this post was submitted on 10 Nov 2024
81 points (97.6% liked)

Selfhosted

40173 readers
1043 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

If you think this post would be better suited in a different community, please let me know.


Topics could include (this list is not intending to be exhaustive — if you think something is relevant, then please don't hesitate to share it):

  • Moderation
  • Handling of illegal content
  • Server structure (system requirements, configs, layouts, etc.)
  • Community transparency/communication
  • Server maintenance (updates, scaling, etc.)

Cross-posts

  1. https://sh.itjust.works/post/27913098
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 4 days ago (3 children)

How much server hosting experience do you have? I asked about database preferences over in Self-Hosting once and they basically all said "don't choose a database ever. Run. Save yourself while there is still time!"

So maybe use a hosting service I guess. Makes you a more difficult target for attacks but also involves your information getting out into the world in direct connection to your instance.

[–] [email protected] 3 points 4 days ago

I asked about database preferences over in Self-Hosting once and they basically all said "don't choose a database ever.

I'm not sure I follow what you mean; Lemmy uses PostgreSQL.

[–] [email protected] 1 points 4 days ago (1 children)

[Using a hosting service] makes you a more difficult target for attacks but also involves your information getting out into the world in direct connection to your instance.

I'm not sure I understand how one's data would be leaked by the hoster.

[–] [email protected] 1 points 4 days ago* (last edited 3 days ago) (3 children)

Same way things get leaked by Equifax, Twitch, US Bank, etc. You're most responsible with your information by not having unnecessary accounts or transactions.

Also, most hosts have WhoIs and ICANN registrations for Domains, but you still need a domain regardless. And further than that they might allow subpeonas from various companies who request the info.

[–] [email protected] 2 points 3 days ago* (last edited 3 days ago) (1 children)

they might allow subpeonas from various companies who request the info.

"Allow" is an interesting choice of words. A subpoena is legally binding (depending on the jurisdiction). One could circumvent this by purchasing a domain anonymously, but I'm not currently aware of a reputable domain provider that allows anonymous purchasing of domains.

Addendum (2024-11-11T23:38Z):

I just found Njalla which seems to allow anonymous purchasing of domains, but idk how reputable they are.

[–] [email protected] 1 points 3 days ago* (last edited 3 days ago) (2 children)

It comes down to the individual company on whether or not to fight requests for user information. A lot of precedent exists for not complying.

[–] [email protected] 1 points 3 days ago (1 children)

A lot of precedent exists for not complying.

Would you mind citing a case? I'm curious.

[–] [email protected] 1 points 3 days ago (1 children)

NY Times vs Njalla

Njalla does comply with some requests, and was forced to shut down some pirate bay instances at one point, though. Ghost is another privacy domain seller.

Theres also a term for companies called "Bulletproof Registrars." For example, some Malaysian Registrars apparently don't have an address and cannot actually recieve most subpoenas.

Mostly VPNs, I don't know too much about similar cases with server hosts or domain sellers.

[–] [email protected] 1 points 3 days ago

NY Times vs Njalla

Do you have an official record of them not complying with an official court-ordered subpoena? I looked into "NYT vs Njalla", and it seems like it was the NYT making a private request to Njalla under threats of legal action, but no legal action followed [1][2].

References

  1. "About those threats". Blog. Njalla. Published: 2018-01-25. Accessed: 2024-11-12T00:33Z. https://njal.la/blog/about-those-threats/.
  2. "Njalla gives New York Times The Pirate Bay treatment". Staff Writer. Mybroadband. Published: 2018-01-26. Accessed: 2024-11-12T00:36Z. https://mybroadband.co.za/news/internet/246265-njalla-gives-new-york-times-the-pirate-bay-treatment.html.
    • ¶10

      TorrentFreak reported that Njalla did not hear back from the New York Times after sending the response.

[–] [email protected] 1 points 3 days ago (1 children)

It comes down to the individual company on whether or not to fight requests for user information.

Wouldn't this simply be obstruction of justice?

