securely—because nobody is willing, any longer, to expose their data if they don't have to.


Well, we can dream.


Vendors must start adding physical on/off switches to devices that can spy on us

Update (May 15, 2019): This post was linked and its author quoted as a source in this Fast Company article on the same subject.

Where's my webcam's off switch?

Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine.

But a cover doesn't cover up the microphone, which could be turned on without your knowledge. Oh, you think that's impossible? Here are some handy instructions. Or maybe you'll say you're not paranoid—it's not a serious problem? Don't be so naive, said the FBI seven years ago (they're worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn't going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another "clever" solution is to use a software off switch, like this (for Windows). But it simply turns your webcam's driver on and off. Of course, it's not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn't solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with "off" switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I've been writing a lot about privacy.)

The kill switch on Purism's Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don't these companies care?

I've just been talking about webcams, but let's talk about the really horrible spy devices: your smart phone. Oh, your Android phone can't be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don't be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it's been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody's phone.

And yet there isn't a hardware off switch for your phone's camera and microphone, short of turning the device entirely off (but there's an app to turn the camera off). A device equipped with a hardware "off" switch for the camera and microphone isn't yet on the market, as far as I know. Purism is making one.

It's not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo's microphone, and it's apparently a hardware switch, too, so well done, Jeff Bezos. That's important, if true, because it prevents software exploits. I found no word on whether Google Home's and Apple HomePod's mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn't it be nice to have the peace of mind that they aren't listening to you when you're not using the TV?

In short, what if you want to turn these devices' cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let's demand that hardware vendors build hardware "off" switches

It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don't intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it's a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn't controversial and, for anybody who is slightly plugged-in, shouldn't be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It's just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble "off" switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We're not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware "off" switches that make it impossible for the camera and microphone to be operated.

Do you agree?


How I chose a NAS

A network-attached storage (NAS) device is your own Internet server—your very own "cloud"! I decided to get one for my own reasons. But which, and configured how, exactly? Here's what I came up with for myself.


A NAS server (credit to Bin im Garten on Wikimedia Commons, CC by-sa 3.0)

After dropping Dropbox, and then ditching Resilio Sync, I decided to get a NAS. To pull this off, it seemed to me I had to answer the following questions:

  1. Type of server. Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS server instead?
  2. Server software. Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?
  3. NAS vendor. There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.
  4. RAID/drive configuration. This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?
  5. Beefiness. How much machine do I need?
  6. Drives. Which drives should I put into the NAS bays?

Answering these questions helped me decide which box I would purchase. But because these are some difficult-sounding and (to me) unfamiliar questions, I decided first to get to the nut of the issue. After all, I did already know why I wanted a NAS and what some of my requirements were.

I wanted a NAS (as I said) first and foremost as a replacement for Dropbox. I actually didn't have very much data in Dropbox; I had more (over 500 GB) on my hard drive, backed up to an external drive. If I felt I more confident about my data storage, backup, and long-term continuation strategies, I might digitize (or pay a kid to) a hell of a lot more of my data. (10 GB per DVD/Blu-Ray at ~200? disks = 2 TB. Could be doable!) So it might be a good idea to err on the side of lots of space.

But the thing that pushed me to a NAS solution, over syncing all my devices directly such as Resilio accomplishes, is the availability of lots of awesome personal cloud software, for things like calendar, contacts, and who knows, maybe even email. (I finally called my current mail hosting provider. They don't encrypt my mail on their servers. They can quite easily read my mail. I don't think they do, but I have to trust them. Sucks to have to trust them. But I will probably not try hosting my own email; that's really hard to get right.) Since Synology has so much decent software (so it appears; check out their packages list and demo), that eventually inclined me toward them. Any NAS should also let you install and run Nextcloud, which is open source and has a boatload of similar free software for your personal home server.

Now, if I was going to put mission-critical things like calendars (which need to be up-to-date!) and shared/collaborative documents on this server, then I should also have a sufficiently beefy and fast machine. (I also upgraded my Internet connection to the fastest home connection.) One of the differences between Synology and QNAS is that the latter is supposed to be stronger on hardware specs but weaker on software functionality (maybe). That was bothersome, because I wanted both to be awesome.

All right then—how did I answer the questions?

Type of server

Question: Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS device instead?

This one was easy to dispatch. It looked to me as if, supposing I tried to set up my own server, then running Nextcloud on it wouldn't be the hard part; running a good old-fashioned server would be. I'd have to make time to learn good old-fashioned server administration, which would be hard even if I ran FreeNAS, an open source operating system for self-built NASes. And even if I wanted to do that (server administration would be a cool skill to have), if I don't have to learn all that, because NASes solve all these problems for me, then I don't wanna.

Now, if I were still a poor student or a full time developer/engineer, maybe I'd be rolling my own. But since I can afford to let someone else do all the hard server setup work, I reasoned, I will.

So, I said, forget that noise. It's a NAS for me, period.

Server software

Question: Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?

When I first wrote the above questions, I was laboring under the false assumption that I would have to choose between the Nextcloud suite of server applications and whatever Synology or QNAP offered. But this is false. You can run both on the same NAS!

There are a number of guides online to installing Nextcloud on Synology and on QNAP. So if I want the functionality that Nextcloud offers, because Synology, QNAP, or any other NAS doesn't cut the mustard, then I can always do that.

My biggest misgiving, to be honest, is that companies like Synology and QNAP don't always seem to have the user's privacy foremost in mind, but they're better than most. (I found this discussion of the issue useful.) Certain apps and support might require that the vendor will have some access to your data. But this is the price you pay for not using free software; as far as I know, the only way to absolutely guarantee the privacy of your information is if you enjoy total ownership over your hardware and software. But in this case, it involves developing skills (server administration) that I just don't have time for these days. So I'll just have to be careful and conscientious in what information I give to the vendor, what I install, what privacy issues it has, etc.

Besides, I figured, I could always install and run NextCloud on the device, and that's open source. So maybe was OK.

As this was a question I didn't have to answer yet, I decided to kick it down the road.

NAS vendor

Question: There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.

This was the first question that I couldn't quickly gloss over. Given that I knew I'd be buying a NAS, it followed that I'd be buying a machine that is already set up with its own operating system and, in the cases I'm most interested in, support for the suite of cloud apps I'm after (actually pure Linux NAS systems are available, but strangely expensive).

