Owning My Technology. How Am I Doing?
This week I came across an article about Kohler being able to access supposedly E2E encrypted user data.
Yes, the bathroom appliances Kohler. And yes, I would guess that the user data includes pictures of people’s poop.
When I first went “online” over 30 years ago (by dialing up a local BBS from my PC) that is not a series of sentences that I could have imagined writing in my wildest imagination. It made me spend some time thinking about how my relationship to technology has changed over that time.
I wasn’t very concerned about privacy back then. I openly gave all kinds of personal information to a random stranger when signing up for these BBSs. To be fair, I was 13 years old and didn’t put much thought anything I did.
I also wasn’t too concerned when these BBSs inevitably shut down. The sysop went to college, or their parents got tired of paying for extra phone lines. I wasn’t concerned because nothing in my real life depended on my BBS hobby. I didn’t store important data there, and since I lived in a small town anyone I chatted with on one BBS was likely to be present on all the others.
When I first got access to the internet a couple of years later (a unix shell on a local BBS that had a T1 connection), things were a bit different but not much. My unix shell provided tools like ychat (instant messaging), nn (access to NNTP, the Reddit of that era), lynx (a browser for the nascent web), and elm (my email client of choice). These gave me access to a world of people and ideas that I would never have come across in Williamsburg, Virginia - 1994.
Losing access to the internet would have been painful, but the only thing I was dependent on my provider for was that access. They were mostly an agnostic gateway for me to connect to people and information.
There are much better storytellers than me who have documented the path from those days to today, so I’m going to skip ahead to the present moment.
- I depend on Apple and Google to keep track of the software “purchases” I’ve made on their respective platforms. If they take away my accounts, I lose thousands of dollars of software.
- Until fairly recently I depended on Amazon to store and control my access to my digital library. They could remove books from my library or even change their content on a whim. I now use Calibre with a Boox e-paper tablet.
- I’ve been paying various services (currently Tidal) ~$15/mo for many years to get temporary access to music. If I stop paying them, I have nothing to show for it but memories.
- Until several months ago, I had Ring cameras that were feeding images of me and my neighbors into a company with a fetish for creating a dystopian panopticon.
There are plenty more examples I could cite of how I have considerably less ownership of my technology and privacy, and I’m someone who has a sophisticated understanding of these systems and their impact.
This is something I’m trying to take more ownership of, and I wanted to take this opportunity to do a little inventory of my digital life and grade myself in various areas. I’ll update this post as these things change. I hope that if anyone comes across this post, it inspires them to think about this themselves and maybe explore some of these solutions for themselves.
Computing
I have a few computers at home.
I use a MacBook for most of my work, and I’ve invested a lot of time customizing it for my professional and personal workflows. I still mostly feel like I own it, but there are definitely some things in MacOS that are just off-limits to the user and when I run into them it’s incredibly frustrating. Apple, so far, seems to have the best privacy practices of the big tech companies. Any data I store with them is theoretically E2E encrypted with Advanced Data Protection and HomeKit Secure Video but I have no way to verify that is true or that it will always be true.
I bought an old Thinkpad for a few hundred dollars a couple of years ago to check in on desktop Linux. I had a few aborted attempts to set it up with VoidLinux, but recently installed CachyOS and it works pretty well out of the box. I don’t have a whole lot of time for this right now, but my hope is that I can invest some time in getting a Linux desktop that is as productive for me as MacOS. I want an eventual escape hatch for when inevitably the walls close in on actually owning my MacBook.
I also have a Dell Micro PC running Debian that I use for hosting a few services locally (see below).
My phone is an iPhone 13.
Overall, I’d give myself a C here. I’m highly dependent on the continued benevolence of Apple to allow me to store my data with E2E encryption and enable things like Little Snitch to keep apps from sending off my data to who knows where.
I know I will eventually move to Linux, but it probably won’t happen until Apple forces my hand.
Opportunities to improve:
- Get a more powerful laptop and move to desktop Linux full time.
- Look into alternative operating systems for Android phones like PostmarketOS.
Networking
I used to use whatever TP-Link Router happened to be on sale when I needed a router last. It had a cloud login component, a proprietary interface, and honestly I never really trusted it. I’m surprised it took me so long to go another route.
This year I decided to take this seriously and bought an OpenWRT One WiFi router (two of them actually - one for spare parts). Not only is this running OpenWRT’s open source router firmware, the schematic and datasheets are available online. All of the components are easy to access and I feel pretty confident that I could replace anything that failed if I had to.
It has been rock solid and has great performance.
I’ll give myself an A here just because I don’t know how I could improve on this from a privacy or ownership standpoint, but I am open to ideas.
