**** obsolete.audio ****

Freedom.


There are many kinds of freedom. This is one of them.

Here’s how I did it.

I remember way back when Google first acquired YouTube and how much I wanted them to implement single sign-on between the two, and really, between all of their sites. It’s hard to imagine now, but Gmail, Google Calendar, YouTube, etc all had to be signed into separately.  Well, little did I know that integration (and therefore activity tracking) across all their sites would be one of many factors that eventually led me to delete all of those accounts. I, like many others, have had issues with Google’s practices for quite a while, but what eventually made me close my account with them was their participation in mass censorship.  That doesn’t mean I necessarily support the voices that they censored, rather in principle I strongly disagree with a company like Google using their platform to artificially shift the balance of discussion. And my thought is, if we now know that they (and the other tech giants, none of which I use anymore either) are explicitly and blatantly deleting and delisting content they don’t agree with, how long have they been taking similar action behind the scenes in more subtle ways?  Since their search algorithms are proprietary, we have no way of knowing.  Plus, being an anti-IP libertarian, I have a tendency to want to be in full physical control of my own data — since “cloud” is just another word for “someone else’s computers,” and if it’s not on your own hardware, you don’t really own it.  So I finally decided to roll up my tin-foil sleeves and set up my own open-source, self-hosted services to replace Google (and most other proprietary hosted services) once and for all.

As usual, this isn’t a “how to” guide. You’ll have to go your own way if you want to do this yourself. I just wanted to document it at a high level, to let people know it is possible to do.

Step one: My Own “Cloud”

The cornerstone of my approach is to have a personal server where a lot of my important data can live.  Several years ago I decided to set up a server in my home running OwnCloud, and when it was forked into Nextcloud I ended up following that crossgrade since Nextcloud seemed even more community-friendly and accessible. Nextcloud is a very powerful and fully open-source platform (built on PHP+MySQL+Nginx, in my case) that aims to be an extensible replacement for Dropbox/Google Drive/OneDrive.  What is great about Nextcloud, however, is that it isn’t just for file sync (though it does that very well thanks to their cross-platform client app) — as I mentioned, it’s extensible. So there are plugins that allow you to store other data there as well, such as calendars, contacts, task lists, a music library with an in-browser music player app, and even an RSS reader so your news feeds can all be managed in one place.  As you can see, if configured correctly, Nextcloud can replace most of the services that people rely on Dropbox and Google for, even backing up all of the information on your Android phone (which I’ll get to shortly).

Later, I moved that Nextcloud instance over into an Ubuntu Server Linode, so that I didn’t have to worry as much about my home IP address being targeted and also to get better uptime since the server would shut off if, for example, the power went out for 10 minutes in the neighborhood, which happens more often than I realized.  Using a Linode was a bit of a compromise in my mind, because I’m still using someone else’s “cloud”… but at least I can relatively easily download my VM from their service and fire it up on a local of instance of Proxmox if I ever wanted to — since Linode and Proxmox both use KVM as the hypervisor, the VM should port right over easily. And I may do that at some point. So paying for a service to host a single VM which I have a fair amount of control over seemed acceptable for now.  Not to mention, Linode also allows me to enable full backups of my server at a regular interval for a mere $2/month. After moving to a Linode, I also installed a Let’s Encrypt certificate so that all of my communications were secured end-to-end without having to add cert exceptions to every browser/app I used.

Step Two: De-Googling My Phone

So while technically I’m still running a Google-developed OS on my phone (Android), it’s possible to remove all of the things that make it invasive to one’s privacy — i.e., the proprietary Google services that are killing your battery life by  tracking your every action. For a long time, I had used Cyanogenmod, which was a community-developed version of Android that took only the core of AOSP and added some nice features on top while remaining open-source — though I would still install the proprietary Google apps on top so that I could access all the things that are sync’d to one’s Google account by default, and of course use the Play Store. Fast forward to my most recent phone purchase (a used Oneplus One) and, unbeknownst to me, Cyanogenmod had closed its doors. Fortunately some of the folks who developed it took the source code and forked it into LineageOS, which offers an Android port for the One.  Since by this point I had already been successfully using a Nextcloud server for a while and was pretty familiar with how to administer it, I decided to take the plunge and try doing a Google-free phone for a while.

