What Is an Administrator?
A couple of years ago, I set up my first home server. I will describe the details in a later post, but today I want to discuss a surprising thing I learned: as the administrator of my server, I could see everything that was going on.
Before learning about administrators, we need to know what a server is. The Lifewire blog gives us a pretty good definition:
A server is a computer designed to process requests and deliver data to another computer over the internet or a local network.
I had an old desktop PC sitting on a shelf in my basement, and I wanted see if I could still put it to good use, and hopefully learn something in the process. I had already gotten into Linux and that led to discovering Ubuntu Server. By wiping your old computer and installing Ubuntu Server on it, you can turn that slow PC into a digitally networked space where you can store text files, photographs, music and videos. You can read and play these from another computer or device in your home, including from your smartphone. With a few more steps, you can open up that home server computer to the Internet via your modem, and now you've got your own place on the web where you can store and access your files from anywhere. This is what's called self-hosting; you manage your own files without needing a third party. Opening your home up to the web poses security risks, but I want to leave that to one side for now and focus instead on the person who manages the server computer. This is the administrator.
Being the administrator to my own server was quite a steep learning curve, but it has been a great learning experience. Going through the process of setting up and managing a server helped me understand that the 'cloud' metaphor we use for online storage is not very accurate, for example. When you upload your picture to Instagram, you're not shooting it up into some digital sky where it mixes with all the other world's data in an ephemeral data mist; instead, you are just saving your picture file on a computer somewhere in the world, managed by Meta's administrators. It is the same as copying your picture onto a USB stick, and then giving that USB stick to someone who works for Meta so they can then copy your picture onto one of the company's servers. Secondly, I learned how powerful the administrator of such a system is, and how much they can see and do.
As the administrator of a home server, your password is key to everything. You use that password to add or delete files, install new software, manage the users and their passwords, set up security measures such as a firewall, and even delete the whole server if it comes to that (which I did several times).
The administrator controls and has access to everything. I discovered this first-hand when I began to invite some of my friends to store their music files on my server. I had a lot of space on the drive, and thought it would be fun to create a shared online music library between us. The software I was using also gave each friend (or 'user') their own supposedly private space on my server, where they could store their own personal files. But to my great surprise, I discovered that by using something called the command line (words of instructions typed on a small terminal instead of clicking on icons like we do on our desktops) I could see their files, and make copies. Even with some user protections built into the software that I was using, I found I could either change my own access levels to that of a kind of super administrator, or I could just make a copy of the user's protected folder, and then change the permissions of that copy to see their files.
When I discovered this, I was suddenly confronted with the ethical responsibilities that come with being an administrator. I contacted my friends right away to explain the situation and told them not to store sensitive information on my server. While I was not interested in the contents of their personal files, I felt they should know that, as administrator, I could see and copy them if I wanted to.
It makes you wonder why that isn't the default response from all administrators. I can read through the fine print before creating new accounts, and I can download and glean through privacy policies, but how many administrators of the server-based tools we use every day (email, cloud storage, work, social media, forums, media subscriptions) contact you proactively to say: just so you know, this is what we know about you, this is what we can see, this is what we are going to store, we're going to show it to these people, and this is how long we are going to keep it after you delete your account. In the EU, GDPR laws are a step in the right direction, but companies are still mostly reactive, rather than proactive, about their accountability to the users on their platforms.
So, by making use of this old basement PC, I learned two things:
- the images we post online don't live in some insubstantial 'cloud' but are files stored on someone's server (ie., a computer)
- the administrator of that server may be able to see and copy those images
Those two insights really changed my perspective about my devices and the Internet. Learning about what an administrator can see and do led to an increased interest in digital privacy. It made me more careful about where I write and post words, images or videos, caused me to start using separate devices for personal and professional use, and led to a discovery of encryption and privacy-focused software companies.
Given how much of our time we spend connecting online and sharing files with other individuals, companies, schools, workplaces and governments, a basic understanding of servers and administrators should be common knowledge. Unfortunately, that doesn't yet seem to be the case.
Documentation
It is fun to set up your own server. I don't have an IT background, so it was slow-going and sometimes frustrating, but I felt elated when it worked. I won't post direct links here, because the information changes all the time, but if you are interested and want to try setting up your own server on an old laptop or PC, a search for Ubuntu Server and Nextcloud will get you started. It is also possible to do all of this on your computer with a virtual box, which is essentially a software model of a computer that runs inside your computer.
A Note for Parents
In a previous post about the flaws with parental controls, I argued for parents keeping administrative rights to their children's online accounts. Similarly, I would recommend always making sure you are the administrator of all of your child's hardware devices. In my experience, this isoften not the case, with many children being the administrator of their own accounts and devices, and with parents locked out.
--------------------Discuss on Reddit--------------------
Subscribe to my blog via email or RSS feed.
Back to Blog