Dropbox hasn't done anything to betray my trust, and perhaps they never will. However, every new feature they've introduced over the past decade feels like an attempt to sidle over into the "B2B team collaboration SaaS" space, and it makes me uneasy about the long-term outlook for individual users.
Moreover, it just feels kind of dumb to be storing plaintext copies of all my most important documents on Somebody Else's Computer when there's no inherent reason they should need that access to even be possible.
For this I bought a Beelink ME mini PC and installed 2x 2TB NVME drives. The machine can hold four more in the future if I need to expand it.
I installed Debian stable to the eMMC, set up the NVME drives as a RAID 1 pair, mounted them to /home, created a user, set up SSH key access, disabled password authentication, plugged it in next to my router, and configured a static IP.
I set up port forwarding and dynamic DNS so the server is reachable from the outside world like `rrk3xpk0kn5lsxtg.some-dyndns-provider.com:41384`. Security through obscurity is bad, but a little extra obscurity on top of real security never hurts.
Now, Dropbox provides me with four distinct things which need to be replicated in this new setup. Firstly, it synchronizes files between my workstation and my laptop. Secondly, it allows me to browse all those files remotely from my phone. Thirdly, it automatically uploads new camera photos from my phone. And finally, it serves as an offsite backup of all my important data.
File synchronization will be handled by Syncthing.
Backups will be performed using Restic and pushed to Backblaze B2. I think the Restic model of treating the remote backup storage as a dumb object store is a superior approach (compared to Borg which uses a participating remote server), and Backblaze B2 seems to be the cheapest (reputable) cloud storage provider whose billing is directly proportional to usage without any minimums or tiers.
(I considered a Hetzner storage box, which would be even cheaper for exactly 1TB of data stored. But I would like for my backups to continue running in the background every night without me thinking too much about it, so I don't want a solution which requires me to monitor storage use and upgrade to a larger box if/when it becomes necessary)
Photo uploads can be handled through Syncthing again. Apparently there's some sort of Android app for Syncthing but I didn't bother with that and instead I just installed it under Termux:
$ termux-setup-storage
$ pkg install syncthing
$ cat .termux/boot/syncthing.sh
#!/data/data/com.termux/files/usr/bin/sh
syncthing
Configured via the web interface at `http://localhost:8384` to sync the phone's
camera roll from `~/storage/dcim/Camera` to the server, and voila! Now I have a
photo backup solution.
(Obviously I configured SSH via Termux as well. You should always have an SSH client on your phone and at least one server you can use for "this would be so much easier on a real computer" tasks even if you don't have a NAS, or else what are you even doing here?)
For remote file browsing from my phone I tried a bunch of file explorer apps and eventually settled on CX File Explorer. It connects to the server using SFTP via the DynDNS host + port forwarding setup from earlier so it works outside of home as well. CX File Explorer just happened to be the app that looked nicest without any janky bits when used as an SFTP client.
It is slightly cheaper, but breakeven on the up-front hardware cost is like 3 years. Realistically, anyone who can afford to spend $500 in a lump on the hardware probably doesn't need to save a few bucks on a Dropbox subscription.
This is primarily about long-term stability, not sending all my data to a cloud provider as plaintext, and taking ownership of my's digital footprint.
I did consider whether I ought to run any other services on this server to "get my money's worth" on the hardware cost, but I think that's a bad decision. This server stores literally all my important personal data, so it's probably best to minimize its exposure to the outside world. Syncthing plus SSH seems like about as much of a security surface area as I am willing to tolerate.
I guess maybe I could run Plex or something on it, but really any external-facing services should probably live on a VPS outside of my home network anyway. For web publishing I'm a big fan of the cheap static-file web host.
I did consider whether it was possible to have my home storage server be outside the trust circle (that is, all content client-side encrypted on my PCs and phone). There were a few ways to make this work, but ultimately all of them had significant downsides and there was an obvious path (Syncthing + SFTP) to a working solution if I was willing to compromise on that point, so I did.
Now I just have to get past the psychological barrier of actually cancelling my Dropbox account for the first time in over a decade...