The future is community-hosted
Related Hacker News thread:
You must log in or register to comment.
This is really cool. And I would say a good replacement for current cloud setups. Since it’s unreasonable to expect everyone to self-host. Although I think this could only really be a cost saving measure since there are already services like protondrive that offer end 2 end encryption. And I would probably trust the reliability of proton drive over the community hosting my stuff.
If you do not have physical access, it is not yours. Trust absolutely no one.
I’d love to help community host stuff, but I’m terrified of someone posting cp to a server I have or getting breached.
«legally aquired» lol
Every city should host main public web servicies for its citizens, each one as an instance of a complex system, that’s how anarchy works.
Hi! This is what I’m trying to do with tucson.social. Wish the city would get back to me. I don’t want to own/operate Tucson.social alone perpetually. Lol.
It would allow me to expand to a lot more community services outside of social media, chat, and Meetup platforms.
There’s dozens of us! Dozens!
I agree with the premise that selfhosting is not something the layman can or want to do, but the assumption that self-hosters only host software that serve themselves is very, very dumb, and clearly comes from the mouth of someone who self-hosts out of hate for corporate services (same, though) and not for the love of selfhosting.
He complains that the software he uses can’t handle multi-users, but that sounds like a skill issue to me. His solution is to make his government give him metered cloud services. What he actually wants is software that allows multi-users. What he wants, by extension, is federated services.
The bulk of users on the fediverse are on large, centrally/cloud hosted instances, but the vast majority of instances are self-hosted, and can talk to the centrally hosted instances, serving usually more than the 1 user who’s hosting the instance in their attic.
The author conflates self-hosting with self-reliance, and I understand why, but it’s wrong. If you’re part of this community, you’re probably not some off-gridder who wants nothing to do with society, self-isolating your way out of the problems we face. If you’re reading this, you already know that we don’t have to live on our own individual and isolated paradise islands to escape Big Tech. Federation is the future, but selfhosting is fundamental to that, and not everything can or should be federated. Selfhosting is also the future.
That’s an interesting point…
I’d like to share some (holiday) photos with my friends & family, so I can put those onto Pixelfed / Friendica / etc… I don’t necesarily want to share all the photos…
And that’s using the cloud.
Job Done. The self-hosting + federated cloud future is here!
Rejoice.
The photo sharing complaint I don’t understand, unless immich doesn’t have the option to provide public or password protected share and upload links, which would be a real shortcoming for such app.
I’ve not looked into it properly yet, but - considering this is still free software - I don’t believe that level of granularity exists.
So, if I wanted to share my holiday photos from last week with 1 friend, and the photos from someone’s party to different friends… nope.
The authors approach to not owning anything digital was to attempt self hosting. But the authors reaction to the amount of work was that he shouldn’t own the “self-hosting”? He does not even realize that he’s back to not owning anything
He proposes the cloud be owned by communities, so in a way by everyone. That’s not the same everything being owned by private companies.
In fact, that model (conceptually, though not technically) is how most fediverse software already work
So is he insinuating that communities should have IT people who keep things running for everyone (like a digital librarian of sorts)?
Because that takes time, effort, and money. Like a lot more than one would spend or need for just themselves/family/maybe a couple of friends.
Also, community-run self-hosting just seems like a bad idea from a privacy and legality standpoint. One pirate getting caught isn’t usually so bad (usually a warning or small fine). But once you start distributing, then you’re going from a kiddie pool of consequences into an ocean of consequences. We’re talking massive fines and/or jail time.
Edit: I should clarify that I’m not talking about services here, but content itself.
The point is that clouds aren’t inherently bad, and actually come with a lot of important upsides; they’ve become bad because capital owns and exploits everything in our society, poisoning what should be a good idea. The author is arguing that while there’s nothing fundamentally wrong with self-hosting, it’s not really a solution, just a patch around the problem. Rather than seeking a kind of digital homesteading where our lives are reduced to isolated islands of whatever we personally can scratch from the land, we should be seeking a digital collectivism where communities, not exploitative corporations, own the digital landscape. Sieze the means of file-sharing, in effect.
