This is the multi-page printable view of this section. Click here to print.
Available services
1 - E-mail
E-mail is a time-tested protocol that needs no introduction. A personal mail server will provide special privacy for all correspondence and is useful for registering in online services and personal correspondence, especially for Delta.Chat.
Authentication
Users from the “users” tab of your app are used.
Connection configuration
Login must the username with the domain. For example, user@domain.tld.
SMTP
SMTP Server: your domain
SMTP Port: 587
Authentication: STARTLS
Username: your username @ your domain (your full email address)
IMAP
IMAP Server: your domain
IMAP Port: 143
Authentication: STARTLS
Username: your username @ your domain (your full email address)
Recommended E-mail Clients
- Mozilla Thunderbird (GNU/Linux, Windows, MacOS)
- FairEmail (Android)
Configuration example for Mozilla Thunderbird
What do we use as our email server?
On the deployed server, the following components are responsible for sending, receiving, filtering emails:
- Postfix — SMTP server;
- Dovecot 2 — IMAP server;
- Rspamd — SPAM filter;
Tips
Alias for addresses
Use aliases for questionable services or one-time needs.
Messages for user+alias@domain.com will go to user@domain.com. It can be useful for spam origin analysis if a unique alias is used for each online service when registering.
For example, bank+user@domain.com, cryptoexchenge+user@domain.com, and so on.
Directory Filter
Create directories of filters for different purposes. This will help protect against phishing and clogging your inbox.
The message for user-dir@domain.com will create a dir directory in the user@domain.com mailbox and all mail will arrive in the dir directory.
Examples:
user-w@domain.com- for registering with web servicesuser-shops- for web-storesuser-pay- payment systemsuser-forum- forum notifications
Features
- Email is over 50 years old. In IT, this is a sign of maturity and reliability of the technology.
- Email is the most popular way to get infected with viruses (after hacked software and cracks).
- Beware of phishing (fraudulent emails), it can rob you of your savings and control over your digital life.
Sending email does not work
Sending email may be blocked by your provider.
Hetzner responds that they do indeed block the email for new accounts. After one month of server operation and the first successful payment, Hetzner asks to contact support to clarify the reasons for using email. You may mention that you plan to use email to communicate with users of your services.
With DigitalOcean, such a problem has not been observed, but if you have encountered this, try to get in touch with the hosting support.
2 - Nextcloud
Collaboration means file storage, document management, video conferencing, shared event calendars, and things like that. As a rule, people tend to trust personal life and business to third-party services. However, there is an option to keep it all on your own server.
We choose Nextcloud - free software for convenient scheduling and file storage.
Authentication
When creating a server, admin Nextcloud user is created with the password you’ve used for
your primary user.
To add new users, go to the user administration panel, on the web interface of your Nextcloud.
Recommended clients
- WEB interface: available after SelfPrivacy server configuration, at
https://cloud.YOUR.DOMAIN - Official application (GNU/Linux, Windows, macOS, Android, iOS)
How to reset the admin password
To follow the steps below, you’ll need to connect to the server via SSH with administrative rights. A basic understanding of the command line is beneficial ;)
For detailed connection instructions, click here.
After connecting, enter the following command:
nextcloud-occ user:resetpassword admin
You will prompted for a new password, the characters will be hidden.
FAQ
Nextcloud Updater does not work
It’s fine, it should be. Nextcloud is updated via NixOS, and depends on our NixOS repository. Everything happens without your intervention.
Why can’t I use my Nextcloud in third-party services?
This can happen if the third-party service has a restriction to only connect to a specific Nextcloud instance.
Should I use an extension to encrypt my Nextcloud?
We do not recommend it. The encryption keys are stored on the server, which makes such encryption practically useless.
3 - Gitea
In the age of computer technology, a lot of people deal with program code or configs. The version control system Git is widely used in order not to get confused with them. You can often find links to centralized git-hosting where the security (and sometimes privacy) of the code is questionable.
Owning your own git hosting allows you to store personal files on a private server. One of the best free (as freedom) git-hosting sites is - Gitea. It has all the necessary functionality and a convenient web interface.
