Today is January 28th, 2021 and it is Data Privacy Day (or Data Protection Day)!
It was first initiated in 2007 as the European Data Protection Day, which was later on known as Data Privacy Day. In any case, it is an international event that occurs every year on January 28th. The purpose is to raise awareness and promote privacy and data protection.
Following my last article on self-hosting, this one will be similar to it but focusing on more specific tools and services that I use to have better peace of mind.
Not all services will be self-hosted of course, but just to give the idea of what you can do also to maintain better privacy of your digital life.
Would like to focus on few elements that are most common when it comes to interacting with the Internet and the ones that might hold a lot of sensitive information.
- Chat
- Web browser
- Password manager
- Notes
- Backing up sesitive information
One of today's most common ways to communicate and correspond is email. Yes, there are new ways to eliminate email and to focus on more instant messaging apps that provide an environment for chat, share, video & audio collaboration, etc, but the fact remains that email is still one of the most elegant ways to open a communications line with and individual or a business.
Like any other service, there are many ways to get an email account. Free, commercial, self-hosted, and all have their positive and negative sides. Without too much on the matter, I would like to focus on how can you protect your email from current threats and not worry about your privacy.
You have to be aware that with free email services you have no privacy. Ok, if it's protected well enough, hacking it will be hard, but the fact remains that the owner of the email system can use it to its advantage. Gmail anyone?
Because of this, it is not uncommon to use multiple email accounts even on multiple platforms for various things. Free account for all the junk email, newsletters, etc, and commercial ones or self-hosted ones for your official email correspondence.
When it comes to privacy and email, my personal choice is Protonmail. They are on the market for several years now and offer more services than a simple email, but the reason why I use them is simple.
Affordable for the level of security, multiple layers of protection, and are based in Switzerland. They offer a free account as well, and I can tell you it's a lot better than any other free email account out there when it comes to privacy.
I use their services for all the important correspondence and never had any problems at all. Apart from them, even Apple iCloud mail is a system that I trust considering that their focus on privacy and user data protection is baked into all of their services and products.
Another way to look at your email from a privacy standpoint is to self-host your email system.
Using Synology MailPlus, you can host your email system with up to 5 email users covered with built-in licenses. If you want more then that you will have to buy more, but to start this is not bad at all.
Keep in mind that running your mail server is not an easy task. Sure you can set it up quickly but the configuration after that is what matters. There is a lot that goes into running your mail platform so be sure to read up on that before you head into the deep water. Also, best to have a static public IP address on the location where the NAS will be configured.
Chat
When it comes to chat platforms today, we have a huuuuuuuge number of those. Some are free, some are not, some are E2E encrypted some are not, some are being spied on (!?!), and so on, but the point is the same, if you want privacy, best to go with a self-hosted one. Ok, so people will say how do you mean that? How am I suppose to share TikTok videos on a privately hosted chat platform with anyone?
Of course, you can't. The focus here is to run a privately hosted chat platform for your business for example or private group(s) that you share a common interest with. Using a "free" cloud-hosted service for your business could potentially be a disaster for you and your confidential information.
So with the likes of Viber, Signal, Whatsapp, Telegram, Teams, etc, you can run your chat platform on your hardware. I have written many times about Rocket.Chatbot I will mention it again. With RC you will have the option to have a fully private, E2E chat experience for a large number of users with all the benefits that some commercial or public "free" platforms offer.
If you need to go that far as to keep it isolated from the internet as well, and just use it in your LAN for example, you can do that as well. Working on a secret project for example, and you need the benefits of a chat platform but without the need of the public Internet, talk about privacy.
Web browser
This topic is always war. Also, in many cases, it turns into Apple vs. PC war, not sure why but it does. I'm sure you are aware of many web browsers out there. Microsoft has a few (one better than the next), Apple has Safari, Google has also a few of them, and then there are those that work on their single browser to make it as best as possible.
A browser in some cases is baked into the OS of your choice and in my case, that's Safari, Apple's only web browser. Now I can install some other browser and I do have them, but Safari is my daily driver and I like it. Ok, it does have some problems here and there, but when it comes to privacy, and that's what we are talking about here, I don't trust any other browser out there. The same goes for my OS of choice but that's a different topic altogether.