There’s so much to host that isn’t related to pirated media sharing though. I host like 5 services and only one could be related to that. I know you clarified that you’re talking about content, but there’s also so much content that isn’t related to pirating either. Like most of the fediverse for example
so did the author spent a bunch of money while excited about sticking it to companies upon discovering a company is not your friend. didn’t enjoy the work of maintaining the services or have any friends to share them with. then dreamed up federated services so someone would do all that continuing maintenance for them? am i the weird one here for only putting effort into services i have other users for or actually enjoy doing?
I didn’t get the vibe that he didn’t enjoy it. More that he figures that a typical person wouldn’t enjoy it. And that I would agree with.
am i the weird one here for only putting effort into services i have other users for or actually enjoy doing?
Absolutely not.
The LinkedIn-styled writing here is hard for me to get through, but I think the general gist is that for profit platforms are easier to onboard which I agree with. This line stands out:
And what do we get in return? A worse experience than cloud-based services.
I have to disagree somewhat, it’s a different experience that is absolutely more difficult in many ways, but for those of us who value privacy, control over our data, and don’t like ads, the trade-off is worth it. Also it goes without saying that the usability of selfhosted apps has exploded in the past few years and it will likely become less and less of an issue.
Its funny to say a worse experience because I can confidently say that all the services ive replaced are equal or better than their corporate counterparts. And sometimes better by 10x
I never wonder, is “X” is on jellyfin? Yes, good. No, give me 5.
E2E usually suffers from the same thing HTTP does: the MITM might not be able to read what you’re saying, but they know who you’re saying it to, and they may know in what context. This is a lot of information that can be used in profiling.
So you end up with systems like SimpleX, where everyone has a different UID for every contact, but that has its own problems, as anyone who’s used systems like that are aware. We haven’t really solved making that a good user experience for messaging; I don’t see it translating to broader social media any time soon.
Nostr has some really good specs and tooling that neatly addresses these topics, including great cryptography support, signing, ad-hoc IDs, and an entirely voluntary simple naming lookup; it doesn’t exactly solve zooko’s triangle, but it provides a toolset sufficient to mix and match characteristics for whatever your threat model is. Sadly, Nostr is utterly dominated by the crypto crowd (and is associated with some controversial personalities), and even if you’re not cryptocurrency-hostile, it’s a really dull echo chamber with little other content that has prevented people who might otherwise build interesting platforms in it from doing so.
Mastodon was around for ages before (the in practice centralized) Bluesky; why did it take Bluesky to open a mass exodus from X?
This is a hard problem to solve. Throwing E2E at it doesn’t make it easier; it’s just tossing a buzzword in.
Instead of building our own clouds, I want us to own the cloud. Keep all of the great parts about this feat of technical infrastructure, but put it in the hands of the people rather than corporations. I’m talking publicly funded, accessible, at cost cloud-services.
I worry that quickly this will follow this path:
- Someone has to pay for it, so it becomes like an HOA of compute. (A Compute Owners Association, perhaps) Everyone contributes, everyone pays their shares
- Now there’s a group making decisions… and they can impose rules voted upon by the group. Not everyone will like that, causing schisms.
- Economies of scale: COA’s get large enough to be more mini-corps and less communal. Now you’re starting to see “subscription fees” no differently than many cloud providers, just with more “ownership and self regulation”
- The people running these find that it takes a lot of work and need a salary. They also want to get hosted somewhere better than someone’s house, so they look for colocation facilities and worry about HA and DR.
- They keep growing and draw the ire of companies for hosting copies of licensed resources. Ownership (which this article says we don’t have anyway) is hard to prove, and lawsuits start flying. The COA has to protect itself, so it starts having to police what’s stored on it. And now it’s no better than what it replaced.
Great article!
No, you could never buy books on Amazon, only rent them. Calibre with DeDRM plugin was a poor way to liberate them, given that formatting in libre formats was often worse than the original.