Admin account
Be careful, the first account registered on your instance, gets admin rights.Recommended clients
- WEB-interface: available after SelfPrivacy server configuration, at
https://git.YOUR.DOMAIN - Official console git client (GNU/Linux, Windows, macOS, *unix)
If you want a client with a graphical interface, you can choose it from list of recommendations on the official website.
4 - Delta.Chat
Messengers like Telegram, Signal, Whatsapp cannot be private due to the peculiarity of their architecture - centralization. And peer-to-peer (p2p) services like Tox consume too many resources and are inconvenient to use on a mobile device.
The best solution is to use your mail server for Delta.Chat. Delta.Chat is a messenger based on the email protocol.
If your conversation partner doesn’t use Delta.Chat, it will be just an ordinary email correspondence for him.
Recommended clients
- Official client (GNU/Linux, Android, Windows, macOS, iOS)
Features of Delta.Chat
- Regular email client with all the features of IM.
- Reliable end-to-end encryption (e2e), provided a personal email server is used by both interlocutors or a personal key exchange, such as via QR code.
- Can use any email server, but then you lose control over the meta-information and risk key-swapping man-in-the-middle attack.
- Slightly slower than usual messengers
- First message is not encrypted because public encryption keys are sent with it.
- There are problems with sending files > 5-7MB.
- There are no convenient channels (chats for mass discussions and sending out information). We recommend using a decentralized social network.
5 - Pleroma
Any centralized social network will have to take care of moderation, censorship, implementing rules, reading your correspondence as it grows. Another thing is your own social network, which can only belong to you, your family or your team. Only a decentralized network can provide maximum privacy. That’s why we offer you to become part of the Fediverse decentralized network.
At SelfPrivacy we use Pleroma.
Recommended clients
- WEB-interface: available after SelfPrivacy server configuration, at
https://pleroma.YOUR.DOMAIN - Husky (Android)
Features of Pleroma
- A social network of any scale: from a personal server with a single account to a massive thematic site;
- Your social network, your rules. You are the censor, moderator and administrator.
Getting admin rights
Right now you can get admin rights only by using the command line.
- Connect to your server via SSH as a
rootuser. Use this guide if you need help. - Run the following command, replacing
<username>with the username you want to make an admin:sudo -u pleroma env RELEASE_COOKIE=/var/lib/pleroma/.cookie pleroma_ctl user set <username> --admin - Done! Now the user
<username>has admin rights.
6 - Jitsi
Zoom and Google Meet are proprietary software that have limitations in their free versions and do not provide access to their clients’ source code.
But there is an alternative — Jitsi, which is an open source videoconferencing service with similar functionality to its proprietary counterparts.
Recommended official clients
-
WEB interface: available after setting up the SelfPrivacy server, at
https://meet.YOUR.DOMAIN. -
Also see the builds in your distribution’s repositories.
Features of Jitsi
- Does not require registration;
- Uses avatar from gravatar.com if you specify mail (may violate privacy!);
7 - Bitwarden
Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form.
Bitwarden can be downloaded and configured on your server, which is what we use as part of the SelfPrivacy project. Unlike other free (like freedom) password managers, Bitwarden provides easy synchronization of one database between all devices.
Recommended clients
- WEB-interface: available after SelfPrivacy server configuration, at
https://password.YOUR.DOMAIN - Official client (GNU/Linux, Windows, macOS, Android, iOS)
Setting an admin token manually
First, make sure your system config is up to date. You may click “upgrade server” in the app and wait for a couple of minutes, or run the following command in the terminal:
cd /etc/nixos
git pull
Then, we have to generate an admin token. Run the following:
nix-shell -p openssl --run 'openssl rand -base64 48'
It will output a string like this:
47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ
This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:
jq '.bitwarden.adminToken = "PASSWORD"' /etc/nixos/userdata/userdata.json > /etc/nixos/userdata/userdata.json.new && mv /etc/nixos/userdata/userdata.json.new /etc/nixos/userdata/userdata.json
Now, we have to apply the changes:
nixos-rebuild switch
And after rebuilding the system, restart Bitwarden:
systemctl restart vaultwarden
Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.