Google and Apple by default don’t encrypt your backups with keys under your control (by default). I use NextCloud for cloud backups which are encrypted with my keys, not the cloud provider’s. Another good option I might try is Murena
One of the reasons that I keep my own copies of my data and avoid Big Tech is that I once got tangled up in a Kafka-as-a-service nightmare when I lost access to my DNS settings for nuvovis.com. I couldn’t login to my AWS account because I had changed one of my mobile phone numbers and forgot to tell AWS. After months of emails and calls, often with bots, I was eventually granted access to my account for no apparent reason other than that AWS had subjected me to several months of hell. Needless to say, as soon as I could login to AWS I moved my DNS service to a small company who employ humans that I can call for help. Losing control of DNS was scary enough but what if I had been locked out of an account where I had stored the only copy of some of my data?
It’s also for historical reasons that I live without paying for centralised remote services over which I have limited control. I managed my digital media myself because in the early days that was the only option. Later when online services became available I dabbled with relying on them but, after years of trickles of information about online tracking and surveillance, when in 2013 the Snowden revelations came to light I moved my data back offline and ramped up my IT security.
If, like me, you’re paranoid about malware infecting your devices, you should not only frequently re-install your O/S but also reflash your firmware to avoid nasties like MoonBounce or BlackLotus. I reflash all my devices every few months using a quick semi-automated install procedure; it’s good to confirm your backup & restore processes work.
Before I had heard of password managers I had a local encrypted spreadsheet for my passwords carefully stored and backed up offsite and offline. I now use KeePassXC and still keep my keys offline on two pen drives and two MicroSD cards, one of which is offsite. Alongside the keys are notes about rebuilding all my machines from backups.
My digital archives, mainly videos, photos and music, are kept on four large USB hard drives, one of which is offsite. Each year I checksum all the files to confirm the integrity of the disks.
Long before the existence of Netflix and Spotify I had already moved away from messing about with the expensive, delicate and unreliable analogue needles and tapes of vinyl, VHS and cassettes and moved over to the robust and cheap digital lasers of CDs & DVDs. Having made the switch to digital data on optical media copying my video and music collection to magnetic hard drives was easy.
I mostly play my digital media using GNOME Showtime and Amberol. I store my audio collection on 128GB MicroSD cards which I plug into my laptop.
My videos and photos don’t easily fit on a single MicroSD card so I serve those up on my LAN using minidlna.
I was an early adopter of digital photography and managed my own local photo albums long before Facebook and Flickr came along. In 2010 I was using Flickr & Facebook but after I read this The Register article about facial recognition on Facebook and Flickr changed its Terms & Conditions so that users no longer owned the copyright of their uploaded photos I stopped using them both. I store a copy of my audio files and my digital photos alongside my videos and the hard drives get mirrored across four copies, one of which I keep offsite.
At the end of each calendar year I download my email to a local folder using Thunderbird and add the mbox file to my backups to minimise cloud costs at my IMAP service provider and to minimise switching costs.
I have two phones and I use neither like a conventional mobile phone:
Pixel 6a: Regular smartphone hardware running GrapheneOS. I always have the pixel with me but I mainly use it disconnected as a PDA. Like my laptops and desktops I regularly reflash its firmware and O/S and sync data with my Linux machines. It’s usually disconnected but it does contain a SIM card and telephone number which I only use for authentication or in an emergency. Why only for emergencies? OTP by SMS message is still the only MFA option offered by some banks today and that’s laughably insecure – SS7 is broken and SIM swap attacks are easy if you know someone’s number. If you live in the USA and you can afford it Cape is a better solution than security by obscurity.
Apple iPhone SE - 2nd Gen: Regular smartphone hardware and software (so pwned by Apple). Every man and his dog’s website asks for my phone number and this is the number I give out to everyone who wants to sell my number to data brokers. I leave it switched off and in a drawer in my desk. I use it occasionally to authenticate by OTP text message with my lower security-level accounts when logging in using my Linux machines. This phone is also my backup internet if my fibre broadband goes down.
My current TV was consciously bought just before “smart” TVs became the only option and I mainly use is as a monitor for a small Chrultrabox. I also avoid “smart” devices like “smart” watches, “smart speakers” (internet connected microphones) or washing machines. Like any computer running closed source software these devices can be used by the manufacturer to spy on you, extract rent or be hacked and used in botnets.
See also Mr. Robot S02E01
Although I try to avoid closed-source smart devices I have had to compromise on green tech.
Octopus Smart Electric Meter (electricity only)
Website generated using pandoc from this source