Preamble- I’m new to the fediverse, and I want some help. I’m trying to regain some of my privacy and data sovereignty, and I have recently gotten into self-hosting. I haven’t been on social media for over a decade, except for Reddit, and that was mostly as a passive lurker. I just started getting more active on there this past year, and now they’ve turned me away with their shenanigans. I’m trying to get into federated communications to still have access to useful information while protecting my identity and data.
Goals- I’m thinking that I want to set up my own Lemmy instance, as well as my own xmpp server (like prosody), and switch over to jmp.chat. I also have my own domain.
Concerns- I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use. However, I also don’t want to expose my domain (Why not? I don’t know. I’m completely new at this and until I learn more, I’m playing it cautious)
Questions- So, if I spin up my own Lemmy instance, doesn’t that expose my domain,since my username will be username@my-domain.com? Is this the same for an xmpp server? One main reason to spin up my own xmpp server is to own my account for xmpp communications. However, can I tie that to my jmp.chat account, or would they need to be separate.
I kind of feel like a boat without an oar at the moment, and I’m not even sure if I’m asking sensical questions, but hopefully there’s enough light in my ramblings to give you all a sense of my goals. Any help would be appreciated.
Edit— for those wondering why I don’t want to expose my domain: As an example, many people will post their personal information on social media. They think ‘why not? What harm can it do when I talk about my favorite teacher, or the street I grew up on, or my first date? What harm can that do?’ (Not realizing these are common answers to security questions) or ‘Why not talk about my big vacation coming up?’ (Not realizing they’re letting thieves know when their house is going to be vacant) People reveal information about themselves all the time online without a second thought because they can’t personally see the danger. I can’t personally see a problem with using my domain in this way, but I would prefer to check with those more experienced than me before I learn the hard way that I made a bad choice. I do appreciate you all taking your time to contribute your thoughts.
Yeah, that won’t really work while keeping everything “secret”.
I would recommend getting one of XYZs 10digit domains for $1/year, and use a cheap old pc or such as hosting that’s completely separated from the rest of your network (by firewalls is enough, you wanna go even more hardcore you could get a 4g modem to run a completely separate network, but that would be a lot more work and pricier for a fraction of what’s gained).
This way your personal domain stays hidden, and any outside threat only gains access to your Lemmy host.
That’s a good idea. Thanks for the suggestion!
Lemmy.doesnt make the most sense from a privacy standpoint, since anything you post is going to be replicated across dozens, if not hundreds of instances. Instances should respect a delete action, but this is not necessarily guaranteed.
Of course Reddit surely had it’s share of archived threads and API scrapers that preserved deleted content, but there’s no improvement in this respect, I thought it would be worth pointing out.
you can’t keep your hosting domain “secret” lol. if you make your own lemmy instance, then the url/domain for that instance will be seen when you post on other lemmy instances.
Yeah, I’m figuring that I have a lot of holes in my knowledge. I’m trying to fill them, but unfortunately its a bumpy road. And while I didn’t think I could keep my domain ‘secret’, I also am concerned about broadcasting it too much, making it more noticeable. I mainly want to use it for private services, so I’m not sure if using it in a more public forum would increase the likelihood of threats.
Imma sound lame but consider working up a threat model.
What’s a threat model?
Pretty much an idea of what you’re trying to avoid or mitigate in specific real terms. Theres more but I’m sure someone with a background in information security could explain it better than I can.
You can simply close signups and remove any public gui/ui unless you’re logged in. and just keep the federating part the same. your domain would still be visible, and people would still be able to post on your communities/threads/posts/etc. but not be able to make an account or whatever on it. At least, theoretically that should be the case…
I’ve been toying with very similar ideas thinking that if I run my own instance I would at least be 100% certain that my account would never be deleted or held hostage by a rouge server admin. But then I would have to deal with the security of my own instance instead, trading one headache for another and I’m not sure that it would be worth it.
This is the battle I’m dealing with, too.
There is no real need to keep your domain a secret. If you spin up a lemmy instance your domain will be connected to any account you create there, and it is the same with xmpp.
Quick off topic - The format of your consultation (preamble, goals, concerns, questions) is novel to me. Where did you learn this?