selfhost noob question

Maybe i missunderstood something.. I thought we was on a PrivacyGuides forum and the goal of this forum was to find everyday a way to avoid surveillance from the Gov, Enterprise etc.. I feel like you want me to be okay to being monitored on a VPS server. Of course i want to hide what i’m doing because this is NOT their business.

How do you know they’re not snooping ? You work there ? Have you seen with your eyes what they’re doing with their servers ? Don’t take my reply personally but for me this is crazy to say “This provider don’t store logs” let’s be honest nobody can know if a service is storing the data of their users or not you’re free to correct me if i’m wrong. But i really appreciate the guide you provided that explain how to secure a sever using fail2ban etc thanks you sir.

Yes and no. If the answer is:

• learn how to be a sysadmin + programmer
• build your own chip + PCB + computer
• compile your own kernel before self-hosting it

It would be quite unrealistic and hardcore to reach that kind of independence.
Not impossible but not to everybody’s capability/resources.

Even if yes, if you don’t do that 24/7/365, there is no way to tell.
Some companies are just more trustworthy than others.
In practice, you also don’t control what’s running on your computer given updates on the fly or random bits flipping in your RAM.

You could have some audits, controls and privacy controls that randomly pop out to maybe tighten the bolts but yes, realistically you can always keep things clean during inspections or use dirty tricks like that.
Now, it would also mean that anything you buy could be malicious.
Plot twist, you do buy 99% of your stuff from Asia.
Since companies there can always install some small hardware piece and spy on you without you ever knowing until some expert finds it but again, it might not appear on another batch so hard to really pinpoint the issue.

Does it mean that you should not use any tech ever and just go live in the forest?
I guess that it is an unrealistic extreme that nobody is ready to accept.

Hence why @kuebic said that you’re probably not worth the time/effort for those companies to do something as random as snooping on a random person in a huge database list.
Also, if somebody finds out that this is an actual practice there, the entire company could go down because of laws/regulations. For what? Snooping on your summer holidays photos? Probably not worth burning down an entire business for. But in theory very much feasible yes.

As a reminder, some companies are built around entire street-cred/trust.
If this turns poorly with a scandal of such ill practices, people will move to a competitor
Just like if Signal just sells your data to the first guy showing up: nobody will recommend it ever after. Was it worth selling your data for 5$? Probably not in the long run, hence why doing that? Not worth it.
Also, GDPR/other regulations are quite expensive to have the luxury of snooping around on photos.

If the FBI knocks at Hetzner’s doors saying that a user 123456 is probably a pedophile or alike, then it’s worth investigating 5min and double-checking if it’s true by inspecting the content of the VPS of that user.
Or if you’re Facebook, you’re probably above the law and don’t really care about a 50M$ fine.

Just don’t mess up with an ex that is a developer at a billion company^[1] and you should be good.

1. and that hates you now and could quickly query their database to retrieve some of your personal info on their computer ↩︎

Maybe i missunderstood something.. I thought we was on a PrivacyGuides forum and the goal of this forum was to find everyday a way to avoid surveillance from the Gov, Enterprise etc.. I feel like you want me to be okay to being monitored on a VPS server. Of course i want to hide what i’m doing because this is NOT their business.

This is like saying ShadyVPN LT tracks the users while using their VPN and since ShadyVPN LT does this I’m not gone use Mullvad VPN, Proton VPN or iVPN.

How do you know they’re not snooping ?

Third Party Audits, law, their data policy and ToS and reputation.

Don’t take my reply personally but for me this is crazy to say “This provider don’t store logs”

We never said that.

I don’t have the patience to read through the entire thread, but i want to leave a couple of key points:

Don’t opt in for cheap VPS providers.

• Their cloud-init, MAAS configurations are often vulnerable because of the loose firewalling. PXE overwrites still happen to this day in 2025.
• Their cheap hardware is typically represented by the End of life x79, x99 Xeons
• They don’t have the means of verifying firmware, IPMI states of the equipment since MAAS lacks such functionality. They also sometimes rely on a consumer grade hardware with no relevant functionality whatsoever.
• They don’t disable SMT and don’t strictly pin CPU cores to the VMs. Couple this with the EOL processors and attackers have a viable path towards other tenants.

If you’re simply forwarding all the traffic without decrypting it on the VPS to your homelab - such attack vectors shouldn’t bother you, but you probably should choose a better VPS provider anyway for the sake of privacy and reward the actual engineering efforts.

I think we all in the community can agree on the phrase of “buy shit, get shit”.

@kissu already provided a similar answer, but I just want to reiterate, as you did quote me.

I’d like to think realistic privacy depending on threat modeling. If trying to hide whistle-blower communications from three-letter agencies, the answer is different than if trying to hide personal password hashes against casual data collection.

Even if I do work there, there’s no way for me to guarantee no one else there is snooping on your data, even if they have a policy against such practices.

It’s just the reality out there. With a VPS, you’re essentially asking someone to let you borrow a portion of their computer, which they section out using their own tools, so they theoretically have root-level access anyway. Trying to hide your running processes, decrypted memory, generated logs, and network traffic is essentially impossible.

If you’re uncomfortable with that idea… VPS hosting is not your answer. Best you can do is either self-host on your OWN machines, or choose a reputable provider where legal/policy barriers actually protect you more than technical ones.