Taking Control: DIY Cloud Encryption and Self-Hosting for Better Privacy

Taking Control: DIY Cloud Encryption and Self-Hosting for Better Privacy

In our increasingly connected world, cloud storage has become essential for most of us. We store our photos, documents, backups, and other personal data in the cloud for convenience and accessibility. However, as we’ve seen with recent developments like Apple’s removal of Advanced Data Protection in the UK, trusting big tech companies with our sensitive information can be risky.

The good news is that you don’t need to choose between convenience and privacy. With a bit of technical know-how (and this guide), you can take control of your cloud data while maintaining strong privacy protections. Better yet, many of these solutions are not only more private but can also be more cost-effective than commercial alternatives.

Let’s explore several approaches to protecting your cloud data, from the simplest options requiring minimal technical skills to more advanced setups for those ready to take full control.

Option 1: Encrypt Your Existing Cloud Storage with Cryptomator

If you’re already using services like Dropbox, Google Drive, or OneDrive and don’t want to switch, Cryptomator offers an excellent solution that adds a layer of strong encryption to these services.

What is Cryptomator?

Cryptomator is an open-source tool that creates encrypted vaults within your existing cloud storage. Files are encrypted on your device before being uploaded to the cloud, meaning that even if the cloud provider is compromised or forced to hand over your data, the files remain unreadable without your password.

Why Choose Cryptomator:

• Works with existing cloud services: No need to switch providers
• Open-source: The code is publicly auditable
• Free for desktop use: Mobile apps cost a small one-time fee
• Easy to use: Mimics a regular drive on your computer
• Zero-knowledge: Your encryption keys never leave your device

Getting Started with Cryptomator:

1. Download and install Cryptomator:
   • Visit cryptomator.org and download the version for your operating system
   • Follow the installation instructions
2. Create your first vault:
   • Open Cryptomator and click “Create New Vault”
   • Choose a name for your vault
   • Select a location within your cloud storage folder
   • Set a strong password (this is crucial—write it down someplace safe)
3. Using your encrypted vault:
   • Once created, unlock your vault with your password
   • Cryptomator will mount it as a virtual drive on your computer
   • Simply drag and drop files into this drive to encrypt them
   • Any files you add will automatically sync to your cloud storage in encrypted form
4. Access on multiple devices:
   • Install Cryptomator on all your devices
   • Point to the same vault location in your cloud storage
   • Use the same password to unlock

Important Tips for Cryptomator:

• Never forget your password: There is no recovery option if you forget it
• Keep your vault structure simple: Avoid very deep folder hierarchies for better performance
• Consider backup options: Always maintain a backup of your encryption password
• Mobile access: Apps are available for iOS and Android for a small fee (around $10)

Option 2: Self-Host Your Cloud with Nextcloud

If you’re ready to take the next step in privacy, consider hosting your own cloud server using Nextcloud. This gives you complete control over your data while providing functionality similar to commercial cloud services.

What is Nextcloud?

Nextcloud is an open-source cloud platform that you can install on your own server. It provides file storage, synchronization, sharing, calendars, contacts, and much more—essentially everything you’d expect from services like Google Drive or Dropbox, but under your control.

Why Choose Nextcloud:

• Full control: Your data lives on hardware you control
• Feature-rich: Includes file sharing, contacts, calendars, and more
• Expandable: Hundreds of apps available to add functionality
• Cost-effective: Can be significantly cheaper than paid cloud services for large storage
• Privacy-focused: No one can access your data without your permission

Self-Hosting Options for Nextcloud:

Option A: Raspberry Pi Home Server (Beginner-Friendly)

A Raspberry Pi provides an affordable, low-power way to run Nextcloud at home.

