Hello everyone. I am looking to setup a NAS and I was wondering if NAS products from companies like Synology etc are privacy respecting or is it better to just use an old PC to make a DIY NAS server? I will not be storing anything super secure, but I don’t like supporting companies that do weird things with their customer’s data.
Thanks
I had a Synology for years and I never found any reason to not like them. I outgrew the platform, but other than that I have nothing against them
I think its a good idea to start with something like a Synology, then you can get an idea of what does and doesn’t work for the future, and build something perfect
You dont have to trust them if you put them in a network connection without internet access. But if you have to, you can install something like wireshark in the NAS itself and snoop into the connecting networks (something I have to learn myself yet).
Depending on how capable your router/firewall is, you could lock the NAS down to only live in your network.
BananaPi + SSD or Odroid HC-4 with OpenMediaVault would be the “My first DIY NAS” route. Nothing wrong with an off-the-shelf solution though.
That is the more flexible option, more work, but truly yours.
I tried this with a RockPro64 but it feels too much work compared to a TrueNAS machine.
Edit: Its not really too much but TrueNAS feels like a more appliance oriented vs an enthusiast oriented machine of RockPro64. I got Nextcloud running via NextcloudPi with ease but I broke the install one day and the build languished for a few years before I moved it to a new x86 server that is so much faster but also eats a lot of power.
i’d not suggest cutting it off from the internet as there are often bug fixes for either security or data integrity fixes.
if there’s any sort of bundled software that is used to manage or configure it, probably not.
if there’s any sort of “cloud connected” (gdrive/dropbox/icloud/manufacturers own cloud service) functionality, probably not.
if there isn’t a gpl notice and a link to the source for the firmware, probably not.
can pretty much any of them be forced to respect your privacy? yes
a switch with no physical connection to wan or piped through some local server/appliance with a firewall/packet filter just for allowing what you want and black holing any additional traffic. unless they’ve baked in some let me phone home or ill pretend like im broken functionality.
respecting privacy nowadays typically means diy roll your own or firewall configs that are a few lines from being the source code for their own OS.
Well, my goal is to run a private cloud so cutting off the internet connection isn’t an option for me. I want to store about 4TB worth of files so I am not sure a simple SBC + and SSD would suffice. Of course I could just get an external drive and travel with it but I feel like this is too much hassle plus not very safe/secure.
Should I maybe get one of those RYF-certified motherboards and build my own home server with a few HDDs or just get a liberated workstation? Would that be overkill? Do NAS enclosures have any specialized hardware or features that a workstation doesn’t?
Is Open Media Vault better than something like NextCloud?
Thanks.
Different use case, I would say.
Not sure what you used but setting up a Samba server is relatively effortless these days?
Example:
- Burn FreeBSD 13.1-RELEASE on a microSD card (or eMMC) for RockPro64
- Login, run
freebsd-update fetch && freebsd-update install
- Add
zfs_enable="YES"
to/etc/rc.conf
(if you want to use ZFS) - Reboot
- Run
pkg install samba413
- Create a user/users for Samba (optional) and add to Samba’s user database
- Format and mount storage
- Create a configuration file for Samba (
/usr/local/etc/smb4.conf
), something like this:
[global]
workgroup = WORKGROUP
server string = Storage Server Foobar
log file = /var/log/samba.log
max log size = 10240
bind interfaces only = true
interfaces = dwc0
disable netbios = yes
directory name cache size = 0
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = no
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
delete veto files = yes
enable core files = no
multicast dns register = no
[pubdata]
comment = Foobar's Storage Pool PubData
path = /pool0/pubdata
public = yes
guest ok = yes
writable = yes
write list = foobar
browseable = yes
create mask = 0775
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
- Add following to
/etc/rc.conf
samba_server_enable="YES"
smbd_enable="YES"
nmbd_enable="NO"
- Start Samba
/usr/local/etc/rc.d/samba start
- Done
If this is “much work” you probably need to outsource it (pay one to do the work)