Category: Personal privacy

  • A self-hosting journey

    A couple of months ago I decided to finally take the plunge and try self-hosting. In particular, I was sick of trying to find a Google Docs alternative, and sharing random CryptPads and Etherpads with academic collaborators seemed dodgy. I’d been interested in Nextcloud, but I’d been using a random provider through their marketplace, which didn’t seem too great, either. With the increase in AI cannibalism scraping-for-LLM-training, I wanted to move my documents to a place where I understood how they would be used. An E2E service didn’t quite work, since I wanted to be able to have people edit documents without needing an account on whatever service, and I needed it to appear semi-professional, at least.

    My approach has been one of relative low-tech; that is to say, I wanted to create relatively stable infrastructure that I could rely on and thus wanted reasonably well-developed infrastructure, rather that trying to do set up my own system entirely from scratch. I bought a used Raspberry Pi 400 (in a case — for convenient proximity to Ethernet connection, it’s housed next to the front door, aka lots of dust and dirt) on eBay for $40.

    Pi 400 specs from Raspberry PI

    I booted it up with a fresh install of Raspberry Pi OS, once I secondarily purchased the micro HDMI converter I forgot I’d need 🤦‍♀️

    I’d read about YunoHost and it seemed like one of the better options — free, open source, decent user community, and needed little to no custom software design. And indeed, setting up the OS itself wasn’t much of a problem. On the other hand, configuring my router to work with YunoHost and the Pi was much, much harder. I lost a few hours mucking around with Netgear Genie, I realized two things: 1) I should actually step back and learn some fundamentals of networking, and, 2) interesting networking projects should probably not be run off a who-knows-how-old router that has been inherited by multiple generations of tenants off contract.

    That joyful learning experience aside (also with thanks to my flatmate for putting up with at least one complete firmware reset on the router), I got the thing up and running. Yay!

    Now a couple months on, I’ve got a stable workflow with several apps I regularly use:

    • Google Drive –> Nextcloud — whew, this one was not fun to configure. I usually use x86-64 hardware (along with an ARM-based PineBook Pro, the Pi is the only ARM64 hardware I’ve used) and in the process of setting up the Collabora server (which, reader, is a separate YunoHost application) EXCEPT if you’re using ARM, in which case you should use the Nextcloud add-on CODE server. I learned this the hard way, though I now see the app page for Collabora now imparts this rather handy knowledge.
      • There’s one major bug I cannot figure out, however: when I create a new document on the web version of Nextcloud (as opposed to mounting Nextcloud as an external drive and creating a new file with a local word processor), I will always lose the first draft of what I write. I *think* this is some kind of sync error, wherein I’m failing to establish (.touch) the new document before I start writing to it. My current work-around is creating new documents via the word processor / external drive workflow and then editing from the web view, which is not ideal.
      • I also cannot get the Zotero integration to work. While I’ve got the add-on installed, I cannot get it to load my entire library. Instead, I get maybe twenty or so entries, when I have 2,000 or so entries in my Zotero library. This is another reason why I keep returning to the local word processing.
    • Todoist –> Vikunja — this is one of the rare times that I genuinely cannot find a solid FOSS replacement. I’m making Vikunja work, but it’s driving me a little batty. While I followed the steps to import my data from Todoist, I’m too used to Todoist’s sleek interface and miss the shorthand input (e.g., “repeat week” will set to auto-repeat weekly). Vikunja does have a setting to change the shorthand (I selected Todoist) but it’s not as sensitive — e.g. I rarely get the date format correct enough that it automatically assigns the desired completion date. I also wish there was a widget to add a new task from any page, rather than just the homepage. I do really appreciate the Teams feature and plan to use it at some point in the future — for now, my to-do list is feels too personal to open up the subdomain to any potential user (I know I can configure it to only users I’ve created, but still…)
      • My meta-reflection on switching is that I hate how I completely fell prey to Todoist’s gamification of task completion. Somehow seeing the arbitrary five goals completed marker made me feel success in a way that merely checking off individual task in Vikunja does not. Of all the things to be gamified, maybe it’s good my to-do list is, though?
    • Google Docs –> CryptPad — I had to give up on (well I’ve “paused” my instance, which is a great YunoHost feature) until I can figure out how to configure it such that only registered users can create new documents. This is a setting that exists for CryptPad more generally, but due to the way it is configured by default on YunoHost, it’s proving more tricky.
    • ? –> Readeck — this is the one I didn’t realize I needed. Super easy to configure, Readeck is a place to save articles I want to (or should) read but haven’t gotten around to it yet. Removing these from my to-do list and instead putting them in a designed app is relieving some stress (from having a never-ending to-do list).
    • Multiple proprietary URL archivers –> Archivebox — I worry a lot about bit rot, especially since I often want to archive things to return to for research. With Archivebox, I’m able to download the site in various forms (PDF, html, etc.). The site interface is clunky but the service is highly valuable — also because I sometimes save things I wouldn’t necessarily want to archive on a public site, where they might be subject to more AI cannibalism web crawling, e.g., someone’s creative work.

