174 lines
38 KiB
XML
174 lines
38 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
||
<feed xmlns="http://www.w3.org/2005/Atom"><title>Ali Murteza Yesil - tech</title><link href="https://murtezayesil.me/" rel="alternate"></link><link href="https://murtezayesil.me/feeds/tech.atom.xml" rel="self"></link><id>https://murtezayesil.me/</id><updated>2020-07-18T00:00:00+06:00</updated><subtitle>Blog</subtitle><entry><title>Digital Cleansing - Jitsi</title><link href="https://murtezayesil.me/digital-cleansing-jitsi.html" rel="alternate"></link><published>2020-07-18T00:00:00+06:00</published><updated>2020-07-18T00:00:00+06:00</updated><author><name>Ali Murteza Yesil</name></author><id>tag:murtezayesil.me,2020-07-18:/digital-cleansing-jitsi.html</id><summary type="html"><p>My family and relatives live different countries and make good use of video calling services regardless of who is offering the service</p></summary><content type="html"><p>My family is spread into 3 countries in 3 different continents. If we include my close relatives too, these numbers go even higher. It is important to stay in contact with your family and relatives in Turkish culture and we try to do that. Let it be weekend Zoom meetings (in 40 minute chunks :) or phone calls on WhatsApp (owned by Facebook), we heavily rely on third party services for communication. After launching NextCloud for my family to use, I what I wanted to tackle the <strong>Communication</strong> problem.</p>
|
||
<p>We have 3 kinds of communication needs in the family:<br>
|
||
1. Text messages<br>
|
||
2. Voice Calls<br>
|
||
3. (Mostly group) Video Calls</p>
|
||
<hr>
|
||
<h3>Text Messaging &amp; Voice Calls</h3>
|
||
<p>I have been usign Telegram wherever I can for few years. Its UI is very similar to that of WhatsApp which I hope will ease the transition for my relatives. Since it also has voice calling, I don't need to look for another service for that. I love hitting two birds with one stone (only in metaphor) 😄️ <br>
|
||
That being said, I won't actually talk much about WhatsApp. Facebook bought WhatsApp back in February 2014. I believe that was a great deal for Facebook and a terrible deal for users.<br>
|
||
I know I mentioned Telegram but there is one more great alternative to WhatsApp (or even Telegram). It is called <a href="https://signal.org/" title="Official page">Signal</a> and it is developed by a non-profit founded by Co-founder of WhatsApp, Brian Acton. It is one freaking secure messaging app 😎️</p>
|
||
<hr>
|
||
<h3>Group Video Calls</h3>
|
||
<p>My families' and relatives' current choice of Group Video Calling service is Zoom, just like millions of other people who needed a video calling service for remote work, distance education and calling their loved ones. But Zoom seemingly popped out of nowhere for many people. I wanted to learn more about who Zoom is and how trustable it is. I hope my findings will help you to make educated decisions.</p>
|
||
<p>Zoom was <a href="https://en.wikipedia.org/wiki/Zoom_(software)#History" title="History of Zoom on Wikipedia">launched in September 2012</a>, reached <a href="https://www.tmcnet.com/topics/articles/2013/05/23/339279-zoom-video-communications-reaches-1-million-participants.htm" title="Zoom Video Communications Reaches 1 Million Participants - TMCnet">1 Million user base in January 2013</a> and rapidly grow during global quarantine to a point that Zoom got <a href="https://web.archive.org/web/20200422125131/https://www.theguardian.com/technology/2020/mar/31/zoom-booms-as-demand-for-video-conferencing-tech-grows-in-coronavirus-outbreak" title="Zoom booms as demand for video-conferencing tech grows - The Guardian [archive]">2.13 Million downloads on March 23rd 2020</a>.</p>
|
||
<p>After some research (reading Wikipedia) I found that Zoom had many wounds that hurt many of its users. Given that Zoom reached 1 Million userbase 5 months after launching (from September 2012 to January 2013) and they were charging 9.99$/month, I expect Zoom to invest into infrastructure and app security. I am saying this because they clearly had time to fix issues in their apps before the pandemic arrived. Here are few examples to show how Zoom messed up:<br>
|
||
<strong>Windows</strong> : <a href="https://arstechnica.com/information-technology/2020/04/unpatched-zoom-bug-lets-attackers-steal-windows-credentials-with-no-warning/">Attackers can use Zoom to steal users’ Windows credentials with no warning - ars technica</a><br>
|
||