I had a few desiderata here:

  • Must have strong privacy and security policies and practices. The biggest reason to get a NAS, for me, is to avoid the privacy and security issues associated with hosting my data in a shared public cloud like Dropbox. So the operating system had better not phone home, the way Windows and Mac do, and the software should generally have strong privacy practices. Strong plus if data encryption features and two-factor authentication are built in and automatic or easy to implement.
  • Must be fast and powerful enough for daily use. I'm not sure how powerful it has to be, and it certainly depends on my Internet connection. But the bottom line is that syncing should not take forever, I shouldn't have to constantly wait for things like calendar entries to update, chat apps shouldn't be laggy, photos should upload and download reasonably fast so my family and I can use the server, etc.
  • Software in the ecosystem must be feature-rich and easy-to-use. Assuming it makes sense to make generalizations about the software ecosystem of a vendor, the software should be advanced and "ready for prime time," or as much as possible. For example, the syncing software should enable me to restore old versions that were mistakenly deleted. I should be able to share files with fine-grained permissions. The office collaboration apps (Google Docs/Sheets replacement) should offer real-time updating without significant edit conflicts. Updating the system should be automatic, i.e., as easy as it is to update Ubuntu (more or less automatic, if that's what I want, as it happens to be).
  • Prefer good reputation and reviews. Specs count for a lot, but so do reviews and reputation.

There are, essentially, two top NAS vendors that everybody talks about: Synology and QNAP. There are other vendors, to be sure, including (not a complete list) Asustor, TerraMaster, Netgear, and WD. But Synology and QNAP seem to be the gold standard, and since I had no desire to spend many hours or days looking over the differences between all the others, I initially narrowed down my choice to these two.

In my travels around the Internet, I found that Synology is marketed and thought of as being a home solution for the average reasonably technical user—or perhaps just for anybody who values UX highly, regardless of skill level. (I don't really know.) It apparently has an emphasis on simplicity and usability—the demo linked above gives great evidence of that—but sometimes (so I read) at the expense of configurability or choice. Synology puts more money into software than hardware, according to one prolific NAS reviewer; for the same money, a Synology box has more usable software but less satisfying hardware stats and overall speed than QNAP.

QNAP is sometimes portrayed as being more of a solution for more technical users, for whatever that's worth. While both ecosystems are based on Linux (and therefore presumably very configurable at some level), QNAP is again reputedly more configurable and speedier. It also has more apps available—but the apps are also sometimes a bit dodgier, or so I read. All of that sounds like Linux to me, frankly; but QNAP is actually more often compared to Windows and Android. Whatever, such comparisons are surely of limited value.

On this limited basis, being on the techier side who likes configurability, I was initially inclined toward QNAP. But on second and third thoughts, I heard a lot of breathless praise for Synology and the quality of its apps, including from some very technical people. And after all, I really care about software quality. Synology advocates say that its software "just works"—hugely important. A random person on Reddit replied to me saying, "From personal experience I run both Synology and QNAP devices and have done for several years. Synology has more robust software, generally more stable and less security flaws. QNAP provides faster hardware for the same money."

Reddit commenters seem to be fairly evenly divided between the brands, and machines from both brands are similarly rated 4 to 4.5 stars on Amazon.

I decided in the end to go with Synology. Usability is key. But I'd probably be about as happy with QNAP.

RAID/drive configuration

Question: This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?

A few different technical observers have said that one should err on the side of many bays, and that two is a definite non-starter. Why? Because two bays won't give you enough space unless you use a no-RAID setup, and part of the beauty of a NAS is that it has RAID support built in. (RAID, in case you didn't know, is an acronym for "Redundant Array of Independent Disks," and it is the practice of mirroring, and otherwise intelligently managing, data across several disks. It isn't the same as backup, but it can save you from losing data, so it can be a useful part of an overall backup plan.)

On the other hand, I don't have that much data, to be honest. Since Synology is expandable, I didn't go crazy and get a hell of a lot more space than I need—just a lot more than I need. For my personal, family, and modest business needs, I decided to get a five-bay device (it would have been four bays, but a five-bay device had double the RAM) and put three 2 TB drives in it. According to Synology's RAID calculator, this gives me something less than 4 TB of usable space, which is a lot for me. If I really wanted to rip all my movies, I'd have more than enough room. I can always add more drives and increase the size of the drives, too.

As far as which RAID configuration to use, since I've decided to go with Synology, I didn't even need to think about which kind to use: I just went with the cool "Synology Hybrid Raid" (SHR) setup. I don't understand it very well myself, except that it's supposed to be better than traditional RAID configurations for most uses.

Beefiness

Question: How much machine do I need?

When I sat down to figure out "how much machine I need," assuming I was going to get a Synology with four (or five) bays, I asked the Synology subreddit for help and the respondents generally said to just go ahead and get the beefiest four-bay machine. It was well within my price range and good value for the money, a couple people said. I asked a related question on r/HomeServer, where the DIY geeks tried but failed to make me feel guilty for not building my own server. (I did learn that I should choose my forums more carefully, though; and that, indeed, I might want to build my own server eventually, or have my son do it for me.)

A higher-end machine seemed necessary if I wanted to support (a) several simultaneous connections, (b) non-laggy real-time collaborative editing, (c) video streaming (seems like a good idea if the device is capable of it), (d) several apps/server processes running simultaneously.

So I decided to get the option with the most powerful processor (quad core Intel) and most RAM without actually voiding the warranty, and that ended up being this one.

Drives

Almost done! Last question: Which drives should I put into the NAS bays?

I have absolutely nothing intelligent to say on this one. I'll just share my conclusions. There are two main brands and models touted for NAS devices: Seagate IronWolf and Western Digital Red. Mostly because someone at Micro Center recommended them, I went with the SeaGate IronWolf. You can also choose the slower or faster versions; I got the faster-rated "Pro" version because disk access speed might actually improve the speed of response from my NAS when I'm out and about.

Conclusion

Wish me luck. The NAS and drives should arrive next week, and then I'll look forward to installing them on my network. I'll be getting a new router, too. (You should have a fast, secure, and modern router for a NAS, I gather, but I won't bore you with my ruminations on that.) All of that shouldn't take long. Rather longer will be the installation of the many and various NAS apps (and corresponding mobile apps) I'll need, along with the upgrading of my contacts, calendar, and of course my file sync program. The longest part of that process will probably be the actual copying of data from my computer's drives to the NAS. Hopefully, I won't have too much trouble converting my data folders, now associated with Resilio Sync (and earlier, with Dropbox) to whatever the Synology app I use on my computers and phone.

Another necessary step will be to do setup a zero-knowledge cloud backup—one that is strictly a backup, with no sync, no file access, no nothing but encrypted data storage. Should be fairly cheap (much cheaper than syncing services like Dropbox).