    Overall, the static IP address finagling was worth it — I’m happy to have control over where my data is housed. Also, it’s been an interesting experience of coming to understand the material infrastructure of my house (a rental). I live in a fairly run-down neighborhood and our internet service, for example, reflects that — I was surprised when I was traveling for the summer and obviously away from the server how often our service was down. Given that I’m usually using my home network outside of regular working hours, issues that occur overnight or during those hours go unnoticed. That’s yet another reason we should all be in favor of expanded broadband access, etc., etc.

  • Configuring Vikunja on YunoHost

    1 – create new todoist authorized app: https://developer.todoist.com/appconsole.html

    2 – o-auth redirect should be [your domain]/migrate/todoist

    3 – take note of client id and secret

    4 – then edit your Vikunja config located at /opt/vikunja/config.yml

    5 – in the config.yml, add client id, secret and redirect url under migrate –> todoist

    6 – then reload vikunka: yunohost service restart vikunja

    7 – then go into vikunja to the import page, where you should see todoist id, which will link to todist to authorize data sharing (read only), then should link back to vikunja. I had an error when I had wrong o-auth url redirect (see step #2).

    As a regular Todoist user for a few years (text only, no attached files), it took maybe 10 minutes for my data to finish transferring over.

  • Privacy Diary: 5+ months running Lineage OS

    I finally switched to Android when, in 2020, my old iPhone 5S forcibly and needlessly bit the dust at the behest of the Apple Corporation’s planned obsolesce policy.

    While in the process of moving back to Germany during the COVID-19 pandemic, my temporary housing was through a shall-not-be-named platform, whose app no longer ran on the iOS version the 5S had been limited to. In order to adhere to Germany’s (very reasonably) strict quarantine policy for new arrivals at the time, I realized I had no choice but to upgrade, seeing as making it expeditiously to my lodging was a matter of public health, and the app was the only reasonable way of communicating about my arrival with my landlady.

    My logic behind making the switch to Android was, “oh **** I need a phone that runs a newer OS” and “my budget is about 0 dollars”. In the end, I ended up with a Moto Power G (2020), which was the cheapest conventional smartphone I could find that was compatible with my current cellular plan. The fact that it was an Android was almost an after-fact, though my deep frustration with a certain company’s proclivity towards deceitful dealings with aging products did play some role, I’d like to think. While, yes, I will admit that the Moto G did seem to handle daily life better than the 5S (no, it did not lose all my texts now and then), by the time I’d had it for about two years it fared worse than the 5S did after four or five. Which, in retrospect, did make some sense — I mean, I did buy the cheapest smartphone I could.

    The idea that I had a two-year-old smartphone that was no longer functional drove me crazy though. Sure, there was the financial kicker; at this point, the Moto G was probably as expensive as if I’d just bought an iPhone and kept it for an extra year or two, which I suspect it could have probably handled (especially after those class-action lawsuits Apple ended up in). But there was also the environmental impact — I mean, good gosh, was I supposed to just dispose of a ridiculously resource-draining device after a mere two years of use? Incidentally, this coincided with a research project I was conducting about dumbphones, and the desires of many dumbphone users to keep devices that just worked for a long time. Better for the wallet, better for the environment.

    This led me down a rabbit hole of modular phones, most of which exist only in popular form with a “X Company Shuts Down Development of Planned Modular Phone”. Failing that, I figured the next best thing was a phone that would at least keep current (receive regular OS and security updates) for some time (i.e., more than two years). So obviously Apple devices were out. While Fairphone was the most reasonable dealer I could find, reviews by mainland-US users indicated that the EU-intended device barely functioned, and rarely reliably, if at all, stateside. After much searching, I realized one option would be to buy an older flagship device (easier on the wallet, and somewhat environmentally less bad?) and flash it with a mobile OS more dedicated to longer-lasting support. Which resulted in my purchasing a Google Pixel 4a (via a refurbished tech site), a device which was, approximately, ironically, the same age as my malfunctioning Moto G.

