I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.
Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.
Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers. Most of their customers are for internal use by companies which don’t care about relying on SaaS products. But if you self-host for resilience, using Tailscale doesn’t make much sense without also self-hosting the control server through the unofficial headscale implementation.
Like all the “selfhosters” and their Cloudflare proxies lmao.
just use wireguard. :/
Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
It’s on my list. Unfortunately, it’s a really long list.
Dude like even 6 months ago Id read your post and would think alright man c’mon…
But now you are 100% right it’s getting tough and people will only realize when it’s too late. Imagine a far right government with palantir in Europe. That’s pretty much where we are heading and I try my best to get any of my data away from this sphere of influence
Great post, can’t agree more.
But instead of relying on Tailscale (US company) I use plain mTLS for securing my services. It’s about the same security level, but without active vpn clients drawing energy and without external dependency.
Works really great, can definitely recommend it.
Don’t stop at self-hosting. We need all forms of community building, from organizing like-minded people to gardening, off-grid energy, etc.
On the one hand I do support the existence of open-source self-hostable alternatives to surveillance-capitalist offerings. But at the same time it has been driving me crazy how many things are being shifted toward this server-based architecture. For one example, I want an open-source app that will allow me to import recipes from any text or website automatically. But I want those recipes to save in files, be offline, and I do not want to maintain a whole damn server just to manage my fucking recipes.
Not everything needs to be web connected by default, and most people have no interest in running any kind of server.
If your recipes are formatted like markdown, then there are offline notes apps like Obsidian. The new issue becomes keeping your files backed up in case of whatever, and that’s when the self hosted server comes into play. This is a really good usecase for synching which can keep your small recipes files duplicated on your phone and your computer without ever leaving your network.
Synthing does not use a server based architecture.
If you have a Wi-Fi router in your home you are technically already running a server. With OpenWRT even quite practically, although sadly most routers are slighly too underpowered to do much with them.
Those same routers that still have problems with security updates, and are frequently the targets of cyber attacks? So how is it in any way a good idea to run entire server stacks, and databases (which throw a wrench in data portability compared to standard file formats), creating so much bloat and unnecessary attack surface, and then making all of these apps network-facing - opening them up to attacks?
How about instead I just use a standard text editor to save my recipe as a markdown file, and if I need to move it I can either get a usb cord or use Syncthing? Sorry but this whole self host movement is pretty insane.
I agree with most of what you’re saying, I disagree with the last part of what you’re saying.
The self-host movement is about taking control away from companies, and running web services locally instead of having to rely on companies for them and pay for them. Most things you can run locally without needing a server, but there are absolutely good use cases for server-based services. Some great examples of this are cloud storage, code repositories, and chat servers. You could run each of those things locally, but they are each improved by running them on a dedicated server designed for 24/7 uptime and centralized access.
My problem isn’t with open-source online services existing. Of course some things are inherently net-based. My problem is with the way everything is being done as a server even when it’s completely unnecessary. Syncthing alone - which is not server-based btw - is more than enough to take care of cloud needs for everything from calendars, to photos, recipes, text files, password databases, and more.
Hell, it’d actually be pretty interesting if someone did come up with a way to make a e2e chat client that works through Syncthing.
My point is I just want to download an app, have that app convert a recipe webpage into its own standard format, and then save that file on my own device. I do not want to deal with the hassle of getting Docker installed and working, nor to have it gobble up tons of computer resources just to do that one simple thing.
It’s not often I hear meet others on the same page, but I too see self-hosting as a form of resistance against corporate control and surveillance capitalism. Rather than trying to bring self-hosting to individuals, I’ve steered my efforts towards affecting technological change in groups and organizations instead. While this narrows the pool of those who can set up sovereign infrastructure, it gets more people using the open-source alternatives as part of their collaborative work.
To support that, I’m building out such an IT reference architecture for nonprofits, activist groups, and communities. The networking model is such that services can be hosted on cheap hardware and accessed through Wireguard tunnels managed by Netbird (and experimenting with Pangolin now). This keeps the servers under positive control of the data owners and uses only one or two VPS instances to handle proxying and accesses. Now, every organization’s requirements are different, but this baseline is meant to be a flexible proof-of-concept that can be adapted to their unique threat model. For example, an org can opt for just using a cloud-hosted service for certain components if the self-hosting burden is too great and their threat model determines it to acceptable.
The docs are here at https://sts.libretechnica.org/ and the source for the docs and all the Ansible playbooks are at https://gitlab.com/libretechnica/SovereignTechStack/. I invite anyone to contribute, analyze, pick-apart, improve this model. In fact, I’m specifically seeking thoughts on whether this reference model can adequately address the risks and threats that self-hosters face.
