Last week, I wrote a blog about encrypted messaging app Signal’s 24-hour outage. I rightly pointed out that this outage impressed the need for services of all sizes and purposes to embrace decentralization for the sake of stability to avoid future outages like this one – outages that are undoubtedly devastating to many.
I mentioned how even I had eventually had to switch over to Matrix. Despite mentioning it in the article, there was one more lesson that I failed to address though in retrospect that may have been a good thing as it deserves its own special attention: redundancy.
Redundancy could also be called your “Plan B.” In the case of Signal, what’s Plan B for messaging when it goes out? What about email? This week, I don’t have answers, suggestions, or analysis. Rather I hope to get you thinking about this subject if you haven’t before.
First, let’s talk about actual data. We all have data that would be devastating if we lost it: passwords probably being the most universal among this readership. But it could also include photos, that book you were working on, or pretty much anything else you value in a digital format. So step one: keep digital backups. Lately I’ve heard people mention the “3-2-1 rule.” Three copies of your data (two backups plus your live daily driver), two different medias (USB and Cloud, for example), with one of those copies being off-site (again, the cloud). If your primary device crashes, do you have a backup? Is that backup in your home? What happens if your home burns down?
Next, let’s talk about communications. Think of your preferred messaging app, whether that be Signal, Telegram, XMPP, or whatever. What’s your plan if it goes down? Even with a decentralized messenger like XMPP, what if your server gets seized by authorities? If you self-host, what if it dies? I’ve killed more electronic devices than Neo from The Matrix.
More importantly, what if someone conclusively proves that Signal is compromised tomorrow? Or [insert your messenger here]? What’s your Plan B when that messenger is no longer an option for any number of reasons? Does everyone know your Plan B? When Signal goes down is not the time to be attempting to walk loved ones through downloadeing Element or setting up XMPP. A popular speaker says “dig your well before you’re thirsty,” and I couldn’t agree more. Now is the time to let people know your preferred ways to be reached if your primary method isn’t viable.
Finally, I want to point out control of your data. A popular idea in the privacy community is that you should use your own email domain. The idea is that if your email provider goes away for any reason whatsoever, you can simply point the domain at another provider and keep going. This has been known to happen. Recently, a Redditor had their ProtonMail account suddenly disabled because they were accused of violating terms of service by being involved in a hacking forum. Fortunately the Redditor was able to clear their name and get their account back, but that’s a risky situation to ever put yourself into in the first place. I don’t think you should use a custom domain everywhere. It creates a unique trail for you. But for things that are vitally important and you can’t afford to lose – like banking, hosting, or work accounts (if you’re self employed) – you should definitely be pushing those toward a custom domain. And of course, keep backups of the emails themselves.
This is a short article this week. Redundancy is a very simple concept, but one that is easy to overlook. Even Google was hit by an outage in late 2020. Nobody is immune to the possibility of losing data or access. So once again, dig your well before you’re thirsty. Now is the time to put solid plans and redundancies in place. I hope this article has given you a starting point to consider.