    I knew I was making a few concessions to modern ease when I switched to Lineage as a “daily driver”. First, Google would treat the bootloader as being tampered with, and some apps might be incompatible. I’d read ahead of time that many financial apps, for example, would disable sign in with finger-print ID, which was fine with me, since I’d quit using biometric login features since the 5S.

    On the plus side, it meant that I could change my relationship with Google, which was inflexible on the stock Android the Pixel 4a ran by default. Instead, I admitted to my unhealthy reliance on Google Maps (particularly when traveling) and added the Google Apps for Lineage OS (GAPPS) package. When I’m not traveling or anticipating getting lost, which is, I admit, a fairly imperfect solution, since I tend to get lost at unexpected times. Maybe the secret to personal privacy is perfecting one’s sense of location?

    I’m now about five or six months into daily life with the mostly-de-Googled, Lineage-running Pixel 4a. On the whole, I’m pleased with my experience. The actual experience of flashing Lineage to the device was much easier than with my Samsung tablet, and took about 30 minutes (though, at this point, I have some experience mucking around in adb).

    As for the experience of using Lineage, there are quirks, most often with the default phone application. I suppose I could just download the Google one. The Google Wallet feature doesn’t work with any financial details (I can still store thinks like plane e-tickets, but not credit cards). I feel like this is probably for the best, considering that lodging my credit card in my phone is just one more case of data seepage, but would be an issue for more regular users of contactless payment. In general, the Lineage default app versions sometimes just don’t work quite right, which isn’t something I can really complain about, given that Lineage doesn’t have the kind of financial and organization backing that Google’s Android OS teams have. Further, a 1-3% latency with basic applications probably helps me use my device less, since things are not quite as quick and easy as they are with flagship devices. Or maybe this is psychological. Who cares, I think my screentime is slightly down, which is all I can ask for.

    As far as hardware, the battery life is much better with Lineage than it was for the short time I ran out-of-the-box Google Android. The device I bought has been well used, and the battery life is definitely strained to last a whole day without a partial recharge, which might require use of an external battery pack for someone who doesn’t have a desk job. I’m pleased the device still has a headphone jack, so I can make use of the dozens of old Apple corded headphones that have been passed on to me by the rest of my family members, who have upgraded to jack-less iPhone versions. As someone who frequently listens to radio and music, having a dozen or so pairs of headphones makes it a whole lot easier to always have a pair within reach, something I definitely can’t say about bluetooth devices (did I mention the cord also means there’s no battery life to deal with? Wild.)

    Somewhere between hardware and software is my main gripe: dual SIM support. While back in Germany this summer, I needed to maintain both my US number and my German one, with easy access to both. Thanks to a thankfully well-timed introduction of Edeka Smart’s e-SIM option, I used my Mint Mobile (US) plan SIM in the physical SIM slot, with the Edeka as the e-SIM. My voicemail has never recovered, which, honestly, is fine since in the five or so months I’ve been using the device, I think I’ve gotten about four voicemails total. Would this be an issue for perhaps an older user more accustomed to actually speaking with people on the phone? Yes, absolutely. I’m also aware that the 4a is relatively unsophisticated in it’s dual SIM capabilities and newer versions of the Pixel might handle it better.

    On the whole, I like having my phone be my phone and not an advertising portal I carry around with me. Is it still a little bit of an advertising portal? Of course, but I feel like I’m able to make reasonable trade offs in my exposure to data collection — for example, figuring out how to navigate around a new city is worth a few breadcrumbs of location data. Do I use a different Google account with each Google app that I do have installed? Sure. Does it help minimize my exposure? Probably not?

    On the whole, I feel like this is one of the more reasonable options for a privacy-respecting smartphone. While it certainty requires an intermediate level of tech savvy, at least in getting set up, I think it could be reasonably used as a “daily driver” for anyone used to contemporary smartphones and willing to make some small sacrifices to protect their personal information, while still getting many of the benefits of a smartphone.

  • Privacy Diary: On data brokers

    By last count, I’ve lived at six addresses in the United States, with varying degrees of permanence (I’ve been an official resident of one state the entire time, but had mailing addresses at five other locations, some in-state, some out, due to temporary jobs and schooling). So, when I recently went to fill out an update renter’s insurance application, in order to confirm my identity, I had to stare long and hard at the list of alleged prior addresses.