<strong>MacOS</strong> : <a href="https://threatpost.com/zoom-zero-day-mac-webcam-hijacking/146317/">Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking - threat post</a>. This prompted Apple to use its MRT (Malware Removal Tool) to remotely delete Zoom from Mac computers.<br>
|
||
<strong>MacOS</strong> : <a href="https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5">Zoom Zero Day: 4+ Million Webcams &amp; maybe an RCE? Just get them to visit your website! - InfoSec Write-ups</a> allowing Zoom to reinstall itself after being uninstalled and join a video call with camera activated without user's permission.<br>
|
||
<strong>MacOS</strong> : <a href="https://nitter.net/c1truz_/status/1244737672930824193">Zoom App installation uses the same method used by malwares to gain root priviledges - Twitter thread on Nitter</a><br>
|
||
<strong>iOS</strong> : <a href="https://www.vice.com/en_ca/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account - Vice</a><br>
|
||
<strong>Android</strong> : I didn't find any news about Zoom Android App vulnerabilities. But if they used Facebook tracker in iOS app, I don't see any reason why zoom wouldn't use the same on Android
|
||
<strong>Linux</strong> : No vulnerability was found YET. Remember that <a href="https://netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222019-08%22%2C%22dateEnd%22%3A%222020-06%22%2C%22plotKeys%22%3A%5B%7B%22platform%22%3A%22Linux%22%7D%2C%7B%22platform%22%3A%22Mac%20OS%22%7D%2C%7B%22platform%22%3A%22Chrome%20OS%22%7D%5D%2C%22segments%22%3A%22-1000%22%7D" title="Less than 4%">Linux desktop has a small marketshare</a> and apps for it are less likely to be targeted by hackers.</p>
|
||
<blockquote>
|
||
<p>"Zoom has just had so many missteps."
|
||
- Patrick Wardle, Jamf</p>
|
||
</blockquote>
|
||
<p>You can read about Zoom's vulnerabilities on MacOS and iOS in detail in <a href="https://objective-see.com/blog/blog_0x56.html" title="The 'S' in Zoom, Stands for Security - Objective-See">this blog post of Objective-See</a>. </p>
|
||
<p>These issues were <strong>FIXED</strong> by Zoom. But Zoom took long time to responde some of the cyber security personel as if it didn't care about the user privacy and security. I only mentioned the vulnerabilities in Zoom's apps. Zoom also <a href="https://www.axios.com/zoom-closes-chinese-user-account-tiananmen-square-f218fed1-69af-4bdd-aac4-7eaf67f34084.html" title="Zoom closed account of U.S.-based Chinese activist “to comply with local law” - Axios">contributed to censorship</a> by closing human rights activist Zhou Fengsuo's paid account and closing Social activist Lee Cheuk Yan's account upon China's request.</p>
|
||
<p>👉️ Since those vulnerabilities are fixed it should be safe to use Zoom, right?<br>
|
||
Unfortunately, NO. Even if apps became less vulnerable, users still are through weak privacy practices and use of third party trackers. Zoom's Privacy Policy is <a href="https://zoom.us/privacy#_Toc44414842">not assuring enough</a>.</p>
|
||
<p>👉️ They introduced end-to-end encryption, E2EE. Is it insecure encryption?<br>
|
||
AES-256 ECB algorithm used for E2EE is one of the greatest encryption algorithms out there. But it isn't enabled by default and enabling E2EE disables many features such as screensharing, which doesn't incentivise people to use E2EE. Both enterprise customers and teachers would want to use screensharing, thus not using E2EE.</p>
|
||
<p>👉️ They say Zoom encrypts every meeting by default. Are they lying?<br>
|
||
No, they are not. But they aren't telling the whole story either. When you start a Zoom meeting, your device establishes a connection to Zoom over <a href="https://en.wikipedia.org/wiki/Https#Security">HTTPS</a>. Meaning data is encrypted during transmission between you and Zoom. Data gets decrypted in Zoom and encrypted again before it goes to whoever you are meeting with. This is done because everybody in the meeting has different <a href="https://en.wikipedia.org/wiki/Session_key">session key</a> for encryption. Your meeting is apparent to Zoom, not hidden from it.</p>
|
||
<p>👉️ Zoom has faced <a href="https://en.wikipedia.org/wiki/Zero-day_(computing)" title="Learn about zero day attacks on Wikipedia">0-day attacks</a> which weren't fair.<br>
|
||
Not a question but I get your point. When a cyber security personal discovers a vulnerability, (s)he informs the vendor about the vulnerability in disguise and asks for bounty. Vendor checks if that is a legit vulnerability or a scam. Then they work together to fix the issue and vendor pays the bounty. Many companies have a <a href="https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html" title="Intel offers upto 100,000$">bug</a> <a href="https://hackerone.com/verizonmedia?type=team" title="Verizon offers upto 15,000$">bounty</a> <a href="https://www.microsoft.com/en-us/msrc/bounty" title="Microsoft offers upto 100,000$">program</a>.<br>
