June 19, 2019 · opinion selfhost ·

Self-Hosting Part 1: Why I'm Ditching iCloud


During the past decade we have seen a gradual erosion of our privacy and digital rights, from both government and private sector alike. Furthermore, we have observed the extent to which these entities will exploit our personal data. User privacy is oftentimes breached in order to increase profit and growth for a business, or in the name of national security by government organizations. In some countries, user privacy becomes almost nonexistent due to regulation from authoritarian governments, an example being China. The global trajectory of this phenomena is slow but consistent, and therefore I am creating this series on how to protect your personal data and forgo reliance on cloud products. I will be focusing on self-hosted alternatives to a service I have been using for multiple years: iCloud.

Disregard of Privacy

Take a look at Facebook, the largest social networking company in the world. It is also one of the most blatant offenders of user privacy, so much so that their offenses are no longer surprising to the public's perception. You may remember that Facebook made headlines during the spring of 2018 when The Guardian revealed that Facebook had illicitly sold our private data (and in some cases our entire post and message history) to Cambridge Analytica, which was subsequently used to sway political opinion during the 2015/2016 Donald Trump campaign, the 2016 Brexit vote, and the 2018 Mexican general election (Source).

Although the incident above could be accidental (if you think in terms of Hanlon's razor), it's more likely that such disregard for user privacy and respect is inherent to Facebook and its culture, and that it is a result of top-down influence from Mark Zuckerberg. A younger Zuckerberg remarks that Facebook users are "dumb-fucks" for entrusting Facebook with their data (Source). To further drive my point home, here are two more Facebook incidents: the Onavo VPN app, and the Facebook Research app.

Onavo VPN


What is Onavo VPN? Most users during the years of 2013 to 2018 believed that Onavo VPN was a service that would "protect" and "save" your data (quoted from Onavo VPN advertising). Facebook utilised the fact that the words "VPN" and "privacy" were synonymous to convince users into believing that they were being protected from spying. This VPN was in fact a trojan horse, and the actual purpose was to track and ship users' browsing and app usage history to Facebook for analysis (Source).

In the summer of 2018, Apple noticed these privacy violations and removed Onavo VPN from the iOS app store (Source). Google still hosted Onavo VPN on the Play Store until a few weeks ago.

There are multiple reasons why a VPN app was chosen by Facebook. Not only does a VPN provide Facebook with your browsing history, but also gives them insight into what apps you are using, the frequency of the app usage, and even roughly where you use your phone. Some news agencies believe that Facebook uses this data to spy on competitors gaining traction to then outcompete them. (Source)

Facebook Research

Facebook Research is another VPN app, similar to Onavo VPN, that tunnels all of its users' browsing and app usage data. However, this app goes a step further and installs a root certificate that decrypts all data secured by HTTPS, allowing access to private photos, conversations, bank account data, etc. Since this app would have essentially no chance of being approved by Apple, Facebook Research had to be installed through a hidden portal which bypasses Apple's safeguards (Source). They were able to bypass the app-store by using an enterprise-certificate, originally meant for employee or internal apps. After discovering the app in January of 2019, Apple revoked Facebook's enterprise-certificate, which disabled all of Facebook's employee and internal apps for a day.

Facebook promoted this app to children from ages 13 to 17 (a key demographic for social media), with the incentive of paying its users $20 a month. Facebook bypassed rules designed for user safety in order to exploit essentially the most vulnerable population, showing a severe lack of ethics.

A Breakdown of Trust

Facebook isn't the only company that created an exploitive "research" app; Google also distributed its own research app, which was exposed in the same period as Facebook (Source). Apple punished Google by revoking their enterprise-certificate for a day.

Although Apple seems to do the right thing when it comes to user privacy, it is foolish to think that Apple isn't struggling with its own balance between privacy and other motives. For many technology companies, balancing business growth and user privacy is hard, with Apple remaining the lesser of the evils only because their business model isn't focused on selling ads but selling lucrative hardware (mostly). To give an example, Siri currently lags behind competitors because of Apple's limited access to personal data. Now that the smartphone market is saturated, Apple could feel pressure to modify their business model.

Businesses are not the only threat to our user privacy; we are currently experiencing unnecessary subversion of our digital rights by governments all around the world. Last year, Australia introduced a law that banned true encryption, requiring the government be allowed to decrypt any and all data, citing reasons of "terrorism and crime" (Source). Also, in 2016, the FBI attempted to set precedent by compelling Apple to design a modified iOS version that allows decryption of potentially all iOS devices. This was due to the FBI's wish to examine a phone from the 2015 San Bernardino attack, which was later revealed to contain no information related to the crime (Source). I believe that a conflict between government control and data privacy is inevitable, but the troubling aspect is the slow and continual loss of our privacy rights, which are almost impossible to recover.

Self-Hosted Alternatives to iCloud

Self-hosting is the act of hosting your own web services, as opposed to relying on cloud services such as Gmail, Dropbox, Wordpress, etc. Most importantly, self-hosting provides you with complete control over your data as well as the freedom to modify and customize your services. This comes at the cost of management, maintenance, and interoperability issues.

Unfortunately, self-hosting produces subpar user experiences, especially when used with Apple devices. This is because Apple has created a great ecosystem of devices and services that enforces a single "right way" to do things. Apple strongly pushes iCloud as the way to perform many tasks, and if what Apple provides doesn't happen to fit your requirements, you become a second-class citizen.

So let's get started! Here are the iCloud services that I don't care too much about:

Stocks, News, Game Center, Wallet, Siri

And here are the iCloud services that have an alternative, or an alternative in the works, that I will be posting about:

Contacts, Calendar, Reminders, Mail, Notes, Safari, Backup, Photos, Drive, Home, Keychain

Finally, these are the rest of the iCloud services, with no real alternative:

Find My iPhone: This is a feature with a high level of integration on the iPhone that can't be replaced easily. The best alternative is to not lose your phone and enable the "Wipe Phone after 10 Wrong Passcodes" feature.
iCloud Messages: The one feature this provides is having deleted messages removed from all of your devices. If you can live without that, you're set.
iCloud Health: Once again, no alternative here.


Thanks for reading this introductory post in the self-hosting series! In the future, I will be posting about self-hosted alternatives to the iCloud services that were mentioned above, complete with step-by-step tutorials on installation and usage.