

Can one run a server & still maintain personal privacy? - plg

It seems to me that whether one is talking about email, or chat, or files, the closest thing to true personal privacy is if you own the machine itself and you have personal possession of that machine (e.g. it is sitting in your private residence).<p>On the other hand, most residential ISPs explicitly ban the running of &quot;servers&quot; as a part of their contract:<p>&quot;... you are prohibited from running servers for mail, http, ftp, irc, and dhcp, and multi-user 
interactive forums ...&quot;<p>Sure there are hosted solutions like EC2 or Linode or Rackspace, and a gaggle of smaller players too ... but this is still hosting your stuff on someone else&#x27;s metal, in someone else&#x27;s house.<p>Let&#x27;s say for example I want to run Debian Server on a machine that sits in my basement, and I want to run an email server, a web server, and sshd so that I can do my own file syncing. Technically this violates my contract with my ISP. (let&#x27;s set aside for the moment the myriad issues with running one&#x27;s own email server)<p>The other issue is that (at least with my ISP) upload speeds are capped at a v. slow speed compared to download speeds. It would be an issue if I was off-site (e.g. not at home) and I wanted to sync up or transfer large files FROM my home server elsewhere.<p>So ... what&#x27;s a boy to do?<p>seriously what are my options? No google fiber here.
======
staunch
ISPs don't really care if you run servers, at least in my experience. Probably
the worst that will happen is they will ask you to stop, but even that is
unlikely unless you're doing naughty things.

File syncing can be a pain, but a slow running rsync --bwlimit can transfer a
lot of data over a long period of time, without saturating your connection.

I run a server off my home connection using an old laptop. Works great.

------
csense
Look into different ISP's. Most areas have both cable and DSL providers. You
might be able to pay for "business class" service with higher, and symmetric,
speeds.

If there isn't any such ISP in your area, you could always move...Moving has
large costs (depending on how far away you go, it can be highly disruptive to
jobs, friendships or relationships). Minimal cost and optimum privacy
protection may be orthogonal...

Also, keep in mind that, if you're like most people, many of your
communication partners will not be as secure as you are. E.g. if you're
worried about NSA snooping on email, and the folks you communicate with all
use Gmail, it doesn't matter what email provider you use -- it can all be
grabbed from your friends' mailboxes on Gmail's servers and forwarded to the
spooks.

------
CyberFonic
Another option is to use a small, cheap VPS or EC2 instance to host a "staging
server". This is the end point for all your web services, email, etc. Then you
have a "home server" which pulls down the info from staging server, backs it
up locally and then deletes it from the staging server.

That way, your public staging server only has a small amount of information on
it. E.g. emails for the last hour (or whatever your downloading job is set
for).

For uploads you could set up a request mechanism which will deliver the
requested file from home to staging.

For even greater privacy you could set up a self-destruct proc which will wipe
all sensitive information from the staging server unless it get's a "keep
alive" message.

------
malandrew
While not as good as hosting your own server on your own hardware, what about
buying a VPS server in a country unlikely to play along with whatever three
letter government agency you are trying to protect your privacy from?

I reckon the simplest effective action people can take is to simply host all
your stuff in a jurisdiction outside the one you live in that is unlikely to
respond to your jurisdiction.

Given the news from the last three weeks, the safest thing for the average
person is to simply conduct all business via a remote server in another
jurisdiction. This seems even more prescient with the contempt of court cases
in both the US and UK involving the non-disclosure of cryptographic keys.

~~~
plg
On the one hand this is appealing ... on the other hand it introduces another
level of uncertainty into the mix

------
Scramblejams
You signed a contract? This falls under my ISP's TOS.

Anyway, what I would do if I were you is run your Debian server at home, but
get a tiny Linode through which your server VPNs, not just so your ISP can't
parse the traffic (they're probably considerably more snoopy than Linode and
their upstream, leaving the NSA aside for the moment), but also so you don't
run into problems common to running an email server at home, e.g. having your
outgoing emails bounced because they come from a residential IP block.

As far the constrictive upstream with big files? I'd rely on Dropbox or
Spideroak, depending on how much I valued convenience (Dropbox) over security
(Spideroak).

------
trapexit
Set up a t1.micro instance on AWS and run a VPN server on it. The VPN instance
accepts connections on port 25, etc. and forwards it over the VPN to your home
server.

Your ISP sees nothing but encrypted traffic between you and your VPN server.

Alternately, buy a rackmount server and colo it. Authorities would need a
warrant to seize it, just the same as they would to seize the server that's
running in your basement.

~~~
plg
yeah I've thought about that, both ssh tunnelling to/from home from some
hosted machine (e.g. AWS, or Linode, etc). The problem (from my point of view)
is that the hosted machine is in someone else's "house". Even if it is a co-
lo.... it is still sitting in someone else's house.

Thanks for the suggestion though. It gets part-way there

------
tater
Given you're on HN, you probably know a few people in the industry, ask around
and try to find a 1U colo deal on unused rackspace (aka the brocolo). Get a
cheap 1U atom server from supermicro, throw some disks in it and you're done.

------
johnny22
get business class internet instead of residential if that's an option.

