I recently started self-hosting an XMPP server for my friends and family, but when looking for privacy specific guides I can’t really find any. It seems like self-hosting is the baseline way to gain privacy, and with things like Docker and Yunohost it feels within reach for average users to learn enough to do it.
I loved the phone guide that was published here and was able to follow the steps and learn more about phone privacy. So are there any good guides like that but for servers?
I know security is different from privacy, hence why I’m asking specifically for privacy-oriented guides. Thanks in advance, lemmy has always been a fantastic community for helping out newbies!
Edit: More specific questions; is there a way for me to make my host IP address not readily available (I’m hosting in my house, not a VPS), is there a better option for security than using Cloudflare (this one I’m having a hard time with mostly because I still don’t quite understand what Cloudflare does?), I know some other servers say they delete messages from the server and identifying data…how? (I have metronome as the server for XMPP, using Yunohost)
Yes. Some people use Tor’s onion services for that. Otherwise, it’s possible to “borrow” an IP address from somewhere else over a VPN tunnel: it’s more complicated to setup yourself, but plenty of non-profit ISPs offer this service for selfhosting purposes.
Yes. Don’t use CloudFlare. It’s as simple as this, and no alternative is needed. The notable exception is if you receive a DDOS attack, in this case you need specialized anti-DDOS services, but even then you don’t need CloudFlare. I mean when your service grows popular enough to attract a DDOS attack, you can move to a dedicated server in a datacenter with anti-DDOS protections in place.
CloudFlare is a really nefarious company in many regards. People who use CloudFlare usually have no clue they don’t need it AT ALL, that it will prevent privacy-conscious folks and archive crawlers from reaching the site/services, that CloudFlare WILL read the entirety of the communications between the clients and the server including passwords and credit card numbers (that’s the whole point), and that doing so reinforces a really insane power structure where CloudFlare intends to become the only way to access most sites.
For Jabber/XMPP hosting, first you can configure the logs. Then, you can configure MAM retention (see mod_mam on that page) but i’m not sure exactly how metronome deals with these settings. You will have to ask the metronome project on their chatroom grimoire@muc.metronome.im for more details on archive retention configuration.
Did i answer your questions?
PS: cool you’re using yunohost it’s a really great distro