this post was submitted on 21 Jul 2023
190 points (97.0% liked)

Selfhosted

40028 readers
1098 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

With the stories about data from period tracking apps being shared with law enforcement, I was wondering if there was a self hosted alternative I could host for my daughter. My searches so far have not returned any good results. Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (2 children)

I'd probably just spin up a calendar such as one on Nextcloud but also change the name of the event to another plausible name such as:

Pay day.
Grandma coming to town.
Grandma leaving town.
Walk the cat.
Pick up groceries.
Collect mail.
Drop off mail.

[–] corroded 6 points 1 year ago (2 children)

As someone who uses Nextcloud, why do you suggest obfuscating the name of the calendar event? My nextcloud instance is only accessible from outside my LAN via HTTPS, so no concern about someone using a packet sniffer on public WiFi or something of that sort. The server is located on my property, so physical security isn't a real concern unless someone breaks in with a USB drive or physically removes the server from the rack and steals it. If someone was to gain access to my network remotely, they'd still need login credentials for Nextcloud or for Proxmox in order to clone the VM drive.

To be clear, I'm not disagreeing with you; I'm wondering if I may be over-estimating data security on my home network. Considering you're posting from infosec.pub, I'm assuming you know more about this than I do.

Also, I feel like I need to say that the fact that OP even needs to consider data security for something like really makes me wonder how parts of our society have gone so wrong.

[–] [email protected] 8 points 1 year ago (2 children)

If your concern for wanting to self host is that you're concerned your government might attempt to access that data, then you should also assume they could get a warrant for that data and force you to decrypt it if it were encrypted at rest on a machine in your home.

[–] corroded 2 points 1 year ago* (last edited 1 year ago) (1 children)

That's a very valid point, and certainly a reason to obfuscate the calendar event. I would argue that in general, if the concern is the government forcing you to decrypt the data, there's really no good solution. If they have a warrant, they will get the encrypted data; the only barrier is how willing you are to refuse to give the encryption key. I think some jurisdictions prevent this on 5th amendment grounds, but I'm not not a lawyer.

[–] [email protected] 2 points 1 year ago

Right, this is exactly what I was saying. Plausible deniability because you know you're not going to be able to fight to protect the data when they come knocking.

[–] [email protected] 2 points 1 year ago

They can't force you to decrypt it in the US due to the 5th amendment

[–] [email protected] 4 points 1 year ago

The police can confiscate your servers. Considering some states are treating abortion as murder, I don't think it's unrealistic to say the police could raid your home and confiscate your devices just on suspicion.

The only thing safe against that is an encrypted device locked with a password, no biometrics like fingerprints or face ID. As far as I know, you can refuse to give a password under the 5th amendment, but you can't refuse to unlock a device with a fingerprint reader or face ID.