Life is Long, Access is Short

If not accidentally lost, your data can vanish in other ways: the community project shutters, a company goes under, or the subset of services you use are axed.

In a recent exchange on the Fediverse, I was put in mind of trust relationships. Do you trust your government? In these unmannerly times, do you even acknowledge that the government of your country is your government? Do you trust your doctor? Do you trust your police force? Do you trust your digital service provider?

The last enquiry is my muse this day. An enquiry which is redolent with both aspects of trust: the ethical and the technical. After all, I may trust someone absolutely, from an ethical standpoint, in that they have my best interests at heart. But it doesn’t mean they would be someone I’d trust to carry out major surgery if I were in an accident.

Technical Trust

The analogy above of the operation is apt when examining our digital services. For those concerned with security, privacy, and particularly anonymity, trust is a phrase that crops up often. The certificate which signs the SSL connection to this webpage is one example of a technical trust relationship. If you use a VPN to connect to this website, perhaps you trust your provider not to keep logs. If anonymity is your bag, do you trust your Tor entry node?

For many, the prime focus of trust resides in not having their information passed to an unintended third party. Thus data loss, perhaps even catastrophic data loss is preferable to their data falling into the wrong hands.

Yet for those of us who are not Edward Snowden, the threat posed from loss of data outweighs the threat posed from that data falling into the wrong hands. That is why so many people choose Google services. Abhor their data mining and third party selling of precious bits and bytes one may, but even their most trenchant critics would be unlikely to stretch a point and say you can’t trust Google not to loose your information. Though they are not without their outages

The recent CTemplar data loss incident is a classic in the genre of a company who enjoys a high level of trust when it comes to access security, but which has clearly fallen short when it comes to data security; as in the preservation of.

But even if data is not accidentally lost, your data can vanish in other ways, such as if the community project shutters because there is a dissolution of the collective, a company goes under, or the subset of services you use are axed. This makes the question ”do you trust your service provider to still operate or offer the service in N years” a seminal one.

As is the question: will the domain which enables connection to your services remain operable? One of my favourite sources for privacy and security information, Privacy Tools, is experiencing just this sort of challenge as the existing domain name seems to be no longer under their control.

Ongoing content access is another aspect of the digital dilemma when it comes to trust relationships and impacts projects both large and small. Recall Microsoft’s decision to end MSN music or Major League Baseball’s termination of support for their video DRM solution.

The vignettes above, though far from comprehensive, serve as a reminder that life is long, but access to many digital services is short.

Trust Thy Self

Even if, like me, you don’t have a passion for archiving, and prefer the ephemeral nature of digital services, chances are you still want an anchor point online and the future ability to receive future content. And with so many services, from banking to social security all hinging on an email address or instant messenger ID, loss of it is akin to loss of the ability to verify who you are.

Having spent most of my professional life in Operations and IT related roles, not only having a backup routine, but knowing I can restore from it is a daily mantra. I preference Signal (only because I could get more friends on it), but for my key contacts have Threema and Matrix setup as a failsafe in the event of an outage to the Signal network.

I use Protonmail, but for key services that rely on email use a customer domain. Thus, in the event ProtonMail suspend my account due to a misunderstanding, I can redirect my domain to an alternate email service and I’m back online in the time it takes to say TTL.

I use Tresorit for cloud storage, but keep rolling backups of key files in another secure service. I also keep physical copies of important legal documents in a Document Safe Custody System.

My name is Robert, and I have a redundancy problem…

Goodnight and good luck.


Photo by Brett Jordan on Unsplash