This is the first time I’m sharing this publicly; I was inspired by this post to finally spread awareness of the project and get more like-minded people involved.
P.S. @h333d Sorry about the people who think your post is gen-AI. I used to proofread stuff all day long before the advent of LLMs, so I quickly recognize artificial text and yours reads nothing like it. I appreciate the time you took to write your post and it was a refreshing read.
Thank you for kicking this hornet’s nest. There is a lot of great info and enthusiasm here, all of which is sorely needed.
We have massive and widespread attention paid to every cause under the sun by social and traditional media, with movements and protests (deservedly) filling the streets. Yet this issue which is as central and crucial to our freedoms as any rights currently being fought for (it intersects with each of them directly), continues to be sidelined and given the foil hat treatment.
We can’t even adequately talk about things like disinformation, political extremism, and even mental health without addressing the role our technologies play, which has been hijacked by these bad actors, robber barons selling us ease and convenience and promises of bright, shiny, and Utopian futures while conning us out of our liberty.
With the widespread, rapidly declining state of society, and the dramatic rise and spread of technologies like AI, there has never been a more urgent need to act collectively against these invasive practices claiming every corner of our lives.
We need those of you recognize this crisis for what it is, we need your voices in the discussions surrounding the many problems and challenges we face at this critical moment. We need public awareness to have hope of changing this situation for the better.
As many of you have pointed out, the most immediate step we need to take is disengagement with the products and services that are surveiling, exploiting, and manipulating us. Look to alternatives, ask around, don’t be afraid to try something new. Deprive them of both your engagement and your data.
Keep going, keep resisting, do the small things you can do. As the saying goes, small things add up over time. Keep going.
[Edited slightly for clarity]
I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It’s especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.
As for me, I’m running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.
Quick question. Home assistant.
We are hooked on “Hey Google turn off the lights”
Is there a way to remove the Google from that but still use the voice aspect?
Edit: great!!! Thanks for the direction folks!!!
Yes, Home Assistant has this.
https://rhasspy.readthedocs.io/en/latest/
Works great. My biggest challenge was finding a decent microphone setup and ended up like many do with old Playstation 3 webcams. That was a while back and I would guess it’s easier to find something more appropriate today.
Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.
Running that stack for your inner circle is essentially building a “digital mutual aid” node. You’re taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That’s the work.
Can your neighborhood communicate when the Internet goes down like Iran?
By… Stepping outside and talking to people? I think all neighborhoods have that ability, even if we don’t really use it much.
The average person doesn’t understand anything about technology and probably won’t even be able to install an operating system. The Internet literally became what it is now precisely because everything was left to corporations. For example, sip telephony is as decentralized and secure as possible, but how many people keep their own telephone exchange? therefore, it is more realistic for the average person to simply use services outside the jurisdiction of the state than to install something on their own. In some countries, it is also illegal to engage in self-hosting.
but if we talk about people who are interested enough, then yes, you can do self-hosting. However, people who are ready to understand at least a little, for example, according to the latest steam statistics, make up about 5% of the total mass.
Honestly, you’re right about the skill gap, the convenience trap is exactly how Big Tech won in the first place, but I don’t think the goal is to turn every single person into a sysadmin. My time teaching at the library with the Cyber Seniors program showed me that people don’t need to know how to flash an OS to deserve privacy, they just need a doorway that isn’t owned by a corporation.
If the 5% who actually know how this stuff works start building “community nodes” for their family, their block, or a local shop, then the 95% get all the benefits without the technical headache. We don’t need everyone to be an expert, we just need enough local infrastructure so that “the cloud” isn’t the only option left. It’s not about total purity for everyone, it’s just about building enough exit ramps so the machine becomes optional, you know?
so you’re suggesting storing sensitive data, work documents, passwords, not from a company with which there are at least some legal agreements, but from a neighbor, simply because you see him from time to time? what could possibly go wrong…
UPD: By the way, if we are talking about a state, your neighbor will be approached in the same way as Google, because everyone in the country obeys the same laws.
You’re hitting on the two biggest myths of the current era: that “legal agreements” with giants actually protect you, and that a neighbor is a bigger risk than a faceless corporation.
First, when a tech giant gets a broad subpoena, they don’t fight it for you; they automate the handover because you’re just a line in a database of billions. When you host locally, you’re a specific node. If the state wants your data from a private server, they have to physically knock on a specific door. That is a massive increase in the “cost of surveillance” compared to a silent API request sent to a corporate data center.
