I currently use Android (because, ATM, there are no Linux phones available to me that actually work), I have my contacts, calendar and some files stored using Google’s services. I can actually access all of that from Gnome (and Phosh) but I ultimately want to use a less evil cloud solution for these things. Any ideas that I could try out on the PinePhone while waiting for my L5?
Fastmail has most of what you are asking about. The notes functionality is ok but there are no folders. You can store files but, again, not at the level of google.
Nextcloud. You can self host it or use one of many hosters as a service.
It’s FLOSS, secure, maintained used by government agencies, has plugins and unifies a lot of things like file sharing, contacts, calendar, mail-client, chat even office and a lot more. There are clients for all platforms (web, pc, mobile, …) and it’s using open protocols.
For me it’s the best solution for years now.
Protonmail has a cloud storage service for paid users called Proton Drive.
i use Pcloud
I got myself a Raspberry Pi, connected it to my router and host Nexcloud on it. Now it serves as backup for my phone address book, calender and phone/laptop file storage & backup. It even allows for collaborative LibreOffice editing.
Downside is that you have to maintain Nextcloud yourself (updates/security).
I really think there is value in finding a hosted solution; whether NextCloud or something else. The issue, to me at least, is cognitive effort to stay abreast of changes and threats over the long term. I had installed NextCloud on a cloud machine but couldn’t convince myself that it was worth my time and effort (I like the software - it was really a question of where do I want to send cognitive energy).
Nextcloud looks really interesting. I might give that a try. Of course I can only access it while on my local network but I think that I might be able to make it work.
You could always install it in the cloud. For instance at digital ocean where the cheapest vm is $5.00 a month.
Maybe I am just paranoid. But it seems to me like any information storage outside of a hard drive that resides in my own home is not secure. Someone else will always have routine access if your information is on their servers and you’ll never know when it happens. Is it practical to keep a private server in your home and access it via VPN, anywhere from your phone?
Ideally, I would like to have a phone that could theoretically be tossed in to the lake and replaced in just a few minutes, with a new out-of-the-box phone, and loose no programs nor data in the process. I am hoping that the Librem 5 might get me there. Set the time and date on your new phone. Install VPN and connect to your home router. And you’re good to go.
It depends on whether you encrypt it or they encrypt it.
and what precisely is encrypted and whether the encryption is breakable; and they can withdraw service at any time, or change the Terms and Conditions at any time.
I run nextcloud locally on my NAS. Maintaining it requires a little effort, but it’s also not public facing, so I don’t worry as much about it as long as I keep everything up to date. Even with updates, I wouldn’t feel comfortable with my servers public facing.
The NAS I use (FreeNAS) can automatically upload selected files to a cloud solution as an offsite backup (it’s encrypted, de-duped, etc). The only downside is that it only syncs when I’m on my own network, but I honestly don’t really notice a difference. Plus, if that’s a deal breaker, you can always setup a VPN in your firewall to get remote access.
Even if you encrypt it, they control the host, they can read the memory, including the keys, [mounted] fs caches, etc.
I have a domain and use nextcloud, exposed on the internet, regularly for over 3 years with OTP and fail2ban and firewall. The attacks are ongoing but I have never had any problems. The important thing, in my opinion, is to have a secure base distribution. I have also set up my own mail server and it is a pleasure to have all your data and mails on your hard drive at home. For the backup I use a simple rsync string.
Regards
I think the meaning of @Gavaudan is that you take your data that you have on the client, you encrypt it using keys that exist only on the client, and then you send the encrypted data to the server, for storage.
That should be OK-ish providing that the key and the encryption are strong.
Doing it that way should even mean that another client that you control and which has possession of the same key can retrieve the information and decrypt it (and update it etc.)
Oh client-side end-to-end encryption yes, that makes hosting a secondary question as only metadata is available to the server, not actual data.
Well, that depends. I use a dyndns service to have a static address to my router. I only opened ports for http and https in the router to forward to the Raspberry Pi and installed Ubuntu on it. In Ubuntu all security updates get installed automatically via cron plus installing a firewall following basically this howto. So now I have a secure connection to my data wherever I am. I don’t think this is too much of a security risk and quite economical.
In my mind I was thinking of using something like veracrypt containers, so metadata wouldn’t be an issue. Not terribly convenient, but it is effective.
Ok, in this case my statement stands - host operator can perform memory dump of the running machine and retrieve key material and raw data from encrypted containers (as long as they are mounted).