|
||
A cyber security personal may choose to release the vulnerability to public for it to be exploited by other people, which turns a vulnerability into zero day attack. This action incentivises vendor to fix that issue immediately since issue became well-known.<br>
|
||
Zoom had time since 2013 for testing its softwares properly. Proper testing would uncover those bugs before hackers did. Any company that is careless about security and privacy of its customers' deserves to be pinched to start acting.</p>
|
||
<p>What if I am forced to Zoom by my employer/school/family?<br>
|
||
Desktop/laptop users:<br>
|
||
1. Windows: Use virtual machine and apply one of the below Linux methods<br>
|
||
2. MacOS: Use virtual machine and apply one of the below Linux methods<br>
|
||
3. Linux: Install Linux Live image on a USB and boot into it everytime you need to Zoom. Install Zoom into that Live environment. Zoom will only be able to access what is in that Live environment. Shutting down a Live environment deletes everything that was installed in that session.<br>
|
||
4. Linux: <a href="https://ar.al/2020/06/25/how-to-use-the-zoom-malware-safely-on-linux-if-you-absolutely-have-to/" title="How to use the Zoom malware safely on Linux if you absolutely have to - Aral Balkan">Install Zoom into a firejail</a>, greatly limiting what it can reach.<br>
|
||
Mobile users:<br>
|
||
1. Android: <a href="https://www.howtogeek.com/333484/how-to-set-up-multiple-user-profiles-on-android/" title="This process maybe different for different brands">Create a restricted user</a> on your phone and install Zoom there. Not in your main user.
|
||
2. Android: If you can, use Zoom on Linux as described above.
|
||
3. iOS: Don't give it permissions if you don't need them. Don't let it run in background. Uninstall after using.
|
||
4. iOS: If you can, use Zoom on Linux as described above.</p>
|
||
<p>PS: I don't own a Mac, iPhone or Windows PC. But since Zoom on those platforms seem to be the affected most, I recommend everybody to use Zoom on Linux in a firejail if you absolutely have to.</p>
|
||
<p>I also wanted to read articles <a href="https://medium.com/@rowantrollope/beyond-the-noise-7-reasons-its-safe-to-run-zoom-9a2e639b13ec">that</a> <a href="https://blog.prialto.com/3-reasons-why-zoom-provides-the-best-video-conferencing-software">defend</a> <a href="https://www.forbes.com/sites/rebeccabellan/2020/03/24/what-you-need-to-know-about-using-zoom/#3cee9d0d3284">Zoom</a>. But they are mostly talking about Zoom's E2EE feature (that is not default), how people got creative with Virtual Background feature, Zoom's clean UI, ability to fake paying attention and its price. They either say nothing about Zooms privacy policy or even if they say something, it is not assuring in my opinion.</p>
|
||
<hr>
|
||
<h1>Jitsi</h1>
|
||
<p>Jitsi is an open source alternative to Video Calling (Conferencing) services. I will prove that Jitsi is much better than Zoom with only 1 sentence.</p>
|
||
<h1 style="text-align: center;">You can host Jitsi on your own server without relying on another entity</h1>
|
||
|
||
<p>You want more?</p>
|
||
<ol>
|
||
<li>Jitsi has Clean UI that is familiar to that of Zoom. </li>
|
||
<li>Jitsi <strong>doesn't</strong> have looping video feature which helps students or emplyees fake paying attention. </li>
|
||
<li>Jitsi is <strong title="Free Open Source Software">FOSS</strong> developed by <a href="https://8x8.com">8x8</a>. </li>
|
||
<li>
|
||
<p>Hosting Jitsi doesn't require a server with powerful CPU or GPU. Important resource is bandwidth. </p>
|
||
</li>
|
||
<li>
|
||
<p>Jitsi doesn't have virtual background but it instead has background blurring in development.</p>
|
||
</li>
|
||
</ol>
|
||
<p>👉️ Is it truely E2EE?<br>
|
||
<strong>This is what I understood from reading <a href="https://github.com/jitsi/jitsi-meet/issues/409#issuecomment-260652107">this threat</a>. Please correct me if I am wrong</strong><br>
|
||
Short answer is No.<br>
|
||
Long answer is: Just like in Zoom's case, connection between users and Jitsi VideoBridge (server) is encrypted. Server decrypts and encrypts everybody's stream for everybody else. But by having the control of Jitsi VideoBridge (server) by hosting it on your own server, you can assure that no other company/organization is holding your plain data except the recepient you are meeting with.<br>