Second, this isn’t about “trusting a neighbor” with your plaintext data. In a proper sovereign setup, the data is end-to-end encrypted. I can host your Vaultwarden or your Nextcloud backups, but I don’t have the keys; I’m just providing the “digital real estate.” It’s the difference between giving someone your house keys and just letting them provide the land your safe sits on.
The goal isn’t to make law enforcement impossible; it’s to make the “dragnet” impossible. If they want one person’s data, they have to work for it, rather than just pulling it from a corporate warehouse.
I do not know about Amazon, but in telephony you simply have to install a threat management system in accordance with the law. I think Amazon has the same thing. if there is a court decision, the servers will be arrested or a request for data will be received. It’s exactly the same thing.
what is configured on the server may or may not be enabled. and your neighbor just knows some of your data (your name, address, etc.), which increases the likelihood of an attack. To an Amazon engineer, you’re just bytes out of nowhere.
the normal story would be to encrypt everything on the client before anything gets to the server at all. but who exactly is going to bother so much? in this case, you might as well upload a bunch of encrypted data to Google.
Actually, you’re exactly right about client-side encryption being the answer, and that is the standard we are pushing for. But the reason you don’t just dump those encrypted files into a Google Drive is because of the metadata. Even if Google cannot read your “letter,” they are still mining the “envelope,” they know when you wrote it, where you were, and who you sent it to. In 2026, metadata is often more dangerous than the content itself because it is so easy to automate into a threat profile.
As for the law, you’re right that a court order is a court order, but there is a massive difference in the “cost of surveillance.” Big tech companies have dedicated departments to automate data handovers for thousands of users at a time; it is a streamlined pipeline. A private server forces the state to slow down, to get a specific warrant for a specific physical machine, and to actually do the legwork. It turns a massive dragnet into a targeted investigation, which is exactly how the system is supposed to work.
And regarding the “Amazon engineer” versus a neighbor, an engineer might not know my name, but the Amazon algorithm knows my pulse, my politics, and my habits better than anyone. If I use E2EE, the person hosting the hardware doesn’t have the keys anyway, so they are just a landlord for my digital safe, not a spy.
Thank you for this post!
For me, getting into self hosting was nice because of the privacy and tinkering yes, but a huge part of it was just having my stuff work reliably and without enshittification.
I just set up my Home Assistant server and new Zigbee network in the past few weeks and it’s pretty awesome. Was already using Jellyfin despite having a lifetime Plex pass. Feels good man.
In the spirit of OP’s post:
Do we have a good repository of good guides that can walk noobs through from 0-100?
To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check
This is the world we live in. If you can actually string words together into grammatically correct sentences, then you are AI. It matters not whether you are or you aren’t. Like the witch hunts of Salem, all that is necessary is the accusation. I personally don’t care if you used AI, the message resonates. Don’t let 'em give you shit about your pony tail.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System IP Internet Protocol LXC Linux Containers NAS Network-Attached Storage NAT Network Address Translation NUC Next Unit of Computing brand of Intel small computers PiHole Network-wide ad-blocker (DNS sinkhole) Plex Brand of media server package PoE Power over Ethernet SMB Server Message Block protocol for file and printer sharing; Windows-native SSD Solid State Drive mass storage Unifi Ubiquiti WiFi hardware brand VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) Zigbee Wireless mesh network for low-power devices
16 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #989 for this comm, first seen 10th Jan 2026, 03:15] [FAQ] [Full list] [Contact] [Source code]
In a fascistic enough world where this would matter, people who abstain from the system are automatically flagged to be shot too, just fyi. You gotta also fill the normie services with conformist content to not become a detected anomaly if you really want to do it properly.
This is the “Gray Man” strategy. If you have zero digital footprint in 2026, that absence of data becomes a data point itself. Anomalies get investigated.
I think we need to separate Camouflage from Logistics.
I’m not suggesting you delete your digital existence and live in a Faraday cage. By all means, keep the normie accounts. Post the cat photos on Instagram. Keep a Gmail address for the spam. Feed the algorithm just enough “conformist” content to look boring. That is your camouflage.
But Resistance Infrastructure isn’t about hiding, it’s about capability.
It’s about ensuring that when the “system” decides to de-platform your community group, or lock your bank account, or shut off the internet in your region during a protest, you still have a way to function.
It’s not just media that doesn’t feed recommendation algorithms - I actually like recommendation algorithms (Jellyseerr does a pretty great job with this), it’s more about having control over my media and it not being taken away randomly. So many times an older show I would want to watch would no longer be “available” so I’d have to download it anyway, with no option of paying to watch for it.