Home Security and Automation
We had a scary evening several years ago when someone kicked the front door in the middle of the night while I was out of town and my wife was home asleep. She chased the person away, as she is much braver than me.
When I got home we decided to install an alarm system and security camera. I ended up with a Ring because it’s what they sold at the big box store where I bought the replacement door.
I never felt great about it. Over time, increasingly concerning news articles eventually pushed me enough to swap out the cameras.
Now I’m using Aqara cameras. These record to an SD card as well as send videos to Apple Home when they detect motion. In theory these are E2E encrypted and nobody can access them including Apple. I could have done better here by running dumb camera’s with something like Frigate, but I don’t currently have the time or energy to administer that software and storage.
We still have a Ring alarm system. I haven’t found a good option that will let me control it and get notifications remotely without installing terrible software (I use it with Apple Home via Homebridge).
I have some leads on a system that would integrate directly with Apple Home and be controlled locally, but it would be an expensive and involved undertaking to switch.
For home automation I use Apple Home along with HomeBridge and a Hubitat bridge. The latter is because I never managed to get Z-Wave working with HomeBridge.
Perhaps my greatest accomplishment in this area is that I have a robot vacuum running Valetudo. This is not for the faint of heart, as it involves ordering and soldering a custom PCB in order to obtain root on your brand new expensive robovac, very likely voiding its warranty right out of the box. Fortunately my soldering and linux skills were up to snuff, and it’s been chugging along brilliantly since the beginning. It has no cloud dependency and is fully self-contained.
I give myself a B- here. In theory this is a mostly privacy protecting setup, but I’m still dependent on a couple of cloud providers (Apple and Amazon/Ring) for this to work.
Opportunities to improve:
- Get rid of the Ring Alarm and replace it with something that is local only.
- Switch from Apple Home to Home Assistant.
- Local only cameras (or do I really need cameras at all?).
Email is a tough one.
I have an ancient Gmail account from a few days after the product was launched.
I also have email at my own domain that I host at Fastmail.
In terms of privacy and security, either of those companies can see all of my email, and I’m wholly dependent on them to deliver and store it. I’m less concerned about Fastmail, since I pay them directly and they’re likely not incentivized to train an LLM on my messages.
I don’t think self-hosting email is going to be plausible for me in the near term.
I’ve also been hesitant to fully migrate over to my own domain email since I’m waiting to hear what will happen to the .io TLD.
I give myself a C-.
Opportunities to improve:
- Migrate most/all of my email to my own domain.
- Unlikely, but host my own email server.
Cloud Software
I’m doing a lot better here than I was a year ago. I’ve been migrating more and more of the services I depend on to self-hosted versions that live either on my home server or a mid-tier VPS at Hetzner.
My self hosted tools include:
- Karakeep - A bookmarking and archival tool that replaced pinboard.in.
- Matrix - An open source chat server that allows me to bridge several third-party services to it. This has allowed me to uninstall Google Chat (or whatever it’s called these days) and Telegram from my phone.
- HomeBridge - Which I mentioned earlier allows me to write plugins to control things with Apple Home that otherwise would not integrate with it.
- Forgejo - A git forge that I’m testing out. GitHub has become really buggy and slow and my plan is to do most of my work on this and sync to GitHub for things that need it for discoverability or collaboration.
- WG Easy - To easily set up a WireGuard connection to my home network. I never used Tailscale, but this is my solution for a similar problem.
Where I’m still stuck with big (or at least medium) tech:
- Google Docs/Sheets - I often have to collaborate with others in these tools and I haven’t found a good replacement. I don’t keep anything essential or extremely private there, but would love to find a good alternative.
- GitHub - As I mentioned, I still frequently use it for my work (at least some of which has surely been sucked up by LLMs).
- YNAB - I have years of financial data in here and I would be pretty lost without it. They have access to incredibly private things, like my finances and bank passwords. It’s an incredibly good product, and I’d have a hard time letting it go.
- Wave Accounting - I use this for my business accounting and invoicing.
- Slack - I’m in several Slack instances for work and social reasons. If I grow my company this year to be more than just me, I’ll likely look at alternatives for us but I can’t avoid this in my consulting work.
- Discord - As above, I’m in a few tech-specific instances where I mostly lurk. I wouldn’t be too upset if this went away.
I give myself a D here. Even though I’ve made an effort to self-host there are a few cloud products that I’m inextricably tied to.
Opportunities to improve:
- Find an alternative to Google Docs/Sheets. I do have LibreOffice, but it’s really clunky to work in and I rarely use it.
- Continue to experiment with Forgejo and move any code that doesn’t have to be on GitHub there.
- Look into options for self-hosting accounting software for myself (Actual Budget looks interesting) and my company.