|
||
That being said, Jitsi can establish P2P connection in rooms where there are only 2 people. This is a feature of WebRTC that Jitsi is built upon. It still <strong>isn't</strong> true E2EE.</p>
|
||
<p>👉️ Do anyone even use it?<br>
|
||
Glad you ask. Many companies banned use of Zoom and switched to alternatives such as Microsoft Teams, Skype, Hangout Meet and Jitsi. You probably won't see Jitsi's UI very often in the wild, but many companies use Jitsi VideoBridge as their backend for video conferences. Out of all the alternatives, only Jitsi allows self-hosting of server (Jitsi VideoBridge) AFAIK.</p>
|
||
<h2>How to install Jitsi server?</h2>
|
||
<p>I followed <strong>Nerd on the Street</strong>'s <a href="https://invidio.us/watch?v=IQRwtUamHQU">Host a Jitsi Meet Server</a> installation tutorial. It took about 30 minute of my time (I am a noob) to get the server running. It takes another 10 minutes to secure it.</p>
|
||
<hr>
|
||
<p>When I started this blog post, I expected to list 2 reasons not to use WhatsApp and Zoom then start talking about why Jitsi is the answer to my family's Group Video Calling needs. To fact check what I knew about about them (Zoom in particular) I searched them on <a href="https://en.wikipedia.org/wiki/Zoom_(software)" title="Read more about Zoom on WikiPedia">Wikipedia</a>. I learned much more than I expected. I am sorry for turning this post into "Rant of Zoom". I hope you learned a thing or two too.</p>
|
||
<hr>
|
||
<h3>Other side of the coin</h3>
|
||
<p>If you think I would be better of sticking to WhatsApp or Zoom, tell me more. Even though I read many negative things about Zoom, I will try my best to keep an open mind and hear people seeing other side of the coin. I am a human and can make mistakes. If there is something important I should know to better understand what is going on, please reply to comment toot linked below.</p></content><category term="tech"></category><category term="privacy"></category><category term="jitsi"></category><category term="100DaysToOffload"></category></entry><entry><title>Digital Cleansing - NextCloud</title><link href="https://murtezayesil.me/digital-cleansing-nextcloud.html" rel="alternate"></link><published>2020-07-16T10:00:00+06:00</published><updated>2020-07-16T10:00:00+06:00</updated><author><name>Ali Murteza Yesil</name></author><id>tag:murtezayesil.me,2020-07-16:/digital-cleansing-nextcloud.html</id><summary type="html"><p>NextCloud has 4 things going for me. It is FOSS, it gives me control, it is convenient and it works.</p></summary><content type="html"><p>This article reflects my opinions and experiences with few file server services.</p>
|
||
<p>TL;DR : I think NextCloud is a far superior product for the price.</p>
|
||
<p>Digital cleansing is about reowning personal data and regaining control over how it is processed. When I started digital cleansing, I wanted to start from where the most of my data is stored. There are 2 such services, Google Drive and Photos. I started by looking for <a href="https://alternativeto.net/software/google-drive/">alternatives</a>. OwnCloud and NextCloud seemed like <strong>affordable</strong> and <strong title="Free Open Source Software">FOSS</strong> alternatives that allow <strong title="Can be hosted on personal (or home) computer/server without relying on another service provider">self-hosting</strong>.</p>
|
||
<hr>
|
||
<h2>Owncloud</h2>
|
||
<p>I started my journey by renting a VM on Digital Ocean, droplet. I installed <a href="https://en.wikipedia.org/wiki/LAMP_(software_bundle)" title="Minimum set of softwares needed for a working web service">LAMP stack</a> and <a href="https://en.wikipedia.org/wiki/OwnCloud" title="File server service">OwnCloud</a>. As a new comer to OwnCloud, I started to click every button in every menu to discover and learn more about OwnCloud. <a href="https://marketplace.owncloud.com/">Marketplace</a>, a feature manager to add/remove more features, has many stuff that can appeal to enterprises and teams working from home. Next, I browsed the <a href="https://search.f-droid.org/?q=owncloud" title="Apps for OwnCloud on F-droid">available Android apps for OwnCloud</a>. To my surprise, there aren't many. I expected niche apps on Android for using niche features on marketplace. Instead, I would run into more <a href="https://search.f-droid.org/?q=nextcloud" title="Apps for NextCloud on F-droid">apps branded for NextCloud</a>. Meanwhile I updated the droplet, because updates are important, but ran into "kernel updates rendering server unbootable" kind of issues, I switched to Linode and NextCloud after strugling on Digital Ocean for a week.</p>
