I recently started self-hosting an XMPP server for my friends and family, but when looking for privacy specific guides I can’t really find any. It seems like self-hosting is the baseline way to gain privacy, and with things like Docker and Yunohost it feels within reach for average users to learn enough to do it.
I loved the phone guide that was published here and was able to follow the steps and learn more about phone privacy. So are there any good guides like that but for servers?
I know security is different from privacy, hence why I’m asking specifically for privacy-oriented guides. Thanks in advance, lemmy has always been a fantastic community for helping out newbies!
Edit: More specific questions; is there a way for me to make my host IP address not readily available (I’m hosting in my house, not a VPS), is there a better option for security than using Cloudflare (this one I’m having a hard time with mostly because I still don’t quite understand what Cloudflare does?), I know some other servers say they delete messages from the server and identifying data…how? (I have metronome as the server for XMPP, using Yunohost)
Hello, sorry i don’t know what phone guide you’re referring to (“privacy” and “phone” in the same sentence sound really weird to me), but there’s plenty of resources for “opsec”/“infosec” in a selfhosted context.
Here is a nice list of gamified challenges to reach. In addition, you may want to ensure you have Full Disk Encryption on your server (huge tradeoff: can’t restart the server without entering your passphrase). Riseup also has tons of cool resources in their docs.
Like you admitted yourself, security and privacy are not the same. Running your own selfhosted services will probably leak more metadata than using shared services. For your personal conversations and your friends, it’s a good approach. To organize political agitation against your nefarious nation-state, it’s probably a risky strategy: breaking into your home to backdoor your server is easier and more discreet than to do the same for a shared host like riseup.
If you would like to give more specific about what kind of info you’re looking for then maybe we can provide more detailed answer. Like poVoq said, we are interested to publish more guides on joinjabber.Org (we just started that project) to answer common questions/concerns. We have a draft FAQ (not merged on the website yet) about security concerns, please let me know if it’s informative to you or if you have more questions.
The draft was a really good overview! I’ll be honest, I’m hosting XMPP mostly because I hate the idea of companies specifically spying on me and selling data. So some of the privacy threats like monitoring incoming/outgoing traffic doesn’t bother me too much. And the draft basically says as long as the two devices are encrypted, it shouldn’t be able to be read by anyone intercepting the message? Like if I had to send credit card information it’d be mostly safe to do so?
The Riseup link is going to be a great read for me, and the gamify link gives me a good direction to head towards too! Super helpful!
I edited the original post to include some specific questions thanks for asking for more information. I’m never sure what I should or shouldn’t include in first posts.
That’s a very good reason to selfhost your services! :)
Indeed! However the metadata (who communicates with who, and when) will still be readable by the server.
I personally would not do that, but if you have to sure. I mean transmitting your credit card number over an end-to-end OMEMO-encrypted conversation is probably more secure than giving it away to random webshops.
That’s always a problem :) Welcome around and don’t hesitate to ask more questions