1 - Getting Started

How do you deploy and set up SelfPrivacy server?

The SelfPrivacy server is created step by step within an hour. Sounds scary, but believe me, you don’t need a PhD to do it. It’s as easy as shopping in an e-shop.

  • Finding a passport and card with a balance of $10-15 and $5 per month
  • Registration of accounts
  • Domain purchasing
  • Connecting Domain to DNS Server
  • Generating tokens
  • Installation
  • Connecting to the services

If you delegate this process to someone else, you will lose your privacy. For 100% independence and control we recommend doing everything yourself.

Accounts registration

For stability, SelfPrivacy needs many accounts. We don’t want to trust all the data to one company, so we’d rather distribute parts of the system to different places.

Accounts to create:

  • Hetzner or DigitalOcean — virtual hosting servers. Whichever one you choose, your data and SelfPrivacy services will live on it.
  • NameCheap, Porkbun or any other registrar, to purchase your personal address on the Internet — the domain that will point to the server.
  • deSEC or CloudFlare (not recommended) is a DNS server, where your personal address (domain) works.
  • Backblaze is an IaaS, that provides free storage for your encrypted backups.

Registration is trivial, but sometimes account activation can take up to several days or require additional documents. Therefore, use real documents and fill everything out carefully. Providers protect themselves from spam this way. Nothing personal :)

Be sure to enable additional account protection — the second factor (MFA, 2FA). Without this simple step, your data will not be safe.

I know it was hard, but now your data is better protected than 95% of users. You should be proud of yourself! I’m proud of you 🤗

Purchasing a domain

Enabled 2FA? Then let’s get to the most interesting part!

Domain — it’s a piece of the Internet, that you can name like your home pet. The potential for creativity is enormous. Your only limitations are 63 character length + .com .org .icu or other domain zones. Feel free to choose from hundreds of others. You can choose your last name as a domain, like this: jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop

Advice:

  • Be sure to look at the annual renewal price, it can be many times the purchase price.
  • Normal domain price is $8-10 per year.
  • When registering a domain, make sure you enter your real email address, otherwise your registration may be cancelled. And if you can’t renew the domain, the system won’t work as intended.
  • A good name comes in handy, both on the phone to dictate, and on your business card.
  • Did I mention the 2FA?

Connecting Domain to DNS Server

Once purchased, add your domain to CloudFlare:

gif

Using ruleit.stream as an example, we chose the free service plan and got nameservers: gail.ns.cloudflare.com and mattns.cloudflare.com, which need to be registered with our registrar. For example, with NameCheap:

gif

At the same time, we check that we include auto-renewal and personal data protection — WhoisGuard. After a few minutes or, in the worst case, up to 2 days, the settings will be applied.

Generating tokens

API tokens are almost the same as login and password, only for a program, not a person. SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!

We do not need a token for your domain registrar. But we need a DNS provider token to manage the domain.

SelfPrivacy supports two providers to choose from: the popular Cloudflare and the privacy-focused deSEC.

If you have chosen deSEC: How to get a token

  1. Log in here.

  2. Go to the Domains page.

  3. Go to the Token management tab.

  4. Click on the round “plus” button in the upper right corner.

  1. Generate New Token” dialogue must be displayed. Enter any Token name you wish. Advanced settings are not required, so do not touch anything there.

  2. Click on Save.

  3. Make sure you save the token’s “secret value” as it will only be displayed once.

  1. Now you can safely close the dialogue.

If you have chosen Cloudflare: How to get a token

  1. Visit the following link and log in to the account you created earlier.

  2. Click on the profile icon in the upper right corner (for the mobile version of the site: click on the menu button with three horizontal bars in the upper left corner). From the menu that appears, click My Profile.

  1. We have four configuration categories to choose from: Preferences, Authentication, API Tokens and Sessions. Select API Tokens.

  2. The first item we see is the Create Token button. Click it.

  3. Scroll down until you see the Create Custom Token field and the Get Started button on the right side. Press it.

  4. In the Token Name field, give your token a name. You can create your own name and treat it like a pet name :)

  5. Next, we have Permissions. In the first field, choose Zone. In the second field, in the middle, select DNS. In the last field, select Edit.

  6. Click on the blue label at the bottom + Add more (just below the left field that we filled in earlier). Voila, we have new fields. Let’s fill them in the same way as in the previous section, in the first field we choose Zone, in the second one also Zone. And in the third one we press Read. Let’s check what we have:

Your selection must look like this.

  1. Next, look at Zone Resources. Below this heading there is a line with two fields. The first should be Include, and the second should be Specific Zone. Once you select Specific Zone, another field will appear on the right. Here you select our domain.

  2. Scroll to the bottom and click the blue button Continue to Summary.

  3. Check that you have selected everything correctly. You should see a line like this: your.domain - DNS:Edit, Zone:Read.

  4. Press Create Token.

  5. Copy the created token.

How to get server provider token

gif

  1. Visit the following link. Authorize the account you created earlier.

  2. Open the project you created. If none exists, create one.

  3. Point the mouse at the side panel. It should open and show you menu items. We are interested in the last one — Security (with a key icon).

  4. Next, at the top of the interface we see something like the following list: SSH Keys, API Tokens, Certificates, Members. We need the API Tokens. Click on it.

  5. On the right side of the interface you will see the Generate API token button. If you are using the mobile version of the site — in the lower right corner you will see a red plus button. Press it.

  6. In the Description field, give your token a name (this can be any name that you like, it does not change anything in essence).

  7. Under Description, select permissions. Select Read & Write.

  8. Click Generate API Token.

  9. Сopy the token

  1. Follow this link and log in to the previously created account.

  2. In the left menu look for API — the last item at the bottom.

  3. Click Generate New Token in Personal Access Tokens menu.

  4. Copy the token.

How to get Backblaze token

  1. Visit the following link and log in to the previously created account.

  2. On the left side of the interface, select App Keys in the B2 Cloud Storage subcategory.

  3. Click on the blue Generate New Master Application Key button.

  4. In the appeared pop-up window confirm the generation.

  5. Copy keyID and applicationKey.


🎉 Congratulations! Now you are ready to use private services.