|
||
<p>Just like Owncloud's marketplace, NextCloud has its own "app store", I'd like to them "feature manager" instead because both marketplace and app store are used for en/disabling features on the platform. But NextCloud has niche apps for Android and I believe this provides more convenience to mobile users like myself.</p>
|
||
<hr>
|
||
<h2>NextCloud</h2>
|
||
<p>Since NextCloud is a file server in its core, it was the drop-in Google Drive &amp; Photos replacement I needed. It also has built-in <a href="https://en.wikipedia.org/wiki/WebDAV" title="Protocol for using remote file system over HTTP">WebDAV</a>, <a href="https://en.wikipedia.org/wiki/CardDAV" title="vCard (contact info) extension for WebDAV">CardDAV</a> and <a href="https://en.wikipedia.org/wiki/CalDAV" title="Calendar extension for WebDAV">CalDAV</a> support, which means I can use NextCloud as Google Contacts &amp; Calendar replacement as well and access files in native file manager as if it was a USB drive 🎉️</p>
|
||
<p>After enabling more services from feature manager (yes, I am sticking with this name) it also became my notes, tasks, bookmarks manager as well. All powered by a VM that costs 5$/month to run, +2$ for backup.</p>
|
||
<blockquote>
|
||
<p>One who loves roses should endure thorns - Turkish Proverb</p>
|
||
</blockquote>
|
||
<p>NextCloud is great. But just like every other artificial thing in this world, it isn't perfect. The biggest problem I face with it is the <strong>performance</strong> of web interface. It is written in PHP and being not compiled program is not doing any favors. Image preview loading can be called sluggish by many. Since I use mobile app most of the time which caches the previews, user experience isn't bad in my opinion.</p>
|
||
<hr>
|
||
<p><a href="https://kevq.uk" title="his blog">Kev Quirk</a> wrote a blog about his opinions and experiences with <strong title="My current choice of file server solution">NextCloud</strong> and <strong title="His choice of home server solution">Synology</strong>. This is my answer to <a href="https://kevq.uk/synology-vs-nextcloud-which-is-better-for-a-home-server/" title="Synology vs Nextcloud – Which Is Better For A Home Server?">his blog</a>.</p>
|
||
<p>Synology's home server sound like a great product. I am happy for you and your family that your data is safe and accesible without giving up your privacy. After reading your blog, I wanted to try Synology as well. Upon seeing the price for <a href="https://www.newegg.com/synology-ds420/p/N82E16822108744" title="4 HDD bay NAS for home/small business use (disks not included)">Synology 420+</a> is 500$ and another 400$ for 4x <a href="https://www.newegg.com/seagate-ironwolf-st4000vn008-4tb/p/N82E16822179005" title="SeaGate NAS HDD">4TB HDD</a> for RAID 6, I believe NextCloud is the best choice I have. I am 1 student who has no movies, musics, 4K family photos or video project for YouTube channel to utilize TBs of storage not do I have budget for it. Under these requirements and constraints, I want to offer an alternative to Google to my family. Since I can't just ask for ~900$ for Synology, NextCloud on a VM is the best option I have. I still have option of increasing VM disk size or mounting external block storage as our storage needs grow.</p>
|
||
<p>It is nice that we have different perspectives on same topic. I wrote this answer because I wanted you to see from the eyes of a student living on pocket money and still afford for privacy of his and his family. May your Synology system last long and serve your family well 🙂️</p>
|
||
<hr>
|
||
<p>If you think Google services aren't that bad and I would be better off keep using Google services, <a href="https://tosdr.org/#google">here is my reasoning #1</a> and <a href="https://www.reuters.com/article/us-alphabet-google-privacy-lawsuit/google-faces-lawsuit-over-tracking-in-apps-even-when-users-opted-out-idUSKCN24F2N4" title="Google faces lawsuit over tracking in apps even when users opted out - Reuters">#2</a>. But if you still think that I should use Google services, tell me your reasoning and help me see your side of the coin. I would like to stay open minded.</p></content><category term="Tech"></category><category term="privacy"></category><category term="nextcloud"></category><category term="100DaysToOffload"></category></entry><entry><title>Digital Cleansing - Identifying services we use</title><link href="https://murtezayesil.me/digital-cleansing-identifying-services-we-use.html" rel="alternate"></link><published>2020-07-14T03:40:00+06:00</published><updated>2020-07-14T03:40:00+06:00</updated><author><name>Ali Murteza Yesil</name></author><id>tag:murtezayesil.me,2020-07-14:/digital-cleansing-identifying-services-we-use.html</id><summary type="html"><p>Step 1 of digital cleansing is identifying services I want to drop</p></summary><content type="html"><h1>Digital Cleansing For Better Privacy</h1>
