this post was submitted on 18 Mar 2021
0 points (NaN% liked)

Privacy

31981 readers
322 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I recently started self-hosting an XMPP server for my friends and family, but when looking for privacy specific guides I can't really find any. It seems like self-hosting is the baseline way to gain privacy, and with things like Docker and Yunohost it feels within reach for average users to learn enough to do it.

I loved the phone guide that was published here and was able to follow the steps and learn more about phone privacy. So are there any good guides like that but for servers?

I know security is different from privacy, hence why I'm asking specifically for privacy-oriented guides. Thanks in advance, lemmy has always been a fantastic community for helping out newbies!

Edit: More specific questions; is there a way for me to make my host IP address not readily available (I'm hosting in my house, not a VPS), is there a better option for security than using Cloudflare (this one I'm having a hard time with mostly because I still don't quite understand what Cloudflare does?), I know some other servers say they delete messages from the server and identifying data...how? (I have metronome as the server for XMPP, using Yunohost)

top 1 comments
sorted by: hot top controversial new old
[–] southerntofu@lemmy.ml 1 points 3 years ago

Hello, sorry i don't know what phone guide you're referring to ("privacy" and "phone" in the same sentence sound really weird to me), but there's plenty of resources for "opsec"/"infosec" in a selfhosted context.

Here is a nice list of gamified challenges to reach. In addition, you may want to ensure you have Full Disk Encryption on your server (huge tradeoff: can't restart the server without entering your passphrase). Riseup also has tons of cool resources in their docs.

Like you admitted yourself, security and privacy are not the same. Running your own selfhosted services will probably leak more metadata than using shared services. For your personal conversations and your friends, it's a good approach. To organize political agitation against your nefarious nation-state, it's probably a risky strategy: breaking into your home to backdoor your server is easier and more discreet than to do the same for a shared host like riseup.

If you would like to give more specific about what kind of info you're looking for then maybe we can provide more detailed answer. Like poVoq said, we are interested to publish more guides on joinjabber.Org (we just started that project) to answer common questions/concerns. We have a draft FAQ (not merged on the website yet) about security concerns, please let me know if it's informative to you or if you have more questions.