Bits of Simplicity

Taking back control

04/19/2018

Anyone paying attention to the news lately will know that privacy has become a mainstream issue. For years users have been trading their personal data for access to online services. The information economy dominates the modern internet. And with enforcement of GDPR coming into full effect and the Facebook Cambridge Analytica scandal; it is becoming hard to ignore. More and more users are deleting Facebook and Google accounts in search of more privacy-conscious services. Myself included. I have decided to take back control over my data and services, or at least as much as I can.

Reducing my second & third-party data footprint is no small task. To start with I want to replace as many services I use with FOSS self-hosted ones as I can. For the services that I can't or don't want to self-host, I will use privacy conscious services when I can. The first and most important change is email.

For years I used Gmail as my primary email provider. Ever since I was a teenager, and at the time it was by far the best email provider around. Very little to no spam, and a fantastic fast web client. The company motto of 'do no evil' also resonated with me. But I have since grown up and have realized that if you have to tell yourself to 'do no evil' there is a good chance that you might be doing evil. Not only does Google scan email contents and meta information to power their targeted advertising platform. Users are also completely at the behest of Google and their policies. If you don't play by their rules they can ban you and lose access to your account. To put it simply; you do not own your Gmail address, Google does.

This idea of ownership is actually pretty important. It's the difference between being a peer on the network and being another dumb terminal. An email address is the primary method of contact on the internet. Losing access to an email address can leave you cut off from online services. Having an address that you own on a domain you own; means that you can switch email providers anytime you wish. And not have to worry about updating your address on different online services.

Anyone that has self-hosted email will tell you that it can be a bit of a nightmare. I have done it in the past and don't want to go down that route. Enter ProtonMail. ProtonMail is a secure email provider based in Switzerland that is privacy-focused. All messages are end-to-end encryption with minimal access to user data. They have free accounts, or paid accounts that give you the ability to use your own domain. I have been using them for about three months now, and I can't recommend them enough. Over time I have been updating different services to the new address. It is unlikely that I will completely migrate away from Gmail (at least for now), but it is now my seconded provider.

With email out of the way; the next big second & third-party data footprint is social media. I don't have a Facebook (and never have), and I am not active on Twitter or Google+. I do have Reddit & Hacker News accounts that I use on a regular basis, but I am trying to using those less and less for different reasons. And as odd as it might sound; I do want to be more social on the Internet. But I want control over what I choose to share and who has access to that information. That is where GNU Social and the fediverse come in to play.

GNU Social is a free and open source microblogging platform that you can host yourself. Built on top of OStatus protocol it federates with other platforms such as Mastodon. GNU Social is still a little rough around the edges, but it gets the job done. If you are looking for a more traditional experience then I would suggest giving Mastodon a try.

Taking back control of my media consumption has been a bit of a challenge. One major change is using an RSS reader. Managing my feeds means I am no longer blasted with click-bait useless information, or tracked by every ad network under the sun. If I find a website or blog interesting I add it to my RSS reader. I have been self-hosting an instance of Tiny Tiny RSS reader and is excellent for my needs.

I have moved away from Chrome and back to Firefox. It's fast and lightweight and not maintained by an ad company. Although I have a few issues with Pocket included with Firefox out of the box; it is a good compromise. I have been using Firefox developer edition for a few months at work and have had no major issues.

De-Googling even further I have been using Duck Duck Go as my primary search engine. It has been fantastic. At first, I found myself using bangs to fall back to Google on an almost daily basis, but now I actually find DDG to have better search results. Google's mission has changed from being the best at search to be the best at stealing your attention. When searching for a topic on Google the first page is almost always filled with "news articles" from different "news" sites. They are trying to push larger publishing platforms instead of quality information.

These changes are a small step in the right direction. I can't get back the data that has already been collected, but I can limit my future exposure. Personal privacy isn't dead yet, but if large companies like Amazon, Facebook and Google have their way; it will be. The larger battle over privacy is about to happen, and I for one don't want to give them any more ammo than they already have.

Setting up Deplicity & BackBlaze for automated backups

01/13/2018

I got a new Dell XPS recently for development, so naturally I installed Linux, and like any good technophile I wanted an easy way to do backups just in case anything happens. There are a few ways to approach backups. Backing up to a local hard drive, or a remote hard drive, or even the cloud. The criteria I was looking for was automated encrypted cloud backups. I decided on using Duplicity for doing the backups and BackBlaze to be the storage backend.

Duplicity is a software suite that provides encrypted, digitally signed, versioned, remote backup of files. It's GPL, free, and pretty awesome. Duplicity backs directories by producing encrypted tar-format volumes. It uses plain old GnuGP for signing and encryption & rsync for uploads. There is a pretty sweet bash wrapper called duplicity-backup.sh. It allows you to create a configuration file to make working with Duplicity even easier.

BackBlaze is a pretty well known industry leader in cloud storage. They do have backup software and plans if you are windows, but since I am not and want to ensure my backups are secure I went with their B2 Cloud Storage offering. At the time of writing this the first 10 GB of storage is free and the first gig downloaded perday is also free.

Setup

Create a new bucket on BackBlaze. Installing Duplicity on Ubuntu is a peace of cake. Just need to apt-get install

sudo apt-get install duplicity

Then install B2 using pip and python.

sudo pip install --upgrade b2

Next I cloned down duplicity-backup.sh into my home directory.

git clone https://github.com/zertrin/duplicity-backup.sh.git .duplicity-backup

Make a copy of the example config and edit it to suit your needs. At this point you can either use a password for encryption or use/create gpg keys.

cd .duplicity-backup
cp duplicity-backup.conf.example duplicity-backup.conf

After you are done with configuration it is a good idea to test your backup.

./duplicity-backup.sh -b
./duplicity-backup.sh -v

Automation

At this point you should be able to manually backup, but that isn't very much fun. I want it automated. Your first thought might be to setup cron to fire off your backups at set times, but the issue with cron is if you miss the time (laptop is off) then you have to wait for the next cron. Enter anacron. Anacron is a computer program that performs periodic command scheduling, which is traditionally done by cron, but without assuming that the system is running continuously. Thus, it can be used to control the execution of daily, weekly, and monthly jobs on systems that don't run 24 hours a day. Prefect for firing our backups. It is installed on most systems by default. I decided to create a user anacrontab.

mkdir -p ~/.anacron/{etc,spool}
vim ~/.anacron/etc/anacrontab


# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.

SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# period delay job-identifier command
1 1 duplicity.backup $HOME/.duplicity-backup/duplicity-backup.sh -c $HOME/.duplicity-backup/duplicity-backup.conf -b

Then add a crontab to ensure anacron fires.

crontab -e
@hourly /usr/sbin/anacron -s -t $HOME/.anacron/etc/anacrontab -S $HOME/.anacron/spool

And that is it! Anacron logs to syslog, so to check that it is running you can simply fire it off by hand and check the syslog.

/usr/sbin/anacron -s -f -t $HOME/.anacron/etc/anacrontab -S $HOME/.anacron/spool

 

sudo cat /var/log/syslog | grep duplicity.backup

 

Backups should be encrypted and automatic. If an issue ever comes up just restore using Duplicity.