Documentation

• 1: Getting Started
• 2: How-to guides
• 2.1: How to get root access via SSH
• 2.2: How to manually clean up your server's disk space
• 3: Frequency Asked Questions
• 4: Available services
• 4.1: Bitwarden
• 4.2: Gitea
• 4.3: Pleroma
• 4.4: Delta.Chat
• 4.5: E-mail
• 4.6: Nextcloud
• 5: About us
• 5.1: Motivation
• 5.2: Team
• 5.3: Privacy Policy
• 5.4: Donations
• 6: Theory
• 6.1: How SelfPrivacy automates server management
• 6.2: Project architecture

1 - Getting Started

The SelfPrivacy server is created step by step within an hour. Sounds scary, but believe me, you don’t need a PhD to do it. It’s as easy as shopping in an e-shop.

• Finding a passport and card with a balance of $10-15 and $5 per month
• Registration of accounts
• Domain purchasing
• Connecting Domain to DNS Server
• Generating tokens
• Installation
• Connecting to the services

If you delegate this process to someone else, you will lose your privacy. For 100% independence and control we recommend doing everything yourself.

Accounts registration

For stability, SelfPrivacy needs many accounts. We don’t want to trust all the data to one company, so we’d rather distribute parts of the system to different places.

Accounts to create:

• Hetzner or DigitalOcean — virtual hosting servers. Whichever one you choose, your data and SelfPrivacy services will live on it.
• NameCheap, Porkbun or any other registrar, to purchase your personal address on the Internet — the domain that will point to the server.
• CloudFlare is a DNS server, where your personal address (domain) works.
• Backblaze is an IaaS, that provides free storage for your encrypted backups.

Registration is trivial, but sometimes account activation can take up to several days or require additional documents. Therefore, use real documents and fill everything out carefully. Providers protect themselves from spam this way. Nothing personal :)

Be sure to enable additional account protection — the second factor (MFA, 2FA). Without this simple step, your data will not be safe.

I know it was hard, but now your data is better protected than 95% of users. You should be proud of yourself! I’m proud of you 🤗

Purchasing a domain

Enabled 2FA? Then let’s get to the most interesting part!

Domain — it’s a piece of the Internet, that you can name like your home pet. The potential for creativity is enormous. Your only limitations are 63 character length + .com .org .icu or other domain zones. Feel free to choose from hundreds of others. You can choose your last name as a domain, like this: jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop

Advice:

• Be sure to look at the annual renewal price, it can be many times the purchase price.
• Normal domain price is $8-10 per year.

• When registering a domain, make sure you enter your real email address, otherwise your registration may be cancelled. And if you can’t renew the domain, the system won’t work as intended.

• A good name comes in handy, both on the phone to dictate, and on your business card.
• Did I mention the 2FA?

Connecting Domain to DNS Server

Once purchased, add your domain to CloudFlare:

Using ruleit.stream as an example, we chose the free service plan and got nameservers: gail.ns.cloudflare.com and mattns.cloudflare.com, which need to be registered with our registrar. For example, with NameCheap:

At the same time, we check that we include auto-renewal and personal data protection — WhoisGuard. After a few minutes or, in the worst case, up to 2 days, the settings will be applied.

Generating tokens

API tokens are almost the same as login and password, only for a program, not a person. SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!

We do not need a token for your domain registrar. But we will need one for the CloudFlare to use it for domain management.

How to get Cloudflare API Token

1. Visit the following link and log in to the account you created earlier.

2. Click on the profile icon in the upper right corner (for the mobile version of the site: click on the menu button with three horizontal bars in the upper left corner). From the menu that appears, click My Profile.

3. We have four configuration categories to choose from: Preferences, Authentication, API Tokens and Sessions. Select API Tokens.

4. The first item we see is the Create Token button. Click it.

5. Scroll down until you see the Create Custom Token field and the Get Started button on the right side. Press it.

6. In the Token Name field, give your token a name. You can create your own name and treat it like a pet name :)

7. Next, we have Permissions. In the first field, choose Zone. In the second field, in the middle, select DNS. In the last field, select Edit.

8. Click on the blue label at the bottom + Add more (just below the left field that we filled in earlier). Voila, we have new fields. Let’s fill them in the same way as in the previous section, in the first field we choose Zone, in the second one also Zone. And in the third one we press Read. Let’s check what we have:

9. Next, look at Zone Resources. Below this heading there is a line with two fields. The first should be Include, and the second should be Specific Zone. Once you select Specific Zone, another field will appear on the right. Here you select our domain.

