Selfhosted

49903 readers

319 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

186

The Future is NOT Self-Hosted (www.drewlyton.com)

submitted 4 days ago by ruffsl@programming.dev to c/selfhosted@lemmy.world

84 comments fedilink hide all child comments

The future is community-hosted

Related Hacker News thread:

https://news.ycombinator.com/item?id=44682175

you are viewing a single comment's thread
view the rest of the comments

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 days ago* (last edited 3 days ago) (3 children)

End-to-end encryption means the service provider can't see your data even if they wanted to

Not necessarily. All it means is that intermediaries can't see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end. Your library is more likely to buy whatever is cheapest than what respects your privacy the most (e.g. probably Google drive, not Tuta or Proton).

The incentives for even community-hosted services (e.g. if the library spun up its own cloud servers) to share/sell information is just too high. Maybe the library found someone uploading illegal content, and they wanted some monitoring in there to catch service abusers going forward. They'll probably put something into the client that a third party monitors, and now you have someone snooping on everything.

Instead of this, I think P2P storage is the better option for those who don't want to self-host. That way there's an incentive for the person providing storage to not know what it is (reduce liability), as well as the person submitting the data (reduce risk). Unfortunately, most current solutions here are a little shady, because they either rely on volunteers (no guarantees about data integrity) or anonymous payments (again, no guarantees about data integrity).

I'd like to see something in the middle:

apps that work off buckets of data, that the user configures
services that provide data guarantees that users can choose (e.g. AWS S3, Backblaze B2, Hetzner Storage boxes)
common protocol between apps for accessing this data

So if you want more storage, you buy said storage and know who is responsible for protecting it, and your app doesn't care where it comes from.

That's possible, but the bigger leap is getting people off the major platforms like Google's or Microsoft's cloud.

[–] ShortN0te@lemmy.ml 5 points 3 days ago (1 children)

End-to-end encryption means the service provider can't see your data even if they wanted to

Not necessarily. All it means is that intermediaries can't see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end.

This is incorrect. End-to-End is defined as from "User to User" and not "User to Service provider". That would be just transport encryption.

https://en.m.wikipedia.org/wiki/End-to-end_encryption

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 days ago

Right, and that's what I mean too.

For example, let's assume Google Drive is E2EE, the client apps on both sides have access to unencrypted data, and they can absolutely index it or whatever to sell to advertisers. The statement in the article was overly broad, because the service provider can see your data, assuming they also control the client apps.

[–] monogram 4 points 3 days ago (1 children)

Compute has become so ubiquitous it’s silly that we need to pick between server-client and p2p

Syncthing is a good example of being both, with options you can enable for your server version, but it’s way too basic compared to immich or nextcloud

[–] sugar_in_your_tea@sh.itjust.works 3 points 3 days ago

Eh, Syncthing is only stuff you control, which doesn't exactly fulfill what OP is talking about: extending the benefits of self-hosting to those who can't or don't want to self-host. It also doesn't expand storage, it just keeps your storage in sync between devices.

P2P solves a lot of this. It provides expanded storage, can be easy to get into (add nodes as you go/pay others for nodes), etc. But there's the perennial issue w/ trusting others w/ your data.

That's why I think a hybrid is better. Buy storage from trusted providers as needed and use apps that work w/ that. Unfortunately, that doesn't seem to really be a thing, but I think it could be super cool. Places like libraries can provide libraries to underprivileged people, who can then add to it w/ something from the market.

[–] deur 1 points 3 days ago (1 children)

You can already do what you want. S3 with HTTP, XML + XSL for responsive / dynamic content.

[–] sugar_in_your_tea@sh.itjust.works 1 points 3 days ago

Sure, but where are the apps?