What could be a potential problem even with the best of them out there are plugins or extensions. Be very careful what extensions are you using with your browsers as they could open the door to some problematic outcomes that could, as a result, have dire consequences.
Password Manager
Now, picking up on the previous category, this one, password manager, is closely related and maybe one of the most important ones today when it comes to data privacy.
There is almost no free or commercial system that is not password protected. At least password protected. If you use a simple free email account or need to log into your bank you will need some form of login. Well, 123456 is not a secure password and neither is "#%"R3G!#$%T! if you use it on all of your sites and services.
Sure the last one is super strong, but if it gets compromised in any way, you will have all your services exposed as well.
The best thing IMHO is to not know your passwords, especially to some less frequent sites and services, but personally, I don't know any of my passwords at all. Why? Well if I don't know them, I can't type them, if I can't type them it is safer from being keylogged, looked over my shoulder, or simply guessed.
The only thing I do know is the passphrase to my password manager, that's it. Sure some will say that that's even worse but I do have a second-factor authenticator on a device that is protected by biometrics, so I sleep just fine.
On the topic of 2FA, most password managers today have that option and if the system you log into does offer it, use it. Don't think about it, just use it. A strong complex password (20 characters or more) with a 2FA will be far more secure than using your home address as a password.
If you can self-host it that would be an even better bonus! Less of a target in the vast Internet ocean. Personal choice of mine, Bitwarden.
I have never used a password manager before BW just because there was no self-hosted version that was that secure and cross-platform based (what I was looking for). Never would I ever host any sensitive data on any commercial destination, so until BW came out, my password management was a disaster. Safer than using a few passwords for 20-30 services, but still not clean, elegant, and worry free as it is with BW in place.
Notes
Another important feature that needs to be on any device nowadays is notes. Almost all devices (desktop and mobile) have some sort of note application that allows syncing but most if not all of them use a "cloud" (public that is) destination to maintain syncing of data.
Red flags off the bat right? Ok so some are more secure than the others, but there is always a better way. For example, some note taking apps use Dropbox of Google Drive as a potential destination to save your notes database and keep it in sync with all your devices. Sure it works, but what about privacy? Yeah..., no thanks.
Apple has its syncing options for all of its services via iCloud. Works, is it private and secure? I would put my money on them, but not for important, sensitive data. Just to be clear I do use Apple notes, like a shopping list with my wife, and some other less important things.
What about all the sensitive data? Work-related information, knowledge-based articles, etc? For that, I use Standard Notes. Not just that, I self-host them as well.
So, keeping all my notes on my HW and having zero communications with the outside world, not bad. What about syncing? Well, that is going over the Internet, but again my device is talking to my Notes server and no other 3rd party element. On top of that, all is E2E encrypted so again, I sleep just fine.
Backing up sesitive information
The last thing is keeping your sensitive information backed up. Considering that you should always have all your important data backed up, sensitive information should be higher on the list.
If you own a Synology NAS then backing up your data that lives on your computers, mobile devices are not something you are a stranger to right? What about all the sensitive data that is stored on your NAS or computers?
Well, in that case, you can have (and should use) encrypted folders on your NAS that will need a key or a passphrase to decrypt and then mount as a readable source. If that sounds too complicated, then at least have your Hyper Backuptasks encrypted. This will create a backup task from your NAS to another compatible NAS or "cloud" services and in the process, it will encrypt the data. You will hold the decryption file on your end, and when you want to restore your data, simply apply the file and get to your content.
Conclusion
Do keep in mind that once your data is out there, it's out there. You will never get it back and you will be forced to change your logins and password to protect yourself. The best practice is to change your password regularly (let's say once or twice a year) just to keep things interested.
Be sure to check Synology's DIGITAL SECURITY ASSESSMENT CHECKLISTand see how well you are protected when it comes to your data.
If you are running a password manager that is only a click of a button, so be sure to do it, it's not like you have to remember it.
So do you have your data privacy in mind?