10. Scroll to the bottom and click the blue button Continue to Summary.

11. Check that you have selected everything correctly. You should see a line like this: your.domain - DNS:Edit, Zone:Read.

12. Press Create Token.

13. Copy the created token.

How to get server provider token

• Hetzner
• DigitalOcean

How to get Backblaze token

1. Visit the following link and log in to the previously created account.

2. On the left side of the interface, select App Keys in the B2 Cloud Storage subcategory.

3. Click on the blue Generate New Master Application Key button.

4. In the appeared pop-up window confirm the generation.

5. Copy keyID and applicationKey.

🎉 Congratulations! Now you are ready to use private services.

2 - How-to guides

2.1 - How to get root access via SSH

To access your server’s root shell you will have to generate your SSH key and add it to your server’s authorized keys.

How to generate SSH key

Unix-like systems (PC)

1. Open the terminal.
2. Run the following command:

   ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
   

   You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
3. Print the public key to the terminal and copy it:

   cat ~/.ssh/id_ed25519.pub
   

4. Refer to the next section to add the key to your server.

Windows

1. Open settings and under “Applications” click on “Manage additional components”.
2. Press “Add Component”.
3. Enter “OpenSSH client” in the search box and install it.
4. Open the Command Prompt. You can do this by pressing Win+R, typing cmd and pressing Enter.
5. Run the following command, replacing user_name with your Windows username:

   ssh-keygen -t ed25519 -f C:\Users\user_name\.ssh\id_ed25519.pub
   

   You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
6. Print the public key to the terminal and copy it:

   type C:\Users\user_name\.ssh\id_ed25519.pub
   

   Once again, replace user_name with your Windows username.
7. Refer to the next section to add the key to your server.

Android (Termux)

0. Install Termux. We recommend installing it from F-Droid.
1. Open Termux.
2. Run the following command:

   apt update -y && apt upgrade -y && apt install open-ssh -y &&
   ssh-keygen -t ed25519 -f /data/data/com.termux/files/usr/etc/ssh/ssh_host_ed25519_key
   

   You will be asked to enter a passphrase. You can leave it empty, but it is recommended to use a passphrase. If you do not want to use a passphrase, press Enter.
3. Print the public key to the terminal and copy it:

   cat /data/data/com.termux/files/usr/etc/ssh/ssh_host_ed25519_key.pub
   

4. Refer to the next section to add the key to your server.

How to add the key to your server

0. Open the SelfPrivacy app.
1. Go to the “More” tab.
2. Tap on “Superuser SSH keys”.
3. Tap on the “Create SSH key” button.
4. Paste the public key you copied earlier.
5. Tap on the “Create SSH key” button.
6. Open the Jobs list
7. Tap on the “Start” button.
8. In a few minutes, you will be able to access your server’s root shell via SSH.

How to access your server’s root shell via SSH

1. Open the terminal or Command Prompt.
2. Run the following command, replacing server_ip with your server’s domain:

   ssh root@server_domain
   

3. Enter the passphrase you entered when generating the SSH key, if you used one.

Be careful when using the root shell. If you do not know what you are doing, you can break your server or leak your data. Responsibility for the consequences of your actions lies with you. Respect the privacy of other users.

2.2 - How to manually clean up your server's disk space

There are several ways to clean up your server’s disk space.

To check how much disk space you have, run the following command:

df -h

This will output a table like this:

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs         97M     0   97M   0% /dev
tmpfs           969M   52K  969M   1% /dev/shm
tmpfs           485M  3.8M  481M   1% /run
tmpfs           969M  432K  968M   1% /run/wrappers
/dev/sda1        19G  8.2G  9.5G  47% /
/dev/sdb         18G   62M   17G   1% /volumes/sdb
tmpfs           194M     0  194M   0% /run/user/0

Here, the filesystem mounted on just / is your system volume.

Deleting old NixOS generations

NixOS allows you to roll back to previous system states at any time, at the cost of disk space. SelfPrivacy servers are configured to reclaim disk space by automatically deleting old system states, but only states older than 7 days are deleted, so you can still use the rollback feature.