And another thing: I'll have to really lock down the NAS, since so much important info will be on it. Fortunately, Synology does have a lot of tools for doing that.

And another: I might want to route all outbound traffic from my NAS through a VPN. That's possible. (You can also use the NAS itself as a VPN node, but I'm not sure why, if you've already got a VPN to use; maybe a reader can tell me.)

What about the fun stuff? Well, in the very near future, I look forward to being able to do all this:

  • Delete all Google Docs I own; host my own real time collaborative documents. All of the Google Docs and Sheets I own, I'm moving to the corresponding Synology app on my own server. As far as I've been able to ascertain, the functionality is pretty much identical. I can't necessarily expect my work colleagues to stop using Google Docs, so I won't be able to rid myself of my Google account completely, but I will be able to get rid of most of my dependency on it. (There's still YouTube, though. I'm still all in, there.) But the cool part of course is that the documents I edit in real time will live right there on my own machines, in a private network I can open up to whomever I want.
  • Delete Google contacts. Completely delete all my contacts from Google, because I'll have them in a single central copy on my NAS (but with redundant copies on my devices).
  • Delete Gmail archive and set up Gmail vacation message. Since that was the main thing I was waiting for before rendering my Gmail account nonfunctional, I'll then make sure I have a local copy of all my Gmail archive, then delete all my old mails from Google servers. Then, finally, set up a "email me at my new address" on Gmail, something I've sort of been putting off until getting completely ready to separate myself from Gmail (not just my ongoing personal mail use, but all data archives, too).
  • Move Gcal data to Synology Calendar. I'm still using Gcal because I haven't had a privacy-respecting cloud solution. Soon, I will. Finally I'll be telling my colleagues to put my appointments invites on my own calendar on nas.sanger.io or—why not—just send me a mail and I'll add it myself. We've gotten so used to dealing with automatic invites that we've forgotten how stupid simple adding an appointment is by hand yourself. Hardly any time at all.
  • Stop using Slack for family chatting; start using chatting on our family server. Even if Papa is on the other side of the world, we'll be able to connect to each other via the same server that's right at home. My wife won't worry (as she does) that someone at Slack (or some hacker) is watching over our shoulders, since the whole encrypted chat takes place via our own server.
  • Keep my password manager datafiles in sync. I've had trouble with this ever since switching to Resilio and trying to use a single datafile shared by all instances. Instead, now I'll be able to use Synology's (and Enpass's) support for the WebDAV standard to keep the datafiles in sync. Yay!
  • Share pix with family like Dropbox, listen to streaming music, audiobooks, and podcasts like Pandora, and watch ripped streaming videos from anywhere like Netflix. Seriously, Synology even designed their video player's UX like Netflix's. So if I do decide to rip all those DVDs, I'll be able to watch videos that were formerly on a shelf in my living room while I'm unwinding after a speech far, far away. We can also stream the videos through the NAS straight to the TV, which is also cool. After this, I might not buy any more physical disks; I might just go ahead and buy digital all the way and stream stuff, assuming I don't have to deal with DRM headaches.
  • Maybe set up a Mastodon instance. That would be a great option, previously not available to me (or, not entirely controlled by me), for a new social media experiment I can use with my former Facebook friends.
  • Maybe get some security cameras. I wouldn't have done it before for the simple reason that I don't want the data online, as it would be. But if I can host the data myself, maybe it's OK.

Of course, there's a huge caveat: if it works as advertised. We'll see!


Cloud smackdown: NAS vs. Resilio Sync vs. Zero-Knowledge Cloud!

In my ongoing effort to lock down my cyber-life, I jettisoned Dropbox three weeks ago, and I'm quite happy I did.

But I'm not done with the reconfiguration. So, if you have the patience and credulity, you may listen in while an amateur deliberates about the choices...

People more expert about this stuff than I am: please review my various claims here for accuracy. I must thank a gentleman who gave excellent feedback and corrections on my VPN post from a month ago.

Why Resilio Sync isn't working out for me

As I explained in an update, the solution I went with—Resilio Sync plus backup to an external drive—had some drawbacks that were unexpectedly annoying. Foremost among these is the fact that Sync isn't a "set it and forget it" technology, i.e., you have to think about and maintain the state of your syncitude, since your devices have to be on at the same time (and Sync has to be working on both/all of them). Also annoying is having to rely heavily on traditional backup, because if God forbid you should delete something inadvertently, your deletion will propagate among your devices (if they're all on at the same time—entirely possible). I've had to use Dropbox's "restore" feature before; I figure it's only so long before I have to restore something from my backup, and what happens if my backup program's restore feature is screwed up or very hard to use? Oy.

These problems are annoying, but not horrible. However, I definitively decided that I had made the wrong choice when I discovered that Sync has no easy way (that I can find) to support the syncing of contacts, passwords, calendars, bookmarks, and text editor settings. Sure, you can sync a data file, but insofar as this same data file (i.e., identical copies of it) must interact correctly with software on each of your systems, then unless the software is specially and carefully written to work with an independent datafile that works the same on all your systems (I think Sublime Text is OK here), you should let your local copy of the software update its own copy of its datafile. This is one of those technical issues that sounds very abstruse, but which poses very real, concrete problems when the rubber meets the road.

The problem, essentially, is that you need to let your software (browser, password manager, calendar, or text editor) handle its own syncing via the cloud. There are two ways in which software can do this for you: (1) you use a cloud you pay for, like Dropbox (e.g., Enpass supports Dropbox syncing), or (2) you use the software vendor's cloud/server, as email syncs via IMAP with your mail host, which you must trust, or as Chrome and Firefox do with bookmarks, and as Apple does with your contacts and calendar. Boo! Hiss! I'd rather handle this myself and avoid the privacy/security risks, if I can.

Your very own cloud server: a NAS

Well...having decided I'm going back to the drawing board on a cloud/device syncing solution, I recalled that NAS devices solve this general problem very neatly. NAS means "network-attached storage," and it means basically your very own personal cloud server. It's an actual box that lives in your home or office, but it's also on the Internet, so you can access it from anywhere. It's not a traditional desktop computer; it's a server. With a NAS, when you sync your devices, they don't all have to be on, because they sync via the NAS, which is always on (but don't worry, it doesn't use much energy). If you ever have to restore your files, the NAS makes it easy without the trouble or worry of having to interact with fiddly backup software. In other words, "file restoration" is built in to the NAS's syncing software—an "undo" button for inadvertent deletion.

