Self-Hosting Isn't a Solution; It's A Patch
(matduggan.com)
from tux0r@feddit.org to selfhosted@lemmy.world on 22 Nov 2024 14:31
https://feddit.org/post/4989222
from tux0r@feddit.org to selfhosted@lemmy.world on 22 Nov 2024 14:31
https://feddit.org/post/4989222
threaded - newest
Either that, or it’s the new way of installing applications on your own computer. These just happen to be web accessible.
Also, Trust, but Verify.
Even if we had fantastic regulations, we’d still have scammers and hackers out there.
If my data never leaves my systems, my risk of exposure is far smaller.
I’ve self hosted long before the privacy/subscription nightmare of modern cloud/SaaS platforms was a thing. I do it because I enjoy it (and at the time I got started, I had crap internet so having good local services like offline Wikipedia was important).
Not everyone has to self-host. I run lots of services, mostly for myself, but friends and family who don’t know a kernel driver from a school bus driver also use them. So the expectation that everyone self host is and always has been “pie in the sky”. And that’s okay.
Privacy regulations are all fine and dandy, but even with the strictest ones in place, you still do not own or control your data. You’re still subscribing to services instead of owning software. You can’t extend, modify, or customize hosted software. Self hosting FOSS applications addresses all of those.
So rather than expect everyone to self-host, we should be working towards communities offering services to one another, pooling resources, and letting those interoperate with each other.
To make fun of an old moral panic in the 90s: “It’s 11pm. Do you know where your data is?” Yep, it’s down the street in Matt’s house.
Right. I think the real vision isn’t that every single person self-hosts, but every community has somebody in it who does the self-hosting for the community. Everybody can be independent like villages instead of totally centralized like empires
That’s what (e.g.) Google and Facebook do: Host software for the community.
And if you’re one of the people who can crack a beer open with the owners of Google, then you found your right community.
However, in the general case, I don’t think these count as any individuals communities. You can’t rub elbows with the people maintaining Google and Facebook. You can’t talk to them about issues you’re having, they’re not going to dynamically modify the system for special cases that are important to your community. A community is a group of people who know each other.
They host software for anyone to use, and capture all the data, usage patterns, etc, for themselves, to use for their benefit, and to use against you.
Hell, Google deleted a company’s entire dataset recently. Everything. They gave the police location data on an area and a random person, for no reason other than happening to be in the area, was arrested for murder. Nevermind that they biked through that area every day. Remember Facebook tracking pixels? Cambridge Analytica (which is currently in court)? I mean I can go on and on about how FAANG is abusive and dishonest.
And you want to sit here and tell me they’re the answer?
Are you just an apologist for FAANG, etc? Because you’re really sounding like one at this point.
Who’s paying you to post this disinformation?
So I guess that we can agree that data stored on other people’s computers will not be safe. I honestly wonder why you think other people’s computers are safer if you know their names.
I would be very grateful if you would only judge what I have written and not what you think I might have meant.
There is no reason to attack me personally, my friend.
Just in case I’m fundamentally misunderstanding your personal attack so I don’t report it to the moderators without cause: What is ‘disinformation’ about my pointing out that Google and Facebook host software for other people (even if they have their own motives)?
That’s like saying a farmer will put cheese on a piece of cardboard for the mice to eat.
They might eat it yes, but that wasnt the reason for the whole interaction to start. The glue around the cheese was.
I’m glad that you see my point that “other people hosting your data” is not really a good idea.
If you expect your IT cousin/uncle/brother hosting the family immich/nextcloud to not be a trusted person in regards of bad actors your issue is not exclusive to selfhosting.
But:
How exactly are “communities offering services” a different thing than “hosted software”?
It’s a lot easier to ask Matt down the street to customize or add a feature than it is to ask Google, FB, etc.
Case in point: I’ve run my own email server since 2013 or so. I’ve got friends and family that use it. One of my friends asked if there was any way to setup rules to filter emails and such. I was like “yep” and added on Sieve to Dovecot and setup the webmail (Roundcube at the time) with the Sieve plugin.
Granted, that’s a pretty basic feature that pretty much all commercial email providers offer, but the point is someone asked for it and I made it happen for them.
Also: Matt probably won’t sell my data to Palantir and ad tech businesses.
I think what they’re saying is that the ideal wouldn’t be to force everyone to host their own, but rather for the people who want to run stuff to offer them to their friends and family.
Kinda like how your mechanic neighbor sometimes helps you do shit on your car: one person shares a skill they have, and the other person also benefits. And then later your neighbor will ask you to babysit their kids, and shit.
Basically: a very very goofy way of saying “Hey! Do nice things for your friends and family, because that’s kinda how life used to work.”
Trust.
I trust my brother more than Google. Same with Jim down the street.
I trust my circle of acquaintances more than Google (et al) , especially since Google (et al) have demonstrated, repeatedly, to be untrustworthy.
In fact, they’ve demonstrated they are outright adversarial to me and mine.