2 - How-to guides

These are the guides on how to perform common tasks.

2.1 - How to get root access via SSH

If you need to manually perform some tasks, you can get root access via SSH.

To access your server’s root shell you will have to generate your SSH key and add it to your server’s authorized keys.

How to generate SSH key

If you are a Unix-like system user

  1. Open the terminal.
  2. Run the following command:
    ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
    
    You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
  3. Print the public key to the terminal and copy it:
    cat ~/.ssh/id_ed25519.pub
    
  4. Refer to the next section to add the key to your server.

If you are a Windows user

  1. Open settings and under “Applications” click on “Manage additional components”.
  2. Press “Add Component”.
  3. Enter “OpenSSH client” in the search box and install it.
  4. Open the Command Prompt. You can do this by pressing Win+R, typing cmd and pressing Enter.
  5. Run the following command, replacing user_name with your Windows username:
    ssh-keygen -t ed25519 -f C:\Users\user_name\.ssh\id_ed25519
    
    You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
  6. Print the public key to the terminal and copy it:
    type C:\Users\user_name\.ssh\id_ed25519.pub
    
    Once again, replace user_name with your Windows username.
  7. Refer to the next section to add the key to your server.

If you are a Android (Termux) user

  1. Install Termux. We recommend installing it from F-Droid.
  2. Open Termux.
  3. Run the following command:
    apt update -y && apt upgrade -y && apt install open-ssh -y &&
    ssh-keygen -t ed25519 -f /data/data/com.termux/files/usr/etc/ssh/ssh_host_ed25519_key
    
    You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
  4. Print the public key to the terminal and copy it:
    cat /data/data/com.termux/files/usr/etc/ssh/ssh_host_ed25519_key.pub
    
  5. Refer to the next section to add the key to your server.

How to add the key to your server

  1. Open the SelfPrivacy app.
  2. Go to the “More” tab.
  3. Tap on “Superuser SSH keys”.
  4. Tap on the “Create SSH key” button.
  5. Paste the public key you copied earlier.
  6. Tap on the “Create SSH key” button.
  7. Open the Jobs list
  8. Tap on the “Start” button.
  9. In a few minutes, you will be able to access your server’s root shell via SSH.

How to access your server’s root shell via SSH

  1. Open the terminal or Command Prompt.
  2. Run the following command, replacing server_domain with your server’s domain:
    ssh root@server_domain
    
  3. Enter the passphrase you entered when generating the SSH key, if you used one.

Be careful when using the root shell. If you do not know what you are doing, you can break your server or leak your data. Responsibility for the consequences of your actions lies with you. Respect the privacy of other users.

2.2 - How to change the DNS provider to deSEC

For those who want to change their DNS provider after server installation.

We recommend using deSEC instead of CloudFlare. DeSEC is dedicated to privacy.

If you have first tied your domain to CloudFlare and now you want to change providers, this article is for you.

Attention, the process is quite complicated, and if you feel that something goes wrong, you can feel free to write us in the chat.

During this process, your services will be temporarily unavailable. Also, write down the IP address of your server, as you will not be able to access it by domain name.

Transferring the nameserver

A nameserver is a server that translates your domain (letters) into a server IP address (numbers).

  1. Register with deSEC.

  2. On the “domains” page, click on the “plus” button.

  1. Enter your domain.

  2. Copy “nameservers”.

Now go to the website of the domain registrar from whom you purchased the domain. The actions will be similar for all providers, we will show using Porkbun as an example.

  1. Go to your domain control panel.

  2. Find there the “Authoritative nameservers” parameter.

  1. Replace the current addresses with those that we copied from deSEC in the instructions earlier.

  2. Save the changes.


Getting the deSEC token

  1. Log in here.

  2. Go to the Domains page.

  3. Go to the Token management tab.

  4. Click on the round “plus” button in the upper right corner.

  1. Generate New Token” dialogue must be displayed. Enter any Token name you wish. Advanced settings are not required, so do not touch anything there.

  2. Click on Save.

  3. Make sure you save the token’s “secret value” as it will only be displayed once.

  1. Now you can safely close the dialogue.

Migrating records

Log into both CloudFlare and deSEC.

On the deSEC website

Follow the link in the “Domain Management” panel, click on your domain.

Now you can add new entries to it using the “Plus” button.

On the CloudFlare website

Follow this link and go to the settings of your domain, which is located under the “Websites” section.

Select your domain.

Now go to “DNS”, then “Records”.

First record: api

Based on the example in the screenshot, transfer the parameters of your “api” record (look at the “Name” column) according to their colors.

On the left side of the screenshot is deSEC, and on the right side is Cloudflare. You need to sequentially transfer each parameter of this record.

Second record: root

Create a new record of type “A”, in the “IPv4 address” field, enter your server address, which you have already entered in the “Content” field of the previous record.

You don’t need to transfer all the records! You have created two records, and the third one has already been created for you.


Connecting to the server

To perform the following actions, you will need to connect to the server via SSH with administrator privileges. Basic understanding of the command line is recommended ;)

You can find instructions on how to connect here.

After connecting to the server, enter the following command:

nano /etc/nixos/userdata.json

You are in a terminal text editor called “nano”.

You are editing the file /etc/nixos/userdata.json, and you can use the arrow keys to navigate.

Find the following lines in the file:

"dns": {
    "provider": "CLOUDFLARE",
    "useStagingACME": false
},

Replace:

"provider": "CLOUDFLARE",

with

"provider": "DESEC",

Now press CTRL+X, and then key Y.

Then edit another file:

nano /etc/selfprivacy/secrets.json

Find the following:

"dns": {
    "apiKey": "SECRET-HERE"
},

Remove your old token from CloudFlare and paste the copied token from deSEC. (If CTRL+V doesn’t work, try SHIFT+CTRL+V)

"apiKey": "Your deSEC token",

It should now look like this:

"dns": {
        "apiKey": "Your deSEC token"
    },

Press CTRL+X, then Y to save the file.

If the file has been saved and you have successfully exited the text editor, enter the command:

systemctl start sp-nixos-rebuild.service

It will start the rebuild of your system with new options. You may close the console now.