It is possible to manually delete all old system states, and it may give you more much needed disk space. To do this, simply run the following command as root:

nix-collect-garbage -d

This operation might take a while, depending on the number of system states you have. When it is done, you will see how much disk space you have freed up.

Deleting old logs

Logs sometimes may take up quite a lot of disk space. On SelfPrivacy servers, system logs are always limited to 500MiB, but these are not the only log files you have on your server.

To check how much disk space logs take up, run the following command:

du -h --max-depth=1 /var/log

The output will look something like this:

4.0K	/var/log/private
14M     /var/log/nginx
499M	/var/log/journal
587M	/var/log

System journal

Here, /var/log/journal are the system logs where all apps usually write their logs. As you can see in this example, they respect the 500MiB limit.

If you want to clear all system logs, run the following command:

journalctl --rotate && journalctl --vacuum-time=1s

This will usually give you around 450 MiB of free disk space, but not for long. This may though be enough to run some commands that will free up more space.

Nginx logs

The /var/log/nginx directory contains logs for the Nginx web server. If they got too big, you can clear them by running:

rm /var/log/nginx/* && systemctl reload nginx

As you can see, we don’t just delete the files, but also reload Nginx. This is because Nginx will get confused by the missing log files, and they will not be recreated until Nginx is reloaded.

Deleting old system

When you install SelfPrivacy on a server, the existing system gets replaced by NixOS. But the old system is still there and takes up disk space, so you can roll back to it if you want.

To measure how much disk space the old system takes up, run the following command:

du -h --max-depth=1 /old-root/

If there is no old system in place, you will see du: cannot access '/old-root/': No such file or directory.

But if you do have an old system, you may delete it by running the following command:

rm -rf /old-root/

This usually frees up around 1.8 GiB of disk space on typical SelfPrivacy servers.

3 - Frequency Asked Questions

General questions

What are self-host services and what are their advantages?

When we use centralised services, such as popular social networks, we trust the admins of the resource that stores our correspondence, our photos and even the most important secrets said in a chat with close people. We allow our interests and music preferences to be analysed, receive targeted advertising based on them, and most likely participate in unnamed audience analysis programs and all sorts of surveillance.

Self-hosted is the term for keeping an online service in-house. The key to this approach is that you have an independent copy of the software on your server, without a third party running the service. To be an administrator, you don’t need to be a programmer and understand all the intricacies of the inner workings of the server application, i.e. the service. Typically, application developers who are not beholden to the head office and its ad trackers will try to make the service as clear and simple to use as possible.

Popular examples include self-hosted email servers, messengers such as XMPP or Matrix, and VPN solutions. If you’ve worked in a large organisation, you’ve probably seen a standalone email service on the company domain, and you’ve probably also come across corporate messengers. These are all self-hosted, but not by you, but by the company you worked for. Why does a company need its own email and messenger? The answer is simple: to keep employee communications and company secrets in their own hands, under their own control.

If you think you don’t trust companies, want to keep your data under your own control, or simply don’t want to strengthen the monopolistic position of the IT market, self-hosting will suit your needs.

Can I trust my hosting provider?

We have all experienced being disconnected from the Internet due to overdue payments, or having our home power cut off due to technical problems somewhere in the house or city. Therefore, in order to provide a stable online service, they turn to hosting providers - special companies that provide computer facilities for rent and undertake to do everything possible for their stable operation: backup power supply schemes of equipment in case of emergency, backup highways to connect to the Internet, as well as protection against earthquakes, fires and floods according to the latest science and technology.

A reasonable question: can you trust these services, since all the data stored on your leased server is, after all, the data stored on the disc provider’s discs. There is no clear answer to this question, because at the request of law enforcement agencies from the provider’s jurisdiction, your data will surely be handed over without too many questions. But… do you often have problems with the law? And the law of foreign territories? On a more paranoid note, your server is the last weak link in the infrastructure. It is much more frightening to use a smartphone, smart speakers and other electronic devices whose content is terra incognita, and in which all trust is based solely on the marketing of vendors and our ingrained habits.

Hosting providers have hundreds, thousands and sometimes millions of virtual machines. One of them will be yours. Is it worth the trouble? Probably not.

The hoster is asking for my passport, what should I do?

