Take a look at FreeNAS. It is FreeBSD, which is self-recommending for things like NAS, built on ZFS (all the nice parts of a modern file system like snapshots, easy backup, etc.) and has a nice management GUI.
(I also don't recommend exposing your NAS directly to the internet. They frequently make doing so attractive with the ability to run addons like file sharing or "private cloud" services. If you must, run them in a VM on the NAS and isolate the VM from everything else on your network. And keep up with patches.)
Synology works reasonably well, but is not setup and forget.
A few months ago, I decided to migrate to my new laptop by restoring a backup from the old one , just as a way to test the DS216j backups. I found:
a) I was on an old backup solution of them, and they had migrated to something new. I had a hard time to find the old backup software's installer to do the restore.
b) The old backup was good enough to restore individual files, but had no real way to do a full restore. It seems they thought I'd click on each individual file, even if there are hundreds of thousands in my home folder. I believe there was an option for zipping a folder, but it just timed out.
c) Their site had great documentation for telling me about how to do backups, but I could not find anything for the I-urgently-need-a-full-restore use case. Maybe I overlooked it, or their new software is better documented.
Now all the data was safely on the NAS, and I think I could scrape it out with a few days work, but none of the above would be fun to find out in the middle of an emergency. I've since thrown their backup software out and replaced it with a custom rsync to the NAS. At least I know how to deal with that when the full cow farm production hits the turbofan.
A NAS is generally safe if you don't do anything stupid with it (there are footguns available of course). But you can easily cut it off from the broader internet entirely.
Synology is great if you want to stick to using their GUI, which is very capable. If you are more of a DIY/CLI person, I would avoid Synology and similar products. They have everything set up in a very particular way, and you can’t mess around in the backend too much without risking corruption of some kind.
You spend less on a used computer with Ubuntu or FreeNAS or some other distro, have way more flexibility, but a lot more to maintain.
Sounds to me like you would probaby be fine. As the article states there are various safeguards against it. Even just 2FA helps against brute force. Alternatively don't have it accessible from the internet.
Synology is a good compromise for ease of use and being able to actually set it up the way you want and need it. I have been using them for a few years and I'm happy with them. You actually get a good range of options for setting it up securely. I'm much more concerned about my router being taken over in some way as it doesn't get security updates and there is not much you can do with it.
And yes, I use it amongst other things for local backups. But then still back up to Dropbox and Google Drive from the NAS and other devices. And to external hard drives to swap around. It doesn't make me use cloud storage less, but I'm a lot less concerned about losing access with having everything local as well.
That's a good point I hadn't thought of. My motive for "get out of the cloud" was more about losing access than risk of breach / leak / spying etc. So that doesn't require getting out, it just requires the local backup copy.
