I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:

Communication that can’t be shut down: Matrix, Mastodon, email servers you control

File storage that can’t be subpoenaed: Nextcloud, Syncthing

Passwords that aren’t in corporate databases: Vaultwarden, KeePass

Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome

Code repositories not owned by Microsoft: Forgejo, Gitea

Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:

Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.

If you’re already self-hosting:

Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.

The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.

What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?

EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.

More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:

The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.

The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.

The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.

I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.

  • seshcobar@sh.itjust.worksEnglish
    0·
    1 day ago

    Dude like even 6 months ago Id read your post and would think alright man c’mon…

    But now you are 100% right it’s getting tough and people will only realize when it’s too late. Imagine a far right government with palantir in Europe. That’s pretty much where we are heading and I try my best to get any of my data away from this sphere of influence

  • PeriodicallyPedantic@lemmy.caEnglish
    0·
    1 day ago

    Thank you!

    This is almost exactly my motivation when I recently started my homelab journey. A bit of privacy, but what pushed me over the edge is that I was supporting these anti-social corporations with my money or data, when they went fully mask-off.

  • Zink@programming.devEnglish
    0·
    1 day ago

    Thank you for this post!

    For me, getting into self hosting was nice because of the privacy and tinkering yes, but a huge part of it was just having my stuff work reliably and without enshittification.

    I just set up my Home Assistant server and new Zigbee network in the past few weeks and it’s pretty awesome. Was already using Jellyfin despite having a lifetime Plex pass. Feels good man.

  • ipkpjersi@lemmy.mlEnglish
    0·
    2 days ago

    It’s not just media that doesn’t feed recommendation algorithms - I actually like recommendation algorithms (Jellyseerr does a pretty great job with this), it’s more about having control over my media and it not being taken away randomly. So many times an older show I would want to watch would no longer be “available” so I’d have to download it anyway, with no option of paying to watch for it.

  • xorollo@leminal.spaceEnglish
    0·
    2 days ago

    I tried to set up some services last year and had some trouble getting immich to work through networking. The answer was tailscale. This past Christmas holidays I got nextcloud and immich up. I use nextcloud for my audiobooks and large files I want to keep but not on my phone. Immich for pictures and synching for small files I want synced often like my epub book arks and highlights and Obsidian notes vault.

  • quantumcheap@lemmy.worldEnglish
    0·
    2 days ago

    It’s not often I hear meet others on the same page, but I too see self-hosting as a form of resistance against corporate control and surveillance capitalism. Rather than trying to bring self-hosting to individuals, I’ve steered my efforts towards affecting technological change in groups and organizations instead. While this narrows the pool of those who can set up sovereign infrastructure, it gets more people using the open-source alternatives as part of their collaborative work.

    To support that, I’m building out such an IT reference architecture for nonprofits, activist groups, and communities. The networking model is such that services can be hosted on cheap hardware and accessed through Wireguard tunnels managed by Netbird (and experimenting with Pangolin now). This keeps the servers under positive control of the data owners and uses only one or two VPS instances to handle proxying and accesses. Now, every organization’s requirements are different, but this baseline is meant to be a flexible proof-of-concept that can be adapted to their unique threat model. For example, an org can opt for just using a cloud-hosted service for certain components if the self-hosting burden is too great and their threat model determines it to acceptable.

    The docs are here at https://sts.libretechnica.org/ and the source for the docs and all the Ansible playbooks are at https://gitlab.com/libretechnica/SovereignTechStack/. I invite anyone to contribute, analyze, pick-apart, improve this model. In fact, I’m specifically seeking thoughts on whether this reference model can adequately address the risks and threats that self-hosters face.

    This is the first time I’m sharing this publicly; I was inspired by this post to finally spread awareness of the project and get more like-minded people involved.

    P.S. @h333d Sorry about the people who think your post is gen-AI. I used to proofread stuff all day long before the advent of LLMs, so I quickly recognize artificial text and yours reads nothing like it. I appreciate the time you took to write your post and it was a refreshing read.

  • sj_zero@lotide.fbxl.net
    0·
    2 days ago

    Always has been.

    Even if you like who’s in charge right now, they could change how they act or they could be replaced.

    They could shut us down or do a lot of things, but it’s harder to break 10,000 servers than one.

  • AnimalsDream@slrpnk.netEnglish
    0·
    2 days ago

    On the one hand I do support the existence of open-source self-hostable alternatives to surveillance-capitalist offerings. But at the same time it has been driving me crazy how many things are being shifted toward this server-based architecture. For one example, I want an open-source app that will allow me to import recipes from any text or website automatically. But I want those recipes to save in files, be offline, and I do not want to maintain a whole damn server just to manage my fucking recipes.