The SelfPrivacy infrastructure currently relies on Hetzner’s hosting capabilities. During registration, the hosting provider asks for proof of identity. This protects them from spammers. In addition, the European jurisdiction requires to know your customer (KYC). We apologise for the fact that Hetzner is not involved in the collection of unnecessary data and the disclosure of information about users.

Providing photos or photocopies of documents to anyone online is a bad practice that we condemn. But thousands of users and even we vouch for Hetzner’s reliability. They have been around for many years and have a good reputation. Think of it as registering with a phone number that is also linked to passport details in most countries. For our part, we are looking for alternative solutions.

Will this protect me from the FBI, FSB, Mi6, …?

We do our best to keep your data technically intact. But your hosting has to comply with the laws of its jurisdiction. We choose to host in as legal a jurisdiction as possible. So unless you are involved in criminal activities such as drug dealing, illegal porn, terrorism, and the like, your data is unlikely to be threatened.

Can I put SelfPrivacy on my hardware?

Unfortunately, no. But it is one of the features we plan to introduce in future updates.

Do we make money off of users?

No, we do not make money from users. We have no agreements with ISPs, nor do we use advertising or analytics in the app.

What’s the point of a non-profit project?

In a climate of aggressive consumerism, where only stories about effective business sell like hot cakes, non-profit projects are cautious. The main motive behind SelfPrivacy that runs through our team is to make using the internet a little more comfortable, a little easier and - most importantly - a little more private. Privacy is an inalienable human right that allows us to feel like subjects, independent individuals. We’re making a public project to get inspiration for new features and to look for bugs, not by a few people, but by tapping into the resources of an unlimited audience. After all, why does a musician write tunes and an artist create paintings? Moreover, developing a free solution that can take users to a new level of privacy is a matter of honour. And samurai have no goal, only a way.

Why do we choose providers?

There are several criteria we use when choosing an ISP:

1. Availability of a REST API that manages the creation of the VPS. Otherwise SelfPrivacy will not be able to automatically create and configure the server, and much of the work will fall on the user’s shoulders. Also, automatic disk expansion will not work (when the amount of data on your server grows and needs more space);
2. Quality of service;
3. Price.

We would like to add support for new hosting providers, but at the moment all the alternatives do not support the functionality we need, or are excluded for other good reasons. Hetzner has a weak support service, but they have a good network and a great price. Their competitors are significantly more expensive and have a questionable attitude to privacy.

Those who don’t ask for a passport or other substantial proof of identity tend to create problems for email traffic - they send spam from them. For example, scaleway’s emails are blocked and you have to write to support to get them unblocked. This severely disrupts the end-to-end process of using the email service in SelfPrivacy.

What we use as an email server

On the deployed server, the following components are responsible for sending, receiving, filtering emails:

• Postfix - SMTP server;
• Dovecot 2 - IMAP server;
• Rspamd - SPAM filter;

Why use CloudFlare?

Cloudlare is reliable and free. They probably collect data, otherwise it’s hard to explain why you should proxy other people’s traffic for free. In our case we only use it as a DNS server and don’t proxy anything. In the future we will replace it with our own DNS once we have solved the reliability problem.

We are currently testing yggdrasil + alfis, which will eliminate the need for a domain registrar and cloudflare. However, the testing, bug reporting to developers and sleepless nights will continue as we try to provide users with only the most reliable solutions we can find.

How to get help?

If you encounter a problem, feel free to write to the groups with SelfPrivacy developers ;)

• Telegram chat: @selfprivacy_chat
• Matrix chat: #chat:selfprivacy.org

Or you can create an issue in our project repository:

• Main app - https://git.selfprivacy.org/kherel/selfprivacy.org.app
• Other stuff - https://git.selfprivacy.org/SelfPrivacy

4 - Available services

4.1 - Bitwarden

Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form.

Bitwarden can be downloaded and configured on your server, which is what we use as part of the SelfPrivacy project. Unlike other free (like freedom) password managers, Bitwarden provides easy synchronization of one database between all devices.