|
||
<ol>
|
||
<li><em>Identifying products and services we use</em></li>
|
||
<li>Finding/Offering alternatives</li>
|
||
<li>Moving to alternatives and helping my family to move as well</li>
|
||
</ol>
|
||
<p>I will make a list of services I use or used in the past but didn't delete my account. For each service, I will look for alternatives, move my data to alternatives or deploy an instance of alternative on my server. I will use the alternatives for a while and learn more about how to use them properly. This way I will be able to help my family have a smooth transition. </p>
|
||
<hr>
|
||
<p>Here is my list. This list may be different for you, therefore you should make your own list.<br>
|
||
This list may get longer as I remember services I subscribed to but didn't use in a while.</p>
|
||
<ol>
|
||
<li>Gmail</li>
|
||
<li>Google Drive</li>
|
||
<li>Google Photos</li>
|
||
<li>Google Contacts</li>
|
||
<li>Google Search</li>
|
||
<li>Facebook</li>
|
||
<li>Instagram</li>
|
||
<li>WhatsApp</li>
|
||
<li>WhatsApp (Voice/Video Call)</li>
|
||
<li>Zoom</li>
|
||
<li>Windows OS</li>
|
||
<li>Stock Android ROM (due to embedded Google services)</li>
|
||
<li>Mi account (because I used MIUI Android ROM)</li>
|
||
<li>...</li>
|
||
<li>Note to self: Check archieved emails to find services you stopped using and request account deletion</li>
|
||
</ol>
|
||
<hr>
|
||
<p>Now I have a "list of service to opt-out from" to help me focus better. That being said, I started to de-google a while ago and replaced Gmail with Protonmail already. If you think Google is privacy friendly and no need to avoid Google services, <a href="https://tosdr.org/#google">here is why I decided to de-google</a>.
|
||
I will start with looking for alternatives to Google Drive.</p>
|
||
<p>If there is any other service you think I should stay away from, you can write to comment toot.<br>
|
||
If you have written a blog post as an answer, mention that too.<br>
|
||
If you think some of the services or softwares I mentioned here aren't that bad and I would be better of keep using them, please share why you think so. I want to keep an open mind and look at those services from your perspective too.</p></content><category term="Tech"></category><category term="privacy"></category><category term="100DaysToOffload"></category></entry><entry><title>Digital Cleansing For Better Privacy</title><link href="https://murtezayesil.me/digital-cleansing-for-better-privacy.html" rel="alternate"></link><published>2020-07-12T00:07:00+06:00</published><updated>2020-07-12T00:07:00+06:00</updated><author><name>Ali Murteza Yesil</name></author><id>tag:murtezayesil.me,2020-07-12:/digital-cleansing-for-better-privacy.html</id><summary type="html"><p>I am documenting my journey to claiming my digital freedom. Previously called "My Master Plan For Privacy (of my family)".</p></summary><content type="html"><p>I previously wrote about <a href="privacy_for_the_whole_family.md" title="Privacy For The Whole Family">how I got became more privacy caring individual</a> and I tooted about <a href="https://fosstodon.org/@murtezayesil/104480280886518081">My Master Plan for Privacy of My Family</a>. As I grew up, I came to realize how much we gave up on privacy for the convinience and "free" services. We are social creatures. I was using Google Photos, WhatsApp, Youtube and Instagram as much as I could and my family is doing the same. We are putting each other's privacy at stake by uploading data about each other without knowing. I decided to change that either by finding privacy focused alternatives to digital services I was using or by build server system to offer alternatives myself.</p>
|
||
<p>I am not the first to do this. There are many privacy friendly alternatives developed by people who care about privacy. It isn't hard to find those <a href="https://alternativeto.net/" title="Crowdsourced Software Recomendations">alternatives</a>. Many people went through this journey, which I call "Digital Cleansing For Better Privacy". During my journey, I will document the steps I have taken and write my thoughts about the alternatives I tried.</p>
