In this document we discuss privacy considerations which are relevant to both types of personal server: both cloud-based and hardware-based solutions.
Below is a discussion about various forms of surveillance and what protection you can expect from a personal server.
Let's be straight: if you have a cloud-based personal server solution you should recognize that the United States government, and perhaps some other world powers, can probably get ready access to your data. There is legislation in place which gives them the right to request your data from the cloud-providers, and it's reasonable to expect that they will and do (otherwise why would they have bothered to pass the legislation?).
Before you write off cloud-based solutions for privacy reasons please be aware of the following: government agencies are sophisticated enough to get in to pretty much any computer system. They have backdoors and certificate authorities and teams of world-class computer hackers. What this means is that if you opt for a hardware solution to run on your own premises you should understand that governments can gain access to that too! If you're worried about government surveillance then you shouldn't trust your secrets to any computer system anywhere. That's the simple truth of the matter.
Personal Servers shine at protecting you from corporate surveillance. If you use commodity email solutions on the Internet such as Gmail then the operators (such as Google) have ready access to the content of your communications. They can and do investigate the content of your communications on the one hand to figure out what products and services they might advertise to you but also to do research and, no doubt, to spy on behalf of government agencies.
If you're not using a personal server then not only do your commodity service providers have access to the content of your communications but also who you are in contact with, when, how often, how much, and so on.
Keeping your data on a personal server protects you and your friends keeping everyone safe from corporate surveillance.
There are lots of bad people out there. Because your personal server uses HTTPS everywhere and encrypted email you are fairly safe from most criminal eavesdropping and hacking.
Having any sort of personal server—even in a cloud-based data-center— is a big win for privacy on the Internet. By using your personal server to conduct your digital life you are keeping the prying eyes of many corporate and criminal snoops out of your business.
No personal server solution is perfect, but any personal server solution is better than the status-quo of keeping your data in corporate data-centers such as Google, Gmail, Facebook, etc. Personal servers of any type will protect you from corporate surveillance and criminal surveillance and no server of any type is safe from government surveillance.
Below are some thoughts about anonymity on the web.
Meta data is information about communications that doesn't include the content itself. So for example if you and I are having a conversation over the Internet, the meta data is that it was you and me talking, what time of day we were talking, how many messages we sent to each other and how big those messages were; but not anything about what we actually said to each other. Encryption can protect the content of our communication, but we can't hide the fact that we were having a conversation about something and roughly how much we had to say.
Governments and telcos collect meta data and it can be just as damaging to privacy as content acquisition, so you should be aware of that.
One solution to the problem of meta data monitoring is white noise. Let's say that you set up some software that runs in your house that automatically connects to websites and sends emails which are completely bogus. You use encryption so it's harder for snoops to read the actual content and then generate a whole heap of "white noise" on your connection. If 90% of your bandwidth is used to generate pretend traffic (i.e. white noise) then a monitoring agent will have trouble determining the 10% of your traffic that was actually you. Presently we don't know of any such facilities, and they would be expensive to run because they use up a heap of bandwidth, but we have it slated as a future service of a personal server that it will be able to generate white noise to mask your actual Internet usage.
A domain name is used to connect to your server on the web and usually starts with "www" and ends with ".com" or another top-level domain name, e.g. www.example.com or demo.personalserver.com. Domain names are used to resolve IP addresses through the DNS system. So a domain name is used to figure out how to connect to your server using its Internet protocol address known as an IP address.
By default when you purchase your own domain name you need to provide a whole heap of personal information such as your name, address and contact details. These details go into databases known as whois databases and are publicly available. Most domain name registries can anonymize your whois data for an additional fee. So you pay an extra twenty bucks or so and the registry will replace your contact details with their contact details. But if you don't elect to use this service your details will be on display for any one to read and you should be aware of that.
With your personal server you get a domain name that is a sub domain of personalserver.com, for example bob.personalserver.com or sally.personalserver.com. These personalserver.com domain names don't store any personally identifiable information in any whois registry so they are your best bet if you're looking to protect your identity online.
Below is some discussion about the various types of encryption used by your personal server.
All of our personal server solutions provide HTTPS encryption support. HTTPS is the secure version of the HTTP protocol which facilitates the World Wide Web.
In order to provide HTTPS support your personal server needs to be configured with a digital certificate which is cryptographically signed by an organization known as a Certificate Authority (CA). You need to pay a small fee to get such a certificate and the certificates expire after a number of years.
Certificate Authorities have secret keys which they use to provide the signing service. Anyone who can get access to any of these keys can sign their own digital certificate and pretend to be you. Pretty much every major world government can get access to such secret keys, and then they can intercept your electronic communications using what's called a Man-In-The-Middle Attack. So HTTPS is pretty good at protecting you from criminal and corporate eavesdroppers but it cannot be relied on to protect you from government surveillance.
Underneath the HTTPS protocol are two other protocols known as SSL and TLS. The SSL and TLS protocols are also used by email software. These protocols are susceptible to Man-In-The-Middle attacks when intercepters can forge keys.
The Secure Shell protocol, SSH, is used to give you a secure interactive command line and to support file copy protocols such as SFTP and SCP. It's pretty secure. The first time you connect to a server you have to verify its identity and forever after your client software expects to find the same server key. If the server key changes unexpectedly you will be notified that someone might be tampering with your line.
While the SSH protocol is pretty good at protecting "what you're doing" on your servers with your interactive command line the meta data that indicates that you are using your secure shell is still available: i.e. where you were accessing your server from, how many commands you issued, how much data you saw, what time of day you were using it, and so on.
There is a very secure end-to-end encryption technique called a One-Time Pad. Basically the way it works is you use a "pad" of one-time random data and use it to mask your content. It's "expensive" from the point of view of how much data you need. If you want to send a 20KB message you need 20KB of one-time pad data.
To set up a one-time pad you would need to generate a heap of random data and then store it on a removable disk such as a USB key. You would then use SneakerNet to deliver the USB key to your friend. So both you and your friend would have a copy of the one-time pad. Then when you wanted to send messages to your friend you would mask your message using the one-time pad from a certain offset and in your message you would tell your friend the offset. There is no way for a snoop, not even governments, to intercept the content of one-time pad communications. Of course, meta data is still available.
There isn't presently any facilities for one-time pads in our personal server technology, but if you would be interested in this you should let us know and if there is enough interest we will develop one-time pad technology.
So to wrap up: a personal server keeps you safe from corporate and criminal surveillance but cannot stop government surveillance. If you want to have anonymity on the web make sure you get a private domain name or apply for a personalserver.com domain. While various forms of encryption can generally help protect the content of your communications it can be subverted by world powers and meta data is always readily available.
Hover your mouse over for more info and click for details:
|Managed||Do It Yourself|