Reconfiguring the application

You will have to reset the application config to work properly. Don’t forget to create a recovery key and save it in a safe place (password manager).

How to reset the application:

Go to Application Settings.

Press “Reset application config”.

Now go to the “Setup Wizard” section where you configured your server when you first launched the application.

Tap “I already have a SelfPrivacy server!”.

(In the old version it might be called “Connect to an existing server”).

Next, follow the instructions in the app and enter the recovery key or code from another device where the SelfPrivacy app is installed.

After installation, you will see some problems with Domain and DNS. The application will offer you to fix them. Accept the fixes.

Congratulations! You have successfully changed your domain provider. We recommend you to check that all services are working correctly.

2.3 - How to manually clean up your server's disk space

Manual cleanup might be required if you need more space on system volume.

All commands in this guide are executed as root over SSH. If you do not have root access, see this guide for more information.

If you have no space left, you will only be able to use the SSH keys you previously added. If you run out of disk space and have not added any SSH keys, contact SelfPrivacy support for further assistance.

There are several ways to clean up your server’s disk space.

To check how much disk space you have, run the following command:

df -h

This will output a table like this:

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs         97M     0   97M   0% /dev
tmpfs           969M   52K  969M   1% /dev/shm
tmpfs           485M  3.8M  481M   1% /run
tmpfs           969M  432K  968M   1% /run/wrappers
/dev/sda1        19G  8.2G  9.5G  47% /
/dev/sdb         18G   62M   17G   1% /volumes/sdb
tmpfs           194M     0  194M   0% /run/user/0

Here, the filesystem mounted on just / is your system volume.

Deleting old NixOS generations

NixOS allows you to roll back to previous system states at any time, at the cost of disk space. SelfPrivacy servers are configured to reclaim disk space by automatically deleting old system states, but only states older than 7 days are deleted, so you can still use the rollback feature.

It is possible to manually delete all old system states, and it may give you more much needed disk space. To do this, simply run the following command as root:

nix-collect-garbage -d

This operation might take a while, depending on the number of system states you have. When it is done, you will see how much disk space you have freed up.

Deleting old logs

Logs sometimes may take up quite a lot of disk space. On SelfPrivacy servers, system logs are always limited to 500MiB, but these are not the only log files you have on your server.

To check how much disk space logs take up, run the following command:

du -h --max-depth=1 /var/log

The output will look something like this:

4.0K	/var/log/private
14M     /var/log/nginx
499M	/var/log/journal
587M	/var/log

System journal

Here, /var/log/journal are the system logs where all apps usually write their logs. As you can see in this example, they respect the 500MiB limit.

If you want to clear all system logs, run the following command:

journalctl --rotate && journalctl --vacuum-time=1s

This will usually give you around 450 MiB of free disk space, but not for long. This may though be enough to run some commands that will free up more space.

Nginx logs

The /var/log/nginx directory contains logs for the Nginx web server. If they got too big, you can clear them by running:

rm /var/log/nginx/* && systemctl reload nginx

As you can see, we don’t just delete the files, but also reload Nginx. This is because Nginx will get confused by the missing log files, and they will not be recreated until Nginx is reloaded.

Deleting old system

When you install SelfPrivacy on a server, the existing system gets replaced by NixOS. But the old system is still there and takes up disk space, so you can roll back to it if you want.

To measure how much disk space the old system takes up, run the following command:

du -h --max-depth=1 /old-root/

If there is no old system in place, you will see du: cannot access '/old-root/': No such file or directory.

But if you do have an old system, you may delete it by running the following command:

rm -rf /old-root/

This usually frees up around 1.8 GiB of disk space on typical SelfPrivacy servers.

3 - Backups

Backing up your services so that they are not lost

Why backing up

When your service is broken but it worked yesterday you have two options:

  • Spend some time reading logs and debugging what went wrong. Meanwhile the service is unusable and maybe some data is irreversibly lost;
  • Restore the service to a working state and then debug at a more relaxed pace. Hopefully it was just a solar flare or a glitch in the Matrix.

This second, nerve-saving option is enabled by backing up regularly, and even better, automatically.

Having a backup simplifies the process of transferring a service between machines, ensuring minimal inconvenience. This is useful if your datacenter is on fire, if your server provider gets bought out by another corporation, or when shareholders decide that it is finally time to make more profit.

This document covers the basic terms and usage of SelfPrivacy backup subsystem.

What is a snapshot?

SelfPrivacy does not make backups of the whole machine. Instead, it saves the states of each service. The state of the files used by a service, taken at a certain time, is called a Snapshot. In the interface, you can see that a snapshot has an ID, a service it backs up, and a date of creation.

When backups occur?

A snapshot is created in 3 cases:

  • By user’s manual command to back up a service;
  • Automatically at specified intervals if Automatic Backups are enabled;
  • As a precaution before an inplace restore of a service.

How the data is stored?

The service’s files are stored at the cloud of the user’s choice. We currently support Backblaze, with more to come.

All of the service data is encrypted with a local secret that the cloud never receives. Under the hood, we use Restic to transfer encrypted data.

Cloud storage providers, such as Backblaze, have an option to prevent immediate deletion of data.

SelfPrivacy app uses this option so that in case when the server is hacked the data cannot be erased.

Listing snapshots

There are 2 factors to keep in mind when looking at the list:

  • For the sake of performance, the list is cached. If some snapshots are missing which you think should be there, invalidate the cache so it reloads;
  • If you delete some snapshots, they will be removed from the list, but for some limited time they are still restorable with the help of the cloud.

Restoring a snapshot

Restoring a snapshot involves stopping the service and reverting all files to their state at the snapshot’s creation. This process can be accomplished in two distinct ways.

The safest one, the default one, is to download the snapshot in its entirety, verify that data is not damaged, and replace the service files with the files from the snapshot. However, this method requires additional storage space for the snapshot.

A somewhat riskier way is to overwrite the service files directly, without intermediate storage. It requires less space, but if the transfer goes wrong, you end up with a broken service. To help reduce the impact, a snapshot is taken just before restoring.

The app does check that we have enough space before attempting a restore.