    If you’re unfamiliar with this kind of verification system, institutions will contract with data brokers, who scrape public data (like voter registration or addresses on tax returns) and ask you to verify whether or not you’ve, for example, lived at any of the five prior addresses, or have ever owned a certain model of car. Making a mistake can send you into a long loop of escalated verification processes, some of which record your conversation with the customer service representative for “security and verification purposes”. I’m not a big fan of biometric data records and avoid them where possible, so I like to guess any prior addresses and car models correctly on the first try. However, there’s ambiguity in the questions themselves, given that I am perhaps not the default case. Having initially registered to vote, for example, at my parents’ address (I was completing high school at the time), I’ve definitely been “associated” with that address. But the question, as posed by my renter’s insurance firm, via their contracted data broker, is, “have you ever owned property” where one of the options is my parents’ address, where I have been registered. The crux of the problem is that I definitely didn’t own that property (as my parents would be quick to remind you, given my lack of contribution to their property taxes), but I don’t know if the data broker has effectively discerned that. Instead, all I know is that I, yes, have lived at that address. So I do what feels to be the reasonable thing — that is, I click “none of the above”.

    Sure enough, I am immediately informed that my verification process has failed, which is deeply ironic, given that the data broker has actually misidentified me as a homeowner. I am then routed to a dreaded customer service interaction, where sure enough, I am given no option but to consent to my voice (as part of the entire conversation) being recorded, subject to a privacy policy “available on the firm’s website”. I need renter’s insurance, so I give in. Of course a lengthy wait time is required and I am forced to give a variety of identifying information, including my social security number, via audio call.

    Reflecting later on the incident, it bothers me. Why did it fall to me to go out of my way to correct misleading (in fact, incorrect) data? Why are data brokers allowed to sell faulty systems that could lead, in fact, to false verification of identity? After some Web searches, I find out that there are a few key data brokerage firms in the US, including three big ones: Acxiom, Experian, and Epsilon. If there’s a category of business I hate to support more than credit report firms, there’s only the American tax return preparation services lobby…

    Now, I have a few options. First, I can request to have a copy of all my data pulled. There appear to be some options for correcting the data found on that report, but I have little to negative interest in giving these firms better records on me. Second, I can opt to have all my data deleted. Depending on the firm, there are additional options. No service (of the three aforementioned) will let me complete multiple steps at once, leading to 10-minute per brokerage firm submissions (and yes, I have to verify my identity to perform these tasks) for each desired goal, i.e. getting a copy of my report, and coming back later to request deletion.

    Radio button menu, with note that can only submit one request per application. There are eight options.
    From the Epsilon privacy center application page. Note that I can only select one privacy measure per application, requiring 8x the work to fully remove my data and Epsilon’s use of it.

    Oh what fun! After about an hour of time, I submit three basic applications, to get a copy of “my” data (or data on the person these sites seem to think I am) from each of the three firms. I receive those reports each about a month after filling. The data inside those reports deserves a much longer post, but suffice it to say, there are plenty of errors. For example, my dad’s name shows up under one of my legal aliases. I’m pretty sure I know how it got there, as he’s listed as a legal custodian on my first bank account, and our motor vehicle registrations are intertwined.

    I can easily imagine a situation where this quickly becomes a serious problem. For example, would my dad’s property ownership records then get mixed up with mine, since our “legal aliases” are? I suspect that’s exactly what happened to me in the case that launched this entire rambling post. This is yet another case of the fallacy of data as truth, and it makes me consider attempting to track down the personal phone number of the CEOs of these firms and deliver a message about the importance of personal privacy. But, unlike these firms, I respect personal privacy.

    For the immediate now, I tell each firm (well, I take 10 minutes to submit a new privacy application, since opt-out culture is alive and thriving) they can’t use “my personal information”.

    To see the effects, I try to open a new checking account a few weeks later, at a bank I know uses these data brokerage firms to verify customer identity. Sure enough, where I should hit a “just verify a few basic facts for us by selecting from the following…” page, I get an error code! They are unable to verify my identity at this time! I am always so happy to see when the most fundamental errors go unhandled — for example, an API request returning a “no one with that profile in our system”. I am instead given a phone number to call, and it is the general number for the bank. I am reconnected three or four times before I make it to someone who can actually verify my identity. Interestingly, they ask only for a recording of the call for security purposes, and insist that it will not be used for any marketing ones (do we believe them? I sniff a future class-action lawsuit.) It takes the representative a few minutes to verify my basic information, including social security number (which I could have typed online anyway), and then I am told a decision will be made in a few days. While I am never notified of a decision, a few days later I do receive login information for my shiny new checking account.

