Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
tl;dr: classic convenience/privacy. depends on your threat model. surely better than Google. models of zero trust will help.
That's a great question, that I have asked myself before too. It doesn't have one answer, and any one would make their own choices based on their own respective threat model. I'll answer you with some of my thoughts, and why I do use their services.
I'll take as an example my usage of NextCloud, coming as a replacement to Google Drive for example.
let's break up the setups:
It's oversimplified, but to the point: In Google's setup, you have control of 0 out of three things.
In NextCloud's setup,
From just this look, NC is clearly better off. now, it's not perfect, and each one will do their own convenience vs privacy deal and decide their deal.
If you deploy some sort of e2ee, the severity level of CF drops even more, because they're exposed to less data. specifically for NC they do do e2ee, but each solution to its own. https://nextcloud.com/encryption/ this goes as an example for zero trust model. if you handle the encryption yourself (like using an e2ee service), you don't have to trust the medium your data is going through. like the open internet.
Thanks. I agree with your conclusion. I probably have spent too much time in privacy communities. In the end you'll have to trust someone.
that's not to wear off of the importance of awareness. you should be aware always, even if you don't take action.
This contradicts your threat model comment, though. If you fear Google's access to your data, you fear nation states, or hate Google. Cloudflare is in the same boat for size, scope, and US ownership.
Obviously I'm not avoiding it all together, but I'm taking a step in the right direction.
And it's not just replacing Google by CF, because CF has much less access in comparison as I explain.
you can deploy some zero trust models in your setup, and eliminate the threat even further. for example end to end encryption
Oh yes, wasn't trying to say it was a bad decision at all. If it fits your threat model, and it makes life easier, it's probably the right choice.