|
||
<hr>
|
||
<h1>Digital Cleansing For Better Privacy</h1>
|
||
<ol>
|
||
<li>Identifying products and services we use</li>
|
||
<li>Finding/Offering alternatives</li>
|
||
<li>Moving to alternatives and helping my family to move as well</li>
|
||
</ol>
|
||
<hr>
|
||
<p>After identifying the products and services that needs replacing, I will loop step 2 and 3 for each product and service. This way I will be introducing only 1 service to my family at a time. I am planning to give them enough time for learning each alternative and understand why they should use it instead. Else, this would get overwhelming very quick.</p></content><category term="Tech"></category><category term="privacy"></category><category term="100DaysToOffload"></category></entry><entry><title>Privacy For The Whole Family</title><link href="https://murtezayesil.me/privacy-for-the-whole-family.html" rel="alternate"></link><published>2020-07-10T11:18:00+06:00</published><updated>2020-07-10T11:18:00+06:00</updated><author><name>Ali Murteza Yesil</name></author><id>tag:murtezayesil.me,2020-07-10:/privacy-for-the-whole-family.html</id><summary type="html"><p>My story of learning about wounds in my privacy and my first steps to cure it, helping my family for the same too.</p></summary><content type="html"><p>According to my mother, we had internet in our house while I was a baby. Internet back in the day used to make iconic dial sound, was slow and would lose connection whenever someone called the landline. I grew up seeing webpages full of GIFs (I won't argue about its pronounciation, it was decided long ago) and banner ads injected by adwares. Flash and Shockwave were the fundamental building blocks of interactive webpages with animations.</p>
|
||
<p>All those colorful flash games sites were offering tones of free games in exchange of distributing adverts and malware in their websites. As a child attracted by colors, I believed that those games were actually free. Some of those "free" game sites are still around and powered by Google AdSense. Others moved to Facebook and started earning from Facebook Ads and in-game currencies often called "gems". Around that time my classmates started to talk about Facebook and I had to go there too.</p>
|
||
<p>I grew up since then. I came abroad to study computer science. I have my own laptop and smartphone. I was using my devices and all those free services to talk to my family from thousands of kilometres away. I was using those sweet and free services for backing up my data, photos, documents, contacts and more. These services are free for us because all those wonderful advertisers are paying them off their goodwill ...</p>
|
||
<h4><em><strong>So I thought</strong></em></h4>
|
||
<p>I was naive to upload my and my family's photos to Google Photos. I was naive to tag my friends in photos on Facebook. I was naive to use Amazon instead of taking a walk in tech market and support the independent sellers. I was feeding tech giants for convenience and damaging local economy without knowing. I didn't know any better and I confussed giving up my privacy with convenience. I am not that naive kid anymore. I learned English Language in Kenya and I learned to harness the knowledge in the internet. I learned that there are alternatives that I can use.</p>
|
||
<h4><em><strong>I learned that there is a way to gain my digital freedom</strong></em></h4>
|
||
<p>My first action was to switch to <a href="https://duckduckgo.com"><img alt="DuckDuckGo logo" src="https://fosstodon.b-cdn.net/custom_emojis/images/000/010/368/static/duckduckgo.png"> DuckDuckGo</a> from Google Search. I found that the most widely adopted service of Google is a text box for us to write our most intimate secrets in plain text.</p>
|
||
<p><img alt="Google wants user data. Users use Google Search for sensitive personal issues. Google says &quot;It's Free Real Estate&quot;" src="https://murtezayesil.me/images/it_is_free_real_estate_1.jpg"></p>
|
||
<p>Dropping Google Search wasn't gonna cut it though. I still was relying on Google Contacts, Photos and Drive to backup my data. I needed something that could backup my phone properly while not giving up my data to data hungry companies.</p>
|
||
<h1>NextCloud to the rescue</h1>
|
||