    Not everything needs to be web connected by default, and most people have no interest in running any kind of server.

    • xorollo@leminal.spaceEnglish
      0·
      2 days ago

      If your recipes are formatted like markdown, then there are offline notes apps like Obsidian. The new issue becomes keeping your files backed up in case of whatever, and that’s when the self hosted server comes into play. This is a really good usecase for synching which can keep your small recipes files duplicated on your phone and your computer without ever leaving your network.

    • poVoq@slrpnk.netEnglish
      0·
      2 days ago

      If you have a Wi-Fi router in your home you are technically already running a server. With OpenWRT even quite practically, although sadly most routers are slighly too underpowered to do much with them.

      • AnimalsDream@slrpnk.netEnglish
        0·
        2 days ago

        Those same routers that still have problems with security updates, and are frequently the targets of cyber attacks? So how is it in any way a good idea to run entire server stacks, and databases (which throw a wrench in data portability compared to standard file formats), creating so much bloat and unnecessary attack surface, and then making all of these apps network-facing - opening them up to attacks?

        How about instead I just use a standard text editor to save my recipe as a markdown file, and if I need to move it I can either get a usb cord or use Syncthing? Sorry but this whole self host movement is pretty insane.

        • ipkpjersi@lemmy.mlEnglish
          0·
          2 days ago

          I agree with most of what you’re saying, I disagree with the last part of what you’re saying.

          The self-host movement is about taking control away from companies, and running web services locally instead of having to rely on companies for them and pay for them. Most things you can run locally without needing a server, but there are absolutely good use cases for server-based services. Some great examples of this are cloud storage, code repositories, and chat servers. You could run each of those things locally, but they are each improved by running them on a dedicated server designed for 24/7 uptime and centralized access.

  • BCsven@lemmy.caEnglish
    0·
    2 days ago

    Don’t use tailscale, a few years back they moved their server storage from Canada to the USA. Use headscle or wireguard if you are tech savvy

    • irmadlad@lemmy.worldEnglish
      0·
      2 days ago

      While true, only partially.

      • United States Ashburn, Chicago, Dallas, Denver, Honolulu, Los Angeles, Miami, New York City, San Francisco, Seattle
      • Australia Sydney
      • Brazil São Paulo
      • Canada Toronto
      • Finland Helsinki
      • France Paris
      • Germany Frankfurt, Nuremberg
      • India Bangalore
      • Japan Tokyo
      • South Africa Johannesburg
      • United Kingdom London
      • Others Various locations in other regions, including Asia and Europe
      • BCsven@lemmy.caEnglish
        0·
        2 days ago

        Are these relays? I think their announcement was data server, which means USA govt would have all your tailscale keys if they decide to keep going on the fascism.

        • irmadlad@lemmy.worldEnglish
          0·
          2 days ago

          data server

          Here is the way I understand Tailscale to work. Feel free to correct any misinformation.

          Tailscale doesn’t operate ‘data‑center’ servers that store or forward your traffic.

          • Control plane: Holds device metadata, public keys, ACL policies, and the DERP map. It is a small, highly available service that all clients contact only when they start up or need a policy update. Tailscale runs this service on a handful of cloud providers (primarily AWS and GCP) in the United States. TThe service carries no user data. Only control information.

          • Data plane: Carries the actual packets between your devices. After the control plane tells two devices how to reach each other, they open a direct WireGuard tunnel that is end to end encrypted. There are no dedicated ‘data servers’. Traffic travels directly between the peers. If a direct path can’t be established because of strict NATs or firewalls, the connection falls back to a DERP relay. The DERP relays are the only servers that ever carry user payload.

          However, to keep with your fear of the US having all your Tailscale keys, what makes you think that Australia, Brazil, Canada, Finland, France, Germany, India, Japan, or the UK wouldn’t/couldn’t do the same? I’m no shill for Tailscale. AFAIC, you can either use the service or not. Your choice, no skin off my back. I’m just curious how far the paranoia rabbit hole goes.

          • BCsven@lemmy.caEnglish
            0·
            2 days ago

            Based on current USA actions, I have more faith in my own country and allies. The account info and control plane is what I mean, it could get compromised being under US control where they don’t seem to Ned warrants anymore

            • irmadlad@lemmy.worldEnglish
              0·
              1 day ago

              Understandable. I don’t know what your threat model is. I don’t trust any of them except to do what is in their best interest, globally. However, there is nothing stopping Australia, Brazil, Canada, Finland, France, Germany, India, Japan, UK, or even your country, from doing the very same thing. Governments make laws for citizens, not themselves. Everything can be compromised at any time a government decides to. That is the reality of it all. If I am going to have to hide my online activities from a government in 2026, then game over, and there’s not a damn thing I could/can do about it. I’ll just unplug, and live out the rest of my life in the seclusion of my farm/compound.