NASes (especially the Synology brand) come with a whole raft of software for syncing particular types of data that work with different apps, like calendars (oh joy! Finally, a plausible replacement for Gcal!), address books, passwords (using WebDAV), and more. This is a decided advantage over Resilio Sync, which simply doesn't offer such solutions.

NAS devices also support cloud-based collaborative document editing—basically, they replace Google Docs. It's insane what a NAS can do for you: not just syncing documents and data, not just collaborative document editing, but also (these are all available Synology packages/apps)

  • calendar (replaces Gcal and Apple calendar via iCloud)
  • contacts/address book (CardDav; replaces various)
  • chat (replaces Facebook Messenger, Slack, and Telegram; includes end-to-end encryption)
  • your own frickin' mail server if you're brave enough
  • photo sharing (replaces Instagram, Facebook, or whatever you use to share pictures with your family and friends)
  • Discourse (host your own web forum)
  • Apache and support for various programming languages like Java, Node.js, PHP, Ruby, as well as databases; i.e., make your NAS an actual, fully-functional web server
  • Redmine (project management and ticketing system; replaces Zendesk, Pivotal Tracker, Jira, Trello, Asana)
  • multiple options for blog, CMS, and wiki systems
  • video hosting and podcasting
  • VPN (i.e., turn your NAS into a VPN node)
  • Git and Git Server (put your code on your own Git server instead of using Github or Gitlab; handy if you have totally private projects)
  • built-in backup for the NAS

In short, just think of all the computing functions you farm out to the Internet just because you want something "always available from anywhere using a brower." Well, pretty much all of those services can be had via your own NAS, and a sizeable company (Synology) supports the software.

Now, I'm not saying these apps are as good as the ones available to you from the professionals. Your NAS is not likely to be as fast or as reliable as your current web host. But (a) it's yours, and (b) you don't have to worry about the prying eyes of corporate workers, or about hackers attacking the big corporate data honeypots (they might take a crack at your NAS if they think its defenses are poor, though).

Wait, what about zero-knowledge cloud services?

Oh, you thought I had forgotten about zero-knowledge cloud services, like Sync.com, Spider Oak, Pcloud (my son threatened to use this one himself because he didn't like Resilio Sync), and others?

I started out thinking these were good options, but in retrospect I see they don't hold a candle to NASes. They specialize in being always-on, reliable, and secure cloud sync/backup options. And that's good. The problem, however, is that there are an awful lot of cloud services we rely on that put you and your data in the same boat as Dropbox. And even if you don't need to host your own website or your own mail server, which is admittedly going a bit far, there are very sound reasons at least to want to host your own contacts, passwords, calendar, and so on.

I looked at the features offered by Sync.com, Spider Oak, and Pcloud, and while they seem to nail the traditional Dropbox feature set (which is good!), they don't support the other cloud features I'm anxious to have. One of the next items on my lock-down "to do" list is to finally replace Gcal and Apple Contacts, and to delete my calendar and contacts from Google. I just hate the idea of leaving these problems unsolved. My ambition is to completely divorce my data and habits from Google, Apple, and Microsoft products. I don't see how I can do that without either trusting somebody else, or running my own server. Since zero-knowledge cloud services are so underdeveloped at present—and if I were an investor, I'd put money into that, as it strikes me as a potentially huge growth industry—the only option left is a NAS.

Some final reasonable considerations

Let's take a step back and get reasonable, now.

What is the main concern motivating these deliberations? Not just concern about privacy, but a refusal to entrust sensitive information to corporations that are, essentially, black boxes to me. But maybe I can just accept some risk here. Isn't that reasonable?

Well, I wouldn't be where I am if I was prepared to answer "yes. " My sense of the thing is that having massive amounts of valuable data sitting right in their servers ends up being too much of a temptation to a lot of companies, and they can craft and interpret their privacy policies in a clever enough way to escape much legal risk. And even if I could trust their privacy practices, the many and growing number of security breaches means my data isn't safe.

I also don't like the direction that both government surveillance and authoritarian, paternalistic corporate cultures are moving in; while I don't expect the secret police to bust down the door anytime soon, or the remaining Big Tech companies I have relationships with to cut me off, it's a definite plus to cut ties with these institutions which have become so corrupt.

I admit my motivations are partly (perhaps only a small part) political. I'd like to lead a revitalized, individualistic civil society in a better direction, help support the ecosystem of privacy-respecting companies, and poke snoops, spooks, hackers, and authoritarians in the eye.

All that said, I don't expect others to think about this the way I do. We all have our paths to walk.

As for myself, I've concluded I will get a NAS after all. Wish me luck with the installation and configuration!


Zuckerberg Is Wrong: Don't Regulate Our Content

Last Sunday, Mark Zuckerberg made another Facebook strategy post. (This is his second major policy post in as many months. I responded to his March 6 missive as well.) Unsurprisingly, it was a disaster.

I want to shake him by his lapels and say, "Mark! Mark! Wrong way! Stop going that way! We don't want more snooping and regulation by giant, superpowerful organizations like yours and the U.S. government! We want less!"

He says he has spent two years focused on "issues like harmful content, elections integrity and privacy." If these have been the focuses of someone who is making motions to regulate the Internet, it's a good idea to stop and think a bit about each one. They are a mixed bag, at best.

1. Zuckerberg's concerns

Concern #1: "Harmful content"

Zuckerberg's glib gloss on "harmful content" is "terrorist propaganda, hate speech and more." Applying the modifier "harmful" to "content" is something done mainly by media regulators, giant corporations like Facebook, and the social justice left. Those of us who still care about free speech—and I think that's most of us—find the phrase not a little chilling.

Let's be reasonable, though. Sure, on the one hand, we can agree that groups using social media to organize dangerously violent terrorism, or child pornography, or other literally harmful and illegal activity, for example, should be shut down. And few people would have an issue with Facebook removing "hate speech" in the sense of the KKK, Stormfront, and other openly and viciously racist outfits. That sort of thing was routinely ousted from more polite areas of the Internet long ago, and relegated to the backwaters. That's OK with me. Reasonable and intellectually tolerant moderation is nothing new.

On the other hand, while all of that can perhaps be called "harmful content," the problem is how vague the phrase is. How far beyond such categories of more uncontroversially "harmful" content might it extend? It does a tiny bit of harm if someone tells a small lie; is that "harmful content"? Who knows? What if someone shares a conservative meme? That's sure to seem harmful to a large minority of the population. Is that a target? Why not progressive memes, then? Tech thought leaders like Kara Swisher would ban Ben Shapiro from YouTube, if she could; no doubt she finds Shapiro deeply harmful. Is he fair game? How about "hateful" atheist criticisms of Christianity—surely that's OK? But how about similarly "hateful" atheist criticisms of Islam? Is the one, but not the other, "harmful content"?

