Does Privacy Guides have a stance on self-hosting?

I’ve noticed that while self-hosted or self-hostable software does appear in PG’s recommendations (e.g. Nextcloud, SearXNG), the emphasis seems to be on software that incorporates end-to-end encryption. I think some kind of guide detailing the pros and cons of hosting data on your own machines vs using an external end-to-end encrypted service would be warranted. Of course, self-hosting and e2ee aren’t always mutually exclusive, but it would be good to get an idea of what benefit each provides and what type of services/data would be better suited to a e2ee solution on an external provider vs an unencrypted self-hosted solution. As it stands, the closest I found was the “Shifting trust can increase privacy” section of “Common Misconceptions”, but it doesn’t really address the issue of self-hosting directly.

I don’t think their is one concrete opinion.
But first we need to define self hosting well.
Is hosting your own i.e. Nextcloud instance on AWS self hosting? I tend to say yes, is it privacy friendly? - probably not so much.

Self hosting in my opinion requires some basic knowledge about network and computer security in order to do it well. I do not buy that self hosting insecurely without one knowing what they are doing is an option.

Interesting discussion for sure.

1 Like

I back that.
My definition of self hosting would be manage your own server with direct physical access.
Under that definition, I think that self hosting is very private, since you are master of your own data, as far as you host services that don’t spy on you (!) and you are able to manage your privacy.
The main point has more to do with security : many self hosters just deploy docker containers and have no real understanding of system administration. That endangers their data. In that way, shifting trust and having your data managed by a system administrator different from the Big Tech can be a more secure answer.

2 Likes

The reason for this is that most people who are “self-hosting” are doing so via commercial server providers like Hetzner, DigitalOcean, or Vultr, where end-to-end encryption is still very important. This is less of a factor if you’re actually self-hosting at home where you can physically secure the servers, sure.

This is all stuff we do want to cover in a self-hosting guide or category on the site, which is planned, it’s just that nobody has actually written it yet.

4 Likes

I would compare it with cooking your own meals using your own ingredients grown at home. It can be done but you have to know what your needs are and how to actually do it. It takes a little time of your day and whatever you come up with should last for indefinite periods of time. You need to be able to endure losses i.e., plagues, bugs, bad weather, lack of care while away from home for longs periods of time, etc.

All these things are parallels to managing a server with your own data. Even with all the wealth of information found online it can be challenging because it’s not just about setting things up once and forget. No, you need to keep software up to date, manage backups and properly test them, prepare for hardware failure (if you host it at home on physical hardware), restore in case of data loss due to misconfiguration, etc.

It’s definitely an interesting debate that can’t be summarized into pros/cons list imo.

2 Likes

I agree with this definiton of self-hosting as “managing your own server with direct physical access”. Another option for anyone that’s less technical is to ask a technical friend to help system admin one of their self-hosted servers in exchange for access to its services (like Nextcloud).

I think slef-hosting is meaningful if the person can do traffic analysis (I cant yet, it is a learning project for another less busy day). You can self host as you want but if data gathering/telemetry is slipping away from your hands unnoticed it feels no different from hosting in a VPS elsewhere.

Some technical knowledge is required for the privacy concious self-hoster, at least enough utilize network segmentation and VLANs properly. Currently my printer is connected to my WiFi and god knows what it is sending back. I still need to buy a managed L3 or maybe L4 switch for me to be sure that this particular network device does not dial home.

Also good luck finding an open source managed switch - people say they exist, but I find that they exist only in theory, because I’ve asked around the internet and no one seems to have one. All managed switch out there is proprietary only and it is a large, coarsened, uncomfortable pill to swallow.