• Official project website

Recommended clients

• WEB-interface: available after SelfPrivacy server configuration, at https://password.YOUR.DOMAIN
• Official client (GNU/Linux, Windows, macOS, Android, iOS)

Setting an admin token manually

First, make sure your system config is up to date. You may click “upgrade server” in the app and wait for a couple of minutes, or run the following command in the terminal:

cd /etc/nixos
git pull

Then, we have to generate an admin token. Run the following:

nix-shell -p openssl --run 'openssl rand -base64 48'

It will output a string like this:

47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ

This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:

jq '.bitwarden.adminToken = "PASSWORD"' /etc/nixos/userdata/userdata.json > /etc/nixos/userdata/userdata.json.new && mv /etc/nixos/userdata/userdata.json.new /etc/nixos/userdata/userdata.json

Now, we have to apply the changes:

nixos-rebuild switch

And after rebuilding the system, restart Bitwarden:

systemctl restart vaultwarden

Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.

4.2 - Gitea

In the age of computer technology, a lot of people deal with program code or configs. The version control system Git is widely used in order not to get confused with them. You can often find links to centralized git-hosting where the security (and sometimes privacy) of the code is questionable.

Owning your own git hosting allows you to store personal files on a private server. One of the best free (as freedom) git-hosting sites is - Gitea. It has all the necessary functionality and a convenient web interface.

• Official project website

Recommended clients

• WEB-interface: available after SelfPrivacy server configuration, at https://git.YOUR.DOMAIN
• Official console git client (GNU/Linux, Windows, macOS, *unix)

If you want a client with a graphical interface, you can choose it from list of recommendations on the official website.

4.3 - Pleroma

Any centralized social network will have to take care of moderation, censorship, implementing rules, reading your correspondence as it grows. Another thing is your own social network, which can only belong to you, your family or your team. Only a decentralized network can provide maximum privacy. That’s why we offer you to become part of the Fediverse decentralized network.

At SelfPrivacy we use Pleroma.

• Official project website

Recommended clients

• WEB-interface: available after SelfPrivacy server configuration, at https://pleroma.YOUR.DOMAIN
• Husky (Android)

Features of Pleroma

• A social network of any scale: from a personal server with a single account to a massive thematic site;
• Your social network, your rules. You are the censor, moderator and administrator.

4.4 - Delta.Chat

Messengers like Telegram, Signal, Whatsapp cannot be private due to the peculiarity of their architecture - centralization. And peer-to-peer (p2p) services like Tox consume too many resources and are inconvenient to use on a mobile device.

The best solution is to use your mail server for Delta.Chat. Delta.Chat is a messenger based on the email protocol.

If your conversation partner doesn’t use Delta.Chat, it will be just an ordinary email correspondence for him.

• Official project website

Recommended clients

• Official client (GNU/Linux, Android, Windows, macOS, iOS)

Features of Delta.Chat

• Regular email client with all the features of IM.
• Reliable end-to-end encryption (e2e), provided a personal email server is used by both interlocutors or a personal key exchange, such as via QR code.
• Can use any email server, but then you lose control over the meta-information and risk key-swapping man-in-the-middle attack.
• Slightly slower than usual messengers
• First message is not encrypted because public encryption keys are sent with it.
• There are problems with sending files > 5-7MB.
• There are no convenient channels (chats for mass discussions and sending out information). We recommend using a decentralized social network.

4.5 - E-mail

E-mail is a time-tested protocol that needs no introduction. A personal mail server will provide special privacy for all correspondence and is useful for registering in online services and personal correspondence, especially for Delta.Chat.

Authentication

Users from the “users” tab of your app are used.

Connection configuration

Login must the username with the domain. For example, user@domain.tld.

SMTP

SMTP Server: your domain

SMTP Port: 587

Authentication: STARTLS

Username: your username @ your domain (your full email address)

IMAP

IMAP Server: your domain

IMAP Port: 143

Authentication: STARTLS

Username: your username @ your domain (your full email address)

Recommended E-mail Clients

• Mozilla Thunderbird (GNU/Linux, Windows, MacOS)
• FairEmail (Android)

Configuration example for Mozilla Thunderbird

Tips

Alias for addresses

Use aliases for questionable services or one-time needs.

Messages for user+alias@domain.com will go to user@domain.com. It can be useful for spam origin analysis if a unique alias is used for each online service when registering. For example, bank+user@domain.com, cryptoexchenge+user@domain.com, and so on.

Directory Filter

Create directories of filters for different purposes. This will help protect against phishing and clogging your inbox. The message for user-dir@domain.com will create a dir directory in the user@domain.com mailbox and all mail will arrive in the dir directory.

