Hello, there is something I am confused about. I know for some services, Privacy Guides will recommend the self-hosted variant even if it doesn’t have E2EE.
My threat model does not include the possibility of someone accessing my server online or physically as I practice good security measures.
Is E2EE on a self-hosted server needed if you use encryption in transit (e.g TLS)? Is it a good practice, or is it overkill and unneeded for most? I ask because setting up encryption or finding alternate services that support self-hosted E2EE can often be difficult.
Well, that depends. Are you hosting on your own hardware or a VPS? If you are hosting on your own hardware, no E2EE is not required. In fact I would rather say it is quite redundant. All you are really trusting in this case with your data is yourself.
Now, on a VPS, this is a completely different story. They can see what is stored on that server, since it is their hardware. I would say for anything sensitive (like your photos, videos, etc.) use E2EE wherever you can. For anything you intentionally make public, you shouldn’t use E2EE (eg. a website).
I use a server in my home, so I guess it doesn’t matter. There are only two worries: physical access and digital access.
I don’t worry about physical access because who would rob a house and the first thing they grab is a server?
And for digital access, I suppose E2EE would be a safeguard if someone managed to hack into my server, but with good security I just don’t think it’s worth considering or worth the trouble. Thanks!
I’d agree that E2EE is best when you don’t trust the server it’s hosting on, or have a threat model where you believe there is a chance it may get breached (i.e. you punch holes in your own firewall and publicly expose your private server).
For a VPS, the threat model would be you wish to secure against your hosting provider. This may be a valid model, or perhaps it’s not as big of a concern for you.
Self hosting on a VPS is definitely better than hosting your data unencrypted on third party. But debating between having unencrypted dat on a VPS vs E2EE data third party.. more nuance is to be had.
That’s thread modeling - do you want to secure against a robber snagging your server? They may think it’s worth resealing. Or maybe a locked server is good enough.
—-
With all of that, I’d you don’t have a use case where unencrypted is better than E2EE, just use E2EE. At best it offers the same experience, at worst you’re more vulnerable to a slew of attack surfaces.