This isn't just a throwaway rhetorical point. It's deeply important to think about and get right, if we're going to use such loaded phrases as "harmful content" seriously, unironically, and especially if there is policymaking involved.

The problem is that the sorts of people who use phrases like "harmful content" constantly dodge these important questions. We can't trust them. We don't know how far they would go, if given a chance. Indeed, anyone with much experience debating can recognize instantly that the reason someone would use this sort of squishy phraseology is precisely because it is vague. Its vagueness enables the motte-and-bailey strategy: there's an easily-defended "motte" (tower keep) of literally harmful, illegal speech, on the one hand, but the partisans using this strategy really want to do their fighting in the "bailey" (courtyard) which is riskier but offers potential gains. Calling them both "harmful content" enables them to dishonestly advance repressive policies under a false cover.

"Hate speech" functions in a similar way. Here the motte is appallingly, strongly, openly bigoted speech, which virtually everyone would agree is awful. But we've heard more and more about hate speech in recent years because of the speech in the bailey that is under attack: traditional conservative and libertarian positions and speakers that enfuriate progressives. Radicals call them "racists" and their speech "hate speech," but without any substantiation.

It immediately raises a red flag when one of the most powerful men in the world blithely uses such phraseology without so much as a nod to its vagueness. Indeed, it is unacceptably vague.

Concern #2: Elections integrity

The reason we are supposed to be concerned about "elections integrity," as one has heard ad nauseam from mainstream media sources in the last couple years, is that Russia caused Trump to be elected by manipulating social media. This always struck me as being a bizarre claim. It is a widely-accepted fact that some Russians thought it was a good use of a few million dollars to inject even more noise (not all of it in Trump's favor) into the 2016 election by starting political groups and spreading political memes. I never found this particularly alarming, because I know how the Internet works: everybody is trying to persuade everybody, and a few million dollars from cash-strapped Russians is really obviously no more than shouting in the wind. What is the serious, fair-minded case that it even could have had any effect on the election? Are they so diabolically effective at propaganda to influence elections that, with a small budget, they can actually throw it one way or another? And if so, don't you think that people with similar magically effective knowhow would be on the payroll of the two most powerful political parties in the world?

Concern #3: Privacy

As to privacy—one of my hobby horses of late—Zuckerberg's concern is mainly one of self-preservation. After all, this is the guy who admitted that he called you and me, who trusted him with so much of our personal information, "dumb f--ks" for doing so. This is a guy who has built his business by selling your privacy to the highest bidder, without proposing any new business model. (Maybe they can make enough through kickbacks from the NSA, which must appreciate how Facebook acts as an unencrypted mass surveillance arm.)

Mark Zuckerberg has absolutely no credibility on this issue, even when describing his company's own plans.

He came out last month with what he doubtless wanted to appear to be a "come-to-Jesus moment" about privacy, saying that Facebook will develop the ultimate privacy app: secret, secured private chatting! Oh, joy! Just what I was missing (um?) and always wanted! But even that little bit (which is a very little bit) was too much to hope for: he said that maybe Facebook wouldn't allow total, strong, end-to-end encryption, because that would mean they couldn't "work with law enforcement."

The fact, as we'll see, that he wants the government to set privacy rules means that he still doesn't care about your privacy, for all his protestations.

Zuckerberg's declared motives are dodgy-to-laughable. But given his recommendation—that the government start systematically regulating the Internet—you shouldn't have expected anything different.

2. Mark Zuckerberg wants the government to censor you, so he doesn't have to.

Zuckerberg wants to regulate the Internet

In his previous missive, Zuckerberg gave some lame, half-hearted ideas about what Facebook itself would do to shore up Facebook's poor reputation for information privacy and security. Not so this time. This time, he wants government to take action: "I believe we need a more active role for governments and regulators." But remember, American law strives for fairness, so these wouldn't be special regulations just for Facebook. They would be regulations for the entire Internet.

"From what I've learned," Zuckerberg declares, "I believe we need new regulation in four areas: harmful content, election integrity, privacy and data portability."

When Zuckerberg calls for regulation of the Internet, he doesn't discuss hardware—servers and routers and fiber-optic cables, etc. He means content on the Internet. When it comes to "harmful content and election integrity," he clearly means some harmful and spurious content that has appeared on, e.g., Facebook. When he talks about "privacy and data portability," he means the privacy and portability of your content.

So let's not mince words: to regulate the Internet in these four areas is tantamount to regulating content, i.e., expression of ideas. That suggests, of course, that we should be on our guard against First Amendment violations. It is one thing for Facebook to remove (just for example) videos from conservative commentators like black female Trump supporters Diamond and Silk, which Facebook moderators called "unsafe." It's quite another thing for the federal government to do such a thing.

Zuckerberg wants actual government censorship

Now, before you accuse me of misrepresenting Zuckerberg, look at what his article says. It says, "I believe we need a more active role for governments and regulators," and in "four areas" in particular. The first-listed area is "harmful content." So Zuckerberg isn't saying, here, that it is Facebook that needs to shore up its defenses against harmful content. Rather, he is saying, here, that governments and regulators need to take action on harmful content. "That means deciding what counts as terrorist propaganda, hate speech and more." And more.

He even brags that Facebook is "working with governments, including French officials, on ensuring the effectiveness of content review systems." Oh, no doubt government officials will be only too happy to "ensure" that "content review systems" are "effective."

Now, in the United States, terrorist propaganda is already arguably against the law, although some regret that free speech concerns are keeping us from going far enough. Even there, we are right to move slowly and carefully, because a too-broad definition of "terrorist propaganda" might well put principled, honest, and nonviolent left- and right-wing opinionizing in the crosshairs of politically-motivated prosecutors.

But "deciding what counts as...hate speech" is a matter for U.S. law? Perhaps Zuckerberg should have finished his degree at Harvard, because he seems not to have learned that hate speech is unregulated under U.S. law, because of a little thing called the First Amendment to the U.S. Constitution. As recently as 2017, the Supreme Court unanimously struck down a "disparagement clause" in patent law which had said that trademarks may not "disparage...or bring...into contemp[t] or disrepute" any "persons, living or dead." This is widely regarded as demonstrating that there is no hate speech exception to the First Amendment. As the opinion says,

Speech that demeans on the basis of race, ethnicity, gender, religion, age, disability, or any other similar ground is hateful; but the proudest boast of our free speech jurisprudence is that we protect the freedom to express “the thought that we hate.” 