Examples:

• user-w@domain.com - for registering with web services
• user-shops - for web-stores
• user-pay - payment systems
• user-forum - forum notifications

Features

• Email is over 50 years old. In IT, this is a sign of maturity and reliability of the technology.
• Email is the most popular way to get infected with viruses (after hacked software and cracks).
• Beware of phishing (fraudulent emails), it can rob you of your savings and control over your digital life.

4.6 - Nextcloud

Collaboration means file storage, document management, video conferencing, shared event calendars, and things like that. As a rule, people tend to trust personal life and business to third-party services. However, there is an option to keep it all on your own server.

We choose Nextcloud - free software for convenient scheduling and file storage.

• Official project website

Authentication

When creating a server, admin Nextcloud user is created with the password you’ve used for your primary user.

To add new users, go to the user administration panel, on the web interface of your Nextcloud.

Recommended clients

• WEB interface: available after SelfPrivacy server configuration, at https://cloud.YOUR.DOMAIN
• Official application (GNU/Linux, Windows, macOS, Android, iOS)

5 - About us

5.1 - Motivation

Every internet user is forced to use centralized services sacrificing privacy and personal freedoms:

• Accepts incomprehensible licenses;
• Endures ads;
• Gives his data to unknown persons;
• End up in a “recommendation bubble”;
• Subject to censorship, blocking.

We want digital independence and privacy for our data.

Our mission is to offer an alternative. Your services - your rules:

• No license agreements, advertising, surveillance, telemetry, bans and censorship;
• Your data is stored on your server and belongs only to you.

What do we need it for?

Our [team](/docs/about-us/team/ consists of programmers and system administrators. We are from different countries and many of us have never met in person. Perhaps we are romantics. Don Quixotes of the free Internet. It is important for us not only to do the work, but to know the result - the contribution to a positive change in people’s attitudes to privacy and independence.

We hope to find stable financial support in the form of free software development funds in the near future, so as not to burden the project founder’s budget.

5.2 - Team

About us

International team of independent professionals:

• Zholnay Kirill - Founder/CEO/CISO. For more than 15 years builds and protects corporate infrastructure in medium and large companies
• Dettlaff - core-team backend developer
• Houkime - core-team backend developer
• Inex Code - core-team full-stack developer
• NaiJi - core-team Flutter developer
• ilchub - DevOps, Backend developer
• kherel - Flutter developer
• nikolai - QA Engineer
• and a lot of cool cotributors and volonteers

We get help

• Roscomsvoboda. Speech in Russian youtube.
• Privacy Accelerator
• Open Source World Community
• NixOS Community

Like-minded people

• Cloudron - commercial project, code closed, from $15 per month for email and multiple services. You have to install the application yourself on the server, keep an eye on the server resources.
• IndieWeb - it is open-source project, complicated in configuration.
• Kubenav - manages docker containers from mobile. Promising but for highly skilled users.
• Yunohsot - open-source project, but not very stable.
• FreedomBox - open source project on ARM
• Tunrkeylinux - ready to use software for advanced users

Useful

• https://ssd.eff.org
• https://datadetoxkit.org
• https://securityplanner.consumerreports.org/tool
• https://www.fordfoundation.org/work/our-grants/building-institutions-and-networks/cybersecurity-assessment-tool/

5.3 - Privacy Policy

Last updated: May 15, 2023

This SelfPrivacy (“SelfPrivacy” or “we” or “us” or “our”) privacy policy (the “Privacy Policy”) is designed to help you understand what information we collect, including information that directly or indirectly identifies an individual (“personal information”), and how we use or share that information.

We take your privacy very seriously, and we are committed to ensuring that your personal information is kept safe and secure. This Privacy Policy explains how we manage your personal information when you use our application.

We want to keep it simple, and we don’t want to hide behind long paragraphs of text, small lines or difficult words.

SelfPrivacy is an open-source project. Please note that we are neither the data controller nor the data processor for any data processing operations carried out through our application. We do not have control over how users utilize the application or how they process any data that they may choose to host or store through the application. As such, we cannot be held responsible for any data processing activities carried out by our users. We encourage all users to carefully consider their data processing activities and to comply with applicable data protection laws and regulations.

Collection of Information

Our application does not collect any personal information from you. We do not collect your name, email address, or any other contact information. We also do not collect any technical information about your device, including your IP address, operating system, or browser type.

