this post was submitted on 13 Jun 2023
2 points (100.0% liked)

Fediverse

17717 readers
2 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
2
Help getting started (compuverse.uk)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Preamble- I'm new to the fediverse, and I want some help. I'm trying to regain some of my privacy and data sovereignty, and I have recently gotten into self-hosting. I haven't been on social media for over a decade, except for Reddit, and that was mostly as a passive lurker. I just started getting more active on there this past year, and now they've turned me away with their shenanigans. I'm trying to get into federated communications to still have access to useful information while protecting my identity and data.

Goals- I'm thinking that I want to set up my own Lemmy instance, as well as my own xmpp server (like prosody), and switch over to jmp.chat. I also have my own domain.

Concerns- I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use. However, I also don't want to expose my domain (Why not? I don't know. I'm completely new at this and until I learn more, I'm playing it cautious)

Questions- So, if I spin up my own Lemmy instance, doesn't that expose my domain,since my username will be [email protected]? Is this the same for an xmpp server? One main reason to spin up my own xmpp server is to own my account for xmpp communications. However, can I tie that to my jmp.chat account, or would they need to be separate.

I kind of feel like a boat without an oar at the moment, and I'm not even sure if I'm asking sensical questions, but hopefully there's enough light in my ramblings to give you all a sense of my goals. Any help would be appreciated.

Edit— for those wondering why I don't want to expose my domain: As an example, many people will post their personal information on social media. They think ‘why not? What harm can it do when I talk about my favorite teacher, or the street I grew up on, or my first date? What harm can that do?’ (Not realizing these are common answers to security questions) or ‘Why not talk about my big vacation coming up?’ (Not realizing they’re letting thieves know when their house is going to be vacant) People reveal information about themselves all the time online without a second thought because they can’t personally see the danger. I can’t personally see a problem with using my domain in this way, but I would prefer to check with those more experienced than me before I learn the hard way that I made a bad choice. I do appreciate you all taking your time to contribute your thoughts.

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (1 children)

I would recommend getting one of XYZs 10digit domains for $1/year, and use a cheap old pc or such as hosting that's completely separated from the rest of your network (by firewalls is enough, you wanna go even more hardcore you could get a 4g modem to run a completely separate network, but that would be a lot more work and pricier for a fraction of what's gained).

This way your personal domain stays hidden, and any outside threat only gains access to your Lemmy host.

[–] [email protected] 1 points 1 year ago

That's a good idea. Thanks for the suggestion!

[–] [email protected] 1 points 1 year ago (1 children)

you can't keep your hosting domain "secret" lol. if you make your own lemmy instance, then the url/domain for that instance will be seen when you post on other lemmy instances.

[–] [email protected] 1 points 1 year ago (1 children)

Yeah, I'm figuring that I have a lot of holes in my knowledge. I'm trying to fill them, but unfortunately its a bumpy road. And while I didn't think I could keep my domain 'secret', I also am concerned about broadcasting it too much, making it more noticeable. I mainly want to use it for private services, so I'm not sure if using it in a more public forum would increase the likelihood of threats.

[–] [email protected] 1 points 1 year ago (1 children)

Imma sound lame but consider working up a threat model.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago

Pretty much an idea of what you’re trying to avoid or mitigate in specific real terms. Theres more but I’m sure someone with a background in information security could explain it better than I can.

[–] [email protected] 0 points 1 year ago (1 children)

I've been toying with very similar ideas thinking that if I run my own instance I would at least be 100% certain that my account would never be deleted or held hostage by a rouge server admin. But then I would have to deal with the security of my own instance instead, trading one headache for another and I'm not sure that it would be worth it.

[–] [email protected] 1 points 1 year ago

This is the battle I'm dealing with, too.