The trouble with the phrase "hate speech" lies in both the ambiguity and the vagueness of the word "hate" itself. "Hate speech" in its core sense (this is the motte) is speech that is motivated by the speaker's own bigoted hatred, but in an ancillary sense (this is the bailey), it means speech that we hate, because in our possibly incorrect opinion we think it is motivated by bigotry (but maybe it isn't). The phrase "hate speech" is also vague and useless because hate comes in degrees, with shifting objects. If I am irritated by Albanians and very mildly diss them, am I guilty of hate speech? Maybe. Jews? Almost certainly. What about white male southerners? Well, what's the answer there? And what if I really strongly hate a group that it is popular to hate, e.g., rapists?

There's much more to be said about this phrase, but here's the point. If government and regulators took Zuckerberg's call for hate speech legislation to heart, what rules would they use? Wouldn't they, quite naturally, shift according to political and religious sentiments? Wouldn't such regulations become a dangerous political football? Would there be any way to ensure it applies fairly across groups—bearing in mind that there is also a Fourteenth Amendment that legally requires such fairness? Surely we don't want the U.S. legal system subject to the same sort of spectacle that besets Canada and the U.K., in which people are prosecuted for criticizing some groups, while very similar criticism of other, unprotected groups goes unpunished?

But precisely that is, presumably, what Zuckerberg wants to happen. He doesn't want to be responsible for shutting down the likes of Diamond and Silk, or Ben Shapiro. That, he has discovered, is an extremely unpopular move; but he's deeply concerned about hate speech; so he would much rather the government do it.

If you want to say I'm not being fair to Zuckerberg or to those who want hate speech laws in the U.S., that of course you wouldn't dream of shutting down mainstream conservatives like this, I point you back to the motte and bailey. We, staunch defenders of free speech, can't trust you. We know about motte and bailey tactics. We know that, if not you, then plenty of your left-wing allies in government and media—who knows, maybe Kara Swisher—would advocate for government shutting down Ben Shapiro. That would be a win. The strategy is clear: find the edgiest thing he has said, label it "hate speech," and use it to argue that he poses a danger to others on the platform, so he should be deplatformed. Or just make an example of a few others like him. That might be enough for the much-desired chilling effect.

Even if you were to come out with an admirably clear and limited definition of "hate speech," which does not include mainstream conservatives and which would include some "hateful," extreme left-wing speech, that wouldn't help much. If the government adopted such "reasonable" regulations, it would be cold comfort. Once the cow has left the barn, once any hate speech law is passed, it's all too easy for someone to make subtle redefinitions of key terms to allow for viewpoint censorship. Then it's only a matter of time.

It's sad that it has come to this—that one of the most powerful Americans in the world suggests that we use the awesome power of law and government to regulate speech, to shut down "hate speech," a fundamentally obscure weasel word that can, ultimately, be used to shut down any speech we dislike—which after all is why the word is used. It's sad not only that this is what he has suggested, but that I have to point it out, and that it seems transgressive to, well, defend free speech. But very well then, I'll be transgressive; I'd say that those who agree with me now have an obligation to be transgressive in just this way.

We can only hope that, with Facebook executives heading for the exits and Facebook widely criticized, Zuckerberg's entirely wrongheaded call for (more) censorship will be ignored by federal and state governments. Don't count on it, though.

But maybe, censorship should be privatized

Facebook is also, Zuckerberg says, "creating an independent body so people can appeal our decisions." This is probably a legal ploy to avoid taking responsibility for censorship decisions, which would make it possible to regulate Facebook as a publisher, not just a platform. Of course, if the DMCA were replaced by some new regulatory framework, then Facebook might not have to give up control, because under the new framework, viewpoint censorship might not make them into publishers.

Of course, whether in the hands of a super-powerful central committee such as Zuckerberg is building, a giant corporation, or the government, we can expect censorship decisions to be highly politicized, to create an elite of censors and rank-and-file thought police to keep us plebs in line. Just imagine if all of the many conservative pages and individuals temporarily blocked or permanently banned by Facebook had to satisfy some third party tribunal.

One idea is for third-party bodies [i.e., not just one for Facebook] to set standards governing the distribution of harmful content and measure companies against those standards. Regulation could set baselines for what's prohibited and require companies to build systems for keeping harmful content to a bare minimum.

Facebook already publishes transparency reports on how effectively we're removing harmful content. I believe every major Internet service should do this quarterly, because it's just as important as financial reporting. Once we understand the prevalence of harmful content, we can see which companies are improving and where we should set the baselines.

There's a word for such "third-party bodies": censors.

The wording is stunning. He's concerned about "the distribution" of content and wants judged "measured" against some "standards." He wants content he disapproves of not just blocked, but kept to a "bare minimum." He wants to be "effective" in "removing harmful content." He really wants to "understand the prevalence of harmful content."

This is not the language that someone who genuinely cares about "the freedom for people to express themselves" would use.

3. The rest of the document

I'm going to cover the rest of the document much more briefly, because it's less important.

Zuckerberg favors regulations to create "common standards for verifying political actors," i.e., if you want to engage in political activity, you'll have to register with Facebook. This is all very vague, though. What behavior, exactly, is going to be caught in the net that's being weaved here? Zuckerberg worries that "divisive political issues" are the target of "attempted interference." Well, yes—well spotted there, political issues sure can be divisive! But it isn't their divisiveness that Facebook or other platforms should try to regulate; it is the "interference" by foreign government actors. What that means precisely, I really wonder.

Zuckerberg's third point is that we need a "globally harmonized framework" for "effective privacy and data protection." Well, that's music to my ears. But it's certainly rich, the very notion that the world's biggest violator of privacy, indeed the guy whose violations are perhaps the single biggest cause of widespread concern about privacy, wants privacy rights protected.

He wants privacy rights protected the way he wants free speech protected. I wouldn't believe him.

Zuckerberg's final point is another that you might think would make me happy: "regulation should guarantee the principle of data portability."

Well. No. Code should guarantee data portability. Regulation shouldn't guarantee any such thing. I don't trust governments, in the pockets of "experts" in the pay of giant corporations, to settle the rules according to which data is "portable." They might, just for instance, write the rules in such a way that gives governments a back door into what should be entirely private data.

Beware social media giants bearing gifts.