<p>NextCloud is a file hosting service with built-in CardDAV (contact sync), CalDAV (calendar sync) and WebDAV (file sync) servers. Not to mention, it supports adding more features by installing modules from its <a href="https://apps.nextcloud.com/">apps library</a>. It is <a href="https://en.wikipedia.org/wiki/Free_and_open-source_software" title="Free and Open Source Software">FOSS</a> free as in freedom for everyone and int this case free as in price for non-enterprise users. Nice thing about NextCloud is that it offers <em>all of its features</em> to both its enterprise and home/personal users. Enterprise users also benefit from technical maintenance support direct from the NextCloud.</p>
|
||
<p>The way I deployed my NextCloud instance was to rent a remote VM. I am a student who can't afford to buy a machine and run it 24/7. Renting a server seemed like the most affordable and logical idea to me. Rent costs $5/month for the cheapest tier. I am careful with my pocket money and after cancelling my Netflix subscription, I had more than enough to pay $5/month.</p>
|
||
<p>After renting a server, I started experimenting with different OSes. I tried Debian but its php packages were old. I tried CentOS based NethServer but default user credentials for NextCloud were wrong and I couldn't use it either. I finally settled at Ubuntu 20.04 LTS. I followed few tutorials before I found Kev's tutorial. I deviated from those tutorials because I am young and ... nevermind. I finally found Kev's tutorial and </p>
|
||
<p>There still was a problem though. I am not he only one sharing data about me. My family can do that too. And I felt responsible for helping my family with claiming their digital freedom too. I decided to create accounts for them and help them migrate to my NextCloud instance. It turns out my family acknowledged the privacy they were giving up for the convenience. But they didn't know any alternatives. When I invited them to use my NextCloud instance they were excited. But moving from Google Suite to NextCloud isn't done yet. It takes time to learn new systems and their quirks.</p>
|
||
<h2>Conclusion</h2>
|
||
<p>I think this was a successful attempt. Of course I am not done here. I may need to introduce my family to Fediverse, free social media powered by voluntaries, or Jitsi, Open Source alternative to Zoom and WhatsApp video calls services. But for now we all made good progress I would say. I will let some time pass until they get more comfortable at using NextCloud. I don't want to overwhelm them and make them regret switching. I don't want to be another reason they stay on Google. </p>
|
||
<p>Meanwhile, why won't you make an attempt to gain your own digital freedom ?<br>
|
||
I see many ways this can be achieved (numbers in front suggest how difficult I think they are, rated out of 5):<br>
|
||
3 - Manually install NextCloud on a remote VM<br>
|
||
2 - Install NextCloud via Snap Package on a remote VM<br>
|
||
4 - Manually install NextCloud on an old computer<br>
|
||
3 - Install NextCloud via Snap on an old computer<br>
|
||
1 - Purchase a <a href="https://www.synology.com">Synology</a> NAS to easily self-host data backup, sync and similar services<br>
|
||
2 - Purchase a shared hosting on one of many service providers tested by NextCloud company</p>
|
||
<h2>Tutorials</h2>
|
||
<p><strong>Installing on own server</strong>: Kev beautifully explains both Snap Package way and manual way of installing in his <a href="https://kevq.uk/how-to-setup-a-nextcloud-server-in-ubuntu/">tutorial</a>.<br>
|
||
<strong>Installing on shared hosting</strong>: But if you are intimidated with the idea of setting up your own server and managing it, you can use a shared hosting instead. Kev has a <a href="https://kevq.uk/how-to-install-nextcloud-on-shared-hosting/">tutorial</a> for that too, albeit it aged a bit old. <br>
|
||
<strong>Repurposing old hardware</strong>: If you have an old computer gathering dust in a closet, why not use it as a home server! You will find many tutorials on the internet on <a href="https://lbry.tv/@TheLinuxGuy:d/How-to-Install-Ubuntu-Server-20.04-LTS:5">how to install Ubuntu server</a>. </p>
|
||
<hr>
|
||
<p>The only reason I followed manual method was some rookie mistake I made that caused Let's Encrypt HTTPS script to not work properly 😬️ I highly doubt you will face the same issue if you follow the tutorials carefully. Even if you do face some problems with <a href="https://certbot.eff.org/">getting HTTPS certificate using <code>certbot</code></a> command isn't difficult at all.</p></content><category term="Tech"></category><category term="privacy"></category><category term="nextcloud"></category><category term="self-hosting"></category><category term="100DaysToOffload"></category></entry></feed> |