cross-posted from: https://compuverse.uk/post/5020

Preamble- I’m new to the fediverse, and I want some help. I’m trying to regain some of my privacy and data sovereignty, and I have recently gotten into self-hosting. I haven’t been on social media for over a decade, except for Reddit, and that was mostly as a passive lurker. I just started getting more active on there this past year, and now they’ve turned me away with their shenanigans. I’m trying to get into federated communications to still have access to useful information while protecting my identity and data.

Goals- I’m thinking that I want to set up my own Lemmy instance, as well as my own xmpp server (like prosody), and switch over to jmp.chat. I also have my own domain.

Concerns- I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use. However, I also don’t want to expose my domain (Why not? I don’t know. I’m completely new at this and until I learn more, I’m playing it cautious)

Questions- So, if I spin up my own Lemmy instance, doesn’t that expose my domain,since my username will be username@my-domain.com? Is this the same for an xmpp server? One main reason to spin up my own xmpp server is to own my account for xmpp communications. However, can I tie that to my jmp.chat account, or would they need to be separate.

I kind of feel like a boat without an oar at the moment, and I’m not even sure if I’m asking sensical questions, but hopefully there’s enough light in my ramblings to give you all a sense of my goals. Any help would be appreciated.

  • paperemail@links.rocks
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    If I spin up my own instance, won’t that expose my domain, since my username will be @username@example.com ?

    Yes (click on my username for example).

    What are your reasons for not exposing your domain? And why do you want to set up your own instance?

    If you don’t want that, just make an account at another instance. There’s a few big ones to choose from, I think.

    (I have no idea if this is true for xmpp too)

    If you do setup your own server. Please make sure you automate regular backups and put them somewhere safe. Otherwise you might loose all your stuff.

    • Ceedling@compuverse.ukOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      My main thinking is that I don’t know what I’m doing, and I don’t want to unnecessarily open myself up to threats.

      As an example, many people will post their personal information on social media. They think ‘why not? What harm can it do when I talk about my favorite teacher, or the street I grew up on, or my first date? What harm can that do?’ (Not realizing these are common answers to security questions) or ‘Why not talk about my big vacation coming up?’ (Not realizing they’re letting thieves know when their house is going to be vacant) People reveal information about themselves all the time online without a second thought because they can’t personally see the danger. I can’t personally see a problem with using my domain in this way, but I would prefer to check with those more experienced than me before I learn the hard way that I made a bad choice.

      I hope that makes sense, and I appreciate any expertise you offer.

      • paperemail@links.rocks
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Those are very good things to think about; I agree with all of that.

        None of the suggestions I made cover what actual information you (or your users) share ont the platforms (lemmy, mastodon etc).

        As long as you federate with other servers (I.e. allow content to be shared with other servers, like how my account on my own server can comment on a post from the server you’re using), all the information posted on the platform should be considered 100% public.

        If you want a place for just your friends, without talking with other instances, you should keep federation off.

    • paperemail@links.rocks
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use.

      That’s a noble goal; but you’ll have to think about what kind of adversaries you want to protect yourself (and your users) from.

      E.g. if you don’t want to link your lemmy account to your government name you of course won’t use your real name, but you’ll also need to anonymize the WHOIS data of the domain, since that’s public information.
      Not all domain registrars allow this.

      And depending on how far you want to take this, you might also want to buy the server anonymously.

      All of that doesn’t even touch the security of the actual server, lol. Some pointers for that:

      SSH

      • use keys for to login, not passwords
      • use a different port than 22 (it’s not more secure, but will reduce noise in the logs)
      • install fail2ban (temporary blocks ips after a few failed attempts)
      • make SSH only reachable from your home IP with a firewall

      HTTP/S:

      • use a caddy or nginx proxy in front of anything that talks http.
      • use letsencrypt certificates (and check renewal is working)
      • use proper SSL settings: https://ssl-config.mozilla.org/

      VPS hosting:

      • setup 2FA for your login

      Monitoring: You can get very detailed, but try to cover at least the following:

      • uptime (request your lemmy homepage)
      • disk usage over 80%
      • SSL certificate expiration
      • Ceedling@compuverse.ukOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah, I have done research on all of that before, but so far, I’ve just stuck with tailscale as a safe way to traffic my data. I’m going to have to do more research on each of these items again and figure them out. Any good resources you know of?