Birth of the project
When I was a student, I loved to explore Linux running a RaspberryPi. And I still do: I have 4 of them running at home, ranging from 1B+ to the 3B+. I think that this kind of mindset plays an important role in what became YOOS. Being a student often means very low budget solutions but time and creativity. Using open source software becomes then mandatory: it is free and can be tweaked. On top of this, the solution could not be hosted in the cloud. Even if it can be very cheap, it is still an external service to subscribe to. The solution should be hosted at home. Also, since most public IPs provided by French ISPs are dynamic, I also needed a free domain name provider.
As a student, you very often need to host the code of your projects, share zipped projects and heavy files, or use a VPN to fetch resources located in your home network while being at school. Or ... play pranks to your housemates controlling the TV or the sound system from school. It later became the core features of YOOS.
We thought that the time spent and the lessons learned from this hobby could benefit anyone, given we automate the difficult parts of it. Having a local open source software running is fairly easy, to whomever has enough time to follow one of the many great documentations on the matter. Make it survive through upgrades, available to the world, while keeping a more than acceptable security hygiene requires deeper knowledge and is a complex subject. We believed that we could add value in those matters, transforming it into a product.
Ethics
When creating the product, the most difficult part was to choose what to offer: Linux machines can run anything. However, what runs on that machine needs to be carefully selected, to make sense altogether. The selection was made from the set of principles we believe we can offer to the world.
Freedom
The very first value we would like to offer to our users is freedom. It drives most of the technical choices we make when implementing features or configuring open source software.
We believe the ownership of the machine, and the file system that holds the data should be in the hands of our customers. In other words, our customers should be free to own their own corner of the Internet, and be responsible of their data. This subject started to be more democratized from 2018 with GDPR. Owning the server and the data provides independence (even from us).
There are many different offers on the market for the different features proposed. And a lot of them are very good. But providing a product that is different in its core helps giving choice, reducing the possibility of a monopoly, thus drives the quality of services up and the prices down, for the benefit of the consumer.
We also allow our users to root their device: we provide our customers the ability to fully control their product. For instance, if they want to modify a software, add a new one, remove another, it is possible. That also allows our users to inspect how we do our product, providing transparency or sharing our knowledge. If a customer is getting our product simply to learn from it, we are already more than happy. Of course, freedom comes with responsibility, and users should do it only when knowing the full impact of those actions.
Finally, even if we do provide a Domain Name Service as part of our subscription, we do respect if our customers simply decide to keep the product and use another DNS provider (or no DNS at all if the IP is static). It is made possible to run our product without our DNS service. Even without us, our customers can continue to benefit from the product.
Respect
We believe that freedom cannot exist without privacy, and the worst censorship is self-censorship. The common thread of the selection of our features is aimed to respect of the privacy of our customers. The aggregation of opensource software we made aims to provide the toolkit for any Internet user concerned about storing or even sharing sensitive information.
We are very grateful for the gift that opensource software are, and we put a lot of time and effort to ensure we strictly comply with any legal requirement, and give proper attributions. From the study of all the different licenses, trademarks, and even security standards, we aim to use the strictest measures. Offering root access was also a choice made in that direction. It transmits to the user the freedom given by the software, to download and browse the source code, the licenses of the software running on the server and be able to modify it.
Security
Finally, we think that respect of privacy cannot be achieved if strong security measures are not in place.
Our solution was designed with security and compliance to industry standards in mind, from the inception. We configured the different software with the strictest setup, and using strong encryption (SSH using public keys only, TLS1.2 and TLS1.3 with most modern ciphers, strong and never reused passwords). We also hired experienced pentesters to verify the setup of our product, and we regularly scan our solution to spot any security issues to fix them before they become actual problems. We think this part should not be a burden to our customers while still comply with the strictest requirements. That is why we offer security updates as part of our subscription. The updates are tested before being pushed to our user devices to provide the best availability.
The updates are done by remotely connecting to the devices using automation tools over SSH, however we do understand if our customers don't want us to have this kind of access. It is possible to forbid us to access devices for updates, and updates can be conducted by the customers on their own from the given interfaces. Here again, freedom comes with responsibility.
Finally, security is also my field of predilection: from root-me, hackthebox to recently both OSCP and AWS Certified Security Specialty certifications.
Passion
Before distributing it, we are users of our own product. We hire and partner with people who share our interest around this project, and gather ideas from all the Kopi meetings we had with them. Coincidentally our technology was created by a team of French engineers.
A tech freedom fighter