What you’ll need:

• Raspberry Pi 4 (4GB or 8GB recommended) – approximately $55-75
• MicroSD card (32GB minimum) – approximately $10
• External USB hard drive for storage – approximately $50-100 for 1-4TB
• Power supply for Raspberry Pi – approximately $10
• Optional: A case for the Raspberry Pi – approximately $10

Total cost: Approximately $125-205 one-time investment

Setup instructions:

1. Prepare your Raspberry Pi:
   • Download and install the Raspberry Pi OS to your microSD card
   • Connect your Pi to your network, power it on, and complete initial setup
2. Install Nextcloud using NextcloudPi:
   • NextcloudPi is a pre-configured Nextcloud installation that simplifies setup
   • Download the NextcloudPi image from nextcloudpi.com
   • Flash it to your microSD card and boot your Pi
   • Follow the web-based setup wizard at https://nextcloudpi.local or the IP address of your Pi
3. Configure storage:
   • Format your external drive to ext4 format
   • Mount it to your Pi and configure Nextcloud to use it for data storage
4. Set up remote access (optional):
   • Configure port forwarding on your router
   • Consider using a dynamic DNS service if you don’t have a static IP
   • Set up HTTPS with Let’s Encrypt for secure connections

Option B: Virtual Private Server (More Reliable, Moderate Cost)

If you prefer not to maintain hardware at home, or want better uptime and performance, a VPS is an excellent option.

What you’ll need:

• A VPS from providers like Digital Ocean, Linode, Hetzner, or Vultr
• Basic command line skills

Cost: Approximately $5-20 per month depending on storage and performance needs

Setup instructions:

1. Rent a VPS:
   • Choose a provider (Hetzner offers excellent value in Europe)
   • Select a plan with at least 2GB RAM and 50GB storage
   • Choose Ubuntu 22.04 LTS as the operating system
2. Secure your server:
   • Update the system: sudo apt update && sudo apt upgrade
   • Configure a firewall: sudo ufw enable
   • Set up SSH keys instead of password login
3. Install Nextcloud:
   • You can use the official Nextcloud VM script for easy setup
   • Or follow the manual installation guide
4. Configure domain and SSL:
   • Point a domain to your server’s IP address
   • Install and configure Let’s Encrypt for free SSL certificates

Making the Most of Your Nextcloud Server:

• Install the desktop and mobile sync clients to keep your files synchronized
• Enable end-to-end encryption for especially sensitive files
• Explore the app store for additional functionality like notes, calendars, and more
• Set up automatic backups of your Nextcloud data

Option 3: Syncthing – Decentralized File Synchronization

If you want to sync files between your own devices without any central server at all, Syncthing offers a unique solution.

What is Syncthing?

Syncthing is an open-source peer-to-peer file synchronization tool. Unlike traditional cloud services, there’s no central server—files sync directly between your devices when they’re online, bypassing the cloud entirely.

Why Choose Syncthing:

• No central server: Files only exist on your devices
• Completely free: No subscription costs ever
• Open-source: Fully transparent code
• Works anywhere: Can sync between any operating systems
• Flexible: Choose which folders sync to which devices

Getting Started with Syncthing:

1. Install Syncthing on all devices you want to sync:
   • Download from syncthing.net
   • Available for Windows, macOS, Linux, Android (no official iOS app)
2. Initial setup:
   • Run Syncthing on each device
   • A web interface will open automatically
   • Each device has a unique ID (shown in the interface)
3. Connect your devices:
   • On each device, click “Add Remote Device”
   • Enter the device ID of another device you want to connect
   • Approve the connection on both devices
4. Share folders:
   • Click “Add Folder” to create a shared folder
   • Configure which devices should receive this folder
   • Set sync options (send only, receive only, or both)

Limitations of Syncthing:

• Devices need to be online at the same time to sync (although with multiple devices, changes can propagate indirectly)
• No built-in file access from web browsers
• No official iOS app (though third-party apps like Möbius Sync exist)

Option 4: Encrypted Backups with Duplicati

While not a full cloud solution, Duplicati provides a powerful way to create encrypted backups to any storage provider.

What is Duplicati?

Duplicati is an open-source backup tool that creates encrypted, incremental, and compressed backups. It can store backups on many different storage providers, including local disks, cloud storage, or network shares.

