Privacy in 2014

For 2014 I’ve decided that I’m going to be much more security conscious.

E-mail

A couple years ago in search of better push support on iDevices (eg iPhone), I switched from my self-hosted exchange solution to iCloud for all my email. I now have all my email addresses forwarded to iCloud.

Problems: 

  • E-mail is all stored (forever?) on Apple’s servers.
  • The Spam filtering sucks.
  • ‘Private’ e-mails are coming over iCloud and being archived with all my other mail (I archive my general mail).

Solution:

  • Host e-mail on self-hosted (mac mini) Apple OSX Server. (All current e-mail will be forwarded).
  • PGP on all iDevices and laptops/computers.
  • S/MIME on all iDevices and laptops/computers.
  • (todo) Spam Filtering (potentially with DSPAM).
  • (todo) Setup a small encrypted mail server (Dovecot + postfix + DSPAM

Sync and Backup

Between photos, music, desktop backgrounds, application preferences, etc there is lots of stuff that needs to be sync’d these days. In the past I used a combination of many things including iCloud, DropBox, and bittorrentsync.

Problems:

  • DropBox has size limitations (with free version…).
  • DropBox and iCloud are centralized.
  • Important files need to be backed up with some sort of versioning incase something is accidentally deleted or corrupted.
  • Sensitive files need to be encrypted and backed up.

Solution:

  • iCloud sync for all non-sensitive application data (for any apps that support it).
  • BTSync for everything else.
    • Important and Sensitive documents will also be backed up to Synology NAS unit that does versioning incase of accidents. This also provides a fast mirror of all content.
    • Large aperture library will also be backed up to the NAS using BTSync.
    • Sensitive data encrypted with EncFS then Sync’d and backed up using BTSync.
    • Desktop backgrounds sync with BTSync.
  • Music and TV is stored on the Synology NAS and streamed via Subsonic (music), Plex (TV/Music), and Synology’s Audio/Video stations.
  • KyPass Companion (stored in iCloud) for syncing KeePass password database. (This also integrates with google chrome, I use it instead of google chrome’s password manager).

 

Best Practices:

  • Use a password manager, separate passwords for everything.
  • Use strong passwords (since you’re using a password manager, this shouldn’t make any difference when logging in since you’re not typing passwords anyways).
  • Downloads, Files in work, etc all go into sync’d directories now. Nothing should only be stored locally.
  • Media (Music/TV) should all be streamed, no more storing content locally.
  • Use PGP or SMIME as often as possible. Be careful with private keys (I store them in a TrueCrypt volume to make it easy to share between machines).
  • Do a clean install of OS X every now and again. Do it even more frequently if you’re downloading random stuff.

Finally discontinuing use of dropbox.

So after a few years of using DropBox to sync stuff between my computers I’ve finally fully replaced it with BitorrentSync. Over the past few months I’ve been slowly moving everything from cloud based services to self-hosted solutions for privacy reasons. BTSync works just as good as DropBox does (even better in some capacities), doesn’t have any size restrictions, and of course isn’t centralized.

One thing that should be noted is that TrueCrypt encrypted partitions don’t work as well on BTSync (though did they ever work that well on DropBox either?) so I suggest going with EncFS (or if you want an easier to setup solution, check out BoxCryptor).

I’ve also started more heavily relying upon iCloud Sync for anything that’s not important.

Drobo Drive Failure – Data Protection In Progress

So it finally happened, one of the drives in the drobo went bad.

Of course the drobo slowed to a halt. First I tried taking the drive out and putting it back in, after a few days of “Data Protection: In Progress” according to the drobo dashboard, it showed the drive as bad again.

So now I’ve replaced the drive with another identical drive (thank god I had an identical one sitting around as I’m not sure how the drobo would handle a minute capacity difference in drives).

At this point it says 62 hours remaining, so we’ll see how long it actually takes.

Screen Shot 2013-02-27 at 10.09.49 AM

Music Storage fileserver (Revsion 2)

A little over 3 months ago I had issues with my OpenSolaris RAID-Z array which resulted in he loss of most of my beloved music collection. Since then i decided to do things a bit differently.

Requirements for the new solution:

  1. Must be stored on hot-swap, single drive acceptable failure storage of some sort.
  2. Around 7TB of space iniially needed. Should be expandable if possible (even if it just means swapping out current drives for larger ones).
  3. As I no longer have a stable home, this should be able to be collocated and accessed remotely.

Storage Array

Having always had a small interest in the drobo project, and having the opportunity to pick up a Drobo-S 5-Bay array for less than half price on craigslist, I decided to give it a shot.

Setup was very easy, took only a matter of minutes to get the drives initializing in a redundant array (where one of the 5 can safely fail).

All 5 drives show up as one logical drive within windows (the appear as one hard disk), and i’ve things connected via FireWire 400 (I know 800 is available on the Drobo but its not on my machine at the moment, i don’t believe this to be te primary bottlekneck though. I have single disk USB enclosures that operate faster).

*note* The drobo software will autoload with whatever user first logs onto the computer, so if running in a shared environment (like when running in a terminal services session remotely), if you login and cannot launch drobo dashboard, its likely because its already running under anoter login.

UPDATE: After over 3 months of running, I’ve found this drobo to be extremely slow. Doing anything with my collection takes hours to days while the storage slowly reads and writes.

 

Software

For now i’m playing with Subsonic ( http://www.subsonic.org ). It’s a free, multi-user music server that is compatible with web browsers, and most cell phones. So now I can login from my living room, or a hotel room, or on my blackberry and listen to my whole collection (even in flac quality), from anywhere.

This also solves the cross platform player issues. Now everything is always the same, no matter what computer i’m on.