Comment by hagbard_c

Comment by hagbard_c 8 days ago

0 replies

View on Hacker News

All personal data - photos/videos, mail, messages, etc - is synced to my own server. Since I mostly use web apps running on my own server there isn't that much personal data or configuration on the things anyway. Configuring a 'new' device comes down to installing an AOSP-derived distribution without any Googly bits, add F-Droid to get applications, add Termux and the necessary applications to:

- connect to my network: Wireguard (encrypted tunnel)

- keep out unwanted content: Adaway (hosts-based content blocker), AFWall (firewall configuration)

- access control to my own and other services: Aegis (TOTP app, configuration is synced to the server)

- access services on my own server: Nextcloud (sync), DavX5 (contacts, agenda), K9 (mail), Conversations (messaging), DSub (audio), Antennapod (netcasts, syncs with gpodder on Nextcloud), Audiobookshelf (audio book player), M.A.L.P (controls several MPD instances around the premises), zmNinja (Zoneminder viewer, used for video surveillance around the farm), Timelimit (access controls for my 13yo daughter's devices), Librera Reader (eBook reader, connects via OPDS to archive on server)

- add the few proprietary applications needed: BankID (Swedish electronic ID), DigiD (Dutch electronic ID), DB Navigator (German railway app), NS reisplanner (Dutch railway app), Västtrafik To Go (Swedish railway app for western Sweden). These all connect to accounts on remote services and do not keep local state so backups are not needed, for the first two backups are not even useable on other hardware since their state is directly connected to the IMEI and/or IMSI of the local device.

Once configured I make a backup in the recovery (TWRP, PBRP etc) which I sync to the server. After that I only make backups after more radical changes to the device, e.g. when I install a new distribution. The rationale for this is that it is always possible to recreate the device from 'scratch' by following the above steps, these are scripted for a number of devices. All personal data ends up on the server (currently a DL380 G7 running Proxmox) which gets backed up daily. If and when a device breaks or gets lost in some way I can recreate it after repairing or replacing the hardware and firmware.

Apart from the mentioned proprietary apps there is no data leakage outside of my own network.