Thanks to the F-Droid project, making a Google-free phone still have some reasonable modern conveniences is actually fairly easy. First I got LineageOS installed on the phone, which was pretty easy thanks to Oneplus generally being friendly to custom phone OSes. Second, I installed F-Droid by downloading the APK file from their web site, which allowed me to install open-source apps and keep them up to date.  Third, I used F-Droid to grab the DavDroid and Nextcloud apps (and a few other nice utilities), which work together to allow you to sync up your calendar and contacts and access your Nextcloud files while out and about. F-Droid of course doesn’t have nearly as wide a variety of apps as the Play Store, but I don’t like having a million apps on my phone anyway.  With only the barebones system apps and a few open-source apps, my battery life is excellent: usually a charge will last 2-3 days, whereas for most of my Android life I was used to having to charge up every night. And of course with no social network apps installed, I can actually focus on my own life rather than other people’s. There are of course ways to access social networks from apps available in F-Droid, but I’m sure the reader has ditched social networks too so I won’t bother sharing them. ;)

Step Three: Private Chatting

I had been using Google Chat / Hangouts to talk to friends, but decided that I wanted a more private option. I could use a third party Jabber instance and use something like OTR or OMEMO to encrypt our chats end-to-end, but I wanted something that was simpler than all that. So I installed a Jabber server (Prosody) and set up two accounts: one for myself and one for the most important person in my life. Since she uses iChat which still (thankfully) supports Jabber, it was easy to add the custom server to her existing workflow. Since I didn’t federate the server with the wider Jabber network, our communications are reasonably private (i.e., isolated to my Linode) without having to set up end-to-end encryption, which iChat doesn’t support anyway. I did configure transport encryption of course, and fortunately I was able to use my Let’s Encrypt cert with the Prosody server by just pointing it to the appropriate cert files.

Step Four: YouTube “Subscriptions”

Without a Google account, I wouldn’t be able to have YouTube subscriptions. So after a quick search (using DuckDuckGo of course) I discovered two nice features that YouTube still has but may (likely) remove in the future: 1, the ability to export your subscriptions to an OPML file, and 2, the ability to grab a channel’s RSS feed. So I exported my subscriptions and imported them into the News app in Nextcloud, giving them their own “YouTube” category.  When I want to “subscribe” to a new channel, I use the following for the RSS feed address:

Where {channel_id} is the channel’s YouTube ID.  This ID can be found by going to a channel’s “videos” page, viewing the source code, and searching for “channel_id”.  Often the whole RSS url will be in the code as well, so you can just copy/paste the whole thing into an RSS reader.

Step Five: The Big One, Running My Own Email Server

The big hurdle had finally arrived: self-hosting my email. I already run a (Zimbra) server at work, so I knew the basics in theory, but I had never installed a barebones email server myself. So I found a great tutorial in Linode’s documentation for doing exactly that using Postfix+Dovecot+MySQL.  It was fairly straightforward for a Linux-head like me, just a bit tedious, and of course as usual I learned a few tricks along the way.  Nextcloud has an email app which can connect to my Dovecot instance via IMAP, which I use sometimes, but typically I now use Thunderbird since I just like the power of using a real desktop app. As with the Prosody server, I was able to use the Let’s Encrypt certificate with both Dovecot and Postfix, allowing secure (transport) communication and authentication.

Two important things I made sure to do to help fight spam and spoofing: I enabled RBL-based blacklisting, which gets rid of a lot of spam, and set up SPF TXT records in my DNS, to let other mail servers know what the authoritative SMTP servers are for my custom domain. I haven’t set up DKIM yet but that will be my next task.

To migrate my email away from Neomailbox (which I had been trying out for a while — I left that part out of the story but moving away from Gmail wouldn’t have been much different), I used a command line tool called IMAPSync.  After a few test runs with just 10 emails or so each time to make sure it was working correctly, I ran a full sync which took a few hours to complete. I set up the new account in Thunderbird and poked around a bit to make sure the old mail had all moved over, and it had. Success!

I also wanted to have server-side mail filtering, so that for example I could have newsletters that I’m subscribed to moved into their own folders automatically. So I set up Pigeonhole and connected it with my Dovecot instance. Then I installed the Sieve Filtering add-in for Thunderbird so that I could manage it from the client-side.

There were lots of other little tweaks I made to make sure I had a reasonably secure server, but they’ve largely slipped my mind at this point. Thanks, internet.

Step Six: Pressing Delete

I had to change my email address in many, many online accounts before I could press the final delete on my Google account. Fortunately I have been using a Keepass database for generating and storing passwords for a long time, so I could keep track of what accounts I had already changed over by just updating Keepass.

The time had finally come, and I went through Google’s account deletion process. I know that my account still exists on their system in some sort of backup scheme, but perhaps someday it will age out and disappear from the internet forever. Actually I doubt even that, but at least I’m no longer putting information into my account.

So long Google, and thanks for all the fish.

 

Addenda

For configuring DKIM, I followed this article in the Linode docs. They’ve got the best docs, or perhaps second place after the Arch wiki.

One gotcha I think I’ve fixed: My outgoing mail was being marked as spam by other mailservers. I verified this was the case by sending an email to [email protected], which is a handy service (mentioned in the tutorial linked just above) that will tell you if your SPF and DKIM are set up correctly. Turns out, my outgoing mail was being sent (occasionally) via the Linode server’s IP6 address, which wasn’t on any reverse lookup. Doh! So I disabled IP6 on the server to fix the problem for now.