Selfhosted

57630 readers

1274 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Self Hosting for Privacy - Importance of Owning your own Modem/Router? (lemmy.blahaj.zone)

submitted 1 day ago by bmebenji@lemmy.blahaj.zone to c/selfhosted@lemmy.world

51 comments fedilink hide all child comments

Hi there, I’m looking to get into self-hosting for privacy reasons and I wanted to ask y’all: how inadvisable is it to utilize an ISP-owned router/modem? I feel like they’re able to track everything I do online with their more than likely integrated spyware.

you are viewing a single comment's thread
view the rest of the comments

[–] hendrik@palaver.p3x.de 8 points 1 day ago* (last edited 1 day ago) (1 children)

Even if you control your router/modem, they still control the other end, it connects to. And some more infrastructure along the path. So i think it depends a bit where you're going with this. If you're worried about them doing packet inspection, or logging IP numbers you connect to, I don't think there's a big difference. They could do it anywhere. And they'll likely do it in some datacenter.

A router interfaces with your local network, though. So in theory a router can be used to connect to your internal devices and computers and maybe you have an open network share without password protection or something like that. But we're talking violating your constitutional rights here. It's highly illegal in most jurisdictions to enter your home and go through your stuff.

I'll buy my own router because I can then configure it to my liking. And my ISP charges way too much for renting one. And what I also do is not use my ISP's DNS service. That'd just send every domain name I open to their logfiles. Instead I use one from OpenNIC

[–] irmadlad@lemmy.world 2 points 1 day ago (1 children)

Instead I use one from OpenNIC

Fast? How would it compare to the evil Cloudflare?

[–] hendrik@palaver.p3x.de 2 points 1 day ago* (last edited 1 day ago) (2 children)

I did one DNS query and it took 22 msec with the nearest OpenNIC server and 24 msec with Cloudflare's 1.1.1.1
So dunno... roughly same responsiveness? Maybe OpenNIC is a tad faster? For a proper answer we'd need to do more measurements, though. And with OpenNIC you definitely need to pick a good server, not just any random one. They'll have different locations, different policies and they're in widely different datacenters.

[–] non_burglar@lemmy.world 2 points 1 day ago (1 children)

That makes sense, since you're in EU and opennic is in DE.

[–] hendrik@palaver.p3x.de 1 points 1 day ago* (last edited 1 day ago) (1 children)

Isn't it a global effort? According to what I see, they list a bunch of servers in all Europe, USA, Canada, Australia, ...Japan?!

[–] non_burglar@lemmy.world 2 points 1 day ago (1 children)

Of the tier 1 servers, 2 are in DE and 2 are in USA.

You won't really hit tier2 unless you're trying to hit very specific records.

[–] hendrik@palaver.p3x.de 1 points 1 day ago* (last edited 21 hours ago) (1 children)

I think the Tiers work the other way around. But I keep forgetting how DNS and recursive lookup works and I might be wrong.
I don't think you're supposed to query Tier 1 servers as a client. The Tier 2 servers would be what people connect to and who do the heavy lifting. The Tier 1 just do the root, authoritative stuff and their custom TLDs for the following network. So we're not worried about where those are located.

[–] non_burglar@lemmy.world 2 points 14 hours ago (1 children)

You might be thinking of PKI and certificate trusts.

Tier 1 in DNS terms are high-level peered (peered with other tier 1 servers in major network segments) and just refer requests either downstream or to other tier 1 servers. This is no longer as necessary with CDNs everywhere, and DNS infrastructure no longer has to mirror routing landscapes, but it seems that opennic.org is still organised in this way.

Anecdotally, I switched a small network to use opennic in 2019 and it was a disaster, never again. I see that the DE servers are still being recommended to me in Canada, so I guess nothing has changed. Opennic is an example of a good idea with terrible execution.

[–] hendrik@palaver.p3x.de 1 points 10 hours ago* (last edited 9 hours ago)

Interesting. Thanks for the info. I'll re-think whether I recommend it to random people around the world, then.

In Germany it's great. I've been using it for many years now. But we have some good/strong hacker organizations, digital sovereignty and privacy groups, nonprofits and some generous IT companies. Maybe it's random private individuals in other countries and they're not as reliable.

Seems right now there's something going wrong anyway. I don't think the amount of "offline" servers is normal. And a good amount of them isn't even offline, but still answer my DNS queries.

[–] irmadlad@lemmy.world 2 points 1 day ago

I'll have to check it out. Thanks.