Why bother?
I've previously written about the current state of privacy. To recap, I'm genuinely freaked out by how AI and mass data collection by companies and governments are converging.
My "uh oh" moment came when I read about the EU's latest Chat Control proposal. This thing has been resurrected in various forms for 20 years. What struck me: the people pushing surveillance have infinite patience and institutional memory, while resistance has to be rebuilt from scratch every single time. It doesn't matter how many times these bills are defeated. It just needs to pass once. I decided I'd rather not be holding the bag when they do.
This is a start to putting my money where my mouth is. iCloud is extremely convenient and works seamlessly. But this is where the fight to stop giving away my most valuable asset starts: at something universally used as iCloud.
The iCloud
It’s right there, it’s easy, it works. If you have multiple Apple devices, it’s the only real practical way to keep things in sync. Have you tried syncing your iPhone to your Mac using a cable lately? It's a pain!
It's hard not to think that this is deliberate steering of users to Apple's paid cloud services. Here are a few well known bugs that make local sync practically impossible:
Reliability: sync fails about 50% of the time with cryptic error messages [1]
Then there are all the dark patterns
Unlock to sync: I have to type my pass code every time I sync my phone with my Mac.
Photos: Syncing only works from Mac to iPhone. iPhone photos have to be imported to the Mac manually and then synced back to the phone. Cumbersome!
Calendar, Contacts: if you have any cloud providers for calendar or contacts, you cannot sync your local calendars/address book.
Music: if you have Apple Music enabled, you cannot sync your local music files.
The alternative is iCloud. So what does do, anyway?
... Yikes! That’s basically every bit of personal information that could possibly be on my computer.
“But look”, you may say, “you have Advanced Data Protection enabled, so you’re golden!” and you would be correct on the first count!
But this doesn’t remove the political and regulatory risks I mentioned before, as evidenced by the UK’s crackdown on… Advanced Data Protection [^2].
Rethinking devices and sync
The vast majority of the time, I am only interested in keeping two of my devices in sync: my iPhone and my Mac. That's it. This applies to: photos, files, passwords, contacts, calendars, notes, etc. I don't use web interfaces and I nearly always carry one of those two devices with me.
I feel it's important to keep these two concepts separate:
Syncing - keeping data on your various devices up to date
Sharing - giving other people access to some data
You can only ever be in one place. If you laptop is at home, you don't care if its syncing or not because you're not there to use it [^4]. As such, there really isn't any need for cloud-based solutions for syncing. Sharing is, of course, a different matter but outside the scope of this post.
What iCloud does is lump both concepts together and Apple sells both the syncing and the sharing aspects on the strength of its sharing. We don't need iCloud for syncing.
So, it’s got to go!
But where does your data now live if not in the iCloud? Fear not, there are alternatives. Since I'm on a bit of a privacy journey, I took the opportunity to rethink what I use my devices for.
Finding replacement services
My approach was to first look at the services provided by iCloud, remove those I definitely don't need and then find alternatives for those I do. Given the efforts of undercutting end to end encryption with "client side scanning" data gathering [1], [2], I'm convinced the wise approach is to just not trust any cloud service.
I've come up with the following classification scheme.
🟩 local sync / local peer to peer - two of my devices sync data directly without any middleman. i.e. connecting my phone directly with my computer with a USB cable.
🟧 end to end encrypted cloud service - an end to end encrypted cloud service can only ever see encrypted data and has no way to decrypt it. For this to actually be true, only you should ever have access to the encryption keys!
In almost all cases, this is not true because the keys are managed by the client application itself, so you're essentially trusting the company to honor its privacy promises - and/or your government not to exert pressure to compromise your keys.
🟥 privacy respecting cloud service - you're giving the service unencrypted access to your data and hope that they do what's right.
| iCloud Service | Alternative | | Comments |
|--------------------|----------------|-⎯-|-------------------|
| Photos | Local sync | 🟩 | Photo upload with Syncthing |
| Drive | Syncthing [^s] | 🟩 | |
| Passwords & Keycha | Syncthing [^s] | 🟩 | passwordstore [^w], I was actually using 1password |
| Notes | Syncthing [^s] | 🟩 | Obsidian files |
| Messages in iCloud | Signal [^g] | 🟧 | |
| iCloud Mail | Proton [^p] | 🟧 | Your email recipient probably doesn't encrypt emails... |
| Find My Mac | - | ⬜️ | Not used |
| Contacts | Local sync | 🟩 | |
| iCloud Calendar | Paper [^h] | 🟩 | local sync broken |
| Reminders | Paper [^h] | 🟩 | local sync broken |
| Safari | - | ⬜️ | Not used |
| Stocks | - | ⬜️ | Not used |
| Home | - | ⬜️ | Not used |
| Wallet | - | ⬜️ | Not used |
| Siri | - | ⬜️ | Not used |
| Image Playgrounds | - | ⬜️ | Not used |
| Journal | Paper [^h] | 🟩 | |
| Freeform | - | ⬜️ | Not used |
| Facetime | - | ⬜️ | Not used |Here are the links and prices:
[^s]: Syncthing (free!)