SelfPrivacy does not collect limited service and usage data like error and diagnostics information, security alerts, and log file reports associated with device identifiers. We refer to this information as “telemetry data,” and it does not include any end user personal identifiers or message contents.

We collect access logs to determine our user count and the countries they are visiting from. However, we store visitor IP addresses as subnets (x.x.x.0) which may not be sufficient to uniquely identify individuals. Although we cannot guarantee that our server provider does not collect meta-information, we advise users to use methods of traffic anonymization for added privacy.

Tracking

Our application provides users with the necessary tools to create self-hosted services, such as web servers or databases, without requiring them to provide any personal information. We do not track users’ activities or behaviors within the application, and we do not use cookies or other tracking technologies.

Third-party service providers

We have no control over the personal information that users provide to third-party service providers when opting for self-hosted services. Our application initiates interactions with third-party service providers only after the user has selected them. When users consent to allow third-party service providers to collect and process personal information about their online activities using cookies, pixels, local storage, and other technologies, we are not accountable for the privacy practices of these third parties. This Privacy Policy does not cover the information practices of these third parties.

Use of Information

Since we do not collect any personal information from you, we cannot use it for any purpose. Our application is designed to allow you to set up and use self-hosted services without the need for any personal information. We do not use your information for marketing purposes.

Disclosure of Information

Since we do not collect any personal information from you, we cannot disclose it to anyone. We do not share your personal information with any third parties.

Protection of Information

We take the security of your personal information very seriously. Even though we do not collect any personal information about you, we still use industry-standard security measures to protect our application and the data it contains. We use encryption, firewalls, and other security measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We encourage you to review this Privacy Policy regularly to stay informed about how we collect, use, and protect your personal information.

Contact Us

If you have any questions or concerns about our Privacy Policy or the collection, use, or disclosure of your personal information, please contact us at privacy@selfprivacy.org. We will do our best to address your concerns in a timely and satisfactory manner.

We are pleased to offer this Privacy Policy under Creative Commons Zero license as a template that can be used by anyone in the open-source community. We hope that this contribution will help to support the development of privacy policies that promote transparency, accountability, and respect for the privacy of individuals. As part of our commitment to open-source values, we believe in sharing knowledge and resources to foster innovation and collaboration. Therefore, we encourage others to adapt and modify our privacy policy to meet their specific needs, while ensuring that they comply with applicable laws and regulations.

5.4 - Donations

Unfortunately, you can’t make a mass product on enthusiasm. Many choose to go the commercial route, but that imposes limitations:

• A focus on making money, not privacy
• Willingness to sell out to a mega-corporation
• Functionality dictated by market, marketing, buzzwords.

The best option is regular user funding. At least $1 a month.

As of 2019, I’m investing a noticeable chunk of my family budget and time into the project. Because I am confident in the necessity of SelfPrivacy. Kirill Zholnay (founder).

All donations will go to the development of the project and decent pay for the team. We, like any other opensource project, live off donations.

For regular money Librepay

https://liberapay.com/SelfPrivacy.org

6 - Theory

6.1 - How SelfPrivacy automates server management

Self-hosted means “independent server hosting” or “hosting yourself”. This is when IT people do not use popular services like Google, they install free (like freedom) alternatives on their own or rented servers (VPS). It turns out that you get the same service, but under your own control. Often, free analogues will be more functional, private and secure than free off-the-shelf options from big companies.

Self-hosting provides complete privacy of data, including meta-information. But it also imposes an obligation to manually operate the system:

• You need to set up a domain for the application and a TLS certificate;
• You need to take care of the server security;
• Do not miss critical security updates;
• Make regular backups;
• Make sure that the disk does not overflow;
• Create and delete service users;

For an IT person, the tasks are manageable, even though they are troublesome. But for the rest of us, they are almost unbearable. The task of SelfPrivacy is to simplify this process as much as possible. You don’t need to use a console or be a skilled technician. The program automates all for you.

Domain Management

Full automation

Once you have configured your domain on CloudFlare and copied the API key into the SelfPrivacy application — your domain is managed completely automatically:

• Records are created for all services;
• Updated if necessary;

All you have to do is pay for the domain once a year at your registrar. Don’t forget to check your email account.

Certificate management

Full automation

Security of communication with your server is ensured by TLS ≥ v.1.2, like in banks. For this purpose SelfPrivacy uses a certificate from Let’s Ecncypt, the world’s most popular provider trusted by millions of web portals.

