7 minute read
Frequently Asked Questions
How to get help?
If you encounter a problem, feel free to write to the SelfPrivacy chats ;)
- Telegram chat: @selfprivacy_chat
- Matrix chat: #chat:selfprivacy.org
Or you can create an issue in our project repositories:
What are self-hosted services and what are their advantages?
When we use centralised services, such as popular social networks, we trust the admins of the resource that stores our correspondence, our photos and even the most important secrets said in a chat with close people. We allow our interests and music preferences to be analyzed, receive targeted advertising based on them, and most likely participate in unnamed audience analysis programs and all sorts of surveillance.
Self-hosted is the term for keeping an online service in-house. The key to this approach is that you have an independent copy of the software on your server, without a third party running the service. To be an administrator, you don’t need to be a programmer and understand all the intricacies of the inner workings of the server application, i.e. the service. Typically, application developers who are not beholden to the head office and its ad trackers will try to make the service as clear and simple to use as possible.
Popular examples include self-hosted email servers, messengers such as XMPP or Matrix, and VPN solutions. If you’ve worked in a large organisation, you’ve probably seen a standalone email service on the company domain, and you’ve probably also come across corporate messengers. These are all self-hosted, but not by you, but by the company you worked for.
Why does a company need its own email and messenger? The answer is simple: to keep employee communications and company secrets in their own hands, under their own control.
If you want flexible self-host tools that you can customise, or you just don’t trust big companies and want to keep your data under your own control, self-hosting is for you.
Can I trust my hosting provider?
We have all experienced being disconnected from the Internet due to overdue payments, or having our home power cut off due to technical problems somewhere in the house or city. Therefore, in order to provide a stable online service, they turn to hosting providers - special companies that provide computer facilities for rent and undertake to do everything possible for their stable operation: backup power supply schemes of equipment in case of emergency, backup highways to connect to the Internet, as well as protection against earthquakes, fires and floods according to the latest science and technology.
A reasonable question: can you trust these services, since all the data stored on your leased server is, after all, the data stored on the disc provider’s discs.
There is no clear answer to this question, because at the request of law enforcement agencies from the provider’s jurisdiction, your data will surely be handed over without too many questions. But… do you often have problems with the foreign law?
The hoster is asking for my passport, what should I do?
The SelfPrivacy infrastructure currently relies on the hosting capabilities of Hetzner and DigitalOcean. Sometimes the hosting provider may ask for proof of identity when you sign up. This protects them from spammers. In addition, the European jurisdiction requires to know your customer (KYC). We apologise for the fact that Hetzner is not involved in the collection of unnecessary data and the disclosure of information about users.
Providing photos or photocopies of documents to anyone online is a bad practice that we condemn. But thousands of users and we can vouch for the reliability of Hetzner, which is more privacy oriented. They have been around for many years and have a good reputation. For our part, however, we are looking for alternative solutions to this problem.
Will this protect me from the FBI, FSB, Mi6, …?
We do our best to keep your data technically intact. But your hosting has to comply with the laws of its jurisdiction. We choose to host in as legal a jurisdiction as possible. So unless you are involved in criminal activities such as drug dealing, illegal porn, terrorism, and the like, your data is unlikely to be threatened.
Can I put SelfPrivacy on my hardware?
Unfortunately, no. But it is one of the features we plan to introduce in future updates.
Do we make money off of users?
No, we do not make money from users. We have no agreements with ISPs, nor do we use advertising or analytics in the app.
Where do we get the money from?
We are a non-profit project and do not make money from our users. Our main sponsor is the European fund NLnet. Here is our project page on the fund’s website.
We are also supported by the fund Privacy Accelerator and your donations.
What’s the point of a non-profit project?
In a climate of aggressive consumerism, where only stories about effective business sell like hot cakes, non-profit projects are cautious.
The main motive behind SelfPrivacy that runs through our team is to make using the internet a little more comfortable, a little easier and - most importantly - a little more private.
Privacy is an inalienable human right that allows us to feel like subjects, independent individuals. We’re making a public project to get inspiration for new features and to look for bugs, not by a few people, but by tapping into the resources of an unlimited audience. After all, why does a musician write tunes and an artist create paintings? Moreover, developing a free solution that can take users to a new level of privacy is a matter of honour. And samurai have no goal, only a way.
Why do we choose providers?
There are several criteria we use when choosing a provider:
- Availability of an API interface for developers that manages the creation of the VPS. Otherwise SelfPrivacy will not be able to automatically create and configure the server, and much of the work will fall on the user’s shoulders. Also, automatic disk expansion will not work (when the amount of data on your server grows and needs more space);
- Quality of service;
- Price.
We would like to add support for new hosting providers, but at the moment all the alternatives do not support the functionality we need, or are excluded for other good reasons. Hetzner has a weak support service, but they have a good network and a great price. Their competitors are significantly more expensive and have a questionable attitude to privacy.
Those who don’t ask for a passport or other substantial proof of identity tend to create problems for email traffic - they send spam from them. For example, scaleway’s emails are blocked and you have to write to support to get them unblocked. This severely disrupts the end-to-end process of using the email service in SelfPrivacy.
Is CloudFlare required for SelfPrivacy to work?
No, it is not mandatory. Users have the option to choose between deSEC, CloudFlare, and DigitalOcean. We recommend choosing deSEC, as it is a privacy-oriented service.
Why do we allow the use of CloudFlare? The service is reliable and free. It likely collects data; otherwise, it’s difficult to explain why they would proxy other people’s traffic for free. In our case, we use it only as a DNS server and do not proxy anything. In the future, we may replace it with DNS on the user’s server if reliability issues are resolved.
Currently, we are testing Yggdrasil + Alfis.
Why does SelfPrivacy use NixOS?
SelfPrivacy uses NixOS as the operating system for servers, which may seem like a strange choice, but let’s explain main points why NixOS is better for SelfPrivacy use-case:
-
NixOS can be state-less (and it is in SelfPrivacy). NixOS can bootstrap itself from a NixOS configuration on every boot, so we can omit additional state and keep only /nix/store and data of your services.
-
NixOS is atomic. Updates are applied atomically, and can be roll-backed just in case.
-
NixOS allows to keep all the configuration in one place, and modify it via single mechanism (Nix language).
What do we use as our email server?
On the deployed server, the following components are responsible for sending, receiving, filtering emails:
- Postfix — SMTP server;
- Dovecot 2 — IMAP server;
- Rspamd — SPAM filter.
You can read more about using email on the service page.
Sending Email dos not work
The issue is described on the service page.