this post was submitted on 16 Oct 2023

26 points (90.6% liked)

Privacy

31683 readers

573 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Thoughts on selfprivacy.org? (lemmy.ml)

submitted 1 year ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

SelfPrivacy is in "Open beta" and promises to make setup and use of email, messager, password management, video chat and other services simple by leveraging the likes of Hetzner, Cloudflare, and Backblaze.

I stumbled on the app while browsing the F-droid app "store" and had never heard of them. I think the proposition is neat and while I'm comfortable hosting most of these services myself, my curiosity has been piqued. Searching for it elsewhere on the web as far as privacy rating, reviews, etc has left me empty handed. I dont' know if they're just too new or not. So I'm curious if anyone has tried them out or looked into it further.

all 14 comments

sorted by: hot top controversial new old

[–] [email protected] 19 points 1 year ago* (last edited 1 year ago) (2 children)

You can do all of that on your own.

OR, you can create a single attack vector that can potentially be exploited and put everything at risk, at the same time.

If you've ever worked in, or adjacent to, IT, then you've heard the phase "single pane of glass", meaning you can manage all your infrastructure, or IOT, through a single terminal/UI.

This is basically a single pane of glass that you're getting through a side loaded repo, to manage your entire digital life. That means it can also become a single pane of glass for anyone able to exploit that application i.e. supply chain attack, phone AND/OR app specific vulnerabilities, etc.

[+] [email protected] 4 points 1 year ago (2 children)

[deleted]

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Not really, sort of, but different threat models IMO.

The app this thread was about is asking to become a single pane for external services e.g. cloud, which is why it requires your Hertzner API.

For the following, I'm reaching into my memory hole, so definitely check elsewhere to confirm before doing anything.

FreedomBox, if I recall, is basically Debian Linux with a variety of self-hosted tools that are easily configurable e.g. Media servers, torrents, NextCloud, etc. It's been around for a while and I don't recall ever hearing anything bad about the project.

Ultimately, sure, you're still trusting the maintainers to some degree, like with any distro/spin, but that's a judgement you'll have to make for yourself.

If you're going to use Freedom box for all of your most critical and private parts of your digital life, then you should probably weigh the risks more heavily, than if you're just going to make it a media and torrent box.

[–] [email protected] 1 points 1 year ago (1 children)

Anything with "Freedom" in its name sounds sketchy.

[–] [email protected] 2 points 1 year ago

The other side of that being Security through Obscurity.

If you're not running all your stuff through a major well-known host like Google or Amazon you're less likely to be a target than if you're just self-hosting.

Supposedly Google and Amazon have "good" security, but they still get hacked.

[–] [email protected] 10 points 1 year ago (1 children)

I tried them a couple days ago, got to setting up Hetzner API, had my account rejected a bunch of times, found out Hetzner team is infamous for rejecting new accounts and cancelling old accounts by the whims of their 'protection systems', realized the only other hosting option supported by SelfPrivacy is Digital Ocean, noped out of it all

[–] [email protected] 3 points 1 year ago (2 children)

They reject new accounts because they are really cheap and reliable so people abuse their system.

[–] [email protected] 2 points 1 year ago (1 children)

I get the reason behind it, and support it too, but it doesn't make a good impression when your account gets rejected despite every information being correct just because you signed up using a VPN (I can't verify that VPN is the reason, but it has been suggested elsewhere to be a cause for suspicion on their part).

[–] [email protected] 2 points 1 year ago (1 children)

Yes but if you think about it, you are not the only one trying to register with the same IP with hetzner that's why the system triggers the ban.

[–] [email protected] 1 points 1 year ago (1 children)

That wouldn't make sense either, because the user literally has to provide them all kinds of personal information in order to register. And no matter which IP address is being used to register, the user still has to pay to even use their service. So rejecting accounts simply because the registration was done via VPN is, in the best case scenario, overkill.

Don't get me wrong though, I have nothing against them; I just don't think their anti-spam measures are anywhere as good as they need to be, and their responses towards people complaining about them indicate that they wouldn't bother trying to make it better.

[–] [email protected] 1 points 1 year ago

Yes you are right their antispam measure is very aggressive but I think plenty of bad actors have abused the service before that's why its like that.