Forgetting a snapshot

Forgetting makes the snapshot inaccessible from the server, but deletion itself is reversible from cloud UI for some time (30 days for Backblaze by default).

Automatic Backup

If you set up an automatic backup period, all of the services will be backed up according to the set period.

Note that backups are independent per service. If you have services A and B backed up automatically every day in the morning, and then you back up service B manually at noon, then service A’s next backup will be in the morning as usual, but B’s backups will occur at noons.

If it is disabled, automatic backups will not be performed.

Restoring after someone has deleted all the snapshots

  • Go to your Backblaze/other cloud interface directly;
  • Rewind the bucket to its previous state before the deletion event;
  • Open SelfPrivacy app;
  • Update the snapshot list;
  • Restore from snapshots as usual.

Troubleshooting backups

  • If you suspect that the list of snapshots is incorrect, try updating the snapshot list;
  • If an inplace restore has failed, make sure that your cloud is accessible and your contract is active. Then try to restore either a snapshot that you tried to restore or a pre-restore snapshot that was automatically generated;
  • If you do not have enough space on the disk for a safe restore, try restoring inplace.

4 - How to contribute

You can help with translations and programming

Help us translate

We use our own weblate instance to collaborate. You can create an account and help us translate the project into your native language.

If you’re a programmer

You can read about how SelfPrivacy works in documentation.

You can help us close Issues which are marked with the “Contributions welcome” tag. For example, at this link you will see tasks tagged “Contributions welcome” for the main application.

We cannot approve major changes without the approval of the core developers. Of course you can create a fork of the project, but if you want to get approval, please discuss the proposed changes in one of the project chats:

Python / NixOS - backend

The server side of SelfPrivacy uses the NixOS distribution, and a daemon program written in Python called SelfPrivacy API. The daemon works to provide a link between your server and SelfPrivacy app. You can read here about how to test and make changes to the SelfPrivacy API.

You can also improve other components:

Dart + Flatter - frontend app

Hugo / Docsy

If you want to improve our site:

For any help, please contact our chats:

5 - Frequency Asked Questions

Frequently asked questions about our project.

What are self-host services and what are their advantages?

When we use centralised services, such as popular social networks, we trust the admins of the resource that stores our correspondence, our photos and even the most important secrets said in a chat with close people. We allow our interests and music preferences to be analysed, receive targeted advertising based on them, and most likely participate in unnamed audience analysis programs and all sorts of surveillance.

Self-hosted is the term for keeping an online service in-house. The key to this approach is that you have an independent copy of the software on your server, without a third party running the service. To be an administrator, you don’t need to be a programmer and understand all the intricacies of the inner workings of the server application, i.e. the service. Typically, application developers who are not beholden to the head office and its ad trackers will try to make the service as clear and simple to use as possible.

Popular examples include self-hosted email servers, messengers such as XMPP or Matrix, and VPN solutions. If you’ve worked in a large organisation, you’ve probably seen a standalone email service on the company domain, and you’ve probably also come across corporate messengers. These are all self-hosted, but not by you, but by the company you worked for.

Why does a company need its own email and messenger? The answer is simple: to keep employee communications and company secrets in their own hands, under their own control.

If you want flexible self-host tools that you can customise, or you just don’t trust big companies and want to keep your data under your own control, self-hosting is for you.

Can I trust my hosting provider?

We have all experienced being disconnected from the Internet due to overdue payments, or having our home power cut off due to technical problems somewhere in the house or city. Therefore, in order to provide a stable online service, they turn to hosting providers - special companies that provide computer facilities for rent and undertake to do everything possible for their stable operation: backup power supply schemes of equipment in case of emergency, backup highways to connect to the Internet, as well as protection against earthquakes, fires and floods according to the latest science and technology.

A reasonable question: can you trust these services, since all the data stored on your leased server is, after all, the data stored on the disc provider’s discs.

There is no clear answer to this question, because at the request of law enforcement agencies from the provider’s jurisdiction, your data will surely be handed over without too many questions. But… do you often have problems with the foreign law?

The hoster is asking for my passport, what should I do?

The SelfPrivacy infrastructure currently relies on the hosting capabilities of Hetzner and DigitalOcean. Sometimes the hosting provider may ask for proof of identity when you sign up. This protects them from spammers. In addition, the European jurisdiction requires to know your customer (KYC). We apologise for the fact that Hetzner is not involved in the collection of unnecessary data and the disclosure of information about users.

Providing photos or photocopies of documents to anyone online is a bad practice that we condemn. But thousands of users and we can vouch for the reliability of Hetzner, which is more privacy oriented. They have been around for many years and have a good reputation. For our part, however, we are looking for alternative solutions to this problem.

Will this protect me from the FBI, FSB, Mi6, …?

We do our best to keep your data technically intact. But your hosting has to comply with the laws of its jurisdiction. We choose to host in as legal a jurisdiction as possible. So unless you are involved in criminal activities such as drug dealing, illegal porn, terrorism, and the like, your data is unlikely to be threatened.

Can I put SelfPrivacy on my hardware?

Unfortunately, no. But it is one of the features we plan to introduce in future updates.

Do we make money off of users?

No, we do not make money from users. We have no agreements with ISPs, nor do we use advertising or analytics in the app.

What’s the point of a non-profit project?

In a climate of aggressive consumerism, where only stories about effective business sell like hot cakes, non-profit projects are cautious.

The main motive behind SelfPrivacy that runs through our team is to make using the internet a little more comfortable, a little easier and - most importantly - a little more private.

Privacy is an inalienable human right that allows us to feel like subjects, independent individuals. We’re making a public project to get inspiration for new features and to look for bugs, not by a few people, but by tapping into the resources of an unlimited audience. After all, why does a musician write tunes and an artist create paintings? Moreover, developing a free solution that can take users to a new level of privacy is a matter of honour. And samurai have no goal, only a way.

Why do we choose providers?

There are several criteria we use when choosing an ISP:

  1. Availability of a REST API that manages the creation of the VPS. Otherwise SelfPrivacy will not be able to automatically create and configure the server, and much of the work will fall on the user’s shoulders. Also, automatic disk expansion will not work (when the amount of data on your server grows and needs more space);
  2. Quality of service;
  3. Price.