Updating the operating system on your server

Full automation

A once-configured server is not completely secure. Over time, bugs may appear in the services, and the server becomes susceptible to hacking. Unfortunately, this is not such a rare occurrence. That’s why responsible IT professionals regularly update their servers. SelfPrivacy does it for you.

• System updates;
• Major NixOS releases;

Updating the server part of SelfPrivacy

Partial automation

SelfPrivacy consists of two parts - an app on your device, such as your phone or PC, and a server backend called the SelfPrivacy API. SelfPrivacy manages your service providers and your server. To do this, the SelfPrivacy API backend daemon runs on the server side. It also needs to be updated, for example when we add functionality or fix bugs. Updating often happens automatically, but sometimes you have to manually confirm a system configuration update to make the new features of the SelfPrivacy server side work.

Updating SelfPrivacy

Full automation

The SelfPrivacy application, roughly speaking, is a set of instructions that change something in the server. The work of the application after the initial configuration in no way affects the performance of services on your server. Nevertheless, every day we try to automate something, fix something, add new functionality. Application updates are done automatically from the repository, such as F-Droid, in the near future App Store and Google Play.

Server resource management

Partial automation

When there are a lot of users or services, the server can start to slow down. Through the application you can monitor the current resource consumption, and soon it will be possible to order an upgrade of the virtual machine.

Disk management

Partial automation

The application keeps track of the free space on the server disks and allows you to transfer data between them. If the partition is expandable, the app can automatically order more space after user confirmation.

Rescue copies

Full automation

Backups allow you to both repair broken servers and migrate from one server to another. All backups are encrypted, under the hood we use Restic. Each service’s data is backed up individually. Backups can also be done automatically at user-defined intervals.

User Management

Partial automation

Each service has its own administrator interface that allows you to manage users. However, we are working to integrate this functionality into the application and automatically create users from a common list.

Manual management via SSH (expert)

Manual operations

For security reasons, access to SelfPrivacy server administration via SSH is disabled by default. This reduces the attack surface. Console access is needed in exceptional cases:

• Upgrade error, or fixing unexpected situations;
• Server tuning, if you are an experienced NixOS user and want to tweak SelfPrivacy Server for your own needs;

In normal operation, the user does not need to use SSH administration through the console. We are working to ensure that the general configuration of SelfPrivacy can be extended with your own Nix files, which will not interfere with automatic updates.

The system is very complex, why is it private?

All transactions take place between your application, your server, and your service providers without SelfPrivacy being involved. Your copy of SelfPrivacy App is completely autonomous and independent in managing your infrastructure. No information about your interactions with your infrastructure reaches SelfPrivacy. All backups of your services leave your server in a fully encrypted form.

You can read more about this in our privacy policy.

6.2 - Project architecture

Yes, you could use kubernetes. But why when immutability is ensured by NixOS?

Mobile app

Flutter/Dart was chosen because of the speed and smoothness of the UI and cross-platform.

Backend

NixOS + Python. NixOS was chosen because of its reproducibility, python because of its versatility and popularity.

Service providers

We do not get paid by any service providers! We are not affiliated with them in any way. We chose them purely for professional reasons. But we do not exclude partnership in the future.

Hosting

SelfPrivacy supports two hosting providers: Hetzer and DigitalOcean

Both were chosen because of low price and acceptable level of service, quality REST API.

Hetzer has not been seen to have any privacy or data collection problems.

Candidates:

• Own personal iron server. Our main priority right now;
• A service provider that will provide an API to deploy an iron server. Outside FVEY;
• OVH
• Scaleway

There’s also free Oracle Cloud, but where you don’t pay, you’re usually a commodity.

DNS

Cloudlare reliable, free. Probably collects data, otherwise it’s hard to explain why proxy other people’s traffic for free. In our case we use it only as a DNS-server and do not proxy anything. In the future we will replace it with self-hosted DNS, as soon as we solve the reliability problem.

Backup repository

Backblaze is free or times cheaper than AWS. Not seen in data collection. Publishes in open source the hardware it runs on. And also shares very useful statistics about disk failures, on the basis of which you can choose the most reliable and tested one. In the future, perhaps, we will replace it with a self-hosted or p2p solution. Now it is not the main priority, because the data is encrypted, and the service provider sees only the ip of your server, but not the home one.