[^g]: Signal (free!)
[^p]: Proton (free, €5/month for custom domains)
[^h]: Paper notebook (you may still have one lying around!)
[^w]: passwordstore (free!)
The table looks pretty good. If you think about all the things in the left-most column - all those things that were being synced to the cloud before - the reduction in footprint is staggering. The only two remaining services that rely on information leaving the local network are messaging: email and instant messaging.
Email is a set protocol with little if no wiggle room for enhanced privacy. If your recipient uses Gmail, well, there's nothing you can do except not send the email. Proton does the best possible given the inherent constraints email presents and encrypts everything it can. Good stuff.
Instant messaging is similar, though Signal is an exceptional service where privacy is the first principle for all feature and engineering decisions. Definitely the best balance between user-friendliness (which is hugely important because whoever you want to talk to has to be able to use the app!) and privacy.
Walking the talk
Privacy is great and all, but what's it like living with this setup on a day-to-day basis?
There are plenty of guides for how to install various software. Here, I'm going focus on how I've set up various software to suit my needs.
Configuring Syncthing
Syncthing is the backbone for all the synchronization that I cannot do using the built-in "Finder" sync. I've made the conscious decision to focus on file-based services: plain text notes, photo upload as files, documents. This means syncthing can keep bits synchronized for me!
I use the official syncthing client on my mac and Synctrain on my iPhone, and have another client running on an old laptop that's parked next to my router and always on. The latter is important for convenience because my phone and my computer aren't always turned on at the same time, but the my "home server" laptop is always running.
When both devices are on, they sync directly.
Phone Computer
◉ ←────────────────→ ◉
[ON] Direct [ON]
│ │
└────────────────────┘
✓ Sync When one is off, my always-on home server acts as a bridge.
Phone Computer "Home Server"
◉ ←···············→ ◉ ◉
[ON] [OFF] [ON]
│ ┆ │
│ └···················┘
│ (previous sync cached)
└───────────────────────────────────────┘
✓ SyncOn phone side, I have configured a bunch of automations in Shortcuts to trigger syncing in the background, because iOS blocks this by default.
I've not run into sync conflicts with this setup so far, though it does appear brittle. Let's see how it holds up.
Migrating to Proton
I use my own domains for email so migrating to Proton was as simple as changing the DNS entries for them.
I did use iCloud's hide-my-email feature quite a lot, deleting the accounts behind these email addresses (if I no longer used them) or changing the email addresses was a real pain [^3].
On the desktop, I use the IMAP bridge and Thunderbolt, on the phone, the newly updated Proton Mail app with offline capability works well.
Migrating to passwordstore
I couldn't find a good importer for the current version of 1password, that can only export csv and 1pux files, so I vibe-coded on here. The awesome iOS pass app doesn't support local repositories, so I am using my always-on laptop as a git remote for my passwordstore repo.
It's possible to configure pass as the password provider in system settings so that autofill will work on websites. Just OTP codes don't seem to work as the relevant APIs aren't implemented yet.
Backup
My devices sync frequently because they often share the same network (at home). My main machine is my computer, which I back up with a local Time Machine drive and a restic, to a remote repository.
What is neat about this is that I don't have to back up any self-hosted cloud services. As long as my devices sync regularly, this simple backup strategy works great!
Summary
After days of tinkering, here's the truth about living with this setup: I am really happy with it!
Syncthing is really the star of the show. With the configured Shortcuts automations mentioned above, everything just kind of works.
For sure, there are things that aren't great
Apple's local sync between iPhone and Mac is oh so brittle and sometimes new contacts just aren't where I need them.
GPG key management for passwordstore.
--list-keys,--list-secret-keyswhy is there no fingerprint? Ah,--with-subkey-fingerprintsor maybe--with-keygrip? What the hell is a keygrip? And why can't I change the passphrase for individual subkeys? At least, when it's setup, it works.It took a while to set up!
But there are some real upsides:
All the data is actually on my device so everything is super fast!
A bunch of data that was previously only accessible through dedicated apps are now files, which means I can look at them!
I've signed out of iCloud on all my devices. Next up: invoking my GDPR right to be forgotten and fully deleting my Apple Account.
The big thing, though, is that it feels f*!#ing fantastic to know where my data lives (only in my pocket) and to see that with a couple of for-me-easy-to-swallow lifestyle changes and the amazing work of a few open source projects, it's possible to gain a huge amount of digital self-determination. Wonderful!
Footnotes
[^2] It’s true, the plans were shelved after the US government under Trump applied pressure. Fear not though, as usually, these things are in-transparent to the extreme and we may all fall victims to this overreach still.
[^3] I'm on the fence about one-use email addresses. It's another company to trust with your email data. If using my own domains, I can just generate them in my head, but all email addresses on my domain will point straight back to me. I've decided to go with the latter.
[^4] Sure, there are scenarios where this assumption breaks down. I might take a picture while out and about, then have my phone stolen before my devices can sync. In this scenario, my laptop at home will have the last sync state that I can recover from.
But this illustrates a potential weakness: it is crucial that in whatever setup you build, two devices can talk to each other frequently to sync.