NAS + Privacy and Security

I was wondering what the team thought of various NAS vendors regarding their privacy records/policies and ultimately, what they recommend.

QNAP has had a lot of data breaches (I believe, once they hardcoded an API key into the software which led to serious problems) and they still haven’t really righted their security ship.

Synology has a much better record on security but it’s pretty darn proprietary and moving more and more in that direction. I read their privacy policy and it seems meh. It’s mostly opt-in which is good but still, I’m no privacy policy expert.

Asustor is an unknown to me but is reliably listed in the top 3.

Then there is TrueNAS… but idk where to start. I’m not really a noob on linux but I am a noob when it comes to hardware, so I’m not sure where to start.

Could someone with some experience chime in? I’m happy to watch endless piped videos to fill my knowledge gap but not sure where to start.

Finally, PG team, please consider adding a NAS section to the guide.

5 Likes

I have no experience with of those, but if I was getting a NAS right now I would look into one of those since Asus doesn’t lock them out and you can install linux/TrueNAS down the road. Although I don’t know if that is on all models so due your own research.

Using a NAS is recommended as it puts your data in your hands rather than using the infrastructure of another service provider as the basis of your hosting. Personally, I can recommend Synology. I can also recommend it to a novice, which is a plus. It’s best to keep your data on-prem rather than relying on OVH Cloud or something in a cloud which presents a multitude of problems to your privacy and security.

I would recommend Synology, but I don’t think it’s up to PG what you should secure it with. I do think you should make sure it’s properly protected behind a VPN or SSO at the very least. My NAS is 80TB and hosted on RAID, which is standard storage for any brand. Just make sure you have the proper storage option, and keep in mind that this isn’t a backup solution so much as a redundancy solution. You should still keep backups somewhere safe off-prem as well.

I would absolutely recommend Synology and TrueNAS, and recommend against QNAP. I haven’t tried any other platforms.

Synology is my general recommendation overall for most people, especially people looking for a plug-and-play solution. I haven’t written anything about it, but Henry from Techlore published this video review recently (which I provided a lot of assistance with):

This being said, Synology is starting annoy me a little bit, particularly things with their cloud offerings, but you can completely ignore all of those services and not have a problem. I just have been getting the feeling that they’re trying to move in a hybrid-cloud direction as a company, which I disagree with.

My advice for connecting to it securely: No matter what option you go with, you shouldn’t port forward to it, you should instead connect to it with a standard self-hosted VPN or a VPN like Tailscale (You could port forward to the NAS if you run a VPN Server on the NAS directly for this purpose, just only forward the VPN server port).

1 Like