this post was submitted on 12 Jun 2023
168 points (98.8% liked)

Selfhosted

40718 readers
506 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 2 years ago (1 children)

The basic assumption every privacy-concerned person should have about email is that it's never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

I use ProtonMail because it's not a massive corpo and it's open source, but I don't believe that my emails are significantly more secure than on a service like Exchange or Gmail.

[–] [email protected] 3 points 2 years ago (1 children)

This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

There is no perfect solution, just different levels of trust. That is right, if I want to be "secure" I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

[–] [email protected] 3 points 2 years ago (1 children)

Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

You can always find reasons to not trust some piece of tech hardware or software. It's all too complex and multifaceted to fully vett, and even when you can do that, there isn't anything that isn't touched in some way by mega-corps or glowie agencies.

Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

It's "all or something" not, "all or nothing." Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

[–] [email protected] 3 points 2 years ago (1 children)

This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

The only way to change governments and mega-corps is to make it unprofitable when they do the things we don't like, or make it so doing the right thing makes them lots of money.

Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

[–] [email protected] 3 points 2 years ago* (last edited 2 years ago) (1 children)

I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

Embrace, Subvert, Accept.

For any task I do currently or want to do, I apply this process:

I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

If there isn't a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

If I can't do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

[–] [email protected] 3 points 2 years ago (1 children)

This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.

[–] [email protected] 2 points 2 years ago (1 children)

For sure! Yeah FOSS is an endless well of cool stuff, you can go infinitely deep lol.

[–] [email protected] 2 points 2 years ago (1 children)

I am the most comfortable in rabbit holes.

[–] [email protected] 2 points 2 years ago