We would like to add support for new hosting providers, but at the moment all the alternatives do not support the functionality we need, or are excluded for other good reasons. Hetzner has a weak support service, but they have a good network and a great price. Their competitors are significantly more expensive and have a questionable attitude to privacy.

Those who don’t ask for a passport or other substantial proof of identity tend to create problems for email traffic - they send spam from them. For example, scaleway’s emails are blocked and you have to write to support to get them unblocked. This severely disrupts the end-to-end process of using the email service in SelfPrivacy.

What do we use as our email server?

On the deployed server, the following components are responsible for sending, receiving, filtering emails:

  • Postfix — SMTP server;
  • Dovecot 2 — IMAP server;
  • Rspamd — SPAM filter;

You can read more about using email on the service page.

Why have we added CloudFlare to the list of available providers?

After the 0.8.0 update, all users can choose between deSEC and CloudFlare. We recommend to choose deSEC, it is a privacy-oriented service.

Cloudlare is reliable and free. They probably collect data, otherwise it’s hard to explain why you should proxy other people’s traffic for free. In our case we only use it as a DNS server and don’t proxy anything. In the future we will replace it with our own DNS once we have solved the reliability problem.

We are currently testing yggdrasil + alfis, which will eliminate the need for a domain registrar and cloudflare. However, the testing, bug reporting to developers and sleepless nights will continue as we try to provide users with only the most reliable solutions we can find.

How to get help?

If you encounter a problem, feel free to write to the groups with SelfPrivacy developers ;)

Or you can create an issue in our project repositories:

6 - Available services

What services are available and how to use them.

6.1 - Bitwarden

Your password manager

Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form.

Bitwarden can be downloaded and configured on your server, which is what we use as part of the SelfPrivacy project. Unlike other free (like freedom) password managers, Bitwarden provides easy synchronization of one database between all devices.

  • WEB-interface: available after SelfPrivacy server configuration, at https://password.YOUR.DOMAIN
  • Official client (GNU/Linux, Windows, macOS, Android, iOS)

Setting an admin token manually

First, make sure your system config is up to date. You may click “upgrade server” in the app and wait for a couple of minutes, or run the following command in the terminal:

cd /etc/nixos
git pull

Then, we have to generate an admin token. Run the following:

nix-shell -p openssl --run 'openssl rand -base64 48'

It will output a string like this:

47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ

This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:

jq '.bitwarden.adminToken = "PASSWORD"' /etc/nixos/userdata/userdata.json > /etc/nixos/userdata/userdata.json.new && mv /etc/nixos/userdata/userdata.json.new /etc/nixos/userdata/userdata.json

Now, we have to apply the changes:

nixos-rebuild switch

And after rebuilding the system, restart Bitwarden:

systemctl restart vaultwarden

Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.

6.2 - Gitea

Gitea is a self-hosted Git service

In the age of computer technology, a lot of people deal with program code or configs. The version control system Git is widely used in order not to get confused with them. You can often find links to centralized git-hosting where the security (and sometimes privacy) of the code is questionable.

Owning your own git hosting allows you to store personal files on a private server. One of the best free (as freedom) git-hosting sites is - Gitea. It has all the necessary functionality and a convenient web interface.

  • WEB-interface: available after SelfPrivacy server configuration, at https://git.YOUR.DOMAIN
  • Official console git client (GNU/Linux, Windows, macOS, *unix)

If you want a client with a graphical interface, you can choose it from list of recommendations on the official website.

6.3 - Pleroma

Decentralized Social Network Server

Any centralized social network will have to take care of moderation, censorship, implementing rules, reading your correspondence as it grows. Another thing is your own social network, which can only belong to you, your family or your team. Only a decentralized network can provide maximum privacy. That’s why we offer you to become part of the Fediverse decentralized network.

At SelfPrivacy we use Pleroma.

  • WEB-interface: available after SelfPrivacy server configuration, at https://pleroma.YOUR.DOMAIN
  • Husky (Android)

Features of Pleroma

  • A social network of any scale: from a personal server with a single account to a massive thematic site;
  • Your social network, your rules. You are the censor, moderator and administrator.

Getting admin rights

Right now you can get admin rights only by using the command line.

  1. Connect to your server via SSH as a root user. Use this guide if you need help.
  2. Run the following command, replacing <username> with the username you want to make an admin:
    sudo -u pleroma env RELEASE_COOKIE=/var/lib/pleroma/.cookie pleroma_ctl user set <username> --admin
    
  3. Done! Now the user <username> has admin rights.

6.4 - Delta.Chat

E-mail-based messenger with end-to-end encryption

Messengers like Telegram, Signal, Whatsapp cannot be private due to the peculiarity of their architecture - centralization. And peer-to-peer (p2p) services like Tox consume too many resources and are inconvenient to use on a mobile device.

The best solution is to use your mail server for Delta.Chat. Delta.Chat is a messenger based on the email protocol.

If your conversation partner doesn’t use Delta.Chat, it will be just an ordinary email correspondence for him.

Features of Delta.Chat

  • Regular email client with all the features of IM.
  • Reliable end-to-end encryption (e2e), provided a personal email server is used by both interlocutors or a personal key exchange, such as via QR code.
  • Can use any email server, but then you lose control over the meta-information and risk key-swapping man-in-the-middle attack.
  • Slightly slower than usual messengers
  • First message is not encrypted because public encryption keys are sent with it.
  • There are problems with sending files > 5-7MB.
  • There are no convenient channels (chats for mass discussions and sending out information). We recommend using a decentralized social network.

6.5 - Jitsi

Video conference

Zoom and Google Meet are proprietary software that have limitations in their free versions and do not provide access to their clients’ source code.

But there is an alternative — Jitsi, which is an open source videoconferencing service with similar functionality to its proprietary counterparts.

  • WEB interface: available after setting up the SelfPrivacy server, at https://meet.YOUR.DOMAIN.

  • Android

  • iOS

  • Flatpak

  • Also see the builds in your distribution’s repositories.

