Your security is only guaranteed by your obscurity. The moment this becomes standard practice and people start using popular software to handle personal services, this version of security will become laughable again.
I think even that is being too generous. If you’ve ever set up any kind of public-facing server, no matter how obscure, you know that scans for vulnerabilities are constant. Whoops, you didn’t install that urgent Apache update because you were on vacation with no SSL access? You’re pwned.
Centralization does have drawbacks, but it in terms of security it is a major step up from homerun servers in many ways.
I can understand this position, but I'd be curious what your thoughts are on how to best (I realize there is no perfect) keep your data private from snooping employees, hackers, or law enforcement.
I've thought about this over and over, and it's hard to come to a solid conclusion about keeping personal data safe (in this context I mean emails and files you may store in the cloud, not browsing history, social media posts, etc.). There are so many options with downfalls for each, and I'm not a security expert. So every time I get excited about trying a new service geared towards privacy, or setting up my own instances, inevitably somebody points out the terrible pitfall in it and I get discouraged.
1. Don't use the internet or internet services, period. <- Not tenable for most of us.
2. Use services who market themselves as geared towards privacy. <- Can't actually trust those services, even with E2E encryption because they could be running different code from what you think they're running.
3. Use regular cloud options, but stack stuff on top - VeraCrypt volumes or Cryptomator with Google drive, GPG for email, etc. <- Really difficult to setup and have a nice reliable way of accessing data on mobile/desktop/etc. No security audits on a lot of the open source software.
4. Host your own services - i.e. a Nextcloud 14 instance on EC2 with an S3 backend, then use client-side E2E <- Difficult to make sure you set the service up in a safe way, and not even a fraction of as much resources in auditing code as, say, a giant corporation.
5. Spread what you do out over multiple services - FastMail for email, DropBox for cloud storage, Standard Notes for notes, etc. <- A real pain.
I know there will never be a consensus on this, but I'd love to hear what your thoughts are on the best way to keep my personal files and notes personal to me. Let's assume I'm not a target of any spy agencies or whatnot, but I want to make it very, very difficult for anyone to read my person notes and files but me.
