Servury (Cloud/Server Provider)

is it about time you gave servury an example of how services should work in a privacy guides article?

>Servury works how I wish all services worked honestly.
This genuinely made me so happy, not receiving approval from others, but knowing that other people see what I personally see in this project, and the bigger picture of a free internet.

Alongside the passkey update, I removed Cloudflare proxying and web server logging, which existed for debug purposes, was not linked to accounts in any way.

I would love to hear more feedback if you guys have any, user feedback is the only signal we get since quite literally nothing is logged.

Should I have feedback later, what’s the best way to get in touch?

The most efficient way would be to make an account on Servury and open a ticket, I check for new tickets very frequently.

You could also contact me by e-mail, but I doubt you and other folks here would use that as a means of getting in touch.

Good to know! Thank you.

Mainly I do it when I’m trying to get services to implement a passwordless, email-less login, but there’s so few examples to draw from it’s hard. I’ll have to revisit some of my old forum posts and show them Servury now and see what they think.

I hate to be that guy, but this is a privacy forum.

I run uBlock Origin in “medium” mode which means I block all third party scripts and iframes by default. This is a type of web “hardening” for additional security + privacy.

You’re styling your site with tailwindcss, but you’re not hosting tailwind and are relying on your users to fetch it from tailwindcss.com. As such, tailwindcss.com will know of all your traffic. I think you should move to self host it instead.

image1036×502 43.5 KB

No. You’re absolutely right, I’ll fix that right now.

Should only have Cloudflare as an external asset now, I hosted everything else, tailwind, fontawesome, three.js, chart.js and leaflet.

But having Cloudflare annoys me, we use it for their Turnstile, which I have found to be much more friendly to Tor users than garbage solutions like google recaptcha and others.

Perhaps some folks here could make some suggestions?

There’s some self-hosted options such as Anubis based around PoW, I don’t think there’s any super great options though. Probably in the future something to do with device attestation using the secure element in people’s devices could work, I know Google tried something like that with Chrome but it got shut down.

Your site is working great for me now in ublock’s medium mode. Well done.

I’m also curious about people’s opinions on cloudflare. As I see it, cloudflare is a necessary service in this world if you don’t want your site to be abused by bots.

Cloudflare is a litle quintessential for DDOS protection more than bot protection

When I posted my article on HackerNews, a lot of people were mad because the site was behind Cloudflare (which in turn allows CF to “see” all the traffic), the reason I was using it is because we had been DDoS’ed a few weeks back, I think the people who pointed this out are right to a certain extent, but said traffic is in no way associated with user accounts.

Anyways, I did end up removing CF proxying a couple hours after it being pointed out as a potential privacy issue.

I looked into Anubis, but from what I saw, I need to sponsor them to be able to rebrand the browser check page, which is full of anime girls, I have no problem with anime, but I’m running a business here.

No idea how that works either, because they are in fact an open source project, I just didn’t look into the license and/or source code to see if I was authorized/able to use my own branding.

I’ve opened a thread to discuss this further.

Apologies if I am asking am stupid question but I’m trying to understand and learn:

Does it mean I can use Servury to make my own Signal proxy or self host other things? I’m trying to understand the use cases for your service. Please explain and clarify.

Love the blog post by the way! Well written.

No captcha expert but I bookmarked those myself for later use:

• GitHub - altcha-org/altcha: GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism.
• GitHub - mCaptcha/mCaptcha: A no-nonsense CAPTCHA system with seamless UX | Backend component
• GitHub - PrivateCaptcha/PrivateCaptcha: Independent, privacy-first, self-hostable PoW CAPTCHA service made in EU

Could maybe be helpful.

Maybe other quick low hanging fruits:

• you could change the favicon/logo from .png to .svg to juice out some extra performance
• I’m not sure of what’s the stack you’re using on the frontend but you have a chonky render-blocking JS file for your TailwindCSS^[1]
• you also load 2 FA fonts for a total of 300kB, not sure what’s in there but probably some of the logos for the navbar etc? I think they could also be replaced with some .svg for a 1/100th of the size ^[2]

CleanShot 2025-12-23 at 17.03.49@2x2148×282 47.6 KB

I know all of your resources are cached down the line, mostly pointing out in case you want to fine tune your initial performance a little. Given your product, might definitely not be a deal breaker but I am just a bit hurt to see such a simple page needing a whopping 1MB.

1. looks like there is no JIT on it either, you apparently ship the entire default config? defeats the purpose of Tailwind to have a minimal footprint ↩︎

2. I mean, it’s mostly Frontend nitpicks given the fact that you load a mini ThreeJS script for a 3D globe anyway ↩︎

Maaaaan, you really like going deep on this. Maybe post the man’s lighthouse audit too?

I’ll do it and it’s not that bad:

image1076×542 30 KB

I think the core issue here is that servury.com is a very simple html site and doesn’t have a frontend build pipeline to bundle all of its dependencies in an optimal way. I guess it’s just an MVP app so this should be fine imo. I think you’re just highlighting the lack of tree shaking - the site is just serving everything regardless of whether the thing will be used or not.

I’m a senior Frontend Developer so yeah.
And I could go very deep but try to refrain myself from going too deep with the webperf part haha.

A simple HTML site should stay a simple HTML site yes.
I could install Wappalyzer and check all the stuff but it’s probably not worth bringing that to OP because they probably have their prio somewhere else indeed

Not really the issue here haha, but open to any DM by OP if he wants to know some nerdy details to optimize their Web Core Vitals.
Just thought some of them are low and easy hanging fruits.

Alright, decently productive day.

1. I2P mirror now available
2. Installed Tailwind properly
3. Got rid of the FontAwesome dependency, now simply using their icons hosted on our server (thanks @kissu!!!)
4. Navbar update and other non-notable UI upgrades

According to https://pagespeed.web.dev, the new performance rating is 99%.

Thank you @ everyone who is actively giving feedback, it genuinely helps heaps and does not go straight above our head like most services!

Just pushed out a new update.

1. Revamped the notification system to use toast style notifications platform-wide
2. Upgraded credential hashing algorithm to Argon2id
3. Better virtual server power controls / status monitoring
4. Other general UI enhancements

If you have feedback, open a ticket on-site, it will be my pleasure to implement what YOU want to see.