What do you mean by “anyone could come or go”? These servers are not more accessible than Apple’s and you seem to enjoy iCloud’s features without worrying about that. Also the computer that you let at home could be compromised or stolen even more easily. In any case, if you have sensitive data there you should store them encrypted.
1 Like
I would personally rate them lower than Apple’s services. Apple has built their brand on privacy of its users and our data so they have a lot to lose if there are serious breaches or public perception of that falls.
I think DCs (and iCloud) are fine for certain things, but I would not store data on them that requires the highest security if I could avoid it. But everyone is different - if you’re comfortable with your arrangement that’s what matters really.
Agree, and again we have to consider how secure we feel each scenario is to us. A friend who used to be head of security for one of the largest UK firms helped me with my home security so I am relatively confident of my set up here. Of course, if you’re dealing with big players (such as our own govts) they will more than likely get what they want regardless.
Agree: How do you secure your dev machine/environment - #2 by AstonJ (feel free to add more tips if you feel any are missing 
)
1 Like
So true. I split time between home in New Orleans and working on a nomad visa in Phuket. Let me tell you that I’m a whole lot more concerned about physical security when I’m sitting here in NO than I ever am in Thailand.
Data security I’m pretty paranoid about everywhere; too many years of regulatory compliance drilled into me. Makes it easy to travel: there’s nothing on my hard drive of any consequence no matter where I’m at.
(On a completely different note: Anyone here slinging code in Phuket? I’d be down for trading war stories over a few Leos…)
1 Like
This cannot be stressed enough! I have saved myself considerable aggravation heeding this advice.
If I may add another: always travel with a handful of zip ties. You can fix a lot of life’s problems – from repairing a motorcycle on the side of a road to securing a beach umbrella – with a well deployed zip tie.
6 Likes
That’s what I found with experience as well. Having amazing software like rclone and/or syncthing gets you covered. I have a script that runs every 5 minutes and does an rsync-like synchronization to my server at home… and to 5 other cloud locations (all storage on the free tier from the popular corporations). All deduplicated, compressed and encrypted, and just lately – after the news that a well-known file can be detected inside your backups – I made it even more secure by adding obfuscation to the data before encryption.
When I start using my Linux laptop more I’ll likely use its SD card slot as another backup option.
TL;DR just use modern tech to sync your stuff periodically. Almost nobody will do gigabytes of traffic per hour, or even per week. I’ve measured my network usage when doing syncs every 5 minutes; even when in the zone and coding like crazy the rsync-like softwares used maximum 3-4 MB… usually 150KB. 
When it comes to traveling, well, I don’t care about laptop searches for now as it never happened to me. Maybe I should care, but for now I don’t.
3 Likes
Do you (or @kip (or anyone else)) do anything different/special for your home set-up when away if it is still part of your set-up? If so please share as I’m sure I won’t be the only one interested 
If you mean when you’re there, again please feel free to share! (Though maybe in the How do you secure your dev machine/environment thread.)
This is how I think I would approach it - leave data at my home location and just dial in as or when necessary, copy what I need to work on, put back when done or required.
Thailand is on my list!!! But not the touristy areas like Bangkok or Phuket - the reasoning behind me wanting to travel is because I feel like I need to recharge my batteries and have a change of scenery (I’ve been going through a difficult bereavement for the past two years) so places like Pai and the quieter islands are on my list.
I’m also interested in going to Blue Zones (perhaps specifically the lesser known or least touristy ones) as well as places that our govts and media have been demonising, as I’d like to make my own mind up about them. Luckily I did quite a bit of travelling when I was young so have got many of the touristy places crossed off my list.
For me it is all dependent on how much I can get done here as I have a lot to catch up on, so this thread is super interesting to me and it’s great to see people already doing it or considering it.
Personally I’d rather be safe than sorry, particularly if it helps mitigate general risk too (such loss or theft while travelling). I plan on testing ARD at some point so will report back when I do.
3 Likes
That would be helpful, thanks. It’s just that for the last 10 years I traveled exactly twice in Europe so… I am aware I should get acquainted with LUKS or other full-disk encryption software packages. But for now it’s just not a priority.
I would love to read write-ups by other devs and/or security professionals on the exact steps to secure your device against border searches however.
1 Like
If you don’t pay for the service, you are the product. Don’t use free VPNs. Then it’s better to use no VPN.
Swiss courts will make them hand over whatever they have if you are suspected of terrorism/child stuff, which I am totally fine with.