I stopped doing that and ingnored the Kindle ecosystem in general. I tried a Kobe reader with .epub books from diverse sources but I mostly use tablets (LineageOS and GrapheneOS) to consume content these days. The reader apps are not that great there, sadly.
I’d be pretty surprised if you couldn’t waydroid something decent without googleing up. Certainly moon reader or something should run without the store?
I’m limiting myself to only open source applications on the tablets. Strictly nothing from Play Store or Aurora.
I like KOReader for my Kindle, but it’s available for Android too. Have you tried it?
Yes, KOReader and Librera FD are two applications I use currently.
When you call the shots, you get the outcomes. It’s honestly not a bad way to live. Best of luck to ya!
Thanks, it is enough for me.
I have bought a few otherwise hard to find books on Amazon. Actual paper books. At least used to be possible.
Yes, when I buy books on Amazon it’s the dead tree kind.
I agree that we need to find a way to make this communal rather than individualistic, but government backing isn’t that. It would be nice if that happened and all, but with a thesis like that it feels like it’s missing the mark calling state-hosting "community ". How do we make self-hosted services something that can serve at the level of the community? Like a load balancing reverse proxy that points to the servers those in the community can host and everyone invites their friends and neighbours.
End-to-end encryption means the service provider can’t see your data even if they wanted to
Not necessarily. All it means is that intermediaries can’t see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end. Your library is more likely to buy whatever is cheapest than what respects your privacy the most (e.g. probably Google drive, not Tuta or Proton).
The incentives for even community-hosted services (e.g. if the library spun up its own cloud servers) to share/sell information is just too high. Maybe the library found someone uploading illegal content, and they wanted some monitoring in there to catch service abusers going forward. They’ll probably put something into the client that a third party monitors, and now you have someone snooping on everything.
Instead of this, I think P2P storage is the better option for those who don’t want to self-host. That way there’s an incentive for the person providing storage to not know what it is (reduce liability), as well as the person submitting the data (reduce risk). Unfortunately, most current solutions here are a little shady, because they either rely on volunteers (no guarantees about data integrity) or anonymous payments (again, no guarantees about data integrity).
I’d like to see something in the middle:
- apps that work off buckets of data, that the user configures
- services that provide data guarantees that users can choose (e.g. AWS S3, Backblaze B2, Hetzner Storage boxes)
- common protocol between apps for accessing this data
So if you want more storage, you buy said storage and know who is responsible for protecting it, and your app doesn’t care where it comes from.
That’s possible, but the bigger leap is getting people off the major platforms like Google’s or Microsoft’s cloud.
You can already do what you want. S3 with HTTP, XML + XSL for responsive / dynamic content.
Sure, but where are the apps?
Compute has become so ubiquitous it’s silly that we need to pick between server-client and p2p
Syncthing is a good example of being both, with options you can enable for your server version, but it’s way too basic compared to immich or nextcloud
Eh, Syncthing is only stuff you control, which doesn’t exactly fulfill what OP is talking about: extending the benefits of self-hosting to those who can’t or don’t want to self-host. It also doesn’t expand storage, it just keeps your storage in sync between devices.
P2P solves a lot of this. It provides expanded storage, can be easy to get into (add nodes as you go/pay others for nodes), etc. But there’s the perennial issue w/ trusting others w/ your data.
That’s why I think a hybrid is better. Buy storage from trusted providers as needed and use apps that work w/ that. Unfortunately, that doesn’t seem to really be a thing, but I think it could be super cool. Places like libraries can provide libraries to underprivileged people, who can then add to it w/ something from the market.
End-to-end encryption means the service provider can’t see your data even if they wanted to
Not necessarily. All it means is that intermediaries can’t see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end.
This is incorrect. End-to-End is defined as from “User to User” and not “User to Service provider”. That would be just transport encryption.
Right, and that’s what I mean too.
For example, let’s assume Google Drive is E2EE, the client apps on both sides have access to unencrypted data, and they can absolutely index it or whatever to sell to advertisers. The statement in the article was overly broad, because the service provider can see your data, assuming they also control the client apps.
