Frequency Asked Questions
7 minute read
What are self-host services and what are their advantages?
When we use centralised services, such as popular social networks, we trust the admins of the resource that stores our correspondence, our photos and even the most important secrets said in a chat with close people. We allow our interests and music preferences to be analysed, receive targeted advertising based on them, and most likely participate in unnamed audience analysis programs and all sorts of surveillance.
Self-hosted is the term for keeping an online service in-house. The key to this approach is that you have an independent copy of the software on your server, without a third party running the service. To be an administrator, you don’t need to be a programmer and understand all the intricacies of the inner workings of the server application, i.e. the service. Typically, application developers who are not beholden to the head office and its ad trackers will try to make the service as clear and simple to use as possible.
Popular examples include self-hosted email servers, messengers such as XMPP or Matrix, and VPN solutions. If you’ve worked in a large organisation, you’ve probably seen a standalone email service on the company domain, and you’ve probably also come across corporate messengers. These are all self-hosted, but not by you, but by the company you worked for. Why does a company need its own email and messenger? The answer is simple: to keep employee communications and company secrets in their own hands, under their own control.
If you think you don’t trust companies, want to keep your data under your own control, or simply don’t want to strengthen the monopolistic position of the IT market, self-hosting will suit your needs.
Can I trust my hosting provider?
We have all experienced being disconnected from the Internet due to overdue payments, or having our home power cut off due to technical problems somewhere in the house or city. Therefore, in order to provide a stable online service, they turn to hosting providers - special companies that provide computer facilities for rent and undertake to do everything possible for their stable operation: backup power supply schemes of equipment in case of emergency, backup highways to connect to the Internet, as well as protection against earthquakes, fires and floods according to the latest science and technology.
A reasonable question: can you trust these services, since all the data stored on your leased server is, after all, the data stored on the disc provider’s discs. There is no clear answer to this question, because at the request of law enforcement agencies from the provider’s jurisdiction, your data will surely be handed over without too many questions. But… do you often have problems with the law? And the law of foreign territories? On a more paranoid note, your server is the last weak link in the infrastructure. It is much more frightening to use a smartphone, smart speakers and other electronic devices whose content is terra incognita, and in which all trust is based solely on the marketing of vendors and our ingrained habits.
Hosting providers have hundreds, thousands and sometimes millions of virtual machines. One of them will be yours. Is it worth the trouble? Probably not.
The hoster is asking for my passport, what should I do?
The SelfPrivacy infrastructure currently relies on Hetzner’s hosting capabilities. During registration, the hosting provider asks for proof of identity. This protects them from spammers. In addition, the European jurisdiction requires to know your customer (KYC). We apologise for the fact that Hetzner is not involved in the collection of unnecessary data and the disclosure of information about users.
Providing photos or photocopies of documents to anyone online is a bad practice that we condemn. But thousands of users and even we vouch for Hetzner’s reliability. They have been around for many years and have a good reputation. Think of it as registering with a phone number that is also linked to passport details in most countries. For our part, we are looking for alternative solutions.
Will this protect me from the FBI, FSB, Mi6, …?
We do our best to keep your data technically intact. But your hosting has to comply with the laws of its jurisdiction. We choose to host in as legal a jurisdiction as possible. So unless you are involved in criminal activities such as drug dealing, illegal porn, terrorism, and the like, your data is unlikely to be threatened.
Can I put SelfPrivacy on my hardware?
Unfortunately, no. But it is one of the features we plan to introduce in future updates.
Do we make money off of users?
No, we do not make money from users. We have no agreements with ISPs, nor do we use advertising or analytics in the app.
What’s the point of a non-profit project?
In a climate of aggressive consumerism, where only stories about effective business sell like hot cakes, non-profit projects are cautious. The main motive behind SelfPrivacy that runs through our team is to make using the internet a little more comfortable, a little easier and - most importantly - a little more private. Privacy is an inalienable human right that allows us to feel like subjects, independent individuals. We’re making a public project to get inspiration for new features and to look for bugs, not by a few people, but by tapping into the resources of an unlimited audience. After all, why does a musician write tunes and an artist create paintings? Moreover, developing a free solution that can take users to a new level of privacy is a matter of honour. And samurai have no goal, only a way.
Why do we choose providers?
There are several criteria we use when choosing an ISP:
- Availability of a REST API that manages the creation of the VPS. Otherwise SelfPrivacy will not be able to automatically create and configure the server, and much of the work will fall on the user’s shoulders. Also, automatic disk expansion will not work (when the amount of data on your server grows and needs more space);
- Quality of service;
We would like to add support for new hosting providers, but at the moment all the alternatives do not support the functionality we need, or are excluded for other good reasons. Hetzner has a weak support service, but they have a good network and a great price. Their competitors are significantly more expensive and have a questionable attitude to privacy.
Those who don’t ask for a passport or other substantial proof of identity tend to create problems for email traffic - they send spam from them. For example, scaleway’s emails are blocked and you have to write to support to get them unblocked. This severely disrupts the end-to-end process of using the email service in SelfPrivacy.
What we use as an email server
On the deployed server, the following components are responsible for sending, receiving, filtering emails:
- Postfix - SMTP server;
- Dovecot 2 - IMAP server;
- Rspamd - SPAM filter;
Why use CloudFlare?
Cloudlare is reliable and free. They probably collect data, otherwise it’s hard to explain why you should proxy other people’s traffic for free. In our case we only use it as a DNS server and don’t proxy anything. In the future we will replace it with our own DNS once we have solved the reliability problem.
We are currently testing yggdrasil + alfis, which will eliminate the need for a domain registrar and cloudflare. However, the testing, bug reporting to developers and sleepless nights will continue as we try to provide users with only the most reliable solutions we can find.
How to get help?
If you encounter a problem, feel free to write to the groups with SelfPrivacy developers ;)
Or you can create an issue in our project repository:
- Main app - https://git.selfprivacy.org/kherel/selfprivacy.org.app
- Other stuff - https://git.selfprivacy.org/SelfPrivacy