Features of Jitsi

  • Does not require registration;
  • Uses avatar from gravatar.com if you specify mail (may violate privacy!);

6.6 - E-mail

Self-hosted e-mail service

E-mail is a time-tested protocol that needs no introduction. A personal mail server will provide special privacy for all correspondence and is useful for registering in online services and personal correspondence, especially for Delta.Chat.

Authentication

Users from the “users” tab of your app are used.

Connection configuration

Login must the username with the domain. For example, user@domain.tld.

SMTP

SMTP Server: your domain

SMTP Port: 587

Authentication: STARTLS

Username: your username @ your domain (your full email address)

IMAP

IMAP Server: your domain

IMAP Port: 143

Authentication: STARTLS

Username: your username @ your domain (your full email address)

Configuration example for Mozilla Thunderbird

What do we use as our email server?

On the deployed server, the following components are responsible for sending, receiving, filtering emails:

  • Postfix — SMTP server;
  • Dovecot 2 — IMAP server;
  • Rspamd — SPAM filter;

Tips

Alias for addresses

Use aliases for questionable services or one-time needs.

Messages for user+alias@domain.com will go to user@domain.com. It can be useful for spam origin analysis if a unique alias is used for each online service when registering. For example, bank+user@domain.com, cryptoexchenge+user@domain.com, and so on.

Directory Filter

Create directories of filters for different purposes. This will help protect against phishing and clogging your inbox. The message for user-dir@domain.com will create a dir directory in the user@domain.com mailbox and all mail will arrive in the dir directory.

Examples:

  • user-w@domain.com - for registering with web services
  • user-shops - for web-stores
  • user-pay - payment systems
  • user-forum - forum notifications

Features

  • Email is over 50 years old. In IT, this is a sign of maturity and reliability of the technology.
  • Email is the most popular way to get infected with viruses (after hacked software and cracks).
  • Beware of phishing (fraudulent emails), it can rob you of your savings and control over your digital life.

Sending email does not work

Sending email may be blocked by your provider.

Hetzner responds that they do indeed block the email for new accounts. After one month of server operation and the first successful payment, Hetzner asks to contact support to clarify the reasons for using email. You may mention that you plan to use email to communicate with users of your services.

With DigitalOcean, such a problem has not been observed, but if you have encountered this, try to get in touch with the hosting support.

6.7 - Nextcloud

Swiss knife in the business of working together

Collaboration means file storage, document management, video conferencing, shared event calendars, and things like that. As a rule, people tend to trust personal life and business to third-party services. However, there is an option to keep it all on your own server.

We choose Nextcloud - free software for convenient scheduling and file storage.

Authentication

When creating a server, admin Nextcloud user is created with the password you’ve used for your primary user.

To add new users, go to the user administration panel, on the web interface of your Nextcloud.

  • WEB interface: available after SelfPrivacy server configuration, at https://cloud.YOUR.DOMAIN
  • Official application (GNU/Linux, Windows, macOS, Android, iOS)

How to reset the admin password

To follow the steps below, you’ll need to connect to the server via SSH with administrative rights. A basic understanding of the command line is beneficial ;)

For detailed connection instructions, click here.

After connecting, enter the following command:

nextcloud-occ user:resetpassword admin

You will prompted for a new password, the characters will be hidden.

FAQ

Nextcloud Updater does not work

It’s fine, it should be. Nextcloud is updated via NixOS, and depends on our NixOS repository. Everything happens without your intervention.

Why can’t I use my Nextcloud in third-party services?

This can happen if the third-party service has a restriction to only connect to a specific Nextcloud instance.

Should I use an extension to encrypt my Nextcloud?

We do not recommend it. The encryption keys are stored on the server, which makes such encryption practically useless.

7 - About us

Who we are, our motivation and policies.

7.1 - Motivation

Why we do it and what we want to achieve.

Every internet user is forced to use centralized services sacrificing privacy and personal freedoms:

  • Accepts incomprehensible licenses;
  • Endures ads;
  • Gives his data to unknown persons;
  • End up in a “recommendation bubble”;
  • Subject to censorship, blocking.

We want digital independence and privacy for our data.

Our mission is to offer an alternative. Your services - your rules:

  • No license agreements, advertising, surveillance, telemetry, bans and censorship;
  • Your data is stored on your server and belongs only to you.

What do we need it for?

Our team consists of programmers and system administrators. We are from different countries and many of us have never met in person. Perhaps we are romantics. Don Quixotes of the free Internet. It is important for us not only to do the work, but to know the result - the contribution to a positive change in people’s attitudes to privacy and independence.

We hope to find stable financial support in the form of free software development funds in the near future, so as not to burden the project founder’s budget.

7.2 - Team

Our team, contributors and like-minded people.

About us

International team of independent professionals:

  • Zholnay Kirill - Founder/CEO/CISO. For more than 15 years builds and protects corporate infrastructure in medium and large companies
  • Dettlaff - core-team backend developer
  • Houkime - core-team backend developer
  • Inex Code - core-team full-stack developer
  • NaiJi - core-team Flutter developer
  • ilchub - DevOps, Backend developer
  • kherel - Flutter developer
  • nikolai - QA Engineer
  • and a lot of cool contributors and volunteers

We get help

Like-minded people

  • Cloudron - commercial project, code closed, from $15 per month for email and multiple services. You have to install the application yourself on the server, keep an eye on the server resources.
  • IndieWeb - it is open-source project, complicated in configuration.
  • Kubenav - manages docker containers from mobile. Promising but for highly skilled users.
  • Yunohsot - open-source project, but not very stable.
  • FreedomBox - open source project on ARM
  • Tunrkeylinux - ready to use software for advanced users

Useful

7.3 - Privacy Policy

Our policies and politics.

Last updated: May 15, 2023

This SelfPrivacy (“SelfPrivacy” or “we” or “us” or “our”) privacy policy (the “Privacy Policy”) is designed to help you understand what information we collect, including information that directly or indirectly identifies an individual (“personal information”), and how we use or share that information.

We take your privacy very seriously, and we are committed to ensuring that your personal information is kept safe and secure. This Privacy Policy explains how we manage your personal information when you use our application.

We want to keep it simple, and we don’t want to hide behind long paragraphs of text, small lines or difficult words.