They’re also subject to interpretation, regulatory capture, as well as just plain being ignored when it’s sufficiently convenient for the regulators to do so.
“There ought to be a law!” is nice, but it’s not a solution when there’s a good couple of centuries of modern regulatory frameworks having had existed, and a couple centuries of endless examples of where absolutely none of it matters when sufficient money and power is in play.
Like, for example, the GDPR: it made a lot of shit illegal under penalty of company-breaking penalties.
So uh, nobody in the EU has had their personal data misused since it was passed? And all the big data brokers that are violating it have been fined out of business?
And this is, of course, ignoring the itty bitty little fact that you have to be aware of the misuse of the data: if some dude does some shady shit quietly, then well, nobody knows it happened to even bring action?
Exactly. I’m just here to say that regulation isn’t a solution to corporate malfeasance - at best it is a patch until the corp lawyers figure out where the loopholes are or how to accomplish the malfeasance in a different way.
I can and do self host, but I’m not willing to provide these services for free. I don’t want to be responsible for other peoples passwords or family photos.
Thats where good, privacy-respecting services come into play. Instead of hosting for my neighbours, I would recommend mailbox.org, bitwarden, ente or a hosted nextcloud.
That’s okay, too.
For me, I only let people I know use them (friends and family) with the exception of my Lemmy instance, of course (and even that’s not wide open to the world).
I’d be running these for myself whether anyone else used them or not. Unless I’m hosting for hundreds of people, the cost to run these services is the same as it is just for myself. Granted, I don’t have people gaming the system trying to backup their entire PCs to their email inbox or Nextcloud, but that’s where the trust factor (and storage quotas) comes in.
As far as being responsible for all that goes, again, the small audience of people I know personally lets me explain that it’s all “best effort”. That said, I do take my own backups and high availability seriously and they benefit from that.
Note that you don’t know what the hosters know, store and/or sell about you.
There is no way to be 100% sure, but:
It’s a solution for me. 🤷
He’s right we need laws. He’s wrong that it’s a relief valve or that we take pressure off the heinous privacy violators. We aren’t even a rounding error to them. They don’t care.
The same argument could have been used a century ago to claim that everyday people would never switch from trains to private cars, because the effort and cost of maintaining a car exceeds the skill and interest of most travelers. That may have been true at one point, and may be true again in the future—but it’s contingent on changing circumstances, not a categorical truth.
Nah, self-hosting is still a solution. And when I self-host, I don’t even need an internet connection to access my files, movies, photos, security cameras, etc.
Yes, we can fix privacy laws, and put in a lot of faith that they will be followed or that our data won’t be lost/sold. But I think everyone benefits when they are in control of their own data.
What we need are more accessible self-hosting options so that even computer n00bs can set up and cut ties with these mega corps.
before I read the article, I wholeheartedly disagree with the title.
Self-Hosting not only brings control back into your own hands, but also hones your skills at the same time.
OK so after reading I do agree partially with the regulation aspect, but from a privacy POV all of that is fixed by just not storing PII, I run multiple services in my stack, and the most info I collect on someone is their email, which they defo could just opt out of which I would delete off the system.
As for the cost and labor. It’s really not that difficult, my stack consists of Game servers (a mix of them primarily survival based like ark), email hosting for myself and some friends + no reply services for other internal services, my media stack, my file server, the firewall, a reverse proxy manager and my own programming projects/sites. Honestly the hardest part was the networking aspect of it, learning how to use proxmox was a trip because I hadn’t used a containerized environment before outside of docker.
I think this articles being disingenuous with the no paycheck, there is more to Value than a paycheck. My self hosting while I may not be being paid for it, if I were to put my current setup on to remote hosting I would probably be paying roughly $150 to $200 a month for a private VPS this system allowed me to just spend $700 as a one-off and then minor maintenance costs if something failed, which for a project I intend to keep running regardless its the cheaper option.
As for the ideology of decentralization, yes there is some issues in regards to reliability, obviously these smaller side projects for self hosting aren’t going to have the redundancies that the “proper” hosting is going to have. Like for example just last night my service went down because I lost power for about an hour and a half and my battery standby only had enough power for about 45 minutes of it. Being as most of my stuff is more personal based I’m not too concerned about the downtime but I could definitely see if it was a large scale project like a lemmy server it would be a little more distasteful.
I think it’s not as much as we expect everyone to host theirs themselves, but that it’s possible at all so multiple companies can compete without having to start from scratch.
Sure there will be hobbyists that do it, but already just on Lemmy users already have the freedom of going with lemmy.ml, lemmy.world, SJW, lemm.ee and plenty more.
It’s about spreading the risk and having alternatives to run to.
I’m confused because the article talks about self hosting on a VPS and how many self hosted services could stand up to legal action?
That sounds like it’s describing running a public service for others. Self-hosting IMO is running something for yourself, it doesn’t even need to be on the public internet 99% of the time.
Running a service for others is just plain old hosting.