1 Like
Why not run your own VPN from home if you have a fast enough connection? Many routers (I think most upper tier Asus routers) have built in vpn software: [VPN] How to set up a VPN server on ASUS router – OpenVPN | Official Support | ASUS UK
Agree. Hence: use Mullvad. 5€ / month, no free tier, no shenanigans.
1 Like
I’use and enjoy tailscale as my VPN, which is built on wireguard. I have it running on my Macs, phones, NAS, routers (Unifi), windows, linux, …
I’m not as paranoid as some of you for info- or op-sec. I just use iCloud to sync my desktop and documents (as a byproduct, my various Macs are always in sync). Two NASs in different physical locations that automatically sync for large digital content (photography, media). And tailscale for connecting everything together in a secure manner.
If I really need to (and its super rare for me), I can configure one of my tailscale devices to be an exit node to the internet.
2 Likes
Exactly what I’ll do very soon as I’ve wanted to show other people stuff that’s in my media collection, several times this year alone. Not to mention wanting to route my traffic through the PiHole at home even when I’m out and about.
Just today earlier I was trying to decide between Tailscale (with the free and self-hosted Headscale controller server, so you will not be beholden to a company that might change or remove their free tier anytime), Nebula or Innernet.
It’s a tough choice since all 3 are pretty good. Just now reading on network CIDRs so I can understand Innernet better.
1 Like
Tailscale/wireguard do split-tunneling which the public VPN services I’ve tried in the past do not. I don’t want all my traffic over the VPN (unless thats what I do want). I just want my tailnet to be secure and inaccessible from the general internet.
Since my primary home ISP is Starlink, which is a CGNAT network, tailscale also takes care of relaying so I can get to my home network without issue.
2 Likes
I’ve not really used a VPN before (other than for short periods) so this is very interesting Kip! (I wonder if we need a dedicated thread on VPNs)
My first question is if someone just wanted to use their home internet connection as a VPN to use while abroad (for both laptop and phone), is there any meaningful difference or downside to using a VPN built into a router (so one of the ASUS ones, which I think includes wireguard) to setting up or using something else like Tailscale?
For my purposes it seems using the router’s built in VPN along with Apple Remote Desktop (with some iCloud syncing of things like Notes) is all I might personally need.
Keep us updated Dimi!
The typical built-in VPN servers in a router terminate a point-to-point VPN. And the typical client configuration will tunnel all internet traffic over the VPN. Neither of those characteristics is appealing to me. Lastly, they require you to have a publicly routable IP address - which for Starlink (and other networks like those running fixed wireless) do not have.
Wireguard overcomes most of that - other than the public IP address requirements. Tailscale (over wireguard) takes care of all of it. Of course you can self-configure wireguard to do what you want, and run your own relay. But even though I have reasonable network knowledge it was tricky to get it set up how I wanted - remote access, relay server, private DNS and so on. Tailscale just makes it so easy - and has client software for pretty much everything out there. (I have no affiliation with tailscale, and I use only the free plan so far).
2 Likes
And if you install Merlin on your ASUS router you can also install tailscale, Back when I had an ASUS router, I found Merlin was a much better and more flexible firmware so its a plus no matter what for me.
1 Like
Mostly much smaller configurability on router-native VPN apps really. I have two Mikrotik routers and they are fairly configurable but when it comes to VPN[-like] workflows they quickly become a pain to work with. Not to mention there are a lot of ways for you to severely reduce your router’s throughput by using certain filters and/or forwards. It’s not at all obvious, in fact it’s often very obscure and downright misleading.
Though I’ll admit I never wanted to become a specialist in a niche software either.
Same, though I can live with it. I really do want guests not to have access to my NAS though so I might abuse Tailscale’s ACLs for that. They are also a way to emulate double/triple/more tailnets as well.
1 Like
I use NAS authentication for that. And strangely, I use sftp with authentication for guest access 
For general guess network access I use a separate VLAN that gives them no access to local network devices (but that requires a router and switch that supports VLANS. Another reason I like Ubiquity networking gear).
2 Likes
That’s actually what I’d want (I won’t mind it being slower, which I understand is one of the main downsides as the speed is dependent on the upload speeds of your home broadband) however…
I don’t have one either 
This could be the way to go for me then. I’ve been meaning to give Merlin a go just haven’t had time and didn’t really want to risk bricking my router - however it’s quite old now so less of a concern…
Yeah, VLANs are another thing I am really not looking forward to learning how it’s done on my Mikrotik devices.
And I am just not in a good place – in almost any meaning of the word – to make dramatic changes to my setup. I hear pfSense + addons is much superior to any router anywhere but… just… not now.
1 Like