Why Choose Duplicati:

• Strong encryption: AES-256 encryption protects your backups
• Works with many storage providers: Google Drive, OneDrive, Dropbox, and many more
• Incremental backups: Only changes are uploaded, saving bandwidth
• Compression: Reduces storage space needed
• Scheduled backups: Set it and forget it

Setting Up Duplicati:

1. Install Duplicati:
   • Download from duplicati.com
   • Available for Windows, macOS, and Linux
2. Configure a backup:
   • Open the web interface at http://localhost:8200/
   • Click “Add backup”
   • Choose a backup name and encryption password
   • Select the folders to back up
   • Choose a destination (local, cloud, or network)
3. Schedule your backups:
   • Set how often backups should run
   • Configure retention policy (how long to keep backups)
4. Restore when needed:
   • Use the “Restore” function in the web interface
   • Select which files to restore and where to put them

Option 5: Combine Approaches for Maximum Security

For the most privacy-conscious users, combining these approaches can provide defense in depth.

Example Combined Setup:

1. Primary cloud: Self-hosted Nextcloud for day-to-day files and syncing
2. Sensitive data: Use Cryptomator vaults within Nextcloud for extra-sensitive information
3. Device sync: Use Syncthing for direct device-to-device syncing of frequently changed files
4. Backups: Set up Duplicati to create encrypted backups of everything to an external provider

This multi-layered approach ensures that even if one system is compromised, your data remains protected.

Cost Comparison: DIY vs. Commercial Cloud Services

Let’s see how these DIY options compare financially to commercial services:

Scenario: 2TB of Cloud Storage

Commercial Solutions:

• Google One: $9.99/month ($119.88/year)
• Dropbox: $11.99/month ($143.88/year)
• iCloud+: $9.99/month ($119.88/year)

DIY Solutions:

• Raspberry Pi + 2TB drive: ~$150 one-time cost + ~$15/year in electricity
  • Over 5 years: ~$225 total ($45/year average)
• VPS with 2TB: ~$15/month ($180/year) with Hetzner or similar provider

While the DIY options may require more initial setup time, they can be significantly more cost-effective over the long term, especially for larger storage needs. Plus, you get the added benefits of privacy and complete control.

Making the Right Choice for Your Needs

With all these options available, how do you choose? Consider these factors:

• Technical comfort: Be honest about your technical skills and willingness to learn
• Time investment: Self-hosting requires occasional maintenance
• Budget: Consider both upfront and long-term costs
• Storage needs: More storage generally tilts the financial equation toward self-hosting
• Privacy requirements: How sensitive is your data?

Remember that you can start simple and gradually move toward more complex solutions as you build confidence.

Privacy Beyond Cloud Storage

While securing your cloud storage is important, remember that privacy is a holistic practice. Consider:

• Using a VPN when accessing your self-hosted services remotely
• Implementing good password practices with a password manager
• Enabling two-factor authentication wherever possible
• Regularly updating all your systems and software
• Being mindful of metadata and what it reveals about you

Getting Help and Learning More

The DIY privacy community is vibrant and supportive. Resources to check out:

• r/selfhosted and r/Nextcloud on Reddit
• The Nextcloud forums at help.nextcloud.com
• The Cryptomator community on community.cryptomator.org
• The Syncthing forum at forum.syncthing.net

Conclusion: Your Data, Your Control

As we’ve seen with Apple’s retreat on privacy in the UK, relying solely on big tech companies to protect your data is becoming increasingly risky. By taking the DIY approach to cloud storage and encryption, you’re not just saving money—you’re taking a stand for your digital sovereignty.

At Unshackled Inc., we believe that privacy is a fundamental right, not a premium feature. While these DIY solutions require some effort to set up, the privacy benefits and cost savings make them well worth considering.

Remember that perfect privacy doesn’t exist—it’s about making thoughtful choices that balance convenience, security, and control in a way that works for your specific needs. Start small, learn as you go, and gradually take back control of your digital life.