And portability, while nice, is not the point. Of course Zuckerberg is OK with the portability of data, i.e., allowing people to more easily move it from one vendor to another. But that's a technical detail of convenience. What matters, rather, is whether I own my data and serve it myself to my subscribers, according to rules that I and they mutually agree on.

But that is something that Zuckerberg specifically can't agree to, because he's already told you that he wants "hate speech and more" to be regulated. By the government or by third party censors.

You can't have it both ways, Zuckerberg. Which is it going to be: data ownership that protects unfettered free speech, or censorship that ultimately forbids data ownership?


How I replaced Dropbox

Updated April 2 at bottom.

My main beef with Dropbox is that it's not secure, not adequately encrypted, and there's been a little too much indication that Dropbox is spying on user data.

Ever since I decided to lock down my cyber-life, I had Dropbox in my sights. It was going to be a pain to replace it, I thought, so it took a while before I got around to doing so. I finally did do so today.

The longest step of this process was deciding what I wanted to do. At first, I thought I'd set up my own lightweight cloud server using my desktop, which would sync files on all my devices, something like NextCloud. A great bonus is that this makes it particularly easy to sync things like your address book and passwords. This doesn't seem like a bad idea and is now my fallback. But I ultimately decided to pass because (a) setup might end up being very bothersome, (b) it might eat up desktop resources, and (c) I'd have to keep my computer on all the time, which seems suboptimal.

All of the problems with installing my own NextCloud—bothersome setup, resources constraints, and always-on system—are taken care of by getting my own server or, less ambitiously, what is called a NAS, or Network-Attached Storage system. I spent several hours yesterday researching all about NASes, and came close to getting either a QNAP or a Synology NAS, because they're so frickin' cool. I mean, jeez, it's actually a fully-functioning standalone web server with a zillion apps (especially Synology), and sure, you can use it to sync your files. But the more I thought about it, the more I thought, "This is a lot of work (and yet another giant attack surface for hackers), when all I really want is a Dropbox replacement." If I were just hacking and exploring, I would have gotten a NAS in a heartbeat, they're so cool. But I have other things to do, so...

I also semi-seriously considered getting a zero-knowledge encryption system, like SpiderOak. The premise seems solid: your files are all saved in the cloud, but 100% encrypted, and the key needed to decrypt them is only on your machine (or in your head). SpiderOak (and many other similar services) cannot scan your files because it lacks the keys to read them. I guess my experience with being hacked and seriously disaffected with storing data in the cloud generally turned me off even to this. If I don't have to trust a company (as I do if, e.g., I want to use a VPN), then I'd prefer not to.

So, how do you get cloud functionality without the cloud? With syncing apps. These use different technologies to sync your devices directly with each other, through the Internet, but not stored on the Internet, and without any one of them acting as a server to the others (so they're all peers of each other in your little device network). It turns out that there are several options available here, and I came close to going with Syncthing because it's open source (and therefore, more trustworthy) but...no iPhone app. But the next best thing is Resilio Sync, which is also based on (the UPDATE: closed-source) Bittorrent Sync. Now, the fact that it uses Tor doesn't mean your data is stored in the dark web. It simply makes use of the Tor network, which is perfectly legal and legit, that is required for accessing the dark web (something I've never even tried to do, by the way). The beauty of the system is that in transit through cyberspace, your data is end-to-end encrypted through a decentralized network. It's hard to get more secure, or that's my understanding.

Resilio Sync is pretty easy to install if you're not using Linux. It was a bit of a pain (they could work harder on the setup, I mean really, guys) but still doable, if like me you're reasonably adept with vague Linux instructions. It didn't take longer than an hour to completely set up and test (my son did it in half the time), and then I started moving folders over, one by one, from Dropbox to my new Sync folder. This was quite satisfying, not unlike that satisfying feeling of changing my account email addresses from gmail.com to sanger.io. And because Resilio updates via your LAN directly from device to device, it syncs much faster than Dropbox. Like Linux, the slightly geekier alternative turns out to be just better, all the way around.

I got the $100 one-time deal so my family could all use it. Since this is roughly what I've been paying to Dropbox yearly for the last decade or whatever it's been, I was very happy to pay this.

How does it work? Well, once it's set up, it's just like Dropbox. Create a new file in your work folder? It's practically instantly synced to any other devices that are on, as soon as you save it. (Of course, it does have to be on, in order to sync. And your phone won't sync the file and folder contents; it will only sync the index, and then, as with the Dropbox mobile app, you can download the item one-by-one.)

There is one very small change this might require to your routine. Since your files aren't in the cloud but only on other machines, before you leave one machine with files on it you might want to access elsewhere, you'll want to make sure either (a) that machine will stay on while you're away from it, or (b) you've synced before you leave while they're in close proximity (the LAN connection will make syncing faster, too).

Love it so far. Buh-bye Dropbox! Any regrets so far? Not really. While LAN syncing for me is significantly faster than Dropbox, it uses only 10% of my available LAN bandwidth, and I wasn't able to get it to go faster; I'm not sure what's up with that. I tried to fix it but didn't dare do too much, since it involved a lot of fiddly changes to settings that, it seems, need to be undone. Your mileage may vary.

Also, they didn't make Linux GUI other than a browser-based one, which is OK; it works well enough. They didn't even bother to create a tray icon, but they do have an API, so my 12-year-old son made one for them and I'm already using it. (Want the code, Resilio? I can set that up.)

Of course, if you haven't taken the Linux plunge, Resilio Sync is probably going to be a lot more usable for you—not that, at the end of the day, it isn't extremely usable for Linux users, too. And, as I've indicated, there are many, many other options available to you if you want to ditch Dropbox. You should consider them for yourself.


April 2 update:

I've been using Resilio Sync for the last two weeks, and my son and I have a few concerns. The first is one we knew about going in: it's not a cloud solution. Syncing works only if both devices are on. This means syncing isn't exactly "set it and forget it." You have to pay attention to whether something is syncing, and if you forget...you won't be synced. After using Dropbox for years, this turns out to be quite annoying.

This, in turn, means I have to worry more about losing files. I can back up files on my main machine, which is always a great idea (of course), but if I haven't synced because two machines haven't been on at the same time (or because I need to reboot Sync, which is also an annoyance), then I might still lose laptop files because I only back up my desktop.

Backing up is all the more important because it is possible to inadvertently delete a bunch of files from one machine...leading them to be deleted everywhere. That would be a disaster. It's like automatically deleting all your backups. Of course, the stuff might be rescuable in Trash, but do you really want to rely on Trash as a fallback solution?

