31 Dec 2016

A Guide to Self-Hosting Your Online Services

Take charge of your data by self-hosting email, chat, file sync, and more.

In a post-PRISM world, you've probably accepted the fact that the NSA, CIA, or some other three-letter agency will read your email, text messages, smartphone pictures, and basically anything else you send over the internet. And if it's not the government spying on you, it will be some monolithic corporation like Google or Facebook eager to catalog every minutia of your digital life so they can sell it to whatever advertising company comes along.

Many of the digital protocols in use today—such as email, XMPP, and CalDAV—were originally designed with self-hosting in mind. In ages past, universities, large companies, and even some nerdy individuals hosted their own mail servers and the like. It's only recently that we have traded our privacy for the walled-garden convenience of letting advertising companies handle all our data. Every online service costs some amount of money to operate, so if you aren't paying for it, then you are the product.

In this guide, I will share the steps I have taken to take back my family's digital privacy. By self-hosting online services like email, chat, file synchronization, calendar/contacts sync, and more, you can be the master of your data—and most of the time, your homegrown solution will work better than proprietary alternatives. All it takes is a little work, and I've already done the hard part for you.

The downside: it takes time and effort to get this stuff up and running. It's fairly set-and-forget once you've configured everything, but you're essentially signing up to be your own Systems Administrator. Nerds and techies will probably view it as a fun side project, but it's definitely not for everyone.

What You'll Need

Some Notes on Security

Along the way, I will point out some common-sense security measures you can take to keep government agents and attackers from pwning your system. However, only you can judge the security requirements and risk tolerance for your circumstances. The advice I give you may prevent a script kiddie from brute-forcing your password, but it's unlikely to prevent a state-sponsored actor from exploiting a zero-day in Postfix to gain access to your system. Ultimately, as long as your server is hosted off-site, you are trusting someone with your data.

Friends of mine have often asserted that my self-hosting efforts are futile, because (1) the government can probably crack most encryption protocols, and (2) most communication goes to someone else using Gmail or Facebook, etc. To this I have the following replies:

  1. Our current situation will never get any better if we continue to hand our private data to governments and corporations on a silver platter. With NSA programs like XKeyscore, our government has a search engine for our private data in Gmail. At least by hosting my own services, I can make their unlawful surveillance a little more difficult.
  2. I do not want my private emails or chat messages scraped in order to facilitate more effective advertisements. I wouldn't let a random corporation go through my postal mail, email is no different.
  3. I do not want to be dependent on the whims of a corporation for the services I depend on. Consider this list of discontinued Google products. Google may have canned Google Reader, but my Tiny Tiny RSS instance is still chugging along.
  4. It is my hope that by documenting my efforts here, we may be one step closer to an automated, open-source solution for average users to host their own online services.
  5. I actually enjoy tinkering with self-hosted software. It's a fun hobby, and it often provides better features than the proprietary alternatives.

With that out of the way, let's get to the guide!

Configuring Your Own Digital Empire

The following links will become available as I get time to write these blog posts. I'll take you through how I've set up each of the services below. I'm running everything on a FreeBSD server, so the instructions will be from a BSD perspective. They should work equally well for most Linux distros with some minor tweaks.