After the Dropbox hack: the cloud in your own home
2.9.2016
Translation: machine translated
The cloud service Dropbox has been hacked and 68 million usernames and passwords are out in the wild. We have researched a solution that not only offers more security but also the usual cloud convenience. A construction manual.
What hackers have known for a long time, end users are also realising: your data has a high value. This means that all web applications - including Google Drive, Dropbox and Box.com - are attractive targets for hackers. Last weekend, Dropbox was hit: 68 million data records with logins and passwords are now public. As always, users of the service are left out in the cold, because apart from instructions on how to change their password, they don't even receive an apology.
Furthermore, the data protection regulations at the locations where the cloud providers' server farms are located are often much more lax than Swiss law prescribes. With the fall of the Safe Harbour Agreement in October last year, international data protection is in limbo before the law. The failed referendum against the Federal Act on the Surveillance of Postal and Telecommunications Traffic BÜPF shows that Switzerland will probably actively decide against data protection.
Generally distrusting cloud services is neither practicable nor sensible, however, as the services offer a level of convenience that is worth fighting for. But the fear of hackers remains. The solution is therefore obvious: the cloud must migrate from anonymous server farms somewhere on our planet to familiar climes.
We have built a cloud in our own living room.
The hardware
First of all, we need storage space. Lots of storage space. This has the advantage that we are not limited to 20 GB of storage space, as is the case with Google, but can build a cloud with several terabytes - i.e. several thousand gigabytes - of storage.
The simplest and most energy-efficient are products from the Network-attached Storage (NAS) sector. Which product you choose is up to you.
The important thing is not to run out of storage space. Clouds have a habit of swelling quickly when there is no more data limit.
Setting up a NAS is simple and can be done in just a few steps. These are usually included in the operating instructions or can be looked up on YouTube without much effort.
Out-of-the-box, only one NAS manufacturer offers the solution we are looking for: QNAP. The manufacturer from Taiwan enjoys a good reputation among experts and hobbyists, as it relies on open standards and thus offers many options for customising its software.
Software
Probably the best cloud solution outside of the major services is called ownCloud. In terms of convenience, ownCloud is only slightly inferior to the hacked Dropbox, but it is free and open source. This means that anyone can view the source code of the application and every coder on the planet can add their input.
Not only does ownCloud store pictures and videos from your last holiday without any fuss, it even has an integrated text editor that allows several people to work simultaneously à la Google Docs. This sets ownCloud apart from solutions such as Google Drive, which rely on a proprietary yet universally exportable format.
There are also apps for mobile devices that run on Android and iOS in the two major app stores. Although these cost a francs, they are worth the money if your confidential data is stored securely in your living room at home and not somewhere in a server farm in the USA.
Security
There is no such thing as ultimate security against hackers and other scum on the internet. Even our NAS/ownCloud system is not absolutely secure. But it does offer some advantages:
- The attack surface is extremely small. Just because one ownCloud has been broken into doesn't mean that all other ownClouds are open
- Data sovereignty remains with you. You are no longer subject to the general terms and conditions of Google or Apple
- The data protection laws of Switzerland, which are still considered restrictive internationally, apply in any case
- Traffic between the server and cloud-attached storage is end-to-end encrypted. The encryption is based on OpenSSL.
It is important, however, that the software on the NAS is updated regularly. A current and complete list of vulnerabilities that the ownCloud team has repaired shows that the software engineers not only have transparency written on their banner, but are also constantly working on new bug fixes.
However, as a user you also have a duty. All the security precautions and efforts are useless if you don't take two minutes to choose secure passwords and provide your mobile with a passcode or fingerprint lock. If someone needs access to your cloud data, then quickly create an account for them in your cloud.
Your data is important. Stay safe!
Header image: Network architecture does not necessarily have to have such beautiful cable tangle.
Journalist. Author. Hacker. A storyteller searching for boundaries, secrets and taboos – putting the world to paper. Not because I can but because I can’t not.
37 comments
later