[–] [email protected] 1 points 3 days ago (1 children)

Not every court order is a criminal case.

[–] [email protected] 1 points 3 days ago* (last edited 3 days ago)

Sure, but (in the USA) an investigation precedes a criminal case [2], and a court order is part of that. I directly cite, for example, 18 U.S. Code § 1509 - Obstruction of court orders [1]:

Whoever, by threats or force, willfully prevents, obstructs, impedes, or interferes with, or willfully attempts to prevent, obstruct, impede, or interfere with, the due exercise of rights or the performance of duties under any order, judgment, or decree of a court of the United States, shall be fined under this title or imprisoned not more than one year, or both.

References

  1. "18 U.S. Code § 1509 - Obstruction of court orders". Legal Information Institute. Cornell Law School. Accessed: 2024-11-12T00:42Z. https://www.law.cornell.edu/uscode/text/18/1509.
  2. "A Brief Description of the Federal Criminal Justice Process". FBI. Accessed: 2024-11-12T00:46Z. https://www.fbi.gov/how-we-can-help-you/victim-services/a-brief-description-of-the-federal-criminal-justice-process.
    • §"I. The Pretrial Stage". §"Investigations, Grand Juries, and Arrests". ¶1.

      If a crime is brought to the attention of federal authorities, whether by a victim of the crime or a witness to it (e.g., a bank robbery), a federal law enforcement agency will undertake an investigation to determine whether a federal offense was committed and, if so, who committed it. [...]

[–] [email protected] 2 points 3 days ago* (last edited 3 days ago)

Same way things get leaked by Equifax, Twitch, US Bank, etc. You’re most responsible with your information by not having unnecessary accounts or transactions.

This would be low down on my concern for threat levels. At any rate, the only way to get around this would be to either host it on one's own hardware on one's own network, or to somehow anonymously purchase a VPS (I am currently unaware of a trustworthy VPS that allows anonymous hosting. I have heard of BitLaunch, but I don't know how trustworthy it is — do they have the ability to intercept control of the DO Droplet?).

Addendum (2024-11-11T23:40Z):

I just found Njalla which seems to allow anonymous purchasing of VPSs, but idk how reputable they are.

[–] [email protected] 1 points 3 days ago (1 children)

Also, most hosts have WhoIs and ICANN registrations for Domains, but you still need a domain regardless.

I'm not sure exactly what you are referring to. I don't exactly follow how the VPS provider would have any privileged insight into one's domain registration.

[–] [email protected] 2 points 3 days ago* (last edited 3 days ago) (2 children)

I'm saying if you payed for a service to host your instance remotely. The domain, the site pages, the the database, everything. Then, everything on the domain would be tied to your person and the service providers have a certain power over your instance aside from just turning off your domain. There are more options to not list or to delist from the WhoIs registry for simple domain purchases.

I just have trust issues, you don't need to mind my crazy ramblings.

[–] [email protected] 1 points 3 days ago

I just have trust issues, you don’t need to mind my crazy ramblings.

Concerns about privacy and anonymity are perfectly valid. Ideally, I would want my involvement in a venture like this to be completely anonymous, but there are practical limitations (generally limited by how much added complexity/added risk one wants to put up with).

[–] [email protected] 1 points 3 days ago

I’m saying if you payed for a service to host your instance remotely. The domain, the site pages, the the database, everything. Then, everything on the domain would be tied to your person and the service providers have a certain power over your instance aside from just turning off your domain.

Ah, okay, I was under the assumption that the domain was purchased through a separate, independent provider, rather than through the same provider as that of the VPS.

[–] [email protected] 1 points 4 days ago (1 children)

How much server hosting experience do you have?

I've never hosted a public facing social media service. I have a few years experience hosting a number of my own personal services, but they aren't at the scale of a public facing Lemmy instance.

[–] [email protected] 1 points 4 days ago* (last edited 4 days ago) (1 children)

You should be good as long as you know PostgreSQL

[–] [email protected] 2 points 3 days ago

Aha, well, it depends on what you mean by "know".