SelfPrivacy is an open-source project. Please note that we are neither the data controller nor the data processor for any data processing operations carried out through our application. We do not have control over how users utilize the application or how they process any data that they may choose to host or store through the application. As such, we cannot be held responsible for any data processing activities carried out by our users. We encourage all users to carefully consider their data processing activities and to comply with applicable data protection laws and regulations.

Collection of Information

Our application does not collect any personal information from you. We do not collect your name, email address, or any other contact information. We also do not collect any technical information about your device, including your IP address, operating system, or browser type.

SelfPrivacy does not collect limited service and usage data like error and diagnostics information, security alerts, and log file reports associated with device identifiers. We refer to this information as “telemetry data,” and it does not include any end user personal identifiers or message contents.

We collect access logs to determine our user count and the countries they are visiting from. However, we store visitor IP addresses as subnets (x.x.x.0) which may not be sufficient to uniquely identify individuals. Although we cannot guarantee that our server provider does not collect meta-information, we advise users to use methods of traffic anonymization for added privacy.

Tracking

Our application provides users with the necessary tools to create self-hosted services, such as web servers or databases, without requiring them to provide any personal information. We do not track users’ activities or behaviors within the application, and we do not use cookies or other tracking technologies.

Third-party service providers

We have no control over the personal information that users provide to third-party service providers when opting for self-hosted services. Our application initiates interactions with third-party service providers only after the user has selected them. When users consent to allow third-party service providers to collect and process personal information about their online activities using cookies, pixels, local storage, and other technologies, we are not accountable for the privacy practices of these third parties. This Privacy Policy does not cover the information practices of these third parties.

Use of Information

Since we do not collect any personal information from you, we cannot use it for any purpose. Our application is designed to allow you to set up and use self-hosted services without the need for any personal information. We do not use your information for marketing purposes.

Disclosure of Information

Since we do not collect any personal information from you, we cannot disclose it to anyone. We do not share your personal information with any third parties.

Protection of Information

We take the security of your personal information very seriously. Even though we do not collect any personal information about you, we still use industry-standard security measures to protect our application and the data it contains. We use encryption, firewalls, and other security measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We encourage you to review this Privacy Policy regularly to stay informed about how we collect, use, and protect your personal information.

Contact Us

If you have any questions or concerns about our Privacy Policy or the collection, use, or disclosure of your personal information, please contact us at privacy@selfprivacy.org. We will do our best to address your concerns in a timely and satisfactory manner.


We are pleased to offer this Privacy Policy under Creative Commons Zero license as a template that can be used by anyone in the open-source community. We hope that this contribution will help to support the development of privacy policies that promote transparency, accountability, and respect for the privacy of individuals. As part of our commitment to open-source values, we believe in sharing knowledge and resources to foster innovation and collaboration. Therefore, we encourage others to adapt and modify our privacy policy to meet their specific needs, while ensuring that they comply with applicable laws and regulations.

Licensed under CC0

7.4 - Donations

Donate to Selfprivacy

Unfortunately, you can’t make a mass product on enthusiasm. Many choose to go the commercial route, but that imposes limitations:

  • A focus on making money, not privacy
  • Willingness to sell out to a mega-corporation
  • Functionality dictated by market, marketing, buzzwords.

The best option is regular user funding. At least $1 a month.

As of 2019, I’m investing a noticeable chunk of my family budget and time into the project. Because I am confident in the necessity of SelfPrivacy. Kirill Zholnay (founder).

All donations will go to the development of the project and decent pay for the team. We, like any other opensource project, live off donations.

For regular money Librepay

https://liberapay.com/SelfPrivacy.org

7.5 - Roadmap

What we are going to do next

The following is a list of our tasks in no particular order, grouped by topics. This is a living document that will change over time.

Tasks in bold are sponsored, for example, by NlNet. Tasks in italic are in our current focus.

SP Nix flake format

Single sign on (SSO)

  • Analyze protocols supported by different services. (LDAP, oAuth, OIDC, …)
  • Compare different SSO solutions, choose the most appropriate.
  • Implement Nix modules to integrate the selected SSO solution with the services we install.
  • Add support for the SSO administration on the SelfPrivacy API and app side.
  • Develop the self-service portal for the users.

Security

  • Harden the systemd units
  • System security audit logging
  • GUI to view the audit log events
  • Monitoring
  • Alerts

Automatic backups

  • Implement the new backups subsytem on the API in the storage-agnostic way
  • Implement automatic backups and rotation
  • Implement automatic restoration from the snapshot
  • Allow recreating the server on the new machine using the backup automatically
  • Automatic migration between machines

Add services

  • Self-hosting a static website (selfprivacy#17)
  • LibreOffice online
  • BigBlueButton
  • Corteza
  • Flarum
  • FileSender
  • GoToSocial
  • GNU Social
  • KBin
  • Funkwhale
  • Castopod
  • Mastodon
  • UnifiedPush provider (for example, ntfy)
  • Matrix server
  • VPN (Collaboration with leap.se is possible)

Provisioning

  • Refactor the provisioning logic
    • Backup credentials are no longer need during setup (selfprivacy#370)
    • Providers’ credentials are no longer needed to communicate with an existing server
    • It is possible to update the token
  • Multitenancy
  • The installation progress can be tracked by the app
  • More tools to debug failed installation

Manual installer (support for bare metal)

While cloud server providers offer APIs that allow us to perform almost fully automated server installation, it is not true self-hosting, if you can’t install the system on your own hardware. The installer shall be developed to allow deploying SelfPrivacy on systems where APIs are not available. There will be UX challenges on how to make this process as simple to the end user as possible. In the end, the user shall be able to control their server from the mobile SelfPrivacy app just like if they installed it using the cloud provider.

New providers (server)

  • Scaleway
  • We’re open for suggestions!

New providers (DNS)

  • Porkbun
  • We’re open for suggestions!

New providers (backup storage)

  • SFTP
  • Restic REST server
  • We’re open for suggestions!