    I’m not sure what the concrete results of my opting-out are yet. I know that it led to a long phone call and some honestly horrific hold music (banks should be ranked not by interest rate, but by hold music, hear me out), which isn’t ideal. At the same time, the information I had to provide this time was easy for me to provide since it was basic information that I, you know, am actually associated with. I am still curious how the final verification happened — was it even a full employee of the bank, or a contract worker? Who signed off on what disclosure of data? I was never asked to consent to any information sharing outside of the bank itself.

    I am also aware that, besides burning some time that I should probably be using to do other things, I am yet to encounter the more concerning implications of refusal. For example, with these “informal” tenant screening tools used by plenty of landlords, if I have no profile, will that count against me? I guess time will tell, but I am not entirely optimistic. To future me, I do apologize, but it was for the best (I hope).

    Notes: 

    I found the following site deeply helpful: https://privacyrights.org/data-brokers

  • De-Googling a Samsung Galaxy Tab A 8” 2019

    When I started grad school in 2020, I wanted a basic tablet to read papers. Having switched to an Android phone, I figured I’d give Android tablets a shot. The Tab A (SM-T290, also known as ‘gotowifi’ model) was sluggish from the start, but now, ~3 years after acquiring it, it’s unusable. Beyond wanting to de-Google, my other key complaint was about planned obsolescence (though you could argue that the SM-T290 was maybe obsolescent from the start) and my tablet was rendered “old” within two years of purchase. I’m actually never sure that it saw Android 11, or may I had decided it was unfit for use by then.

    Anyway, given these concerns, I thought I’d try Lineage OS, which conveniently was just certified fit-to-run on the SM-T290 (here’s a thread of its development from XDA). Luckily, I had not yet updated the boot loader past T290XXU3CVG3. I found the process much trickier than expected, due in part to a critical step — rebooting the device into various modes. As it turns out, from adb (yes I should have known this from the start) you can reboot into download mode, which eventually I discovered after trying to toggle the SM-T290’s ultra slim keys. Something something haptic feedback. If I had been more forward-thinking I would have taken screenshots, since the only limitation to the Lineage OS official install directions is that (to a novice, like me) the wording sounded close enough for the Samsung stock Android boot loader that I didn’t realize why my installation kept failing — namely, that I was missing rebooting into the right mode.

    lineage os boot loader main menu

    Note to self (and maybe other potential Lineage converts reading this), the blue “download” screen is not what you want. Photo below (showing Lineage OS logo) is what you should see (picture shows the second level of the menu, not the main menu).

    Anyway, now it’s * drumroll * suddenly a perfectly usable tablet! The SM-T290 now runs faster with Lineage than it ever did with stock Samsung Android. Maybe that’s not unexpected but it drives me insane that the mass-consumer options are so limited.

    I also played around with a few variations of limited Google presence — mainly, I wanted to be able to access a few 3rd party apps for which I could not locate the APK from the source and was hesitant to use one of those APK storefronts. In the end, I went with the default Lineage OS option (well, default if you’re going to have a bit of Google) MindTheGapps to have access to the Google Play Store to get the desired apps.

    The end result:

    lineage os initial set up screen

     

  • Running standalone Tor-Snowflake instance on PineBook Pro

    06 Mar 2022 – Annabel

    I’ve been running browser-based Snowflake instances for a week or so now and notice that I get the most activity (aka my instance is actually useful) at times I’m not reliably on my laptop. So, I set up a standalone instance on my currently minimally-used PineBook Pro. I wanted to leave it running during the day and didn’t need the battery drain of a GUI (my PBP has a terrible battery life [to be fixed at some indiscriminate future date]), so I went to follow these steps, with the goal of running it off a small solar generator & panel I have set up.

    Chaos ensued. I would use my PBP so much more regularly if ARM64 was…a few years more developed (sigh). Anyway, after much trial and error, here’s what worked on my Armbian (Ubuntu-based)-running (‘focal’ version) PBP:

    • Get Docker (different directions than regular Docker download) $ curl -fsSL test.docker.com -o get-docker.sh && sh get-docker.sh
    • Go ahead and add Docker to usergroup if that’s your thing. Reminder to logout after doing so. $ sudo usermod -aG docker [your-username]
    • Test Docker $ docker run hello-world
    • Get Docker-Compose $ curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    • Get the Snowflake Docker yml file and save.
    • Run your instance $ docker-compose up -d && docker ps

    If you’re still feeling edgy about what supporting Tor means (anti-censorship is good, socially-illict [as harmful unto other people] is probably bad), here’s a good read (scroll down to the last part). Mainly: who will be most affected if Tor (+ Snowflake, as an anti-censorship tool) ceases to function?