I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
Honestly, you’re right about the skill gap, the convenience trap is exactly how Big Tech won in the first place, but I don’t think the goal is to turn every single person into a sysadmin. My time teaching at the library with the Cyber Seniors program showed me that people don’t need to know how to flash an OS to deserve privacy, they just need a doorway that isn’t owned by a corporation.
If the 5% who actually know how this stuff works start building “community nodes” for their family, their block, or a local shop, then the 95% get all the benefits without the technical headache. We don’t need everyone to be an expert, we just need enough local infrastructure so that “the cloud” isn’t the only option left. It’s not about total purity for everyone, it’s just about building enough exit ramps so the machine becomes optional, you know?
so you’re suggesting storing sensitive data, work documents, passwords, not from a company with which there are at least some legal agreements, but from a neighbor, simply because you see him from time to time? what could possibly go wrong…
UPD: By the way, if we are talking about a state, your neighbor will be approached in the same way as Google, because everyone in the country obeys the same laws.
You’re hitting on the two biggest myths of the current era: that “legal agreements” with giants actually protect you, and that a neighbor is a bigger risk than a faceless corporation.
First, when a tech giant gets a broad subpoena, they don’t fight it for you; they automate the handover because you’re just a line in a database of billions. When you host locally, you’re a specific node. If the state wants your data from a private server, they have to physically knock on a specific door. That is a massive increase in the “cost of surveillance” compared to a silent API request sent to a corporate data center.
Second, this isn’t about “trusting a neighbor” with your plaintext data. In a proper sovereign setup, the data is end-to-end encrypted. I can host your Vaultwarden or your Nextcloud backups, but I don’t have the keys; I’m just providing the “digital real estate.” It’s the difference between giving someone your house keys and just letting them provide the land your safe sits on.
The goal isn’t to make law enforcement impossible; it’s to make the “dragnet” impossible. If they want one person’s data, they have to work for it, rather than just pulling it from a corporate warehouse.
I do not know about Amazon, but in telephony you simply have to install a threat management system in accordance with the law. I think Amazon has the same thing. if there is a court decision, the servers will be arrested or a request for data will be received. It’s exactly the same thing.
what is configured on the server may or may not be enabled. and your neighbor just knows some of your data (your name, address, etc.), which increases the likelihood of an attack. To an Amazon engineer, you’re just bytes out of nowhere.
the normal story would be to encrypt everything on the client before anything gets to the server at all. but who exactly is going to bother so much? in this case, you might as well upload a bunch of encrypted data to Google.
Actually, you’re exactly right about client-side encryption being the answer, and that is the standard we are pushing for. But the reason you don’t just dump those encrypted files into a Google Drive is because of the metadata. Even if Google cannot read your “letter,” they are still mining the “envelope,” they know when you wrote it, where you were, and who you sent it to. In 2026, metadata is often more dangerous than the content itself because it is so easy to automate into a threat profile.
As for the law, you’re right that a court order is a court order, but there is a massive difference in the “cost of surveillance.” Big tech companies have dedicated departments to automate data handovers for thousands of users at a time; it is a streamlined pipeline. A private server forces the state to slow down, to get a specific warrant for a specific physical machine, and to actually do the legwork. It turns a massive dragnet into a targeted investigation, which is exactly how the system is supposed to work.
And regarding the “Amazon engineer” versus a neighbor, an engineer might not know my name, but the Amazon algorithm knows my pulse, my politics, and my habits better than anyone. If I use E2EE, the person hosting the hardware doesn’t have the keys anyway, so they are just a landlord for my digital safe, not a spy.