Using the Buddy System For Off-Site Hosting and Storage

| Comments

I’ve been referring to this as the buddy system for a while, though I might be abusing the term a little. Last year, I bought a Raspberry Pi and a 14 TB hard drive for around $280. I loaded it up with my favorite cloud synchronization software and dropped it off at my friend Brian Moses’s house.

Using the buddy system for my cloud storage needs has a few advantages over Dropbox or Google Drive. I’m currently eating up about 5 TB of storage, and that would cost me $300 per year with Google, so I am already saving money. I also get to be a little extra paranoid. My data is encrypted on the client. That encrypted data is stored on an encrypted file system. The only way to access my Pi is through my Tailscale network.

I’ve been thinking a lot about the buddy system over the last year. I have a lot of things to say, so I figured it was time for a blog post!

You have to trust your buddy

Some of these problems can be mitigated, but there are so many bad things that could happen if you can’t trust your friend!

From my end of this bargain, I don’t feel the need to trust Brian all that much. There are enough layers of encryption, firewalls, and VPNs in the way to make me feel comfortable. Not to mention the fact that my data isn’t really all that sensitive. I wouldn’t leave a copy of my data sitting at someone’s house if I weren’t comfortable with a burglar walking off with it.

Brian is most definitely assuming more liability here. I could be snooping around his network. I could even be downloading illegal content and getting him in trouble with his ISP. I can imagine even worse things I could do from there.

A mesh VPN like Tailscale makes the buddy system easy

I definitely wouldn’t have gone back to hosting my own Seafile server without Tailscale. Tailscale is a zero-configuration mesh VPN. Every one of my devices running Tailscale is connected directly to each other via a Wireguard VPN connection. That means I can always hit my Raspberry Pi at Brian’s house no matter where my desktop, laptop, or phone are currently sitting.

Some of my Tailscale hosts

There are other similar offerings, like ZeroTier and Innernet, and I am certain they would handle the job just fine, but one of my favorite features of Tailscale’s service is their machine-sharing option. I share my Seafile server with my wife and with my Create/Invent Podcast co-host. Chris has a few hundred gigabytes stored up there, and having nearly unlimited storage makes it easy for Jeremy and I to share giant video podcast episodes.

To keep things secure, I configured the firewall to block everything except the Tailscale daemon’s port. My Raspberry Pi is nearly invisible on Brian’s home network. The only way to connect to the ssh or Seafile services is through my Tailscale network.

How can the host mitigate the trust issue?

I’ve known Brian for 25 years. We shared an apartment for a couple of those years. Brian knows that I won’t try to get him into any trouble.

Requiring this level of trust puts a lot of constraint on the buddy system. Wouldn’t it be nice to be able to safely widen this network up? Instead of Brian and I trading servers, it’d be awesome if we had a third acquaintance. I colocate with Brian, he colocates with our acquaintance, and our acquaintance colocates with me. We could turn it into a bit of a ring, or we could be doubling up on our off-site copies of our data.

We could host those servers in our router’s DMZ. That’ll keep our friends away from the stuff on our local network. Then we can firewall off the DMZ so only the Tailscale UDP ports can pass. Then our friends would have to use a Tailscale exit node to keep their software on the Raspberry Pi up to date, and I could definitely live with that.

Is that safe enough? Probably. Maybe. Assuming your router and firewall aren’t buggy, I imagine the only thing you really have to worry about at this point is non-Tailscale connections going out on the Tailscale port. Are you paranoid enough to worry about this?

Here’s my problem with locking this down. If your supposed friend is industrious enough, I bet they’re going to find a way to sneak out of their jail and potentially get you into trouble. If they’re going to try to circumvent your security, are they really your friend?

In any case, I think putting even a trusted friend in your DMZ is a fine idea, but I don’t think I want to put someone’s device on my home Internet connection unless I trust that they’re not going to abuse it.

Why not share a server or two?

Brian and I definitely talked about this. It would be easy for Brian to up an empty virtual machine for me and map me a slice of his NAS, and it would be just as easy for me to do the same thing.

This plan brings a little more risk along for the ride, but Brian knows I won’t be attempting to break out of my VM, and I don’t expect Brian to attempt this either.

Even so, I still decided against this. Giving me two power outlets and switch port for my Raspberry Pi and USB hard drive is easy. Brian didn’t have to set up a guest machine for me. He didn’t have to install an OS in a virtual machine. He didn’t have to set up any special networking rules. He just had to plug in my Raspberry Pi.

The Pi didn’t add much to the cost over the USB hard drive, it is easier to repair if something goes wrong, and it puts most of the burden on me. Not only that, but you can send a setup like mine to someone less skilled. I could mail a Pi and a USB hard drive to my father in Pennsylvania, and I bet he could plug it into his gear.

Is the buddy system worth the risk?

If you have a lot of data, the money you save will start adding up pretty quickly. I did a bad job accounting for when my hypothetical Google Drive storage would have crossed from $200 to $300, but I would be paying for my second year soon, and I will be ahead by more than $300. My data is growing, so I could very well be saving $400 next year.

via GIPHY

If you trust your friend, this is easy. If you had to call your friend and explain a situation about a dead body, and the first thing he’d do is ask how many shovels to bring, you have little to worry about. Your biggest risk is that a third party hacks into that poor little Raspberry Pi.

I’d bet I could trust most people I know if I stuck their Raspberry Pi in a DMZ and locked their server down to only allow Tailscale’s UDP ports out.

Conclusion

I had a lot of reasons for writing this blog rolling around in my head. The first reason being that I wanted to make sure that if any of my acquaintances asked me to host their Raspberry Pi at my house, I would be able to articulate exactly why that would be risky for me. Also, though, I wasn’t exactly certain of how I felt about the possible risks and how much effort it would be to mitigate them.

For a variety of reasons, I am not physically prepared to lock down someone else’s Pi on a VLAN in its own DMZ. If I were, I’m beginning to think that I’d be willing to do this. Maybe. Before I wrote this blog, I was completely against the idea, but I am warming up to it.

What do you think? Is it worth swapping servers with a buddy to save $200, $300, or more every single year? Is it worth accepting the risk that a friend might download dozens of terabytes of movies and force your ISP to drop you as a customer? Do you feel you could mitigate that risk well enough to not worry about it?

Let me know in the comments, or stop by the Butter, What?! Discord server to chat with me about it!

Comments