To pour salt in the wound, if I really want peace of mind, I have to make sure the the backup program is fantastic. I can't rely on Resilio Sync as a backup program. And the default Ubuntu backup program kind of sucks (which is surprising to me). This isn't a count against Resilio, but it does make switching, if I'm going to switch, more urgent.

So it's back to the drawing board. A zero-knowledge encryption cloud solution is sounding better now, but there are two sticking points for me: (a) I don't want to have to trust an external vendor if I don't have to, and (b) I'm not confident that I know what's going on well enough to be able to say that my data is truly secure and private.

Last time, I came very close to getting a NAS, but I didn't. I'm now 90% sure I will get a NAS after all.

The reason I didn't get a NAS the first time is that it sounded like just too much trouble to set it up and maintain it, not to mention having another attack surface to lock down. But the more I think about it, the more I think it might be worth it.

After all, another rather huge advantage of a NAS is that I don't have to rely on any cloud service I don't control myself, at least for my personal purposes, for a range of purposes we now use different cloud services for. That means I can maintain my own synced contacts, passwords, bookmarks, etc., as well as supporting collaborative documents (a la Google Docs) I want to work on with others (such as a Declaration of Digital Independence). I might still have to rely on Google Docs (or something like it) for work, but at least my private life would be more locked down.

Any one of the latter advantages certainly wouldn't be enough to justify getting a NAS. But taken together, and combined with an always-on Dropbox alternative that I can "set and forget," it's looking better and better.

Stay tuned. I'm not done yet.

Another installment in my series on how I’m locking down my cyber-life.


How and why I got a VPN

As part of my ongoing efforts to lock down my cyber-life, I finally decided to investigate VPNs (virtual private networks) and subscribe to one, if it seemed to be a good idea.

Well, it is a good idea. So I got one, and it was pretty cheap.

What is a VPN, anyway?

A virtual private network, briefly, is subscription service (there are free ones, but don't use a free one) that you can connect to in order to mask your IP address, pretending (unsuccessfully if you're using a mobile connection) that you're connecting to the Internet from somewhere else, while encrypting the data that passes between you and your ISP (which can mean your data is encryped as it passes through wifi). It doesn't replace your ISP; you still need an ISP to connect to the Internet. More specifically, a VPN (typically, a for-profit company):

  1. Is runs a number of servers (computers), which ideally are located all around the world, each of which connects to the Internet on your behalf.
  2. Is a service you connect to, as a data "tunnel" to the Internet. You can set up your computer or phone so that it connects to the VPN whenever you get online (or whenever you like). All your requests to the Internet, and all the responses you receive from the Internet, are routed through one or another of the VPN's nodes.
  3. Encrypts the data exchanged between its servers and your device.
  4. Typically doesn't log your traffic (but there's no way to know this for sure) or intercept your data (unless they receive a specific court order to do so in your case).
  5. Is typically a paid service; there are free ones.

Why would I want a VPN?

So, what does a VPN do? What is it good for? What are the benefits? Why would you get one? Several things (cf. this useful intro):

  1. Foil the NSA, maybe. You connect to the Internet via your ISP at home, right? Well, since data you exchange with the VPN is encrypted, your ISP can't detect anything about what websites you're looking at or what information you're sending. Since mass surveillance (e.g., by the NSA) is typically done at the ISP level, this foils such surveillance. But maybe you trust all the fine, upstanding people who work for the government and don't care. Well, there are other reasons, as well:
  2. Make it harder for websites, hackers, and advertisers to spot you. When you connect to a website without a VPN, it typically logs the IP address that is accessing it, maybe info about your device, browser, etc. This can be used by the website to track you and for various nefarious purposes. When you connect with a VPN, websites log data from the VPN's server, which says nothing about you. This protects your information privacy and security (which you should care about!).
  3. Use airport, hotel, and restaurant connections securely. If you connect to the Internet via your airport's connection, hackers can pretty easily do nasty things with your data stream. But if your data stream is completely encrypted on its way through the airport's wifi to and from the VPN, those hackers can't touch you. Take that, hackers! This is a huge advantage to me, considering how much traveling I'm doing these days.
  4. See content as if you were elsewhere. If you want to access information that is accessible only by IP addresses from a given country (such as the U.K. or the U.S.), a VPN lets you do so. You can make it look like you're from there! E.g., I can watch Brits-only content from the BBC. That's just kind of cool.
  5. More safely do P2P file sharing. If you must, and are cheap, and refuse to pay the creators of your content, you bastard.

If you don't care about privacy or security or striking a blow against mass surveillance, then you should pass. If you do care about those things, consider getting a VPN.

WThere's one significant disadvantage about VPNs, which makes me sad, but I'll live with it: VPNs do slow down your Internet connection, but not necessarily by much. As you know (if you know how the Internet works at all), Internet traffic bounces from node to node as it makes its way from the website (or whatever) you're accessing to your device. The VPN adds one node to that trip. As long as you connect to a VPN server located near you, this trip isn't actually lengthed by much. BestVPN.com says it slows down your connection speed by 10%, but the actual amount at any given time depends on many factors. I rarely notice much of a difference, for what it's worth.

Update: after using it for a couple days, my VPN (which is reputedly one of the faster ones) doesn't really noticeably slow down my connection, even at the hotel. Except when I was connected to the U.K., and then the only problem was that I had to buffer a video once or twice.

What VPN did I choose?

I'm not telling. I spent some hours doing research. A name emerged. You should do the same and use your own judgment. Be careful not to subscribe to any shady VPNs; they doubtless do exist and it might be hard to figure out whether yours is one. There can be problems with the software as well. Unfortunately, some amount of trust is involved if you're not a specialist. I bore these requirements in mind:

  • Don't just look for claims that they don't keep logs; check that the claims have been verified (by consultants, courts, or police).
  • Bear in mind that many reviews might be paid for and so can't be trusted. It might be hard to tell which reviews these are.
  • Speed.
  • Can one determine who owns the company? Do they look legit?
  • Support for Linux.

There are other features you might be interested in, of course.

How hard was it to buy and install?

I can speak only about the one I bought and installed: it was dead simple. It was no harder to buy than any other subscription service. As for installation, I had it downloaded, installed, and working in maybe two minutes. Of course, that's just the one I bought.

Note, you don't have to install special software to use a VPN, e.g., if you're using an OS or browser that has the software built in.

There's much more to know about VPNs, which you might want to know if you're going to get into it. You're just getting a rank beginner's explanation of why he got one, here.

This is part of the series on how I'm locking down my cyber-life.