Enabling VPN while preserving external access in your home NAS

Enabling VPN in a home NAS is a good way – some might say paramount requirement – to preserve your privacy when using certain applications. While the highest flexibility comes from running the NAS directly in a Linux machine, out-of-the-box solutions can win in convenience thanks to built-in applications and mobile App support. One of such solutions is Synology. In this post I will describe how to setup OpenVPN in a Synology NAS while still preserving access from the outside.

Continue reading

OpenIT: “Building Trust Despite Digital Personal Devices”

The IT University of Copenhagen started in 2013 an initiative called OpenIT. The idea is to share knowledge inside the university by giving TED-like talks on a weekly bases. Here is mine 🙂


Our innate ability to evaluate social norms, contexts, or the trust we put in other individuals, makes us naturally equipped to regulate flows of information in our daily human interactions. However, when dealing with digital interactions, we are not that well equipped. Not being able to control how digital devices handle our sensitive information leads us to distrust both the devices, the services we are using, and the parties that provide them. Usage control models have been defined that could represent complex information flow policies. They have never been implemented so far because they made out-of-touch assumptions about security. Even today, the usage policies embedded in personal devices, defined by manufacturers and service providers, are based on obscurity and are therefore fragile to exposure. They cannot be modified or extended by users. Does it have to be this way? We don’t think so. In this talk, we will present (i) the building blocks to implement a usage control model that can enforce policies coming from both users and service providers; (ii) a framework that can support it; and (iii) our work on trusted storage, data integrity, and storage-based intrusion detection, from which usage policies adapted to today’s technological context start to emerge.\