I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
Well, I don’t work in the USA, but in a telecom company, and I can say that if you really need it, they will just kick down the door and seize the server. no matter what. and a campaign interested in business is, after all, more technologically advanced than some guy who set up a server based on guides on the Internet. you won’t need to take anything from him, with a fairly weak literacy, it’s enough just to intentionally make a mistake in the public guide. Do you remember Hillary Clinton’s private email server case?
You’re right that if the state really wants you, they can always resort to physical force, but that’s exactly the point. In the current system, they don’t have to kick down any doors, they just send a silent request to a corporate office and get everything they need without you or your neighbors ever knowing. Forcing them to physically show up at a specific address in the real world drastically changes the “cost of surveillance,” it turns a cheap, automated dragnet into a slow, expensive, and public operation.
As for the Hillary Clinton example, that’s actually a perfect lesson in what happens when you prioritize convenience over security. Her setup was “shadow IT” at its worst, it had open ports, unencrypted connections, and none of the basic hardening we use in modern sovereign stacks like Docker or NixOS. It wasn’t built for resistance, it was built to bypass government record-keeping, and that lack of professionalism is exactly why it failed.
The “Amazon engineer” might only see bytes, but the Amazon algorithm sees your entire life story, your politics, and your vulnerabilities. If we use end-to-end encryption, it doesn’t matter if the guy hosting the box is a neighbor or a stranger, they can’t read the data anyway. We aren’t just following random guides, we are building professional-grade infrastructure that makes the “dragnet” fail by design. If the state has to kick down a door for one person’s data, the system is at least forced to follow a transparent process again.
so why you think that a public pool of docker images is as secure as an aqua checked image in Google’s infrastructure? It’s a mystery to me. An ordinary user like Hilary can be checked even without a warrant, it’s enough to are plenty of vulnerabilities already.
As someone who has been building infrastructure for over 10 years, I can say that friendship is one thing, but no one is willing to share sensitive data with their friends. People prefer to use services out of border, not self hosted.
UPD: of all my friends, only 7 agreed to use mail on my domain, and after moving from Google Workspace to a private server, only three remained. one of them simply transfers mail to another mailbox, just in case. this is the result. not theoretical, but real.
You’re right that Google’s infrastructure is more hardened than individual deployments. But security and sovereignty are different problems. Google’s security protects against external threats, it’s designed to be transparent to Google and compliant with government requests. Your email experience actually proves my point: hobbyist sysadmins running free services for friends doesn’t work. I agree completely. What I’m proposing is professional infrastructure for organizations that actually need it; small businesses, non-profits, community orgs. Not favors for friends who don’t care. Not trying to out-secure Google. Just viable alternatives for entities where corporate access to their data is a real threat, not a theoretical privacy concern. The non-profit handling immigrant legal aid? The community health clinic? They need this. Your friends checking Gmail don’t.
well, in fact, you will literally be like Google. maybe there really are some subtleties, I’m not sure because I’ve never lived in the USA. the only difference will be how much it will cost. In the end, you won’t be able to provide a mailbox for free and not trade data.
UPD: the organization has completely different service requirements. Even for non-profit organizations, no one will wait a day for you to return from work and remember the service.