  • merc@sh.itjust.worksEnglish
    0·
    2 days ago

    Communication that can’t be shut down: Matrix, Mastodon, email servers you control

    Uh, those can all be shut down. You may control the server but you don’t control the datacenter the email server lives in, unless you’re hosting out of your house, which is a bad idea. You also don’t control the pipes to and from these servers. There have been many plans over the years requiring that ISPs ban users who are accused of copyright infringement. And, even if you don’t infringe copyrights, we all know about how the DMCA can be weaponized against people who have done nothing wrong.

    File storage that can’t be subpoenaed: Nextcloud, Syncthing

    Sorry, your own file storage can be subpoenaed, you just don’t have a lawyer on call to help you through the process. If you think “haha, I’ll just delete the data”, you can be in much worse trouble. AFAIK in some cases the judge / jury are allowed to assume that evidence that you deleted was incriminating.

    I self-host things and think it’s a good idea. But, don’t go overboard with how good it is. It’s still vulnerable to government and corporate actions. in many cases you’re more vulnerable because you’re on your own, you probably don’t have a lawyer on retainer, etc.

    • rmrf@lemmy.mlEnglish
      0·
      2 days ago

      I am not your lawyer and this is not legal advice for you or anyone who reads this.

      Nextcloud encrypts data e2e, so your point there is misguided and not really relevant. You can’t be compelled to provide a password/decryption key as long as it doesn’t exist as physical evidence. This is why lawyers advise clients to use a PIN instead of face ID or fingerprints; biometrics, like all physical evidence, can be subpoenad.

      Self hosting services like matrix or email is a bad idea if you don’t really understand what you’re doing, like many other things. If you keep you stuff updated and are intelligent in how you structure your network there’s not really anymore risk here than paying someone else to host it. If you keep you stack simple and follow best practices, code and configurations written by industry experts do most of the heavy lifting.

      • merc@sh.itjust.worksEnglish
        0·
        1 day ago

        This is why lawyers advise clients to use a PIN instead of face ID or fingerprints

        That’s because cops don’t need a warrant if you use a face or fingerprints, but they do if you use a PIN. What you’re talking about is for protection against casual, warrantless searches.

        What I’m talking about is a subpoena where you’re required to present evidence. The fact that it’s encrypted is irrelevant. If the data is subject to a subpoena it doesn’t matter if you store it encrypted or unencrypted, you’re still required to present it to the court.

        If you keep you stuff updated

        Keeping stuff updated is a chore, and it can take hours out of your week, often when you don’t expect it or don’t have time. When that’s someone’s full time job and they’re updating it for hundreds, thousands or millions or people, there’s a better chance they do it right, and a much better chance that they do it in a timely fashion.

        I am not your lawyer and this is not legal advice for you or anyone who reads this.

        I hope you’re not anybody’s lawyer, with your lack of knowledge of the law. Did you graduate from Dunning-Kruger law school?

  • Disillusionist@piefed.worldEnglish
    0·
    2 days ago

    Thank you for kicking this hornet’s nest. There is a lot of great info and enthusiasm here, all of which is sorely needed.

    We have massive and widespread attention paid to every cause under the sun by social and traditional media, with movements and protests (deservedly) filling the streets. Yet this issue which is as central and crucial to the notion and practice of freedom itself as any rights currently being fought for (as it intersects with each of them in very clear and direct ways), continues to be sidelined and given the foil hat treatment.

    Discussions around disinformation, political extremism, and even mental health all can not be adequately had without addressing our technical and digital context, which has been hijacked by these bad actors, robber barons selling us ease and convenience and promises of bright, shiny, and Utopian futures while conning us out of our liberty.

    With the widespread, rapidly declining state of society, and the dramatic rise and spread of technologies like AI, there has never been a more urgent need to act collectively against the invasive practices violating our most fundamental human rights.

    Those of you whose eyes are open to this crisis are needed. Your voices are too absent from the discussions surrounding the many problems and challenges we face at this critical moment. Public awareness is needed for any real hope of change to occur.

    As many of you have pointed out, the most immediate step people need to take is disengagement with the products and services that are surveiling, exploiting, and manipulating us. Deprive them of both your engagement and your data.

    Keep going, keep resisting, do the small things you can do. As the saying goes, small things add up over time. Keep going.