System management

  • Track the progress of system rebuilds
  • Allow deleting old system generations from GUI
  • API to read logs from the services

App reactivity

  • Handle situations when the server is offline
  • Use websockets to keep information updated in real time

Localization and accessibility

  • Translate server-side messages to the client’s language
  • Make sure the app is fully usable with a keyboard
  • Make sure the app is compliant with WCAG

Publishing

  • Publish on Google Play
  • Publish on Apple App Store

8 - Theory

Discussion of various aspects of the project

8.1 - How SelfPrivacy automates server management

SelfPrivacy tries to automate all steps of the server setup and management so it does not take much time.

Self-hosted means “independent server hosting” or “hosting yourself”. This is when IT people do not use popular services like Google, they install free (like freedom) alternatives on their own or rented servers (VPS). It turns out that you get the same service, but under your own control. Often, free analogues will be more functional, private and secure than free off-the-shelf options from big companies.

Self-hosting provides complete privacy of data, including meta-information. But it also imposes an obligation to manually operate the system:

  • You need to set up a domain for the application and a TLS certificate;
  • You need to take care of the server security;
  • Do not miss critical security updates;
  • Make regular backups;
  • Make sure that the disk does not overflow;
  • Create and delete service users;

For an IT person, the tasks are manageable, even though they are troublesome. But for the rest of us, they are almost unbearable. The task of SelfPrivacy is to simplify this process as much as possible. You don’t need to use a console or be a skilled technician. The program automates all for you.

Domain Management

Full automation

Once you have configured your domain on CloudFlare and copied the API key into the SelfPrivacy application — your domain is managed completely automatically:

  • Records are created for all services;
  • Updated if necessary;

All you have to do is pay for the domain once a year at your registrar. Don’t forget to check your email account.

Certificate management

Full automation

Security of communication with your server is ensured by TLS ≥ v.1.2, like in banks. For this purpose SelfPrivacy uses a certificate from Let’s Ecncypt, the world’s most popular provider trusted by millions of web portals.

Updating the operating system on your server

Full automation

A once-configured server is not completely secure. Over time, bugs may appear in the services, and the server becomes susceptible to hacking. Unfortunately, this is not such a rare occurrence. That’s why responsible IT professionals regularly update their servers. SelfPrivacy does it for you.

  • System updates;
  • Major NixOS releases;

Updating the server part of SelfPrivacy

Partial automation

SelfPrivacy consists of two parts - an app on your device, such as your phone or PC, and a server backend called the SelfPrivacy API. SelfPrivacy manages your service providers and your server. To do this, the SelfPrivacy API backend daemon runs on the server side. It also needs to be updated, for example when we add functionality or fix bugs. Updating often happens automatically, but sometimes you have to manually confirm a system configuration update to make the new features of the SelfPrivacy server side work.

Updating SelfPrivacy

Full automation

The SelfPrivacy application, roughly speaking, is a set of instructions that change something in the server. The work of the application after the initial configuration in no way affects the performance of services on your server. Nevertheless, every day we try to automate something, fix something, add new functionality. Application updates are done automatically from the repository, such as F-Droid, in the near future App Store and Google Play.

Server resource management

Partial automation

When there are a lot of users or services, the server can start to slow down. Through the application you can monitor the current resource consumption, and soon it will be possible to order an upgrade of the virtual machine.

Disk management

Partial automation

The application keeps track of the free space on the server disks and allows you to transfer data between them. If the partition is expandable, the app can automatically order more space after user confirmation.

Rescue copies

Full automation

Backups allow you to both repair broken servers and migrate from one server to another. All backups are encrypted, under the hood we use Restic. Each service’s data is backed up individually. Backups can also be done automatically at user-defined intervals.

User Management

Partial automation

Each service has its own administrator interface that allows you to manage users. However, we are working to integrate this functionality into the application and automatically create users from a common list.

Manual management via SSH (expert)

Manual operations

For security reasons, access to SelfPrivacy server administration via SSH is disabled by default. This reduces the attack surface. Console access is needed in exceptional cases:

  • Upgrade error, or fixing unexpected situations;
  • Server tuning, if you are an experienced NixOS user and want to tweak SelfPrivacy Server for your own needs;

In normal operation, the user does not need to use SSH administration through the console. We are working to ensure that the general configuration of SelfPrivacy can be extended with your own Nix files, which will not interfere with automatic updates.

The system is very complex, why is it private?

All transactions take place between your application, your server, and your service providers without SelfPrivacy being involved. Your copy of SelfPrivacy App is completely autonomous and independent in managing your infrastructure. No information about your interactions with your infrastructure reaches SelfPrivacy. All backups of your services leave your server in a fully encrypted form.

You can read more about this in our privacy policy.

8.2 - Project architecture

How the project is organized and how it works.

Yes, you could use kubernetes. But why when immutability is ensured by NixOS?

User app: Flutter/Dart was chosen because of the speed and smoothness of the UI and cross-platform.

Server side (backend): NixOS + Python. NixOS was chosen because of its reproducibility, python because of its versatility and popularity.

Service providers

We do not get paid by any service providers! We are not affiliated with them in any way. We chose them purely for professional reasons. But we do not exclude partnership in the future.

Hosting

SelfPrivacy supports two hosting providers: Hetzer and DigitalOcean

Both were chosen because of low price and acceptable level of service, quality REST API.

Candidates:

  • Own personal iron server. Our main priority right now;
  • A service provider that will provide an API to deploy an iron server. Outside FVEY;
  • OVH
  • Scaleway

There’s also free Oracle Cloud, but where you don’t pay, you’re usually a commodity.

DNS

There’s a choice between Cloudflare, deSEC, or DigitalOcean DNS.

deSEC is a more private option and is recommended by default.

Cloudflare likely collects data in proxy traffic mode, otherwise it’s hard to explain why they would offer such services for free. In our case, we don’t proxy anything and use it only as a DNS server.

Backup repository

We use Backblaze.

The first 20GB are free and significantly cheaper than AWS. Backblaze publishes its hardware developments in open source. They also shares very useful statistics on disk failures, based on which one can choose the most reliable and tested option.

In the future, we might replace them with a self-hosted solution or a peer-to-peer one. Currently, this is not a top priority since the data is encrypted, and the service provider only sees the IP address of your server, not the device with the application.