These posts form part of a series detailing how I intend to try and take back ownership of my digital life in 2017.
Also available in the series:
- Preamble and Problem Statement
- Define required outcomes and Guiding Principles
- Service reliance mapping, risk appetite and "make vs buy" decisions
Performing a stock take of my current core application and service usage was a very interesting week long exercise (for instance, I took the notes on OneNote) and highlighted up some of the further compromises I was probably still going to need to make over and above those highlighted in the Guiding Principles.
What I currently have and probably rely on:
- Virgin Media - Internet Services Provider
- iCloud - Backups of devices, password keyring
- Spotify - Media
- Netflix / Amazon - Media
- OneDrive - Document storage, synchronisation
- OneNote - Note taking
- Google groupware
- Identity - oauth signing on websites such as Stack Exchange
- WhatsApp - Instant messaging
- Banking ^
- GitHub - code repository
^ A difficult one to influence but, increasingly, reliance could be mitigated through cryptocurrency where necessary.
What I have already running self-hosted / de-centralised:
- Plex - self-hosted media server
- KeePassX - encrypted password management
Running through the above list of services I was struck by how much my online identity and communication stack was owned by 3rd party vendors. Whilst I couldn't care less about media (indeed I love Spotify and would never part from it) there were certain decisions that clearly needed to be made:
- I needed to understand more fully options for online identity management and the ability to self-host. The ability to implement my own Single Sign On system would really help in the long run with some of the SAAS applications I'd like to move back "on-prem" and towards OpenSource.
- I was uncomfortable with the level of casual trawling that my ISP / [insert three letter organisation] could do via my standard web traffic.
- Until a reliable self-hosted file synchronisation tool could be identified (I'd had some issues in the past with OwnCloud auto-upload of photos from iPhone) I needed a way to transparently encrypt documents at rest in whoever's cloud I ended up in.
- I could handle gmail for my old personal account (which is mostly spam...) but my private email address should be self-hosted. You pay Google with your data, there's nothing free in life.
- Until such time as they become intrusive I was quite happy continuing with Netflix / Amazon Prime / Spotify, coupled with self-hosted Plex.
The first thing I did was convert the Virgin Media router into a 'modem only' mode and built a pfsense box to act as my open source router + firewall.
I'll get round to documenting it at some stage but this allowed me to configure a transparent, permanent, VPN tunnel to another country.
Coupled with some rules around 'white listing' devices - such as my corporate laptop - to always use 'clearnet' all of my personal devices are now routed through an encrypted tunnel to another country before hitting the internet. As this is done at the router there's no configuration required on any devices - they just connect to the network and it happens automatically. My ISP now only sees what I want them to.
I actually did this before I'd even finished writing this post...